3 Technology Preview
The following items are available as technical previews in this release of Oracle Linux. Note that some items listed apply to Red Hat Compatible Kernel (RHCK) and might already be available in UEK.
WireGuard
WireGuard is a VPN solution that has improved security features and is easily configurable.
Note that WireGuard is fully supported in UEK. See Oracle Linux: Configuring Virtual Private Networks for more information on using WireGuard on Oracle Linux.
KTLS
The Linux Kernel TLS (KTLS) handles TLS records for the AES-GCM cipher. KTLS also provides the interface for offloading TLS record encryption to NICs that support this functionality.
OpenSSL 3.0 is able to use KTLS if the enable-ktls
configuration option is
used during compiling.
The updated gnutls
packages can use KTLS for accelerating data transfer on
encrypted channels. To enable KTLS, add the tls.ko
kernel module using the
modprobe
command, and create a new configuration file
/etc/crypto-policies/local.d/gnutls-ktls.txt
for the system-wide
cryptographic policies with the following content:
[global] ktls = true
Note that gnutls
doesn't permit you to update traffic keys through TLS
KeyUpdate
messages, which impacts the security of AES-GCM ciphersuites.
Intel® Data Streaming Accelerator Driver
The Intel® data streaming accelerator driver (IDXD) for the kernel is an Intel® CPU integrated accelerator and includes the shared work queue with process address space ID (pasid) submission and shared virtual memory (SVM).
SGX
Software Guard Extensions (SGX) from Intel® protects software code and data from disclosure and modification. RHCK currently enables SGX v1 and v1.5.
Note that SGX is supported in UEK.
DAX
Direct Access (DAX) is available for the ext4
and XFS file systems. It
enables an application to directly map persistent memory into its address space. DAX can be
used on systems that have available persistent memory, typically NVDIMMs.
NVMe-oF Discovery Service
The NVMe-oF Discovery Service features are defined in the NVMexpress.org Technical
Proposals (TP) 8013 and 8014. To preview these features, install the nvme-cli
2.0
package and attach the host to an NVMe-oF target device that implements
TP-8013 or TP-8014. For more information about TP-8013 and TP-8014, see the NVM Express
2.0 Ratified TPs from the https://nvmexpress.org/developers/nvme-specification/
website.
Note that NVMe-oF is supported in UEK.
SEV and SEV-ES
The Secure Encrypted Virtualization (SEV) feature is provided for AMD EPYC host machines that use the KVM hypervisor. It encrypts a virtual machine's memory and protects the VM from access by the host.
SEV's enhanced Encrypted State version (SEV-ES) encrypts all CPU register contents when a VM stops running, thus preventing the host from modifying the VM's CPU registers or reading any information from them.
Note that SEV is supported in UEK.
Virtualization for Arm Platforms
You can create KVM virtual machines on systems running on the Arm (aarch64) platforms using RHCK as a technical preview.
KVM is supported on aarch64 in UEK.
virtio-mem
for Intel® and AMD Systems
Oracle Linux 9 introduces the virtio-mem
feature for AMD and Intel®
systems. With virtio-mem
, you can dynamically add or remove host memory in
virtual machines (VMs).
To use virtio-mem
, do the following:
-
Define
virtio-mem
memory devices in the XML configuration of a VM. - Use the
virsh update-memory-device
command to request memory device size changes while the VM is running.
To see the current memory size exposed by such memory devices to a running VM, view the XML configuration of the VM.
systemd-resolved
Service
The systemd-resolved
service provides name resolution to local
applications. The service implements a caching and validating DNS stub resolver, a
Link-Local Multicast Name Resolution (LLMNR), and Multicast DNS resolver and responder.
Stratis
A local storage manager, Stratis manages file systems on top of pools of storage and provides features such as the following:
-
Manage snapshots and thin provisioning
-
Automatically grow file system sizes as needed
-
Maintain file systems
You administer Stratis storage through the stratis
utility, which
communicates with the stratisd
background service.
nvme-stas Package
The nvme-stas
package, which is a Central Discovery Controller (CDC)
client for Linux, handles the following functionalities:
-
Asynchronous Event Notifications (AEN)
-
Automated NVMe subsystem connection controls
-
Error handling and reporting
-
Automatic (
zeroconf
) and Manual configuration.
This package consists of two daemons, Storage Appliance Finder (stafd
)
and Storage Appliance Connector (stacd
).
nodejs:18
Module Stream
Node.js 18
provides numerous new features together with bug and security
fixes over Node.js 16
, including the following:
-
V8
engine is upgraded to version 10.1. -
The
npm
package manager is upgraded to version 8.15.0. -
Node.js
provides a new experimentalfetch
API as well as an experimentalnode:test
module that facilitates the creation of tests that report results in the Test Anything Protocol (TAP) format.
To install the nodejs:18
module stream, type:
sudo dnf module install nodejs:18
jmc-core
and owasp-java-encoder
jmc-core
is a library that provides core APIs for Java Development Kit
(JDK) Mission Control, including the following:
-
Libraries for parsing and writing JDK Flight Recording files
-
Libraries for Java Virtual Machine (JVM) discovery through Java Discovery Protocol (JDP)
The owasp-java-encoder
package provides a collection of
high-performance low-overhead contextual encoders for Java.