FreeBSD 15.1-RC2 Released, PadLock RNG Driver Restored for VIA and Zhaoxin CPUs

FreeBSD 15.1 Stable Release Delayed by One Week

The official release of FreeBSD 15.1 has been rescheduled from its original date of June 2 to June 9. This adjustment follows the release of the second release candidate, “FreeBSD 15.1-RC2,” over the weekend.

Although the delay is due to the need for unexpected fixes, the updates included in this release are critical and cannot be overlooked. The most notable change is the restoration of the PadLock RNG (Random Number Generator) driver for VIA and Zhaoxin x86 processors.

PadLock Technology:

Supporting VIA and Zhaoxin’s Encryption Framework

PadLock is a hardware encryption support instruction set initially developed by VIA Technologies for its x86-compatible processors. By performing processes such as random number generation and AES encryption at the CPU hardware level, it achieves faster and more secure encryption compared to software implementations.

While VIA’s x86 CPUs now have a minimal market presence, the PadLock instruction set has been inherited by Zhaoxin processors. Zhaoxin, a semiconductor company based in Shanghai, China, originated as a joint venture with VIA and develops and manufactures x86-compatible CPUs. These processors are primarily used by the Chinese government and state-owned enterprises. The PadLock encryption features play a crucial role in environments with high security requirements.

Driver Restored to the AMD64 Kernel

The most noteworthy update in FreeBSD 15.1-RC2 is the re-enablement of the PadLock RNG driver in the AMD64 kernel by default. This means that systems running FreeBSD with VIA or Zhaoxin CPUs can now utilize hardware-based random number generation without requiring additional configuration.

Cryptographically secure pseudo-random number generators (CSPRNGs) are essential components for operating system security. High-quality random numbers are crucial for establishing TLS connections, generating SSH keys, encrypting disks, and producing random tokens in various security operations. Hardware RNGs are generally considered to provide higher entropy and better resistance to side-channel attacks compared to software-based random number generation.

Fixes for Memory Leaks and Unbound Update

Apart from the return of the PadLock RNG driver, FreeBSD 15.1-RC2 includes several other important fixes.

Firstly, a memory leak issue in syslogd, the system log daemon, has been resolved. The bug, which occurred when using casper_ttymsg, could have posed serious problems in long-running server environments. Since syslogd is a fundamental service for system-wide log collection, this improvement is expected to enhance overall system stability—a welcome change for system administrators.

Additionally, the DNS resolver and caching server Unbound has been updated. With its DNSSEC validation capabilities, Unbound serves as a critical component in FreeBSD’s DNS infrastructure. Security updates to this software are therefore particularly significant.

Release Schedule and Future Outlook

The stable release of FreeBSD 15.1 is currently planned for Tuesday, June 9, provided no issues are discovered in RC2. The FreeBSD development team has urged users to test RC2 and report any potential problems during these final days before the official release.

As a BSD-based alternative to Linux, FreeBSD is known for its robust network stack and comprehensive support for the ZFS file system. The 15.1 release introduces enhancements for less common processors and incorporates fundamental security fixes, further improving the platform’s overall stability and compatibility.

Those interested in trying FreeBSD 15.1-RC2 can download it via the announcement posted on the FreeBSD mailing list. The stable release is expected to be made available as scheduled, provided no critical issues arise during the RC2 testing phase.