RHEL 8.3 Released With TSX Disabled By Default To Avoid Mitigation Overhead
Red Hat Enterprise Linux 8.3 is out today as the latest release of the RHEL8 platform.
The latest stable release of Red Hat Enterprise Linux 8, RHEL 8.3, is focused on expanded Red Hat System Roles support, updates to Tuned, new SCAP profiles, updated Application Streams, and other enterprise-minded stability enhancements. Some specific changes to note with Red Hat Enterprise Linux 8.3 include:
- RHEL 8.3 is now disabling Intel Transactional Synchronization Extensions (TSX) by default. Disabling of TSX by default is done in the name of security and to remove the performance penalty of having TSX Asynchronous Abort mitigations for Xeon Cascade Lake processors. TSX can be enabled with the "tsx=on" kernel parameter.
- New module streams for Ruby 2.7, Nginx 1.18, Perl 5.30, and Node.js 14. The streams for Python 3.8, PHP 7.4, and HTTPD 2.4.
- New drivers with RHEL 8.3 include the gVNIC driver, Software iWARP, various Intel Trace Hub drivers, and Intel RAPL MSR. Various networking drivers and other Intel code also received updates as back-ports to RHEL8's Linux 4.18 kernel.
- It's updated Anaconda installer finally allows using non-ASCII characters for the disk encryption passphrase. LUKES2 is also now used by default as the encrypted container.
- A lot of work on USBGuard integration for securing corporate desktops and servers with various USB handling options for attached devices.
- Updated firewalld and NetworkManager bringing various improvements.
- The technology previews continue for kexec fast reboot to provide fast reboots, eBPF remains also available as a technology preview, and a new preview feature is supporting the Open programmable Acceleration Engine (OPAE) framework. The OPAE framework is intended for use with Intel FPGAs / PACs.
More details on Red Hat Enterprise Linux 8.3 via RedHat.com.
The latest stable release of Red Hat Enterprise Linux 8, RHEL 8.3, is focused on expanded Red Hat System Roles support, updates to Tuned, new SCAP profiles, updated Application Streams, and other enterprise-minded stability enhancements. Some specific changes to note with Red Hat Enterprise Linux 8.3 include:
- RHEL 8.3 is now disabling Intel Transactional Synchronization Extensions (TSX) by default. Disabling of TSX by default is done in the name of security and to remove the performance penalty of having TSX Asynchronous Abort mitigations for Xeon Cascade Lake processors. TSX can be enabled with the "tsx=on" kernel parameter.
- New module streams for Ruby 2.7, Nginx 1.18, Perl 5.30, and Node.js 14. The streams for Python 3.8, PHP 7.4, and HTTPD 2.4.
- New drivers with RHEL 8.3 include the gVNIC driver, Software iWARP, various Intel Trace Hub drivers, and Intel RAPL MSR. Various networking drivers and other Intel code also received updates as back-ports to RHEL8's Linux 4.18 kernel.
- It's updated Anaconda installer finally allows using non-ASCII characters for the disk encryption passphrase. LUKES2 is also now used by default as the encrypted container.
- A lot of work on USBGuard integration for securing corporate desktops and servers with various USB handling options for attached devices.
- Updated firewalld and NetworkManager bringing various improvements.
- The technology previews continue for kexec fast reboot to provide fast reboots, eBPF remains also available as a technology preview, and a new preview feature is supporting the Open programmable Acceleration Engine (OPAE) framework. The OPAE framework is intended for use with Intel FPGAs / PACs.
More details on Red Hat Enterprise Linux 8.3 via RedHat.com.
12 Comments