Fun with OpenBSD for SPARC64 | High-Security O/S on 64-bit Sun UltraSPARC using QEMU Sun4U and User-mode Networking Back-End

Sun Microsystems UltraSPARC 1
Image courtesy: oldcomputers.info

OpenBSD is among the few operating systems available today (along with the best O/S ever - Digital OpenVMS of course!) for the paranoid that can be the basis of installations requiring bullet-proof security. The official OpenBSD website says, "Only two remote holes in the default install, in a heck of a long time!". Given OpenBSD was released in 1995, the "heck of a long time" is 23 years. The first of the two holes was a OpenSSH vulnerability in 2002 that affected all operating systems using OpenSSH.. The second one, CVE-2007-1365 discovered eleven years ago, involved ICMP6 packets in OpenBSD's IPv6 implementation.

The versatile QEMU emulator project has matured enough to include stable emulation of the Sun-4U featuring SPARC V9 64-bit processor architecture. I took the opportunity to try out OpenBSD release 6.4 for SPARC64 using qemu-system-sparc64 hypervisor on OpenSUSE Tumbleweed running in a Oracle Virtualbox on CentOS 7 on a DELL PowerEdge R-710.

The OpenBSD installer ISO CD image (install64.iso)  was the fastest distribution download I have experienced yet, perhaps due to hosting on Cloudflare CDN.

A QEMU qcow2-format 4GB disk image was created using:

$ qemu-img create -f qcow2 -o size=4G openbsd-sparc-disk-1.4gb.disk

The downloaded install64.iso OpenBSD installer CD image was renamed for better identification to openbsd-sparc-install64.iso and QEMU SPARC-64 emulator fired up for installation:

LC_ALL=C QEMU_AUDIO_DRV=none \

qemu-system-sparc64 \

        -machine sun4u,usb=off \

        -realtime mlock=off \

        -smp 1,sockets=1,cores=1,threads=1 \

        -rtc base=utc \

        -m 1024 \

        -boot d \

        -drive file=openbsd-sparc-disk-1.4gb.disk,if=none,id=drive-ide0-0-1,format=qcow2,cache=none \

        -cdrom openbsd-sparc-install64.iso \

        -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-1,id=ide0-0-1 \

        -msg timestamp=on \

        -serial pty -nographic \

        -net nic,model=ne2k_pci -net user \

        -monitor stdio

"-boot d" boots the virtual Sun4U from the CD-ROM image. Also, "-net nic,model=ne2k_pci -net user" is the only QEMU networking model that works for the QEMU sparc64 hypervisor at this time; neither the tap nor the VDE (Virtual Distributed Ethernet) back-ends could establish network connection from the virtual machine successfully. The tap networking back-end caused a kernel panic and crashed the VM after a few pings went through to the internet. The VDE back-end did not cause a system crash, but did not provide a network connection at all either.  The two attempted and failed networking back-end parameters in the qemu command line were:

-net nic,model=ne2k_pci -net tap,ifname=inettap0,script=no,downscript=no

-net nic,model=ne2k_pci -net vde,sock=/tmp/vde-ip.ctl

QEMU launched successfully with the console connected to a virtual serial port that it identified:

QEMU 3.0.0 monitor - type 'help' for more information

(qemu) qemu-system-sparc64: -serial pty: char device redirected to /dev/pts/5 (label serial0)

On another host (OpenSUSE) terminal, the "minicom" serial port communications tool was used to connect to the Sun4U virtual console serial port (/dev/pts/5 in the above example). The first screen of the installer was displayed after the virtual SPARCstation booted up:

Installation proceeded with no surprises.

Eventually installation completed successfully. The machine was then halted and QEMU stopped by entering "quit" at the "(qemu)" prompt.

QEMU was then launched again, this time with "-boot c" option to boot from the hard disk instead of the CD-ROM image:

LC_ALL=C QEMU_AUDIO_DRV=none \

qemu-system-sparc64 \

        -machine sun4u,usb=off \

        -realtime mlock=off \

        -smp 1,sockets=1,cores=1,threads=1 \

        -rtc base=utc \

        -m 1024 \

        -boot c \

        -drive file=openbsd-sparc-disk-1.4gb.disk,if=none,id=drive-ide0-0-1,format=qcow2,cache=none \

        -cdrom openbsd-sparc-install64.iso \

        -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-1,id=ide0-0-1 \

        -msg timestamp=on \

        -serial pty -nographic \

        -net nic,model=ne2k_pci -net user \

        -monitor stdio

The virtual SPARCstation booted up finefrom the hard-disk. At the "root device:" prompt, the device "wd0a" was provided. The default for the swap and dump devices were chosen.

Eventually the logon prompt was displayed.

OpenBSD comes with C and C++ compilers. It also provides a graphical X Windows environment; it should be possible to set up routing so that the user-mode network back-end forwards X windows data to an external X server for the display (QEMU SPARC 64 emulator does not support graphics yet).

DOWNLOAD

The QEMU OpenBSD SPARC 64-bit virtual machine can be downloaded from my google drive. The root password of the virtual QEMU Sun4u is "password".