1. Release Notes for Oracle Linux 9
  2. Technology Preview

3 Technology Preview

The following items are available as technical previews in this release of Oracle Linux. Note that some items listed apply to Red Hat Compatible Kernel (RHCK) and might already be available in UEK.

KTLS

The Linux Kernel TLS (KTLS) handles TLS records for the AES-GCM cipher. KTLS also provides the interface for offloading TLS record encryption to NICs that support this functionality.

OpenSSL 3.0 is able to use KTLS if the enable-ktls configuration option is used during compiling.

The updated gnutls packages can use KTLS for accelerating data transfer on encrypted channels. To enable KTLS, add the tls.ko kernel module using the modprobe command, and create a new configuration file /etc/crypto-policies/local.d/gnutls-ktls.txt for the system-wide cryptographic policies with the following content: 

[global]
ktls = true

Note that gnutls doesn't permit you to update traffic keys through TLS KeyUpdate messages, which impacts the security of AES-GCM ciphersuites.

SGX

Software Guard Extensions (SGX) from Intel® protects software code and data from disclosure and modification. RHCK currently enables SGX v1 and v1.5.

Note that SGX is supported in UEK.

DAX

Direct Access (DAX) is available for the ext4 and XFS file systems. It enables an application to directly map persistent memory into its address space. DAX can be used on systems that have available persistent memory, typically NVDIMMs.

SEV and SEV-ES

The Secure Encrypted Virtualization (SEV) feature is provided for AMD EPYC host machines that use the KVM hypervisor. It encrypts a virtual machine's memory and protects the VM from access by the host.

SEV's enhanced Encrypted State version (SEV-ES) encrypts all CPU register contents when a VM stops running, thus preventing the host from modifying the VM's CPU registers or reading any information from them.

Note that SEV is supported in UEK.

WireGuard

WireGuard is a VPN solution that has improved security features and is easily configurable.

Note that WireGuard is fully supported in UEK. See Oracle Linux: Configuring Virtual Private Networks for more information on using WireGuard on Oracle Linux.