3 Technology Preview
The following items are available as technical previews in this release of Oracle Linux. Note that some items listed apply to Red Hat Compatible Kernel (RHCK) and might already be available in UEK.
The Linux Kernel TLS (KTLS) handles TLS records for the AES-GCM cipher. KTLS also provides the interface for offloading TLS record encryption to NICs that support this functionality.
OpenSSL 3.0 is able to use KTLS if the
enable-ktls configuration option is
used during compiling.
gnutls packages can use KTLS for accelerating data transfer on
encrypted channels. To enable KTLS, add the
tls.ko kernel module using the
modprobe command, and create a new configuration file
/etc/crypto-policies/local.d/gnutls-ktls.txt for the system-wide
cryptographic policies with the following content:
[global] ktls = true
gnutls doesn't permit you to update traffic keys through TLS
KeyUpdate messages, which impacts the security of AES-GCM ciphersuites.
Software Guard Extensions (SGX) from Intel® protects software code and data from disclosure and modification. RHCK currently enables SGX v1 and v1.5.
Note that SGX is supported in UEK.
Direct Access (DAX) is available for the
ext4 and XFS file systems. It
enables an application to directly map persistent memory into its address space. DAX can be
used on systems that have available persistent memory, typically NVDIMMs.
SEV and SEV-ES
The Secure Encrypted Virtualization (SEV) feature is provided for AMD EPYC host machines that use the KVM hypervisor. It encrypts a virtual machine's memory and protects the VM from access by the host.
SEV's enhanced Encrypted State version (SEV-ES) encrypts all CPU register contents when a VM stops running, thus preventing the host from modifying the VM's CPU registers or reading any information from them.
Note that SEV is supported in UEK.
WireGuard is a VPN solution that has improved security features and is easily configurable.
Note that WireGuard is fully supported in UEK. See Oracle Linux: Configuring Virtual Private Networks for more information on using WireGuard on Oracle Linux.