October 26, 2016

Linux 4.2 Released Improving Cryptography Options

  • August 30, 2015
  • By Sean Michael Kerner

After eight release candidates, Linux 4.2 is now available, marking one of the longer development cycles in the last few years. The longer cycle was likely only the result of an abundance of caution on Linus Torvalds' part and some travel (Linuxcon) too.

"So judging by how little happened this week, it wouldn't have been a mistake to release 4.2 last week after all, but hey, there's certainly a few fixes here, and it's not like delaying 4.2 for a week should have caused any problems either," Torvalds wrote in his Linux 4.2 release note.

Among the big new features that lands in Linux 4.2 is the Jitter Entropy Random Number Generator which makes random number generation more secure than ever before.

Among the other interesting cryptography updates that are now in Linux 4.2 are: Chacha20, Poly1305 and RFC7539 support.
* New RSA implementation.
* Jitter RNG.
* DRBG is now seeded with both /dev/random and Jitter RNG. If kernel pool isn't ready then DRBG will be reseeded when it is.
* DRBG is now the default crypto API RNG, replacing krng.
* 842 compression (previously part of powerpc nx driver).

Linux 4.2 also benefits from the introduction of Linux security module stacking, which will enable a more logical flow for enforcing and enabling security filters and policy.

On the networking side, there is now a driver fro the GENEVE (Generic Network Virtualization Encapsulation) protocol that VMware engineers first began to talkpublicly about in 2014. Geneve is a protocol built for x86 and merchant silicon and in some ways is a superset of the existing VXLAN and NVGRE protocols.

Overall performance of Linux systems is also likely to get boost with the Linux 4.2 kernel by way of the introduction of queue-based spinlocks.

"The queue spinlock has slight better performance than the ticket spinlock in uncontended case," Linux developer Waiman Long wrote in his commit message. "Its performance can be much better with moderate to heavy contention."

Sean Michael Kerner is a senior editor at LinuxPlanet and InternetNews.com. Follow him on Twitter @TechJournalist

Sitemap | Contact Us