diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml
index bdaba2cf42..f124a24dbe 100644
--- a/.github/workflows/actions-ci.yml
+++ b/.github/workflows/actions-ci.yml
@@ -429,27 +429,29 @@ jobs:
       - name: Run tests
         run: cmake --build ./build --target run_tests
 
-  OpenBSD-x86-64:
+  OpenBSD:
     needs: [sanity-test-run]
     runs-on: ubuntu-latest
+    name: OpenBSD ${{ matrix.version }} (${{ matrix.arch }}) test
     strategy:
+      fail-fast: false
       matrix:
-        args: ["", "-f"]
-        version: ["7.4", "7.5"]
+        arch: ["x86-64", "arm64"]
+        version: ["7.5", "7.6"]
     steps:
       - uses: actions/checkout@v3
       - name: OpenBSD
-        uses: cross-platform-actions/action@v0.24.0
+        uses: cross-platform-actions/action@595d543e5d1aeb6d48c0a176965028afe56c7018
         env:
           AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS: 5
           AWS_LC_GO_TEST_TIMEOUT: 120m
         with:
           environment_variables: AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT
           operating_system: openbsd
-          cpu_count: 4
-          memory: 16G
-          architecture: x86-64
-          version: '7.4'
+          cpu_count: 3
+          memory: 12G
+          architecture: ${{ matrix.arch }}
+          version: "${{ matrix.version }}"
           shell: bash
           run: |
             set -x
@@ -482,7 +484,7 @@ jobs:
             cd $(pwd)
             export PATH="${HOME}/bin:${PATH}"
             env
-            tests/ci/run_bsd_tests.sh ${{ matrix.args }}
+            tests/ci/run_bsd_tests.sh
             EOF
   gcc-4_8:
     needs: [sanity-test-run]
@@ -554,14 +556,17 @@ jobs:
 #          echo ${env:SDEROOT}
 #          .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86 true
 #
-  freebsd-13:
+  freebsd:
     if: github.repository_owner == 'aws'
     needs: [sanity-test-run]
-    name: FreeBSD ${{ matrix.version }} test
+    name: FreeBSD ${{ matrix.version }} (${{ matrix.arch }}) test
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
       matrix:
+        arch:
+          - 'x86-64'
+          - 'arm64'
         version:
           - '13.3'
           - '14.1'
@@ -578,11 +583,11 @@ jobs:
         with:
           environment_variables: 'AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT GOFLAGS'
           operating_system: freebsd
-          architecture: x86-64
+          architecture: ${{ matrix.arch }}
           version: ${{ matrix.version }}
           shell: bash
-          memory: 16G
-          cpu_count: 4
+          memory: 12G
+          cpu_count: 3
           run: |
             sudo pkg install -y git gmake cmake go ninja
             tests/ci/run_bsd_tests.sh
diff --git a/crypto/fipsmodule/bcm.c b/crypto/fipsmodule/bcm.c
index 0b0fa81202..ce8a3462d0 100644
--- a/crypto/fipsmodule/bcm.c
+++ b/crypto/fipsmodule/bcm.c
@@ -75,8 +75,10 @@
 #include "cpucap/cpu_aarch64.c"
 #include "cpucap/cpu_aarch64_sysreg.c"
 #include "cpucap/cpu_aarch64_apple.c"
+#include "cpucap/cpu_aarch64_freebsd.c"
 #include "cpucap/cpu_aarch64_fuchsia.c"
 #include "cpucap/cpu_aarch64_linux.c"
+#include "cpucap/cpu_aarch64_openbsd.c"
 #include "cpucap/cpu_aarch64_win.c"
 #include "cpucap/cpu_arm_freebsd.c"
 #include "cpucap/cpu_arm_linux.c"
diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_freebsd.c b/crypto/fipsmodule/cpucap/cpu_aarch64_freebsd.c
new file mode 100644
index 0000000000..9910261abf
--- /dev/null
+++ b/crypto/fipsmodule/cpucap/cpu_aarch64_freebsd.c
@@ -0,0 +1,61 @@
+/* Copyright (c) 2022, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include "internal.h"
+
+#if defined(OPENSSL_AARCH64) && defined(OPENSSL_FREEBSD) && \
+    !defined(OPENSSL_STATIC_ARMCAP)
+
+#include <machine/armreg.h>
+#include <sys/types.h>
+
+#include <openssl/arm_arch.h>
+
+
+// ID_AA64ISAR0_*_VAL are defined starting FreeBSD 13.0. When FreeBSD
+// 12.x is out of support, these compatibility macros can be removed.
+
+#ifndef ID_AA64ISAR0_AES_VAL
+#define ID_AA64ISAR0_AES_VAL ID_AA64ISAR0_AES
+#endif
+#ifndef ID_AA64ISAR0_SHA1_VAL
+#define ID_AA64ISAR0_SHA1_VAL ID_AA64ISAR0_SHA1
+#endif
+#ifndef ID_AA64ISAR0_SHA2_VAL
+#define ID_AA64ISAR0_SHA2_VAL ID_AA64ISAR0_SHA2
+#endif
+
+void OPENSSL_cpuid_setup(void) {
+  uint64_t id_aa64isar0 = READ_SPECIALREG(id_aa64isar0_el1);
+
+  OPENSSL_armcap_P |= ARMV7_NEON;
+
+  if (ID_AA64ISAR0_AES_VAL(id_aa64isar0) >= ID_AA64ISAR0_AES_BASE) {
+    OPENSSL_armcap_P |= ARMV8_AES;
+  }
+  if (ID_AA64ISAR0_AES_VAL(id_aa64isar0) >= ID_AA64ISAR0_AES_PMULL) {
+    OPENSSL_armcap_P |= ARMV8_PMULL;
+  }
+  if (ID_AA64ISAR0_SHA1_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA1_BASE) {
+    OPENSSL_armcap_P |= ARMV8_SHA1;
+  }
+  if (ID_AA64ISAR0_SHA2_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA2_BASE) {
+    OPENSSL_armcap_P |= ARMV8_SHA256;
+  }
+  if (ID_AA64ISAR0_SHA2_VAL(id_aa64isar0) >= ID_AA64ISAR0_SHA2_512) {
+    OPENSSL_armcap_P |= ARMV8_SHA512;
+  }
+}
+
+#endif  // OPENSSL_AARCH64 && OPENSSL_FREEBSD && !OPENSSL_STATIC_ARMCAP
diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_openbsd.c b/crypto/fipsmodule/cpucap/cpu_aarch64_openbsd.c
new file mode 100644
index 0000000000..6ceb636430
--- /dev/null
+++ b/crypto/fipsmodule/cpucap/cpu_aarch64_openbsd.c
@@ -0,0 +1,58 @@
+/* Copyright (c) 2022, Robert Nagy <robert@openbsd.org>
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/cpu.h>
+
+#if defined(OPENSSL_AARCH64) && defined(OPENSSL_OPENBSD) && \
+    !defined(OPENSSL_STATIC_ARMCAP)
+
+#include <sys/sysctl.h>
+#include <machine/cpu.h>
+#include <machine/armreg.h>
+#include <stdio.h>
+
+#include <openssl/arm_arch.h>
+
+#include "internal.h"
+
+
+void OPENSSL_cpuid_setup(void) {
+  // CTL_MACHDEP from sys/sysctl.h
+  // CPU_ID_AA64ISAR0 from machine/cpu.h
+  int isar0_mib[] = { CTL_MACHDEP, CPU_ID_AA64ISAR0 };
+  size_t len = sizeof(uint64_t);
+  uint64_t cpu_id = 0;
+
+  if (sysctl(isar0_mib, 2, &cpu_id, &len, NULL, 0) < 0)
+    return;
+
+  OPENSSL_armcap_P |= ARMV7_NEON;
+
+  if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_BASE)
+    OPENSSL_armcap_P |= ARMV8_AES;
+
+  if (ID_AA64ISAR0_AES(cpu_id) >= ID_AA64ISAR0_AES_PMULL)
+    OPENSSL_armcap_P |= ARMV8_PMULL;
+
+  if (ID_AA64ISAR0_SHA1(cpu_id) >= ID_AA64ISAR0_SHA1_BASE)
+    OPENSSL_armcap_P |= ARMV8_SHA1;
+
+  if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_BASE)
+    OPENSSL_armcap_P |= ARMV8_SHA256;
+
+  if (ID_AA64ISAR0_SHA2(cpu_id) >= ID_AA64ISAR0_SHA2_512)
+    OPENSSL_armcap_P |= ARMV8_SHA512;
+}
+
+#endif  // OPENSSL_AARCH64 && OPENSSL_OPENBSD && !OPENSSL_STATIC_ARMCAP
diff --git a/crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c b/crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c
index 6564f1145a..c8ea296fd1 100644
--- a/crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c
+++ b/crypto/fipsmodule/cpucap/cpu_aarch64_sysreg.c
@@ -14,11 +14,8 @@
 
 #include "../../internal.h"
 
-// While Arm system registers are normally not available to userspace, FreeBSD
-// expects userspace to simply read them. It traps the reads and fills in CPU
-// capabilities.
 #if defined(OPENSSL_AARCH64) && !defined(OPENSSL_STATIC_ARMCAP) && \
-    (defined(ANDROID_BAREMETAL) || defined(OPENSSL_FREEBSD))
+    defined(ANDROID_BAREMETAL)
 
 #include <openssl/arm_arch.h>
 
@@ -89,5 +86,4 @@ static uint32_t read_armcap(void) {
 
 void OPENSSL_cpuid_setup(void) { OPENSSL_armcap_P |= read_armcap(); }
 
-#endif  // OPENSSL_AARCH64 && !OPENSSL_STATIC_ARMCAP &&
-        // (ANDROID_BAREMETAL || OPENSSL_FREEBSD)
+#endif  // OPENSSL_AARCH64 && !OPENSSL_STATIC_ARMCAP && ANDROID_BAREMETAL
diff --git a/crypto/fipsmodule/cpucap/internal.h b/crypto/fipsmodule/cpucap/internal.h
index 784698a873..bccb8260c6 100644
--- a/crypto/fipsmodule/cpucap/internal.h
+++ b/crypto/fipsmodule/cpucap/internal.h
@@ -180,13 +180,9 @@ OPENSSL_INLINE int CRYPTO_cpu_perf_is_like_silvermont(void) {
 
 #if defined(OPENSSL_ARM) || defined(OPENSSL_AARCH64)
 
-// We do not detect any features at runtime on several 32-bit Arm platforms.
-// Apple platforms and OpenBSD require NEON and moved to 64-bit to pick up Armv8
-// extensions. Android baremetal does not aim to support 32-bit Arm at all, but
-// it simplifies things to make it build.
-#if defined(OPENSSL_ARM) && !defined(OPENSSL_STATIC_ARMCAP) && \
-    (defined(OPENSSL_APPLE) || defined(OPENSSL_OPENBSD) ||     \
-     defined(ANDROID_BAREMETAL))
+#if defined(OPENSSL_APPLE) && defined(OPENSSL_ARM)
+// We do not detect any features at runtime for Apple's 32-bit ARM platforms. On
+// 64-bit ARM, we detect some post-ARMv8.0 features.
 #define OPENSSL_STATIC_ARMCAP
 #endif
 
diff --git a/tests/ci/gtest_util.sh b/tests/ci/gtest_util.sh
index b04b1558e5..9202353a15 100644
--- a/tests/ci/gtest_util.sh
+++ b/tests/ci/gtest_util.sh
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: Apache-2.0 OR ISC
 
 function shard_gtest() {
-    export GTEST_TOTAL_SHARDS=$(nproc --all)
+    export GTEST_TOTAL_SHARDS=${NUM_CPU_THREADS}
     if [ -n "${2}" ]; then
         GTEST_TOTAL_SHARDS="${2}"
     fi
diff --git a/tests/ci/run_bsd_tests.sh b/tests/ci/run_bsd_tests.sh
index 377cda42da..bac26cdb89 100755
--- a/tests/ci/run_bsd_tests.sh
+++ b/tests/ci/run_bsd_tests.sh
@@ -6,6 +6,31 @@ set -ex
 
 source tests/ci/common_posix_setup.sh
 
+if [ "$PLATFORM" != "amd64" ] && [ "$PLATFORM" != "x86_64" ]; then
+    # ARM64 platforms are tested via emulation.
+    # We narrow testing to libcrypto to avoid exceeding 1 hour duration
+    SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+    SCRIPT_DIR="$(readlink -f "${SCRIPT_DIR}")"
+    source "${SCRIPT_DIR}/gtest_util.sh"
+
+    run_build all
+
+    shard_gtest "${BUILD_ROOT}/crypto/crypto_test --gtest_also_run_disabled_tests"
+    shard_gtest ${BUILD_ROOT}/crypto/urandom_test
+    shard_gtest ${BUILD_ROOT}/crypto/mem_test
+    shard_gtest ${BUILD_ROOT}/crypto/mem_set_test
+    shard_gtest ${BUILD_ROOT}/crypto/rwlock_static_init
+
+    shard_gtest ${BUILD_ROOT}/ssl/ssl_test
+    shard_gtest ${BUILD_ROOT}/ssl/integration_test
+
+    # Due to its special linkage, this does not use GoogleTest
+    ${BUILD_ROOT}/crypto/dynamic_loading_test
+
+    echo "Skipping further testing for $KERNEL_NAME $PLATFORM"
+    exit 0
+fi
+
 echo "Testing AWS-LC shared library in release mode."
 build_and_test -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1