Linux Kernel 6.10 Released: Exploring New Security Features
Linus Torvalds announced the release of Linux kernel 6.10 on July 14th, 2024, marking it as the latest stable kernel branch. This release brings an array of new features and improvements that enhance both functionality and hardware support. Here, we will explore the security features and changes introduced in this Linux kernel version.
Linux Kernel 6.10: New Security Features
Memory Sealing “mseal” System
One of the notable introductions in Linux 6.10 is the new mseal() system call. This feature allows for memory sealing, providing an additional layer of security by preventing certain modifications to sealed memory areas.
Kernel Control Flow Integrity (KCFI)
Linux kernel 6.10 significantly enhances security by expanding the hardening configuration to include Kernel Control Flow Integrity (KCFI) and other crucial protections. The “make hardening.config” feature, introduced in Linux 6.7, now includes support for Clang Kernel Control Flow Integrity (KCFI). This advanced protection, however, requires using the LLVM Clang compiler instead of GCC.
Trusted Platform Module (TPM2)
Security enhancements continue with the addition of encryption and integrity protection for the Trusted Platform Module (TPM2) bus, ensuring the secure transmission of sensitive data between the TPM and the system. This development is in response to recent demonstrations of TPM key recovery attacks on both Windows and Linux systems. The new features aim to safeguard TPM2 modules from potential compromise by active or passive attackers.
Additional Improvements in Linux Kernel 6.10
Rust Language Support for RISC-V
Expanding the versatility of Rust within the Linux ecosystem, this release includes support for the Rust language on the RISC-V architecture. This integration facilitates safer and more efficient coding practices for developers working on RISC-V platforms.
Zstandard Compression for EROFS
The EROFS (Enhanced Read-Only File System) now supports Zstandard compression. This addition improves file system efficiency by reducing storage space requirements while maintaining high compression speeds.
Shadow Stack Support for x32 Subarchitecture
The inclusion of shadow stack support for the x32 subarchitecture enhances security by providing hardware-based stack protection, mitigating certain types of attacks such as return-oriented programming (ROP).
PFCP Filter Support
Initial support for setting up Packet Forwarding Control Protocol (PFCP) filters has been added, enabling more advanced and flexible network packet handling capabilities.
Availability and Future Releases
Linux kernel 6.10 is available for download from Linus Torvalds’ git tree or the kernel.org website. Also, it is important to note that this release will be a short-lived branch, supported for only a couple of months, before being succeeded by Linux kernel 6.11. The merge window for Linux 6.11 has been officially opened by Linus Torvalds, with the release expected in mid or late September 2024.
Conclusion
The release of Linux kernel 6.10 marks another step forward in the evolution of the Linux operating system. With its array of new features, improved hardware support, and performance enhancements, this latest kernel version promises to deliver a more secure, efficient, and versatile computing experience for users.
To further maximize the security of your Linux systems, consider utilizing TuxCare’s KernelCare Enterprise. It offers automated live patching for all major Linux distributions, allowing the deployment of critical security updates without rebooting the system. Live patching is crucial for mission-critical systems and businesses demanding uninterrupted operations.
Discover how live patching works with KernelCare Enterprise.
The sources for this article include a story from Phoronix.