October 27, 2016

Linux 4.7 Debuts with Improved Security

  • July 24, 2016
  • By Sean Michael Kerner

The fourth major new Linux kernel of 2016 is now out with the debut today of Linux 4.7. The Linux 4.7 kernel follows Linux 4.6, which debuted on May 15.

Among the new features that are included in Linux 4.7 is the LoadPin Linux Security Module

"This LSM enforces that kernel-loaded files (modules, firmware, etc) must all come from the same filesystem, with the expectation that such a filesystem is backed by a read-only device such as dm-verity or CDROM," the LoadPin commit message explains. "This allows systems that have a verified and/or unchangeable filesystem to enforce module and firmware loading restrictions without needing to sign the files individually."

The idea for LoadPin actually comes from ChromeOS, which is already making use of that capability.

Another key innovation that lands in Linux 4.7 is the schedutil, cpu frequency scaling governor.

"The governor supports fast frequency switching if that is supported by the cpufreq driver in use and possible for the given policy," Intel kernel developer Rafael Wysocki wrote in his commit message. "In the fast switching case, all operations of the governor take place in its utilization update handlers. "

The overall Linux 4.7 kernel development process took seven release candidates and apparently wasn't all that large, in contrast with what's coming next.

"Despite it being two weeks since rc7, the final patch wasn't all that big, and much of it is trivial one- and few-liners," Linus Torvalds wrote in his message announcing Linux 4.7. "There's a couple of network drivers that got a bit more loving."

Torvalds also cautioned that he expect the Linux 4.8 release to be larger than Linux 4.7

"Obviously, this means that the merge window for 4.8 is open," Torvalds wrote. "Judging by the linux-next contents, that's going to be a bigger release than the current one (4.7 really was fairly calm, I blame at least partly summer in the northern hemisphere)."

Sean Michael Kerner is a senior editor at LinuxPlanet and InternetNews.com. Follow him on Twitter @TechJournalist

Sitemap | Contact Us