The VirtIO-IOMMU driver now works on x86/x86_64 hardware with the Linux 5.14 kernel. Added two years ago to the Linux kernel was the VirtIO-IOMMU driver (merged in Linux 5.3) with an original focus on AArch64 for hardware for paravirtual IOMMU after being worked on out-of-tree for years prior. Now with Linux 5.14 in 2021 the VirtIO-IOMMU code is adapted to work on x86 Intel/AMD hardware too.

The "memfd_secret" system call is being added to the Linux 5.14 kernel to provide the ability to create memory areas that are visible only in the context of the owning process and these "secret" memory regions are not mapped by other processes or the kernel page tables. This work originated with the proposed secretmemfd work for secret memory on Linux and over the past year as memfd_secret has been gping through many rounds of review. The intended use-case for these secret memory areas are cases like OpenSSL private keys potentially being stored within these areas to reduce the possibility they are exposed in system memory and not able to be backed up by other hardware encryption methods with modern hardware.

Fixing vulns in poudriere jails When a FreeBSD security alert comes out, or a package is marked as vulnerable, I try to get that fixed as soon as I can. Even if not using the feature. Sometimes a vuln can be leverages against something you are using. Patch it. When it comes to my poudriere jails, I don’t.

Lubuntu 20.10 End of Life and Current Support Statuses Lubuntu 20.10 (Groovy Gorilla) was released October 22, 2020 and will reach End of Life on Thursday, July 22, 2021. This means that after that date there will be no further security updates or bugfixes released. We highly recommend that you update to 21.04 as soon as possible if you are still running 20.10. After July 22nd, the only supported releases of Lubuntu will be 20.04 (until April 2023) and 21.04 (until January 2022). All other releases of Lubuntu will be considered unsupported, and will no longer receive any further updates from the Lubuntu team.