OpenBox
RPi5 Prototype
OpenBox is the security-focused distribution — a pure OpenBSD 7.x base for ARM64 appliances, satellite systems, and high-security embedded deployments.
Why OpenBSD?
OpenBSD is the gold standard for security engineering:
- Proactive security auditing (every line of code reviewed)
- pledge(2) / unveil(2) originated here
- Default-secure configuration
- Minimal attack surface
Nexus grafts OpenBSD's security DNA directly:
| Grafted Component | Purpose |
|---|---|
| pledge / unveil | Capability restriction (logic ported to Nexus Capability Algebra) |
| LibreSSL | Cryptographic library |
| OpenSSH | Secure remote access |
| pf (packet filter) | Network firewall |
| Base utilities | Secure, audited implementations |
Target Hardware
- Raspberry Pi 5 (ARM64) — prototype verified
- ARM64 server appliances
- Satellite ARM64 boards
- Network security appliances
Use Cases
Security Appliance
A minimal OpenBSD-based system running as a network firewall, VPN gateway, or intrusion detection system. The pledge/unveil enforcement provides defense-in-depth beyond what stock OpenBSD offers.
Satellite Computing
For space missions requiring maximum reliability and security:
- OpenBSD's audited codebase provides a trusted foundation
- Nexus adds ProvChain auditing and BEB update mechanism
- Radiation tolerance through ECC scrubbing and dual-bank flash
Air-Gapped Systems
Systems that must never connect to the public internet:
- Minimal software surface (no unnecessary services)
- OpenBSD's default-deny security model
- ProvChain provides audit trail without network connectivity
Build
sh
nexus build --profile=micro --dist=openbox --arch=aarch64 --target=rpi5