3 Technology Preview

The following items are available as technical previews in this release of Oracle Linux. Note that some items listed apply to Red Hat Compatible Kernel (RHCK) and might already be available in UEK.

WireGuard

WireGuard is a VPN solution that has improved security features and is easily configurable.

Note that WireGuard is fully supported in UEK. See Oracle Linux: Configuring Virtual Private Networks for more information on using WireGuard on Oracle Linux.

KTLS

The Linux Kernel TLS (KTLS) handles TLS records for the AES-GCM cipher. KTLS also provides the interface for offloading TLS record encryption to NICs that support this functionality.

OpenSSL 3.0 is able to use KTLS if the enable-ktls configuration option is used during compiling.

The updated gnutls packages can use KTLS for accelerating data transfer on encrypted channels. To enable KTLS, add the tls.ko kernel module using the modprobe command, and create a new configuration file /etc/crypto-policies/local.d/gnutls-ktls.txt for the system-wide cryptographic policies with the following content:

[global]
ktls = true

Note that gnutls doesn't permit you to update traffic keys through TLS KeyUpdate messages, which impacts the security of AES-GCM ciphersuites.

Intel® Data Streaming Accelerator Driver

The Intel® data streaming accelerator driver (IDXD) for the kernel is an Intel® CPU integrated accelerator and includes the shared work queue with process address space ID (pasid) submission and shared virtual memory (SVM).

SGX

Software Guard Extensions (SGX) from Intel® protects software code and data from disclosure and modification. RHCK currently enables SGX v1 and v1.5.

Note that SGX is supported in UEK.

DAX

Direct Access (DAX) is available for the ext4 and XFS file systems. It enables an application to directly map persistent memory into its address space. DAX can be used on systems that have available persistent memory, typically NVDIMMs.

NVMe-oF Discovery Service

The NVMe-oF Discovery Service features are defined in the NVMexpress.org Technical Proposals (TP) 8013 and 8014. To preview these features, install the nvme-cli 2.0 package and attach the host to an NVMe-oF target device that implements TP-8013 or TP-8014. For more information about TP-8013 and TP-8014, see the NVM Express 2.0 Ratified TPs from the https://nvmexpress.org/developers/nvme-specification/ website.

Note that NVMe-oF is supported in UEK.

SEV and SEV-ES

The Secure Encrypted Virtualization (SEV) feature is provided for AMD EPYC host machines that use the KVM hypervisor. It encrypts a virtual machine's memory and protects the VM from access by the host.

SEV's enhanced Encrypted State version (SEV-ES) encrypts all CPU register contents when a VM stops running, thus preventing the host from modifying the VM's CPU registers or reading any information from them.

Note that SEV is supported in UEK.

Virtualization for Arm Platforms

You can create KVM virtual machines on systems running on the Arm (aarch64) platforms using RHCK as a technical preview.

KVM is supported on aarch64 in UEK.

virtio-mem for Intel® and AMD Systems

Oracle Linux 9 introduces the virtio-mem feature for AMD and Intel® systems. With virtio-mem, you can dynamically add or remove host memory in virtual machines (VMs).

To use virtio-mem, do the following:

  1. Define virtio-mem memory devices in the XML configuration of a VM.

  2. Use the virsh update-memory-device command to request memory device size changes while the VM is running.

To see the current memory size exposed by such memory devices to a running VM, view the XML configuration of the VM.

systemd-resolved Service

The systemd-resolved service provides name resolution to local applications. The service implements a caching and validating DNS stub resolver, a Link-Local Multicast Name Resolution (LLMNR), and Multicast DNS resolver and responder.

Stratis

A local storage manager, Stratis manages file systems on top of pools of storage and provides features such as the following:

  • Manage snapshots and thin provisioning

  • Automatically grow file system sizes as needed

  • Maintain file systems

You administer Stratis storage through the stratis utility, which communicates with the stratisd background service.

nvme-stas Package

The nvme-stas package, which is a Central Discovery Controller (CDC) client for Linux, handles the following functionalities:

  • Asynchronous Event Notifications (AEN)

  • Automated NVMe subsystem connection controls

  • Error handling and reporting

  • Automatic (zeroconf) and Manual configuration.

This package consists of two daemons, Storage Appliance Finder (stafd) and Storage Appliance Connector (stacd).

nodejs:18 Module Stream

Node.js 18 provides numerous new features together with bug and security fixes over Node.js 16, including the following:

  • V8 engine is upgraded to version 10.1.

  • The npm package manager is upgraded to version 8.15.0.

  • Node.js provides a new experimental fetch API as well as an experimental node:test module that facilitates the creation of tests that report results in the Test Anything Protocol (TAP) format.

To install the nodejs:18 module stream, type:

sudo dnf module install nodejs:18

jmc-core and owasp-java-encoder

jmc-core is a library that provides core APIs for Java Development Kit (JDK) Mission Control, including the following:

  • Libraries for parsing and writing JDK Flight Recording files

  • Libraries for Java Virtual Machine (JVM) discovery through Java Discovery Protocol (JDP)

The owasp-java-encoder package provides a collection of high-performance low-overhead contextual encoders for Java.