Linux 5.0 Introduces New Security Capabilities

Among the features in the Linux 5.0 kernel is support for encryption technology for low-power devices, as well as an improved filtering mechanism to enhance container security.

Linus Torvalds LA

Linux 5.0, the first major milestone release of the open-source Linux kernel in 2019, launched on March 3.

Linux 5.0 is the first version of the kernel since April 2015, when Linux 4.0 was released, with a major new version number. That said, Linux creator Linus Torvalds really doesn't assign a specific significance to new major version numbers, but rather the incremental number adjustment is somewhat arbitrary.

"The numbering change is not indicative of anything special," Torvalds wrote in Linux Kernel Mailing List (LKML) message. "If you want to have an official reason, it's that I ran out of fingers and toes to count on, so 4.21 became 5.0."

The Linux kernel is the core set of capabilities that enable a Linux operating system, including CPU, memory, networking and storage drivers. Linux 5.0 follows the Linux 4.20 kernel release, which became available in December 2018 as the sixth major kernel update for Linux in 2018. Development for the Linux 5.0 kernel included eight release candidates, beginning with the first release candidate on Jan. 7.

New Features

Among the new features in Linux 5.0 is support for the Adiantum encryption system, developed by Google for low-power devices. Google's Android mobile operating system and ChromeOS desktop operating system both rely on the Linux kernel.

"Storage encryption protects your data if your phone falls into someone else's hands," Paul Crowley and Eric Biggers, of the Android Security & Privacy Team at Google, wrote in a blog post. "Adiantum is an innovation in cryptography designed to make storage encryption more efficient for devices without cryptographic acceleration, to ensure that all devices can be encrypted." 

Memory management in Linux also gets a boost in the 5.0 kernel with a series of improvements designed to help prevent memory fragmentation, which can reduce performance.

"Given sufficient time or an adverse workload, memory gets fragmented and the long-term success of high-order allocations degrades," Linux developer Mel Gorman wrote in his code commit message.

Improved graphics support is also part of the new Linux kernel. Among the new graphics capabilities that have landed in Linux 5.0 is support for variable refresh rates (VRR), which is a feature that is available on modern display hardware.

Container Security

Linux 5.0 also will help to improve container security with a series of patches and improvement to the seccomp engine. Seccomp provides a way to filter system calls to help improve security and reduce the risk of a malicious process from running.

"This patch introduces a means for syscalls matched in seccomp to notify some other task that a particular filter has been triggered," Linux kernel developer Tycho Andersen wrote in his commit message. "The motivation for this is primarily for use with containers."

Linux 5.1 on Tap

With Linux 5.0 now generally available, Torvalds is already turning his attention to the next kernel release.

"Anyway, with this, the merge window for 5.1 is obviously open, and I'm happy to see that I already have several early pull requests, which I'll start processing tomorrow," Torvalds wrote in his release announcement for Linux 5.0.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.