The new version of Linux 5.13 arrives with security improvements, support for Apple M1 and more

Yesterday Linus Torvalds released version 5.13 of the Linux kernel in which it is provided initial support for the new Apple M1 chip with basic support, new security features for Linux 5.13 such as Landlock LSM, Clang CFI support and the ability to randomize the kernel stack offset on each system call, as well as the sSupport for FreeSync HDMI and the initial implementation of Aldebaran, among others.

About 47% of all changes introduced in 5.13 are related to device drivers, about 14% of changes are related to updating specific code for hardware architectures, 13% are related to the network stack, 5% are related to file systems and 4% related to internal kernel subsystems.

Torvalds called the new version "quite large."

“We've had a pretty quiet week since rc7, and I don't see any reason to delay 5.13. The roundup for the week is small, with only 88 unfused commits (and some of them are just rollbacks). Of course, while the last week was small and quiet, 5.13 as a whole is quite large. In fact, it is one of the most important 5.x versions, with more than 16.000 commits (more than 17.000 if you count mergers), from more than 2.000 developers. But this is a general phenomenon, not a particular phenomenon distinguished by its unusual character, ”wrote Torvalds.

Main news in Linux 5.13

One of the most important new features of the Linux 5.13 kernel is the initial support for Apple's M1 chips, in which at the moment you only have hardware support and code execution, but many optimizations are expected. The graphics acceleration is not yet available, but it is expected that in the next versions the initial support will already be had as well.

Other news that are presented in Linux 5.13 in relation to security is Landlock, which is a new security module that can be run alongside SELinux to better manage processes. It allows to limit the interaction with the processes of the external environment group and developed with a view to isolation mechanisms such as Sandbox, XNU, Capsicum's FreeBSD and OpenBSD Pledge / Unveil.

With the help of Landlock, any process, including non-rooted ones, can be reliably isolated and avoid bypassing isolation in the event of vulnerabilities or malicious application changes. Landlock enables a process to create secure litter boxes that are implemented as an additional layer on top of existing system access control mechanisms. For example, a program can deny access to files outside of the working directory.

As well enhancements to the RISC-V architecture are highlighted, since in this new version support for kexec, crash dump, kprobe and the launch of the kernel is implemented in its place (execution in place, execution from the original medium, without copying to RAM).

Also For modern Intel processors, a new cooling controller has been won, Initial support was also provided for this manufacturer's new systems, the Alder Lake-S brand (12th generation).

While for AMD highlights FreeSync support over HDMI, support for ASSR (Alternative Encoder Seed Reset), ioctl to query video encoding and decoding capabilities, and a mode CONFIG_DRM_AMD_SECURE_DISPLAY to detect changes in screens displaying critical information. Support for the ASPM power saving mechanism was added.

Of the other changes that stand out of this new version of the Kernel:

  • Support for the Simultaneous Translation (TLB) Lookup Buffer Dump feature for some minor performance benefits In fact, Linux 5.13 x86 memory management work provides minor performance optimization that is particularly beneficial in light of CPU security mitigations of recent years affecting the TLB.
  • Support for AMD Zen for Turbostat.
  • Loongson 2K1000 bracket.
  • KVM provides AMD SEV and Intel SGX enhancements for guest virtual machines.
  • Support for Intel bus lock detection was added in addition to the existing support for split lock detection.
    KCPUID is a new utility in the tree to help configure new x86 processors.
  • A generic USB display driver has been added for setups such as using a Raspberry Pi Zero as a display adapter.
  • Support for "Intel DG1 Platform Monitoring Technology" / telemetry platform.
  • The POWER9 NVLink 2.0 driver has been removed due to a lack of open source user support.
  • Direct Rendering Manager driver updates.

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.