Kernel: Linux 5.10 Additions and Trust Model
-
Intel Rewrites Old Haswell-Era Audio Driver Due To Bugs, Plus DG1 Audio For Linux 5.10
The sound subsystem updates were submitted today for the Linux 5.10 kernel with some interesting changes and new hardware support.
-
Linux 5.10 Graphics Driver Changes From AMDGPU DC For GCN 1.0 To Continuing RDNA 2 Push
The direct rendering manager (DRM) driver updates were sent in overnight for the ongoing Linux 5.10 merge window with a range of improvements for these graphics/display drivers and as usual the Intel and AMD Radeon driver churn is particularly heavy.
-
AMD Secure Nested Paging IOMMU For SEV-SNP Lands In Linux 5.10
In addition to Linux 5.10 supporting SEV-ES as the "encrypted state" for AMD EPYC's Secure Encrypted Virtualization, this kernel is also adding Secure Nested Paging (SNP) support to the AMD IOMMU driver as part of their next-generation SEV-SNP security.
AMD SEV-SNP is an effort to further boost virtual machine isolation and appears to likely be supported with upcoming AMD EPYC 7003 "Milan" processors based on the timing of their original SEV-SNP whitepaper earlier this year and now the timing of this SNP Linux kernel support. SEV-SNP builds on the original AMD SEV and SEV-ES to offer additional hardware-based memory integrity protections for fending off hypervisor-based attacks.
-
XFS File-System With Linux 5.10 Punts Year 2038 Problem To The Year 2486
Not only is Btrfs seeing notable improvements with the in-development Linux 5.10 kernel but the XFS file-system also has some prominent changes of its own.
-
From O_MAYEXEC to trusted_for()
The ability to execute the contents of a file is controlled by the execute-permission bits — some of the time. If a given file contains code that can be executed by an interpreter — such as shell commands or code in a language like Perl or Python, for example — there are easy ways to run the interpreter on the file regardless of whether it has execute permission enabled or not. Mickaël Salaün has been working on tightening up the administrator's control over execution by interpreters for some time, but has struggled to find an acceptable home for this feature. His latest attempt takes the form of a new system call named trusted_for().
Tightly locked-down systems are generally set up to disallow the execution of any file that has not been approved by the system's overlords. That control is nearly absolute when it comes to binary machine code, especially when security modules are used to enforce signature requirements and prevent techniques like mapping a file into some process's address space with execute permission. Execution of code by an interpreter, though, just looks like reading a file to the kernel so, without cooperation from the interpreter itself, the kernel cannot know whether an attempt is being made to execute code contained within a given file. As a result, there is no way to apply any kernel-based policies to that type of access.
Enabling that cooperation is the point of Salaün's work; it is, at its core, a way for an interpreter to inform the kernel that it intends to execute the contents of a file. Back in May 2020, the first attempt tried to add an O_MAYEXEC flag to be used with the openat2() system call. If system policy does not allow a given file to be executed, an attempt to open it with O_MAYEXEC will fail.
-
Devices/Embedded With GNU/Linux or Linux Support
Best open source gifts for 2020
If you're looking for a desktop, the single greatest Linux-powered desktop on the market is the System 76 Thelio. In fact, it might be the best desktop you can buy, period. This beast of a machine comes in three flavors: Thelio, Thelio Major, and Thelio Massive. For everyday use, go with Thelio. If your open source enthusiast is a gamer or needs more power, go with the Thelio Major. If, however, the recipient of this gift is a serious number cruncher, the Thelio Massive will power all of their tasks. Either way, you cannot go wrong with a gift of the Thelio. The Thelio has a base price of $899, the Thelio Major has a base price of $2499, and the Thelio Massive has a base price of $3199.
Audiocasts/Shows: Why Client Server Is Perfect For The Unix Philosophy, Bad Voltage, and Ubuntu Podcast
Security Leftovers
