RHEL 5.3 Update for IBM System z

RHEL 5.3 Update (for System z)

Agenda & Introduction ● RHEL 5.3 released 20-JAN 2009 ● What’s new? ● What’s new specifically for System z?

Agenda & Introduction Shawn Wells swells@redhat.com W/W Lead, Linux on System z (+1) 443 534 0130 ● Based in Washington, D.C. ● Global responsibility for Red Hat’s System z activities

RHEL 5.3 Overview ~150 additions, ~3,400 BugZillas FasTrack Features Hardware Other ● ● ● ● 7% FasTrack Early release of low impact fixes 7% Hardware Enablement New chipsets & processor feature support 21% New Features Feature requests from customers & partners 65% “Other” Feature enhancements, Bug fixes, Documentation

RHEL 5.3 Tech Review (All Architectures)

RHEL 5.3: Technical Review Kernel KernelUpdates Updates Added Addedprivate privatefutexes futexessupport support ● Added preemt-notifiers implimentation ● Added preemt-notifiers implimentation ● Included tracepoint/markers infrastructure ● Included tracepoint/markers infrastructure ● Added response oriented wake up behavior to scheduler ● Added response oriented wake up behavior to scheduler ● Fixed gettimeofday for HPET, PMTimer, TSC ● Fixed gettimeofday for HPET, PMTimer, TSC ● Updated NMI infrastructure to latest ● Updated NMI infrastructure to latest ● Added ACPI tstate support (processor throttling control) ● Added ACPI tstate support (processor throttling control) ● Enhanced partition statistics ● Enhanced partition statistics ● Enabled CIFS’ DFS support and updated CIFS to latest ● Enabled CIFS’ DFS support and updated CIFS to latest ● Updated Autofs4 to latest ● Updated Autofs4 to latest ● Added kbrobe-booster and return probe-booster support ● Added kbrobe-booster and return probe-booster support ● Added PCI domain support ● Added PCI domain support ● Added RAID 4/5/10 in dm-raid ● Added RAID 4/5/10 in dm-raid ● ●

RHEL 5.3: Technical Review System SystemServices Services ● ● Rebased: Rebased: ● Cups (print server), now with full Kerberos support ● Cups (print server), now with full Kerberos support ● ● ● ● ● ● ● ksh, ksh,lm-sensors, lm-sensors,lftp, lftp,net-snmp, net-snmp,openIPMI, openIPMI,openLDAP openLDAP ● Openmotif, Openmotif,python-urlgrabber, python-urlgrabber,rpm, rpm,tog-pegasus, tog-pegasus,vnc, vnc,yum, yum, ● Yum-utils Yum-utils ● Samba Sambafrom from3.0.28 3.0.28toto3.0.32 3.0.32 ● Supports Windows Vista and 2008. Various fixes for Domain ● Supports Windows Vista and 2008. Various fixes for Domain Controller Controllerfunctionality functionality(Interoperability (Interoperabilitywith withCitrix Citrixand andDomain Domaintrusts) trusts) ● RPM RPMtotoFedora Fedora99version, version,which whichincludes includesnumerous numerousbugfixes bugfixes ● DHCPv6 DHCPv6support support

RHEL 5.3: Technical Review Developer DeveloperEnhancements Enhancements SystemTap SystemTap ● New documentation and guides ● New documentation and guides ● SystemTap script compile server support – no need to replicate ● SystemTap script compile server support – no need to replicate debuginfo debuginfoRPMs RPMs ● ● ● ● ● ● GDB GDBDebugger Debugger ● Rebase, now based on version 6.8 (previously based on version 6.5) ● Rebase, now based on version 6.8 (previously based on version 6.5) ● Multiple location breakpoints for C++ templates, constructors, inclined ● Multiple location breakpoints for C++ templates, constructors, inclined functions, functions,etc etc OpenJDK OpenJDK ● Full open-source JDK for Java-1.6 support ● Full open-source JDK for Java-1.6 support ● Tested with Java SE 1.6 Technical Compatibility Kit (TCK) ==> 100% ● Tested with Java SE 1.6 Technical Compatibility Kit (TCK) ==> 100% ● X86 and x86_64 architectures only ● X86 and x86_64 architectures only

RHEL 5.3: Technical Review Developer DeveloperEnhancements, Enhancements,cont cont ● ● Tech TechPreview Preview ● SystemTap userspace support ● SystemTap userspace support ● GCC 4.3 – experimental support for C++0x, integration of MPFR library ● GCC 4.3 – experimental support for C++0x, integration of MPFR library ● OpenMP v3.0 – shared memory parallelism in C, C++ and Fortran ● OpenMP v3.0 – shared memory parallelism in C, C++ and Fortran

RHEL 5.3: Technical Review Hardware HardwareEnablement Enablement(distributed) (distributed) Production ●Production11lifecycle lifecyclephase phaseallows allowsthe theenablement enablementofofnew newhardware hardware capabilities capabilities ● Red Hat Enterprise Linux 5.3 extends the enterprise customers ● Red Hat Enterprise Linux 5.3 extends the enterprise customers hardware hardwarechoices. choices. ● ● ● ● ● New ●Newprocessor processorand andchipset chipsetsupport support ● Intel i7 (Nehalem) support – new Intel architecture with NUMA support ● Intel i7 (Nehalem) support – new Intel architecture with NUMA support Better ●Betterpower powermanagement management ● Deep C-State support for Intel Tylersburg chipset. Allows ~16w power ● Deep C-State support for Intel Tylersburg chipset. Allows ~16w power reduction reductionon onNehalem/Tylersburg Nehalem/Tylersburgplatforms platforms New ●Newgraphics graphicssupport support PCI ●PCIdomain domainsupport support ● Large systems support for multiple PCI segments ● Large systems support for multiple PCI segments

RHEL 5.3: Technical Review Encryption Encryption&&Security Security ● ● ● ● Root Rootand andswap swapencryption encryptionsupport supportininthe theinstaller installer ● Hibernate / resume support with encrypted disks ● Hibernate / resume support with encrypted disks Authentication Authenticationand andIdentity Identity ● Pkinit interoperability fixed & clients can now be configured to use keys ● Pkinit interoperability fixed & clients can now be configured to use keys for forclient clientcertificates certificateswhich whichmay maynot notcontain containKerberos-specific Kerberos-specificextensions extensions ● Krb5 now applies the correct file context to database lock files ● Krb5 now applies the correct file context to database lock files ● Krb5 servers no longer log everything twice by default ● Krb5 servers no longer log everything twice by default ● nss_ldap now configured with support for paged results extension ● nss_ldap now configured with support for paged results extension ● SELinux enablement of new NetworkManager and audit functionality ● SELinux enablement of new NetworkManager and audit functionality ● Improved Audit and Logging ● Improved Audit and Logging ● TTY input audit support ● TTY input audit support ● Remote audit logging via unencrypted connections ● Remote audit logging via unencrypted connections

RHEL 5.3: Technical Review Technology TechnologyPreviews Previews AIGLX: AIGLX: XXServer Server&&updated updatedMesa Mesapkg pkg ● Compiz composition manager ● Compiz composition manager ● Dm-multipath install ● Dm-multipath install ● Dogtail GUI ● Dogtail GUI ● Limited eCryptFS support ● Limited eCryptFS support ● Add ecryptfs support to kernel ● Add ecryptfs support to kernel ● Add authentication to crypto library in kernel ● Add authentication to crypto library in kernel ● Ext4 file system / e4fsprogs ● Ext4 file system / e4fsprogs ● Firewire ● Firewire ● GCC 4.3 ● GCC 4.3 ● Compiler based on gcc 4.3 ● Compiler based on gcc 4.3 ● OpenMP3 conformance ● OpenMP3 conformance ● Generic fcoe (potential TP) ● Generic fcoe (potential TP) ● Indic languages: Assamese, Kannada, Sinhalese, Telugu ● Indic languages: Assamese, Kannada, Sinhalese, Telugu ● ●

RHEL 5.3: Technical Review Technology TechnologyPreviews, Previews,cont cont ● ● ● iSCSI iSCSIboot boot ● CIFS CIFSKerberos Kerberos&&kernel kernelDFS DFSsupport support Ktune: Ktune: aaservice servicethat thatsets setsseveral severalkernel kerneltuning tuningparameters parameterstotovalues values suitable suitablefor forspecific specificsystem systemprofiles profiles ● ● ● ● ● ● SystemTap SystemTaputrace utrace(user (userspace spacetracing) tracing) Trusted TrustedComputing ComputingGroup Group(TCG) (TCG)/ /Trusted TrustedPlatform PlatformModule Module(TPM (TPMSupport Support ● Include the TCG stack ● Include the TCG stack ● Include the Trousers TSS stack ● Include the Trousers TSS stack ● Add trust computing/trust platform module in kernel and tpm-tools ● Add trust computing/trust platform module in kernel and tpm-tools boot-loader boot-loadersupport supportwill willbe beconsidered consideredfor forinclusion inclusionininaafuture futurerelease release

RHEL 5.3 Tech Review (System z Specific)

RHEL 5.3: System z Specific BugZilla ID Summary 46327 stage1: sshd error loading shared lib: libfipscheck.so.1 184770 LTC18425-62140: (big) xDR system Initialization for LPAR Clients 472788 rhel 5.3 snapshot3 scsi mpath install failed on z9bc lpar 439479 LTC:5.3:201474:Include gcc 4.3 as Add-On for latest z10 instruction set support 439440 LTC:5.3:201160:Long Random Numbers Generation 439441 LTC:5.3:201158:Selective Logging of ECKD DASD devices 439482 LTC:5.3:201542:FCP - Enhanced Trace Facility 447379 LTC:5.3:200994:Linux CPU Node Affinity 463917 unable to find DASD drives to install 439484 LTC:5.3:201490:Libica Library: Integration of Icainfo 43946 LTC:5.3:201360:OSA 2 Ports per CHPID Support - Installer Enhancements 466474 [RHEL5.3] *** glibc detected *** /usr/bin/python: double free or corruption (!prev): 0x000 0000080d55e90 *** 466305 cosmetic error message: failure in nl_set_device_mtu 466291 anaconda silently omits uninitialized disk

RHEL 5.3: System z Update xDR xDRSystem SystemInitialization Initializationfor forLPAR LPARClients Clients [BugZilla [BugZilla184770, 184770,LTC LTC18425-62140] 18425-62140]

RHEL 5.3: System z Update Include IncludeGCC GCC4.3 4.3as asAdd-On Add-Onfor forlatest latestz10 z10instruction instructionset set support support [BugZilla [BugZilla184770, 184770,LTC LTC18425-62140, 18425-62140,Red RedHat HatErrata Errata2009:0077-7] 2009:0077-7] Includes Includesthe thefollowing followingz10 z10specific specificpatches patchestotoGCC: GCC: ● Introduce TARGET_MEM_CONSTRAINT macro ● Introduce TARGET_MEM_CONSTRAINT macro ● Introduce ‘enabled’ insn attribute ● Introduce ‘enabled’ insn attribute ● S/390: Exploit the ‘enabled’ insn attribute ● S/390: Exploit the ‘enabled’ insn attribute ● S/390: Replace ‘m’ with ‘RT’ constraints ● S/390: Replace ‘m’ with ‘RT’ constraints ● S/390: Add the -march=z10/-mtune=z10 options for z10 ● S/390: Add the -march=z10/-mtune=z10 options for z10 ● S/390: Support the new instructions introduced with z10 ● S/390: Support the new instructions introduced with z10 ● S/390: z10 pipeline description ● S/390: z10 pipeline description ● ● PR36822 PR36822recog: recog:Reorder Reorderextra extramemory memoryconstraint constraintchecks checksfor forinlineassemblies inlineassemblies S/390: S/390:Fix Fix-march=z9-ec -march=z9-ec-msoft-float -msoft-float ● ●

RHEL 5.3: System z Update Include IncludeGCC GCC4.3 4.3as asAdd-On Add-Onfor forlatest latestz10 z10instruction instructionset set support support [BugZilla [BugZilla184770, 184770,LTC LTC18425-62140, 18425-62140,Red RedHat HatErrata Errata2009:0077-7] 2009:0077-7] Overall Overallimprovement improvementwith withz10 z10versus versusz9: z9: 1.9x 1.9x Work in progress with gcc-4.3 compiler using Work in progress with gcc-4.3 compiler using-march=z10 -march=z10option option Graph taken from Mustafa Mešanović’s T3 Boeblingen presentation, 1-JULY 2008, “Linux on System z Performance Update” Graph taken from Mustafa Mešanović’s T3 Boeblingen presentation, 1-JULY 2008, “Linux on System z Performance Update”

RHEL 5.3: System z Update Long LongNumbers NumbersGeneration Generation [BugZilla [BugZilla439440, 439440,IBM IBMLTC LTC201160, 201160,Red RedHat HatErrata Errata2009-0225] 2009-0225] Provides Providesaccess accesstotothe therandom randomnumber numbergenerator generatoron onthe thecrypto cryptocard card ininorder ordertotomeet meethigh highvolume volumerandom randomnumber numberrequirements. requirements. Specific Specificperformance performancenumbers numbersnot notavailable availableatatthis thistime. time.

RHEL 5.3: System z Update Selective SelectiveLogging Loggingof ofECKD ECKDDASD DASDDevices Devices [BugZilla [BugZilla439441, 439441,IBM IBMLTC LTC201158, 201158,Red RedHat HatErrata Errata2009-0225] 2009-0225] Improves ImprovesRAS RAScharacteristics characteristicsby byperforming performingselective selectivelogging loggingofof DASD DASDSense Sensedata. data. Adds Addsmore morecomprehensive comprehensivemessages. messages. View Viewthe thepatch patch@ @https://bugzilla.redhat.com/attachment.cgi?id=313271 https://bugzilla.redhat.com/attachment.cgi?id=313271

RHEL 5.3: System z Update FCP FCP––Enhanced EnhancedTrace TraceFacility Facility [BugZilla [BugZillaXX, XX,IBM IBMLTC LTC201158, 201158,Red RedHat HatErrata Errata2009-0225] 2009-0225] Improves ImprovesRAS RAScharacteristics characteristicsby byperforming performingselective selectivelogging loggingofof DASD DASDSense Sensedata. data. Adds Addsmore morecomprehensive comprehensivemessages. messages. View Viewthe thepatch patch@ @https://bugzilla.redhat.com/attachment.cgi?id=313271 https://bugzilla.redhat.com/attachment.cgi?id=313271

RHEL 5.3: System z Update CPU CPUNode NodeAffinity Affinity [BugZilla [BugZillaXX, XX,IBM IBMLTC LTC201158, 201158,Red RedHat HatErrata Errata2009-0225] 2009-0225] Improves ImprovesRAS RAScharacteristics characteristicsby byperforming performingselective selectivelogging loggingofof DASD DASDSense Sensedata. data. Adds Addsmore morecomprehensive comprehensivemessages. messages. View Viewthe thepatch patch@ @https://bugzilla.redhat.com/attachment.cgi?id=313271 https://bugzilla.redhat.com/attachment.cgi?id=313271

RHEL 5.3: System z Update Libica LibicaLibrary: Library:Integration Integrationof ofIcainfo Icainfo [BugZilla [BugZilla Bug Bug439484, 439484,IBM IBMLTC LTC201490, 201490,Red RedHat HatErrata Errata http://rhn.redhat.com/errata/RHEA-2009-0064.html] http://rhn.redhat.com/errata/RHEA-2009-0064.html] icainfo icainfoisisaapart partofofthe theSHA SHA&&AES AESenhancements. enhancements.ItItshows showsthe the customer customerwhich whichCPACF CPACFinstructions instructionsare areavailable availableinintheir theirsystem. system. ● ● libica libicaallows allowscustomer customerapplications applicationstotospeed speedup upcryptographic cryptographicoperations operations by byusing usingthe theCP CPAssist Assistfor forCryptographic CryptographicFunction Function(CPACF) (CPACF)facility. facility. ● ● AAnew newtool toolcalled called’icainfo’ ‘icainfo’allows allowsthe thecustomer customertotodisplay displayaalist listofofall all CPACF CPACFoperations operationssupported supportedby bylibica. libica.This Thisisishelpful helpfultotoverify verifythat thatCPACF CPACF isiscorrectly correctlyenabled enabledon onaaparticular particularsystem. system. ● ● ItItmakes makescustomer’s customer’slife lifeeasier easiertotogather gathersystem systeminformations informationsininaa way waythat thatthere thereisisno noneed needtotorun runthrough throughloads loadsofofmanuals manualsand and release releasenotes. notes.The Thecustomer customeronly onlyneeds needstotorun runthe thetool tooltotosee seewhat what functions their system supports. ● ●

RHEL 5.3: System z Update OSA OSA22Ports Portsper perCHPID CHPIDSupport Support—Installer InstallerEnhancements Enhancements [Red [RedHat HatBugZilla BugZilla 439461, 439461,IBM IBMLTC LTC201360, 201360,IBM IBMBugZilla BugZilla43371] 43371] Anaconda Anacondanow nowsupports supportsboth bothports portson onCHPID CHPIDfor forOSA OSAExpress3 Express3 cards. cards. The Theinstaller installerwill willprompt promptfor forthe theport portnumber numberininthe theinitial initialstage stage ofofthe theinstallation. installation.The Thevalue valueprovided providedfor forthe theport portalso alsoaffects affects installed installednetwork networkinterface interfacestartup startupscript. script.When Whenport port11isisselected, selected,the the value value”portno=1” “portno=1”isisadded addedtotoOPTIONS OPTIONSparameter parameterofofifcfg-eth* ifcfg-eth*file. file. Note: Note:When Wheninstalling installingunder underz/VM, z/VM,you youcan canadd addeither eitherPORTNO=0 PORTNO=0(to (touse use port port0) 0)or orPORTNO=1 PORTNO=1(to (touse useport port1)1)totothe theCMS CMSconfiguration configurationfile filetotoavoid avoid being beingprompted promptedfor forthe themode. mode.

Technical Review: Roadmap RHEL RHEL5.3 5.3[BugZilla [BugZillaSearch SearchLink] Link] Verified VerifiedFeatures Features BugZilla Severity Priority Summary 184770 high high LTC18425-62140: (big) xDR system Initialization for LPAR Clients 439479 439440 439482 447379 high high high high high high high high 439461 439484 high high high LTC:5.3:201360:OSA 2 Ports per CHPID Support - Installer Enhancements high LTC:5.3:201490:Libica Library: Integration of Icainfo LTC:5.3:201474:Include gcc 4.3 as Add-On for latest z10 instruction set support LTC:5.3:201160:Long Random Numbers Generation LTC:5.3:201542:FCP - Enhanced Trace Facility LTC:5.3:200994:Linux CPU Node Affinity

Technical Review: Roadmap CPU Affinity (Red CPU Affinity (RedHat HatBugZilla BugZilla463537) 463537) The z10 supports an interface which can be used to get information about the cpu topology ● ● ● ● ● ● The z10 supports an interface which can be used to get information about the cpu topology of an LPAR. This can be used to optimize the Linux scheduler which bases its decisions on of an LPAR. This can be used to optimize the Linux scheduler which bases its decisions on which process gets scheduled to which cpu on the cpu topology. This feature should which process gets scheduled to which cpu on the cpu topology. This feature should increase cache hits and therefore overall performance as well. This code has been increase cache hits and therefore overall performance as well. This code has been accepted upstream. accepted upstream. Target: RHEL6 Target: RHEL6 ETR Support (Red ETR Support (RedHat HatBugZilla BugZilla463518) 463518) This feature enables Linux images to synchronize with a parallel Sysplex or GDPS. ● ● ● ● ● ● In This feature enables Linux images to synchronize with a parallel Sysplex or GDPS. In particular it supports maintaining data consistency groups for the XRC data mover. This particular it supports maintaining data consistency groups for the XRC data mover. This code has been accepted upstream. code has been accepted upstream. Target: RHEL6 Target: RHEL6 Link: Link: RHEL5.x RHEL5.xFeatures FeaturesIn InProgress Progress ● Link: RHEL6 Features In Progress ● Link: RHEL6 Features In Progress ● ●

Technical Review: System z CPU Affinity (Red CPU Affinity (RedHat HatBugZilla BugZilla463537) 463537) The z10 supports an interface which can be used to get information about the cpu topology ● ● ● ● ● ● The z10 supports an interface which can be used to get information about the cpu topology of an LPAR. This can be used to optimize the Linux scheduler which bases its decisions on of an LPAR. This can be used to optimize the Linux scheduler which bases its decisions on which process gets scheduled to which cpu on the cpu topology. This feature should which process gets scheduled to which cpu on the cpu topology. This feature should increase cache hits and therefore overall performance as well. This code has been increase cache hits and therefore overall performance as well. This code has been accepted upstream. accepted upstream. Target: RHEL6 Target: RHEL6 ETR Support (Red ETR Support (RedHat HatBugZilla BugZilla463518) 463518) This feature enables Linux images to synchronize with a parallel Sysplex or GDPS. ● ● ● ● ● ● In This feature enables Linux images to synchronize with a parallel Sysplex or GDPS. In particular it supports maintaining data consistency groups for the XRC data mover. This particular it supports maintaining data consistency groups for the XRC data mover. This code has been accepted upstream. code has been accepted upstream. Target: RHEL6 Target: RHEL6 Link: Link: RHEL5.x RHEL5.xFeatures FeaturesIn InProgress Progress ● Link: RHEL6 Features In Progress ● Link: RHEL6 Features In Progress ● ●

Upstream Kernel Development (stuff we’re working on for the future)

Upstream Kernel Development Generic GenericKernel Kernel 1/4 1/4 ● ● ● ● Virtual VirtualMemory Memory ● Scalability – 1TB ram, 1G page table support (AMD) ● Scalability – 1TB ram, 1G page table support (AMD) ● Scatter list IO support for large page sizes ● Scatter list IO support for large page sizes ● Queued spinlocks – protects large non-numa configs from contention ● Queued spinlocks – protects large non-numa configs from contention starvation starvation(database (databasestalls) stalls) ● Replicated readonly page cache for NUMA (ie tetx for filesystem ● Replicated readonly page cache for NUMA (ie tetx for filesystem backend backendpages)…. pages)….very veryexperimental experimental ● IO throttling – scaling IO device speed to RAM sizes & speed ● IO throttling – scaling IO device speed to RAM sizes & speed ● SLUB allocator to scale for large CPU counts ● SLUB allocator to scale for large CPU counts ● Transactional memory – charger member in Velox ● Transactional memory – charger member in Velox CFS CFS(completely (completelyfair fairscheduler) scheduler) ● Realtime priority ● Realtime priority ● Beneficial for high computer bound, large # of thread ● Beneficial for high computer bound, large # of thread ● Improved network latency ● Improved network latency ● Group scheduling – process groups, constrained to cpu sets ● Group scheduling – process groups, constrained to cpu sets

Upstream Kernel Development Generic GenericKernel Kernel 2/4 2/4 ● ● Scalability Scalability ● Private futexes – avoiding data structure contention (glibc & kernel) ● Private futexes – avoiding data structure contention (glibc & kernel) ● Syslets – async syscalls ● Syslets – async syscalls Realtime Realtime––goal goalofofconsistency, consistency,low-latency low-latencydeterminism determinism(incl (inclininRed RedHat Hat MRG MRGproduct) product) ● ● ● ● Storage StorageEnhancements Enhancements ● Seamless SAN/NAS – ease of use / config – make as easy to use as ● Seamless SAN/NAS – ease of use / config – make as easy to use as local localdisks. disks. Enhanced EnhancediSCSI iSCSIconfig configinininstaller/boot installer/boot ● ● LVM LVMLayering Layering––combinations combinations ● Striping (raid0) + mirroring (raid1) = raid10 ● Striping (raid0) + mirroring (raid1) = raid10 ● Snapshot & mirroring ● Snapshot & mirroring ● Remote replication – remote copy asynchronous, journaled ● Remote replication – remote copy asynchronous, journaled resync resync(experimental, (experimental,feedback feedbackwelcome) welcome)

Upstream Kernel Development Generic GenericKernel Kernel 3/4 3/4 ● ● Virtualization Virtualization(distributed) (distributed) ● KVM ● KVM ● Paravirt Ops ● Paravirt Ops ● ● Power PowerManagement ManagementWork WorkAreas Areas ● Tickless kernel – avoid clock tick 1000/sec – allowing true idle ● Tickless kernel – avoid clock tick 1000/sec – allowing true idle ● ● ● ● ● ● Kernel Kernel&&user userspace spaceAPIs APIstotoalign aligntimers timers PowerTOP PowerTOP––useful usefulininidentifying identifying“hot” “hot”applications applications ● Iterative process of cleaning up apps ● Iterative process of cleaning up apps Reworking Reworkingsystem systemstartup startup ● Only start services / devices as needed ● Only start services / devices as needed ● Stop idle services ● Stop idle services

Upstream Kernel Development Generic GenericKernel Kernel 4/4 4/4 ● ● Ongoing OngoingWork WorkAreas Areas ● Security ● Security ● Hardware drivers, fingerprint readers ● Hardware drivers, fingerprint readers ● ● ● ● ● ● Runtime Runtimetamper tamperchecks checks SHA256 SHA256standardized standardizedencryption encryptionalgorithm algorithmusage usagethroughout throughoutall allcore core services services ● SELinux SELinuxusability usabilityenhancements enhancements ● NFS NFSv4 v4extended extendedattribute attributesupport, support,allowing allowingSELinux SELinuxoperation operation

Open Discussion / Q&A