SUSE doubles down on security in its latest SUSE Linux Enterprise 15 release

SUSE Linux Enterprise 15 SP4 arrives with Confidential Computing and SLSA Level 4 Compliant Supply Chain security certification.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

Security is a primary consideration of Linux and open-source software today. So when European Linux giant SUSE released the SUSE Linux Enterprise 15 Service Pack 4 (SLE 15 SP4) it came as no surprise that it incorporated top security features.

This included a Supply chain Levels for Software Artifacts (SLSA) Level 4 compliance. SLSA, pronounced "salsa," is an end-to-end framework for ensuring the integrity of software artifacts throughout the software supply chain." Started by Google, SLSA is now a Linux Foundation project.

With SLSA Level 4 compliance, SUSE claims that its code has been given a two-person review of all changes and uses a hermetic, reproducible build process. This is the highest level of SLSE compliance -- it means you can have a high degree of confidence that its software hasn't been touched by hackers.

SLE 15 SP4 also supports confidential computing if you're running on AMD Secure Encrypted Virtualization-Encrypted State (SEV-ES) CPUs. What's that? Instead of just encrypting data when it's at rest in storage or on the network, it's also encrypted in memory or CPU registers. This is important if you're running processes with sensitive data on the cloud. SLE 15 SP4 is the first Linux distribution to support this. Today, you can use this to isolate virtual machines (VM) on the Google Cloud. You can expect to see it supported on other clouds soon. 

Speaking of the cloud, SUSE has worked with Nvidia to deliver maximum performance and availability by integrating Nvidia's recently open-sourced GPU kernel-mode driver. While this won't help gamers, at least not yet, it enables SLE 15 SP4 cloud and server users to speed up such GPU-accelerated computing jobs as artificial intelligence and machine learning (AI/ML). 

SUSE has long been a live-patching pioneer. In this latest release, though, SUSE now supports live patching for user-space applications. This means you can update user programs with no downtime. This also means SUSE will live-patch security-critical programs that you might not think of as user-space such as the OpenSSL cryptographic library.

The new SLE runs on the Linux kernel 5.14 and systemd version 249. If you run the SLE desktop (SLED), the desktop now uses Gtk4 and GNOME 41 by default for its interface.

For managing SLE, while SUSE still supports YaST, it's moving to the DevOps tool Salt. SUSE Manager Server also now works hand-in-glove with Salt.

If you don't subscribe to SLE, you can still easily and freely try it with openSUSE Leap 15.4. That's because starting in 2021, SUSE made its community Linux binary compatible with its enterprise offering. If you decide you like SUSE's take on Linux, the company makes it easy to migrate from openSUSE to SLE.

If you elect to use SLES 15, the operating system has a 13-year life cycle, with 10 years of General Support and three years of Extended Support. Version SP3 will be fully maintained and supported until six months after the release of SLES 15 SP4. So, you'll have until December 2022 to move from SP3 to SP4. The migration is simple and straightforward.

So, if you're considering a serious Linux for your business, I urge you to remember that it's not just Canonical Ubuntu or Red Hat Enterprise Linux (RHEL). SUSE and SLE are also well worth your time.

As SUSE CEO Melissa Di Donato said at the SUSECon keynote, "From our business-critical Linux … we are on course to becoming the most trusted and most secure open-source infrastructure provider in the market."

Related Stories:

Editorial standards