3 Technology Preview
The following items are available as technical previews in this release of Oracle Linux. Note that some items listed apply to Red Hat Compatible Kernel (RHCK) and might already be available in UEK.
KTLS
The Linux Kernel TLS (KTLS) handles TLS records for the AES-GCM cipher. KTLS also provides the interface for offloading TLS record encryption to NICs that support this functionality.
OpenSSL 3.0 is able to use KTLS if the enable-ktls
configuration option is
used during compiling.
The updated gnutls
packages can use KTLS for accelerating data transfer on
encrypted channels. To enable KTLS, add the tls.ko
kernel module using the
modprobe
command, and create a new configuration file
/etc/crypto-policies/local.d/gnutls-ktls.txt
for the system-wide
cryptographic policies with the following content:
[global] ktls = true
Note that gnutls
doesn't permit you to update traffic keys through TLS
KeyUpdate
messages, which impacts the security of AES-GCM ciphersuites.
SGX
Software Guard Extensions (SGX) from Intel® protects software code and data from disclosure and modification. RHCK currently enables SGX v1 and v1.5.
Note that SGX is supported in UEK.
DAX
Direct Access (DAX) is available for the ext4
and XFS file systems. It
enables an application to directly map persistent memory into its address space. DAX can be
used on systems that have available persistent memory, typically NVDIMMs.
SEV and SEV-ES
The Secure Encrypted Virtualization (SEV) feature is provided for AMD EPYC host machines that use the KVM hypervisor. It encrypts a virtual machine's memory and protects the VM from access by the host.
SEV's enhanced Encrypted State version (SEV-ES) encrypts all CPU register contents when a VM stops running, thus preventing the host from modifying the VM's CPU registers or reading any information from them.
Note that SEV is supported in UEK.
WireGuard
WireGuard is a VPN solution that has improved security features and is easily configurable.
Note that WireGuard is fully supported in UEK. See Oracle Linux: Configuring Virtual Private Networks for more information on using WireGuard on Oracle Linux.