Monday, August 30, 2021

Linux 5.14 is here, packing boosted security protection

Days after the Linux kernel celebrated its 30th anniversary, Linus Torvalds, its creator and maintainer, put out its latest release with improvements to hardware support and security.

“The celebrations will go on for a few more weeks yet, but you all may just need a breather from them. And when that happens, I have just the thing for you - a new kernel release to test and enjoy,” wrote Torvalds as he put out the new release. 

The development cycle of the 5.14 release didn’t face any major hurdles and completed on schedule in just under two months. 

Reporting on the release, The Register notes that two of the headline features in the release are memfd_secret() system call and core scheduling, both of which are major efforts in the kernel’s attempts to mitigate the Spectre and Meltdown hardware vulnerabilities.

Here's to another 30

The memfd_secret() system call, which has been under development for about two years now, essentially earmarks a region of memory that is private to an application, blocking access even to the kernel itself. 

This is reportedly important, since this area can’t be accessed by the Spectre and Meltdown vulnerabilities, making it an ideal silo to hold sensitive information such as cryptographic keys.

Furthermore, the core scheduling enhancement improves Linux’ support for hyperthreading, in order to prevent trusted and less-trusted processes from sharing resources. This avoids risks associated with Spectre-like attacks, specifically cross-hyperthreading attacks.

Elsewhere the latest release also improves the kernel’s hardware support. In addition to complete support for the Raspberry Pi 400, the release adds support for popular systems-on-a-chip (SoC) such as the Rockchip RK3568, the Qualcomm SA8155p, and more.

Even as the community continues to celebrate three decades of the world’s most popular open source project, the kernel developers down in the trenches are already hacking away at the next release.

“Of course, the poor tireless kernel maintainers won't have time for the festivities, because for them, this just means that the merge window will start tomorrow. We have another 30 years to look forward to, after all,” concluded Torvalds.

Via The Register



from TechRadar - All the latest technology news https://ift.tt/3Dv2YED

No comments:

Post a Comment