I have noticed a steady rise in embedded systems using BSD based operating systems and i was just wondering why its being chosen over linux for example. Both Sony and Nintendo are using BSD based guts in their consoles and im also seeing it used fairly regularly in EPOS systems and a fair few other things.
Video game makers generally doesn't make much money with hardware, they make money selling software (a.k.a. games), thanks to licensing. To allow only licensed software to run in a modern video console, all software running on it is signed with a key that only the console maker have. However, if someone discovers a way to run unlicensed (unsigned) software in their hardware, this means that the console maker will lose money to piracy.
Generally, using BSD systems in video consoles is desired since you can simply close the source code (thanks to the BSD license) and not reveal possibly potencial kernel exploits. Kernel exploits are the key for console security since once you get a exploit running in kernel, you can leak encryption keys or simply bypass the signature checking. Kernel exploits is what allowed piracy in most last generation consoles (Nintendo 3DS, Nintendo Wii U, PS Vita, PS3). Using Linux, thanks to GPL license, would mean opening the source code of the kernel, allowing someone to study for exploits.
Actually, even if PS Vita/PS4 uses BSDs as a base, they use a heavily modified BSD, since using a vanilla kernel would make a public exploit in say, FreeBSD, easily ported to their device.
Nintendo consoles actually uses an in-house developed kernel by Nintendo, that debutted on Nintendo 3DS; the Nintendo Switch's BSD part is mostly network, however BSD network is used even on Windows because it is of high quality and portable (and BSD licensed).
Disclaimer: I am not a console expert or anything, I mostly follow the console scene so those information can be wrong.
> since using a vanilla kernel would make a public exploit in say, FreeBSD, easily ported to their device
You mean like at the recent CCC where they demonstrated using a WebKit exploit to trigger a BSD exploit via which they install a working Linux system on a PS4 and launch Steam? Link: https://www.youtube.com/watch?v=QMiubC6LdTA
It's not as simple as that because the PS4 is a custom board, so even though the CPU and GPU are standard AMD components, some hacking was required. But using exploits that have long been patched to gain access to hardware by Sony and Nintendo is nothing new.
Note that I didn't say it was impossible to port a BSD exploit to it, I just said that it was harder. I don't know the specific version of FreeBSD/NetBSD that PS4 uses, but lets say it is FreeBSD 9. I am sure that not all CVEs in FreeBSD 9 are portable to PS4, and even when it does work it will need additional some additional work because of the differences between PS4 kernel and vanilla *BSD.
Another observation: if PS4 used Linux, Sony would be forced to open the modified PS4's Linux kernel thanks to GPL License, and would be trivial to check for security exploits since you have the source code.
BSD systems have always suffered a lack of device drivers.
But if you are a huge enough company, you can do two things:
1. Choose already-supported hardware to develop on
2. Customize the OS to fit your needs
Using a BSD-licensed system feature no. 2 becomes particularly nice, as you don't have to share your changes back and you can keep your work for yourself (for both IP and security-through-obscurity).
What Point of Sale systems have you seen running BSD? In the US, all the major retailers are either on SLES through IBM/Toshiba, or your Walmart and are on your own homerolled Linux box as a POS.
Outside of that, its all Windows for the smaller chains, Truno and similar will not talk to them, so they get to deal with NCR who sells them a meh system based on whatever the last supported version of Windows is. Even smaller and you get into PCAmerica (Windows) or Clover (Android/Linux).
On the embedded front ($X to $XX) BSD supports fewer platforms than Windows for IoT, you can't even boot it on your average ARM board or MIPS router. Only in high end consoles ($XXX) has Sony & Nintendo chosen to use BSD, which requires a substantial amount of work, but there is significant perceived value by making locked down "consoles" that can only run their signed software.
For embedded support, the platform (ie the entire SoC and its devices) is more important than just the CPU architecture. Every SoC is different and if the OS doesn't have drivers and support for the devices on it then it won't boot, even if the OS supports ARM or MIPS in general.
Ok, how do I install it on an OrangePi PC Plus? What about on a Roseapple Pi or CubieBoard6? Wait, I can't, there is no eMMC support for the OrangePi H3 boards in FreeBSD, and S500 based boards literally have no BSD support at all. It goes on like this for most of the boards out there, unless you stick to a BeagleBoneBlack or are willing to live with a gimped system.
I guess it's by the License, software available and documentation.
In my case (about 20 years ago) the documentation was what made me use BSD instead of Linux.
Back in 1996 there was little (reliable) documentation about Linux kernel internals and boot process. For BSD (OpenBSD) it was the opposite: well documented and reliable.
And yet Linux derived systems win often because if you are not 100% in control of the hardware (Apple, Nintendo...), driver availability + flexibility > license pains.
Sure, but the original question was specifically around embedded systems, which is usually the definition of "in control of the hardware." So for folks like Apple, Nintendo, Sony for the PS4, etc, the answer makes sense.
Even though people are right about the license being a reason one has to keep in mind that there actually is quite a few other BSD licensed (often real time) operating systems targeting embedded devices, like Contiki, Minix, TinyOS and others.
I think the community and quality of documentation as well as not being controlled by single entities are a big part.
It's not just the license. There are quite a few ways to get around using Linux in many use cases without caring about its license. And there is Toybox.
I am not sure about the other ones, but I vaguely remember that NetBSD makes driver development relatively easy, or at least one does not need to re-write or copy-past driver code when moving from, say, PCI to a USB-attached device.
I can imagine that makes it a sensible choice for companies that build their own hardware (custom peripherals and so forth).
Also, as others have pointed out, the BSD License. Some companies won't touch GPL code with a ten-foot stick.
BSD kernel is not used in Nintendo, only the network stack (despite all the media craze saying so).
Nintendo has a habit of doing their own custom OS designed specifically for the needs of their consoles (3ds, switch and wiiu all have its own OS), but using a battle-tested and proven network stack means less problems in the long run.
The IPv6 BSD network stack was developed in Japan.
There was some people from keio university working on in. (Un)surprisingly key developers from Nintendo also studied there.
If you look at that space, the OrangePi Zero and others all run Linux, not *BSD. Nintendo & Sony have both chosen to go and build on BSD for their high end consoles so they can have tight control and give nothing back, but the NES Classic runs Linux as porting BSD doesn't make sense.
> I am not talking about dev boards, I am talking about Chinese OEMs that do not give a crap about open-source.
As far as I can discern, they literally do not give a crap and do the bare minimum to get a half working Linux BSP so they can run an ancient version of Android. Then it gets used for your security camera, and that is why you have 20 shitty IP cams running kernel 2.6 calling home to Hunan Province.
That BSP will rarely be released to the public, much less mainlined, and it is sure to be mixing proprietary code with GPL'ed code. *BSD doesn't even factor into the equation, since GPL compliance doesn't matter to Allwinner or Rockchip.
BSD had always several advantages over other open source systems which are widely available... I think the number of advantages and shortcomings didn't really change over the time but if you want to discuss WHY it is becoming NOW a more popular choice, my personal guess is:
- The state of the art of Ops and information in internet makes that today anyone with some curiosity can understand and start modifying/administrating tools and systems which decades ago was only possible for specialists in the area.
- Truly cross compatible source code and runtimes are widely available (not just C code that has to be compiled in the target architecture like in the old times.)
- With the raise of open information now technical choices can be made contrasting the experience from other teams or companies which made similar choices in the past.
Could another contributing factor be that Linux is becoming less appropriate for embedded use?
In the mid 2000s, I developed an embedded system for my employer based on Debian, cut right down and with our software started directly from inittab, set to respawn (we could have replaced init entirely with a bit more work). With stuff like systemd in the mainstream, Linux userspace is increasingly opinionated and desktop-centric. It takes time and effort to strip out stuff you don't want, particularly when it's increasingly enforced and you have to do custom builds. In comparison the BSDs are easy to build with customisations, including the ports I might need. While I no longer do embedded stuff, I do wonder what it's like with the current state of Linux.
There 4 main families of BSD, each with a different focus. All are highly secure and some are portable across most CPUs. The Wikipedia articles provide a lot of good information.
I would choose BSD over Linux because it is more compact, far more secure and easier to implement drivers. The tools and utilities for both Linux and BSD are GNU - so only the kernel is different.
Most things use clang now, and even in ports, only a relatively small number of things which require gcc still use it. Also lld, the llvm linker, is making great progress towards replacing gnu ld.
Not really, those systems get much less attention from sec folk than the Linux kernel (apps aside). Finding a priv escalation in the Linux kernel takes time (most of low hanging fruits have been already found by fuzzing or by code review), while finding it in *BSD kernels requires writing a simple syscall fuzzer and running it for a couple of minutes. I've seen it done live.
I say it depends on from which perspective. If the number of changes going into one of the BDS OS is much less than the Linux's, it is possible there are fewer security vulnerabilities. But if you look at this from the other spectrum, it could mean fewer people are looking at it. Seriously, I don't think there is any fair comparison. Even if you compare the number of CVE, is there an absolute correlation between number of commits and number of security patches released? Perhaps, perhaps not. But many of the tools we are familiar with (e.g. OpenSSH itself being the classic one) did come from OpenBSD after forking from the original implementation, and perhaps is quite strong from the code quality. I never study the code, but from what I hear people generally praise the code quality as well as the attention to the overall architecture of OpenSSH. Someone from OS security should chime in.
OpenBSD is more secure than Linux will ever be, FreeBSD is more secure than Linux current is now; while Linux has more eyeballs looking at it there is also a significantly larger amount of kernel bloat in which weird bugs and future priv escalations can hide. What is probably less secure on the *BSD side is userspace, where there is less attention paid to security review and automated fuzzing than there is in many Linux distributions.
I wouldn't say they rewrote the GNU utilities. BSD's lineage goes back farther than GNU's, they were at least at BSD4.1 before Stallman started GNU. There was an established userland. I imagine there's some GNU utility that was sort of "clean roomed" into *BSD, but that would be the exception, not the rule.
* tar exists 1979 so neither GNU nor FreeBSD had the first implementation.
* pdtar, from 1987 was public domain code and actually the GNU people based of this public domain code and put their implementation under the GPL
* The current FreeBSD tar implementation is from 2005
Before the rewrite all the GNU utilities were in the base OS. How large a percentage that was to the rest of the base I couldn't say off the top of my head. But all the GNU utilities were in there as well as the compiler suite which has also been removed and replaced with Clang/LLVM.
according to FreeBSD's own site, their GPLinBase tracker, you're incorrect. Only a handful of GNU or GPL stuff was ever in base, and your example of 'tar' isn't one of them.
It's not missing from the site. FreeBSD never used GNU tar. FreeBSD used a very small number of GNU utilities. tar, coreutils like ls, cat, etc. where never used. It was mostly things around the GNU toolchain, which ARE mentioned in the GPLinBASE wiki on the freebsd site.
I remember having to use different flags for bzip2 (j vs y) in tar on FreeBSD vs Linux about 15 years ago so I was sure they were different, but I have an image of a FreeBSD 4.10 box from June 2004 and /usr/bin/tar is indeed GNU tar.
Reminds me of the old quote (no idea who the original author is): "BSD is what you get when a bunch of UNIX hackers sit down to try to port a UNIX system to the PC. Linux is what you get when a bunch of PC hackers sit down and try to write a UNIX system for the PC."
I don't see why - all the design decisions of the original unix are alive and kicking in linux. User and kernel space. Nothing fundamentally separates the two.
Actually they are not. POSIX? Sure. But Linux is notorious for NIH and is incredibly off in the weeds in incompatible and broken ways from the UNIX world. Have you tried porting software written for Linux to another platform??
I don't see what point you're trying to make. UNIX does not guarantee portability, so of course software for Linux doesn't work out-of-the-box, or even build for that matter, in other UNIXoids.
Linux's NIH syndrome, however unfortunate it is, has not expanded into its unix roots. (yet?)
Yes and no. The macOS kernel is a hybrid kernel, containing three major subsystems:
* Core IPC is from Carnegie-Mellon's Mach microkernel.
* Interprocess communication and virtual file system APIs from BSD.
* A custom driver API written in C++ called IOKit.
However, the kernel is probably the least interesting part of your computer; what users consider the ‘operating system’ lies in the user land. As long as the kernel works and supports your hardware devices, you needn't care. As an example, both FreeBSD and Windows can pretend to be a Linux kernel and run a nearly complete GNU user land, and multiple quite different user lands exist on top of the Linux kernel, the most prominent being Android and the GNU tools.
It sounds like BSD stays relevant because of the license which is attractive to corporations ( but not so for developers) which leads to corporate class funding and a bit of zfs/pf kind of technical advantage.
Video game makers generally doesn't make much money with hardware, they make money selling software (a.k.a. games), thanks to licensing. To allow only licensed software to run in a modern video console, all software running on it is signed with a key that only the console maker have. However, if someone discovers a way to run unlicensed (unsigned) software in their hardware, this means that the console maker will lose money to piracy.
Generally, using BSD systems in video consoles is desired since you can simply close the source code (thanks to the BSD license) and not reveal possibly potencial kernel exploits. Kernel exploits are the key for console security since once you get a exploit running in kernel, you can leak encryption keys or simply bypass the signature checking. Kernel exploits is what allowed piracy in most last generation consoles (Nintendo 3DS, Nintendo Wii U, PS Vita, PS3). Using Linux, thanks to GPL license, would mean opening the source code of the kernel, allowing someone to study for exploits.
Actually, even if PS Vita/PS4 uses BSDs as a base, they use a heavily modified BSD, since using a vanilla kernel would make a public exploit in say, FreeBSD, easily ported to their device.
Nintendo consoles actually uses an in-house developed kernel by Nintendo, that debutted on Nintendo 3DS; the Nintendo Switch's BSD part is mostly network, however BSD network is used even on Windows because it is of high quality and portable (and BSD licensed).
Disclaimer: I am not a console expert or anything, I mostly follow the console scene so those information can be wrong.