Suse bolsters security in Linux Enterprise 15 update

More often than not, sitting underneath enterprise applications running on-premises or in the cloud is a Linux operating system. Today at the SuseCon Digital conference, enterprise Linux vendor Suse today announced the latest update release of its namesake platform, with new features designed to help improve reliability, security and performance.

Among the new features in Suse Enterprise Linux 15 Service Pack 4 (SLE 15 SP4) is support for live patching, which will enable organizations to patch a running system without the need for a system reboot. The new Suse Enterprise Linux update also includes support for the latest AMD confidential computing capabilities. Suse is now also among the first enterprise Linux distributions to include open-source Nvidia GPU drivers, which will help to accelerate graphics and AI use cases on Linux systems.

The new release from Suse comes a month after its primary rival in the enterprise Linux space released Red Hat Enterprise Linux 9, which similarly had a strong focus on security. Suse Linux Enterprise 15 Service Pack 4 (SLE 15 SP4), is the fourth major update of Linux vendor’s flagship platform since Suse Enterprise Linux 15 was first released in June 2018. With its enterprise Linux distribution, a major version number change can often be disruptive for users, while a service pack can be easier to update, while still providing new features. Long-term support is a key value proposition that Suse continues to make with its Suse Enterprise Linux platform.

“We will do a service pack five, six and seven for Suse Linux Enterprise 15, so that customers really get innovation without disruption in a fully compatible manner,” Markus Noga, general manager of Linux at Suse told VentureBeat. “We are committing to long-term support options until 2031.”

More confidential computing capabilities come to Suse Linux Enterprise

Confidential Computing is a growing area for hardware security, enabling encryption and access controls on different parts of hardware, and most notable computing silicon. A recent report from Everest Group has forecast that the market for confidential computing capabilities could reach $54 billion by 2026.

Suse first added its initial set of confidential computing capabilities for AMD-based silicon in 2016. Noga explained that in Suse Linux Enterprise 15 Service Pack 4, support has now been added for secure encrypted virtualization. Linux systems are commonly used for virtualized application workloads — having the ability to provide a secured boundary around different workloads is critical. 

Noga noted that Suse also continues to support confidential computing efforts from Intel as well, though there aren’t any particularly new updates on that front in the latest update.

“We work with all major silicon vendors on bringing the latest chipset capabilities into the operating system, and with hyperscalers to bring the features into large environments,” Noga said.

Supply chain security gets serious with Google SLSA

Supply chain security has been an ongoing concern in open source in recent years, and it’s an issue that Suse is also dealing with in its new update adding support for the Google Supply chain Levels for Software Artifacts (SLSA) framework at level 4.

“What SLSA does in a really nice way is to lay out an end to end perspective for supply chain security,” Noga said.

Noga explained that Google SLSA level 4 defines an approach that provides visibility into the many parts that constitute an operating system like Suse Linux Enterprise, and its applications. The visibility includes code sources, scripts and version control as well as the build service to understand where code comes from, how it was built and providing verified code signing to help guarantee authenticity.

Another security challenge that Suse is aiming to help solve with its latest update is the ability for enterprises to more easily update running software packages. With many forms of software updates, there is a need to reboot the operating system, which is not an ideal situation for enterprise software that needs to always be running like Linux. Recently, Linux vendors including Suse have enabled the ability to live patch the Linux kernel, which is the foundation of the operating system.

Now in Suse Enterprise Linux 15 Service Pack 4, the Linux vendor is providing a new feature that will enable users to live patch, other core user-facing components of the operating system. Among the components that can now be patched is the OpenSSL cryptographic library, which enables secure connections. OpenSSL is critically important for organizations to have fully patched and updated, as it was the target of one of the most notorious open-source security vulnerabilities of all time with the Heartbleed vulnerability in 2014.

Coming soon: Linux operating system on demand

Looking forward, Suse is looking to build a new way for enterprises to use Linux. It’s an approach that Noga referred to as an operating system as a service.

The basic idea behind the new approach is that organizations are often resource-constrained and don’t have the IT staff to manage Linux operating systems. The in-development Suse Linux operating system as a service aims to provide a fully managed approach that is automated.

“We’re heading in a direction where we provide an operating system as a service, which you can think of as an operating system on-demand,” Noga said.