After two months of development, the new version of the Linux Kernel 5.4 was presented, version in which various changes are highlighted These include: experimental exFAT driver, "lockdown" mode to limit root access to the kernel, fs-verity mechanism to monitor file integrity, the ability to use CIFS for the root partition, and more.
The new version adopted 15743 patchs, patch size is 63MB (changes affected 12800 files, 828167 lines of code added, 126149 lines removed). About 46% of all the changes presented in 5.4 are related to device drivers, about 15% of the changes are related to updating the specific code of hardware architectures, 12% are related to the network stack, 4% with file systems and 3% with internal kernel subsystems.
Main news in Linux 5.4
In the experimental section «staging» ("Drivers / staging /"), where the components that require refinement are placed, an open exFAT driver developed by Samsung is added. Previously, it was not possible to add exFAT support to the kernel due to patents, but the situation changed after Microsoft released the publicly available specifications and allowed exFAT patents to be used for free on Linux.
The driver added to the kernel is based on a Samsung code obsolete (version 1.2.9), which requires refinement and adaptation to the requirements to design the code for the kernel.
Added a mechanism to detect modificationsso substitutions fs-verity, similar to dm-verity, but working at the filesystem level, not on the block device. Fs-verity adds the ability to selectively use integrity checks and authenticate individual files used in read-only mode.
A new "Device-Mapper dm-clone" driver reaches the Linux kernel 5.4, this allows you to create a local copy based on the read-only block device that can be written during the cloning process.
The EROFS file system that was previously on the "staging" branch has been moved to the main tree.
EROFS supports storing compressed data, but takes a different approach to storing compressed blocks, optimized for high performance with random access to data.
For the virtualization part, the kernel adopted the »lockdown» module, which incorporated the patches supplied in the distributions, used to restrict the access of the root user to the kernel and block the UEFI Secure Boot bypass.
Without using locking, an attacker who succeeds in executing code with root privileges can also execute his code at the kernel level, for example by replacing the kernel with kexec or reading / writing memory via / dev / kmem.
Another novelty is that it has been added a new virtiofs filesystem, which enables efficient export of parts of the file system from the host system to guest systems. The directory marked for export can be mounted by the guest system on the host side, which greatly simplifies the organization of shared access to directories on virtualization systems.
On the other hand, it stands out that Amdgpu adds support for Navi 12/14 GPUsas well as the Arcturus and Renoir APUs, including power management tools for Navi12, Renoir, and Arcturus.
The controller amdkfd (for discrete GPUs like Fiji, Tonga, Polaris) added support for cards based on the Navi14, Navi12 and Arcturus GPUs.
In the DRM driver for Intel graphics cards, support for the GPU used in chips not yet released has been added based on the new Tiger Lake microarchitecture.
The DRM (Direct Rendering Manager) subsystem and the i915 DRM driver for the Intel video subsystem have added support for HDCP2.2 video and audio content copy protection technology.
The Nouveau driver has improved display color management and has added the ability to use additional properties (DEGAMMA / CTM / GAMMA) for the NVIDIA nv50 GPU.
While for the hardware:
- Added support for ARM SoC ASpeed AST2600.
- Support for outdated and no longer used Kendin / Micrel / Microchip SoCs, Winbond / Nuvoton W8695x90, and Intel IOP900x / IOP33xx have been removed.
- Additional support for platforms and plates ARM Snapdragon 855 (SM8150), Mediatek MT7629, Allwinner V3, NXP i.MX8M Nano, Layerscape LS1046A, Amlogic SM1 (S905X3), Amlogic G12B (S922X, A311D), Rockchips Mecer Xtreme Mini S6, AO Mini, AsOpen Chromebase Mini, AsOpen Chromebase Mini AST2600, Leez RK3399 P710.
- Added support for laptops based on SoC Snapdragon 835 / MSM8998 (Asus NovaGo TP370QL, HP Envy X2 and Lenovo Miix 630), Snapdragon 850 / sdm850 (Lenovo Yoga C630) and smartphones based on Snapdragon 410 / MSM8916 (Samsung Galaxy A3, A5, Longcheer L8150 / Android One 2).