The guys from Oracle have presented the release of the first stable version of Unbreakable Enterprise Kernel 6 which is based on the Linux 5.4 kernel and which is complemented by new features, optimizations and fixes and is also tested for compatibility with most applications running on RHEL and is specially optimized to work with Oracle hardware and industrial software.
This Kernel modified by Oracle, is positioned as an advanced set Linux kernel, positioned for use in the Oracle Linux distribution as an alternative to the normal Red Hat Enterprise Linux kernel package.
What's New Unbreakable Enterprise Kernel 6
In this new version UEFI Secure Boot Lock Mode has been improved and enabled, which restricts root access to the kernel and blocks UEFI secure boot bypass paths.
As well added support for restricted speculation instructions Indirect Branch (IBRS) that allow you to adaptively enable and disable speculative execution of instructions during interrupt, system call, and context switch operations. With improved IBRS support, this method used to protect against Specter V2 class attacks instead of Retpolineas it allows higher performance.
It is also highlighted that support for the Btrfs file system was improved, for added ability to use Btrfs on root partitions and that an option has been added to the installer to select Btrfs when formatting devices, as well as the ability to host swap files on partitions with Btrfs.
Protection in directories accessible to all to write has been improved. In these directories it is prohibited to create FIFO files and files that belong to users who do not match the owner of the directory.
Moreover ktask framework is highlighted to parallelize tasks in the kernel that consume significant CPU resources. For example, using ktask, you can arrange parallelization of operations to clear page ranges from memory or to process an inode list.
A parallel version of kswapd is included to process operations memory page replacement in asynchronous mode, reducing the number of direct replacement (synchronous) operations. When the number of free pages in memory decreases, kswapd scans to identify unused pages that could be freed.
In addition, support is included for verifying the integrity of the kernel image and firmware by means of a digital signature, when loading the kernel using the Kexec mechanism (loading the kernel from an already loaded system).
Virtual memory management system performance optimized, memory and cache page cleaning efficiency was improved, and the processing of accesses to unallocated memory pages (page faults) was improved.
Of the other changes that stand out:
- Extended support for systems based on ARM 64-bit architecture (aarch64).
- Implemented support for all Cgroup v2 features.
- Extended support for NVDIMMs, specified read-only memory can now be used as traditional RAM.
- Improved file system OCFS2 (Oracle Cluster File System).
- Added support for Adiantum mode for fast disk encryption.
- Added support for compression using the Zstandard (zstd) algorithm.
- The ext4 file system uses 64-bit timestamps in superblock fields.
- XFS includes tools to report FS integrity during operation and get fsck deployment status on the fly.
- The implementation of the kernel-level TLS protocol (KTLS) is involved, which can now be applied not only to sent data, but also to received data.
- The default firewall is nftables. Added optional bpfilter support.
- Added support for "NVMe over Fabrics TCP".
- A virtio-pmem driver has been added that represents access to storage devices mirrored in a physical address space, such as NVDIMMs.
The packages for the installation of this Kernel can be found In the following link.