SUSE Doubles Security in Latest Release of SUSE Linux Enterprise 15


Security is a primary consideration of Linux and open source software today. So when the European Linux giant SUSE released the SUSE Linux Enterprise 15 Service Pack 4 (SLE 14 SP4), it was no surprise that it included top security features.

This included a Supply chain Levels for Software Artifacts (SLSA) Level 4 compliance. SLSA, pronounced “salsa,” is an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain.” SLSA, started by Google, is now a Linux Foundation project.

In compliance with SLSA Level 4, SUSE claims that the code has received a two-person review of all changes and uses a hermetic, reproducible build process. This is the highest level of SLSE compliance — it means you can have a high degree of confidence that the software has not been touched by hackers.

SLE 15 SP4 also supports confidential computing when running on AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) CPUs. What is that? Instead of only encrypting data when it is at rest in storage or on the network, it is also encrypted in memory or CPU registers. This is important if you run processes with sensitive data in the cloud. SLE 15 SP4 is the first Linux distribution to support this. Today, you can use this to isolate virtual machines (VM) on the Google Cloud. You can expect it to be supported on other clouds soon.

Speaking of the cloud, SUSE has partnered with Nvidia to deliver maximum performance and availability by integrating Nvidia’s recently open source GPU kernel mode driver. While this won’t help gamers, at least not yet, it will enable SLE 15 SP4 cloud and server users to accelerate GPU-accelerated computing tasks like artificial intelligence and machine learning (AI/ML).

SUSE has long been a pioneer of live patching. However, in this latest release, SUSE now supports live patching for userspace applications. This means you can update user programs without downtime. This also means that SUSE will live patch security-critical programs that you may not consider user space, such as the OpenSSL cryptographic library.

The new SLE runs on the Linux kernel 5.14 and systemd version 249. When using the SLE desktop (SLED), the desktop now uses Gtk4 and GNOME 41 for its interface by default.

For the management of SLE, while SUSE still supports YaST, it moves to the DevOps tool Salt. SUSE Manager Server now also works hand-in-hand with Salt.

If you don’t subscribe to SLE, you can still try it easily and freely with openSUSE Leap 15.4. That’s because as of 2021, SUSE has made its community Linux binary compatible with its enterprise offering. If you decide you like SUSE’s version of Linux, the company makes it easy to migrate from openSUSE to SLE.

If you choose to use SLES 15, the operating system has a 13-year lifecycle, with 10 years of general support and three years of extended support. Version SP3 will be fully maintained and supported for six months after the release of SLES 15 SP4. So you have until December 2022 to switch from SP3 to SP4. The migration is simple and straightforward.

So if you’re considering a serious Linux for your business, I suggest you remember that it’s not just Canonical Ubuntu or Red Hat Enterprise Linux (RHEL). SUSE and SLE are also worth checking out.

As Melissa Di Donato, CEO of SUSE, said at the SUSECon keynote, “From our mission-critical Linux … we are on our way to becoming the most trusted and most secure open source infrastructure provider on the market.”

Related stories: