Finally, AMD Secure Encrypted Virtualisation (SEV) is also supported by the KVM virtualisation subsystem, to protect guest virtual machine registers from being accessed by the host operating system.
Userspace processes can now enable memory tagging for chosen memory regions to aid in the prevention of memory corruption attacks. This feature aims to prevent memory safety issues by tagging memory addresses with a key that cannot easily be forged, and so preventing common memory safety attacks such as buffer overflows. Whilst for ARM platforms, support for Armv8.5 Memory Tagging Extension is now available on ARM64 devices. Ubuntu 22.04 LTS enables support for this feature, which has been present in Intel processors for a number of years. Intel’s Software Guard eXtensions (SGX) provides hardware-backed secure enclaves which applications can use to either store sensitive data or perform sensitive computation without the risk of interference from untrusted components. A huge number of changes and security enhancements have gone into the Linux kernel since the v5.4 kernel of Ubuntu 20.04 LTS, including: Hardware specific security enhancements For OEM certified desktop devices, the upstream v5.17 kernel is used as the baseline, whilst all other desktop and server platforms are based on the v5.15 kernel. Ubuntu 22.04 LTS introduces optimised kernel versions for different platforms. For a more detailed examination of some of these features, be sure to check out the previous articles in this series which cover the improvements delivered across each interim release of Ubuntu in the past 2 years between 20.04 LTS and 22.04 LTS. In this blog post, we take a look at the various security features and enhancements that have gone into this new release since the Ubuntu 20.04 LTS release. This continues the benchmark of Ubuntu LTS releases serving as the most secure foundation on which to both develop and deploy Linux applications and services. As a Long Term Support release, Ubuntu 22.04 LTS will be supported for 10 years, receiving both extended security updates and kernel livepatching via an Ubuntu Advantage subscription (which is free for personal use). Canonical Ubuntu 22.04 LTS is the latest long term support release of Ubuntu, one of the world’s most popular Linux distributions.
0 kommentar(er)
