Fedora and Red Hat: UKI, OpenSSL, Security, and More
-
Supporting unified kernel images for Fedora [LWN.net]
The Fedora community is currently discussing a proposal to start supporting a unified kernel image (UKI) for the distribution; these images would combine several pieces that are generally separate today (e.g. initrd, kernel, and kernel command line). There are a number of advantages to such a kernel image, at least for some kinds of systems, but there is worry from some about where the endpoint of this work lies. There is a need to ensure that Fedora can still boot non-unified, perhaps locally built, kernels and can support other use cases that unification might preclude.
A feature proposed for Fedora 38 would add "phase 1" of UKI support; it was posted on behalf of feature owner Gerd Hoffmann to the distribution's devel mailing list on December 22. Currently, a new initial RAMdisk (initrd) containing files needed early in the boot process is built on the local Fedora system whenever a new kernel or other boot-relevant component is installed. But, since the Fedora private key is not present on the local system, the newly built initrd cannot be signed with it. So the goal is to move away from locally building an initrd, at least for some kinds of installations.
-
OpenSSL: From FIPS 140-2 upstream to 140-3 downstream
During the development of Red Hat Enterprise Linux (RHEL) 9, we decided to switch to OpenSSL 3.0 even though we were not sure that it would be finalized early enough. This decision was made to significantly reduce our maintenance burden during the 10+ years of RHEL 9 support.
-
Red Hat Insights malware detection service is now generally available
Following the announcement of the beta of the Red Hat Insights malware detection service in August, we are pleased to announce that this service is now generally available. The malware detection service is a monitoring and assessment tool that scans Red Hat Enterprise Linux (RHEL) systems for the presence of malware, utilizing over 180 signatures of known Linux malware provided in partnership with the IBM X-Force Threat Intelligence team.
-
Red Hat OpenShift at the edge: zero-touch provisioning
Information technology is undergoing a remarkable evolution, with deployment and maintenance scenarios changing day by day. Processing and managing data and devices at the edge is increasingly required, so technologies need to adapt to support and encourage the adoption of such strategies.
Red Hat OpenShift is capable of covering needs ranging from the management of an infrastructurally-agnostic application platform to deployment on-premises or in the cloud, whether private, public or hybrid.
-
Red Hat build of OptaPlanner is now available in Red Hat Application Foundations
The Red Hat build of OptaPlanner is now available in Red Hat Application Foundations, enabling application developers to turn data and constraints into a best-fit solution. Using the lightweight, embeddable planning engine from the open source OptaPlanner project, customers can build scalable planning applications that efficiently solve complex optimization challenges such as rostering, vehicle routing, scheduling, or many other constraint satisfaction problems.
In order to deal with the complexity and pace of an ever-changing world, businesses— especially those in asset-intensive industries— are turning to digital solutions to deliver better results with greater competency. According to industry analyst firm IDC, “By 2026, 75% of large enterprises will rely on AI-infused processes to enhance asset efficiency, streamline supply chains, and improve product quality across diverse and distributed environments.”1 And, with remote work environments increasing, optimized business processes are even more critical as organizations need to make informed decisions in situations where employees may not be located where operations are happening.