ClickCease Linux Kernel 6.10 Released: Exploring New Security Features

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Linux Kernel 6.10 Released: Exploring New Security Features

by Rohan Timalsina

July 29, 2024 - TuxCare expert team

Linus Torvalds announced the release of Linux kernel 6.10 on July 14th, 2024, marking it as the latest stable kernel branch. This release brings an array of new features and improvements that enhance both functionality and hardware support. Here, we will explore the security features and changes introduced in this Linux kernel version.

 

Linux Kernel 6.10: New Security Features

 

Memory Sealing “mseal” System

One of the notable introductions in Linux 6.10 is the new mseal() system call. This feature allows for memory sealing, providing an additional layer of security by preventing certain modifications to sealed memory areas.

 

Kernel Control Flow Integrity (KCFI)

Linux kernel 6.10 significantly enhances security by expanding the hardening configuration to include Kernel Control Flow Integrity (KCFI) and other crucial protections. The “make hardening.config” feature, introduced in Linux 6.7, now includes support for Clang Kernel Control Flow Integrity (KCFI). This advanced protection, however, requires using the LLVM Clang compiler instead of GCC.

 

Trusted Platform Module (TPM2)

Security enhancements continue with the addition of encryption and integrity protection for the Trusted Platform Module (TPM2) bus, ensuring the secure transmission of sensitive data between the TPM and the system. This development is in response to recent demonstrations of TPM key recovery attacks on both Windows and Linux systems. The new features aim to safeguard TPM2 modules from potential compromise by active or passive attackers.

 

Additional Improvements in Linux Kernel 6.10

 

Rust Language Support for RISC-V

Expanding the versatility of Rust within the Linux ecosystem, this release includes support for the Rust language on the RISC-V architecture. This integration facilitates safer and more efficient coding practices for developers working on RISC-V platforms.

 

Zstandard Compression for EROFS

The EROFS (Enhanced Read-Only File System) now supports Zstandard compression. This addition improves file system efficiency by reducing storage space requirements while maintaining high compression speeds.

 

Shadow Stack Support for x32 Subarchitecture

The inclusion of shadow stack support for the x32 subarchitecture enhances security by providing hardware-based stack protection, mitigating certain types of attacks such as return-oriented programming (ROP).

 

PFCP Filter Support

Initial support for setting up Packet Forwarding Control Protocol (PFCP) filters has been added, enabling more advanced and flexible network packet handling capabilities.

 

Availability and Future Releases

 

Linux kernel 6.10 is available for download from Linus Torvalds’ git tree or the kernel.org website. Also, it is important to note that this release will be a short-lived branch, supported for only a couple of months, before being succeeded by Linux kernel 6.11. The merge window for Linux 6.11 has been officially opened by Linus Torvalds, with the release expected in mid or late September 2024.

 

Conclusion

 

The release of Linux kernel 6.10 marks another step forward in the evolution of the Linux operating system. With its array of new features, improved hardware support, and performance enhancements, this latest kernel version promises to deliver a more secure, efficient, and versatile computing experience for users.

To further maximize the security of your Linux systems, consider utilizing TuxCare’s KernelCare Enterprise. It offers automated live patching for all major Linux distributions, allowing the deployment of critical security updates without rebooting the system. Live patching is crucial for mission-critical systems and businesses demanding uninterrupted operations.

Discover how live patching works with KernelCare Enterprise.

 

The sources for this article include a story from Phoronix.

Summary
Linux Kernel 6.10 Released: Exploring New Security Features
Article Name
Linux Kernel 6.10 Released: Exploring New Security Features
Description
Discover the new security features and improvements in Linux kernel 6.10, including memory sealing, KCFI, and Trusted Platform Module.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Become a TuxCare Guest Writer

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter