Installation and Boot

The following features, enhancements, and changes related to installation and boot are introduced in this release of Oracle Linux 9.

Tailoring Options for the SCAP Security Profile to a Blueprint Customization

You can add tailoring options for a profile to the /b blueprint customizations by using the following options:

• selected for the list of rules that you want to add

• unselected for the list of rules that you want to remove

With the default org.ssgproject.content rule namespace, you can omit the prefix for rules under this namespace. For example: the org.ssgproject.content_grub2_password and grub2_password are functionally equivalent.

When you build an image from that blueprint, it creates a tailoring file with a new tailoring profile ID and saves it to the image as /usr/share/xml/osbuild-oscap-tailoring/tailoring.xml. The new profile ID will have _osbuild_tailoring appended as a suffix to the base profile. For example, if you use the cis base profile, xccdf_org.ssgproject.content_profile_cis_osbuild_tailoring.

boom Updated to 1.6.0

The boom package has been updated to 1.6.0. Notable changes include:

• boom can use the systemd multi-volume snapshot boot syntax.

• New --mount and --no-fstab options for additional volumes to mount at the boot entry.

DEP and NX Options During Pre-Boot

The Data Execution Prevention (DEP), No Execute (NX), or Execute Disable (XD) memory protection features are now included in the GRUB and shim boot loaders to help prevent some vulnerabilities during the preboot stage, such as a malicious EFI drivers.