Unfortunately, while this is true in the server/desktop world, this isn't true for embedded systems.
Hardware that can reliably run OpenBSD tends to be in the more expensive space -- x86 or PowerPC based. There are exceptions, and OpenBSD supports them (see e.g. http://www.openbsd.org/armish.html , http://www.openbsd.org/octeon.html), but these are exceptional cases where you have some documentation of reasonable quality released by the manufacturer (or outright support for porting from the manufacturer), open-ish specifications and so on.
In the IoT (read: severely price-constrained) space, you don't get to work with this kind of hardware.
To give you just one example, most cheap router SoCs are based on a MIPS core with a bunch of peripherals around (basically they're a very glorified microcontroller). Porting OpenBSD on one of these requires:
* Supporting the MIPS core. This is ok at the moment, MIPS CPUs are supported.
* Drivers for the peripherals (which include e.g. the wifi radio). This is very hard at the moment. Most manufacturers don't open source their drivers. You get a binary blob and a wrapper module, a la what nVidia does, and the specs are closed, supposedly in order to protect "intellectual property".
* And a bunch of boilerplate information, like the device tree, because these systems don't have a BIOS. There's no standard regarding this aspect, which is why even compiling Linux for these platforms is pretty painful. You generally need the manufacturer's SDK, which varies in quality, albeit after a while that gets adapted into a set of patches that get integrated in a distribution like OpenWRT or Yocto. If you're really lucky, the manufacturer might offer a Yocto or Buildroot-based distribution. If not, you get a bunch of build scripts developed in-house, with hardcoded paths and comments written in Chinese.
You do get to choose the specs, but you're still constrained to what manufacturers offer you. The cheapest available things run only Linux and maybe, if they're based on a legacy, but important product, they'll run VxWorks. But you're typically confined to what the manufacturer gives you, and the manufacturer usually gives you Linux. On 90% of the hardware popular in the IoT community, even that Linux barely works. The amount of hackery (in the pejorative sense), duct tape and outright crap code I've seen in manufacturer-provided kernelspace code is horrific. E.g. there's at least one fairly popular SoC, used in a lot (tens of thousands, if not hundreds of thousands or even million) consumer-grade routers in whose drivers I've seen synchronization based on sleep()-ing, writing to hardcoded memory addresses and so on. Yes, in kernelspace code. You don't want to see userspace code.
Thing is, most IoT companies don't want to bother with this anyway. They want something that runs an OS their development team in SE Asia or Eastern Europe (full disclosure: I'm in Eastern Europe) already knows, and they don't really care about kernelspace or userspace code because, preferably, their development team will program it in PHP and JavaScript, since three of them cost less than one C programmer who will stare at the code and quizzically mumble "how the fuck does this even boot?"
(This also accounts for the can of worms that IoT security is. A security-minded programmer would need less than a week to find several disastrous security-related bugs in the SDK of basically every popular-ish platform.)
tl;dr IoT is built on cheap, low-quality hardware where you get whatever the manufacturer gives you, and the companies are OK with this because really, they just want a box that runs a web server.
Hardware that can reliably run OpenBSD tends to be in the more expensive space -- x86 or PowerPC based. There are exceptions, and OpenBSD supports them (see e.g. http://www.openbsd.org/armish.html , http://www.openbsd.org/octeon.html), but these are exceptional cases where you have some documentation of reasonable quality released by the manufacturer (or outright support for porting from the manufacturer), open-ish specifications and so on.
In the IoT (read: severely price-constrained) space, you don't get to work with this kind of hardware.
To give you just one example, most cheap router SoCs are based on a MIPS core with a bunch of peripherals around (basically they're a very glorified microcontroller). Porting OpenBSD on one of these requires:
* Supporting the MIPS core. This is ok at the moment, MIPS CPUs are supported.
* Drivers for the peripherals (which include e.g. the wifi radio). This is very hard at the moment. Most manufacturers don't open source their drivers. You get a binary blob and a wrapper module, a la what nVidia does, and the specs are closed, supposedly in order to protect "intellectual property".
* And a bunch of boilerplate information, like the device tree, because these systems don't have a BIOS. There's no standard regarding this aspect, which is why even compiling Linux for these platforms is pretty painful. You generally need the manufacturer's SDK, which varies in quality, albeit after a while that gets adapted into a set of patches that get integrated in a distribution like OpenWRT or Yocto. If you're really lucky, the manufacturer might offer a Yocto or Buildroot-based distribution. If not, you get a bunch of build scripts developed in-house, with hardcoded paths and comments written in Chinese.
You do get to choose the specs, but you're still constrained to what manufacturers offer you. The cheapest available things run only Linux and maybe, if they're based on a legacy, but important product, they'll run VxWorks. But you're typically confined to what the manufacturer gives you, and the manufacturer usually gives you Linux. On 90% of the hardware popular in the IoT community, even that Linux barely works. The amount of hackery (in the pejorative sense), duct tape and outright crap code I've seen in manufacturer-provided kernelspace code is horrific. E.g. there's at least one fairly popular SoC, used in a lot (tens of thousands, if not hundreds of thousands or even million) consumer-grade routers in whose drivers I've seen synchronization based on sleep()-ing, writing to hardcoded memory addresses and so on. Yes, in kernelspace code. You don't want to see userspace code.
Thing is, most IoT companies don't want to bother with this anyway. They want something that runs an OS their development team in SE Asia or Eastern Europe (full disclosure: I'm in Eastern Europe) already knows, and they don't really care about kernelspace or userspace code because, preferably, their development team will program it in PHP and JavaScript, since three of them cost less than one C programmer who will stare at the code and quizzically mumble "how the fuck does this even boot?"
(This also accounts for the can of worms that IoT security is. A security-minded programmer would need less than a week to find several disastrous security-related bugs in the SDK of basically every popular-ish platform.)
tl;dr IoT is built on cheap, low-quality hardware where you get whatever the manufacturer gives you, and the companies are OK with this because really, they just want a box that runs a web server.