>That is a kernel level issue, not an SOC level one. Well, I have ordered a couple of Orange PI ONE.
According to: http://philip.xinqu.net/orangepi.html it shall work on OpenBSD at least without a video port. Good features for my use case: 1) No video port means anyone non qualified enough cannot quickly boot and trojan it without a serial port. 2) This card is missing a WIFI which is good IMHO to avoid wireless exploits. 3) Small boot ROM, no other BLOBs like in Raspberry PI, and its BROM cannot be reflashed silently by someone while I am absent from home. 4) Its CPU is free of Spectre issues 5) Very cheap - used one costed me about 500 rub = $6.66 - already tested and includes a heat sink and a case :) The last question is how to deal with Nitrokey on OpenBSD, especially on the server side for keeping private key of the daemon. Anyone worked with Nitrokey on OpenBSD using ssh-pkcs11-helper? https://support.nitrokey.com/t/can-nitrokey-pro2-be-used-in-openbsd-with-ssh-and-gpg/2347/3 > In generic: you don’t need OpenSC to use gpg or ssh on *BSD. E.g. > “ssh-pkcs11-helper first appeared in OpenBSD 4.7” which will make the > connection to your token. Also gpg brings there own ssh/token agent in the > package. Will it work on OpenBSD server for SSHD daemon ?
