Encryption and security
Thanks to major changes to cryptd, the crypto subsystem now works better with multiple threads. On the developer's test system equipped with a Core 2 Duo E6400, this improved the data throughput on a device mapper-encrypted volume by 19.2 per cent. New also is the support of Intel's AES-NI
(Advanced Encryption Standard).
SELinux and Smack have been joined by Tomoyo, a further security framework which offers MAC (Mandatory Access Control). The Tomoyo developers have provided a helpful table in the Tomoyo wiki which explains how, from their point of view, it differs from the above two frameworks and AppArmor. Another new feature is the integrity management architecture (IMA) (for example 1, 2, 3, 4). Using a Trusted Platform Module (TPM), IMA is able to ensure that programs are not changed either accidentally or with malicious intent.
Fast boot, Tuz, maintainers
Numerous kernel changes aimed at improving boot times were introduced in Linux 2.6.28 and 2.6.29 (fastboot patches). Due to a number of problems, however, some of the most promising improvements were put on temporary hold and are now to be deployed with 2.6.30. The extent to which the parallel initialisation of certain kernel subsystems during booting will result in speed gains depends to a large degree on the respective hardware components and how they are configured.
Tasmanian Devil Tuz has served its term as honorary logo.
Tuz has now served its honorary term and is making way for Linux' long-term penguin mascot Tux.
The developers considerably restructured the Maintainers file: Using the information added there, a new script can return which developers are responsible for a specific area or file of the kernel's source code.
Power management and PCI
Following major changes to the code for switching into and out of system hibernation (suspend and resume) in 2.6.29, there have been further adjustments to smooth some of the evolving design's rough edges. In particular, the developers have revamped the interrupt handling to make hibernation more robust.
Several substantial changes to the PCI subsystem are detailed in the PCI subsystem maintainer's Git pull request. He specifically highlights the improved support for hot-plugging and MSI (Message Signaled Interrupts). The PCI subsystem now also offers everything required for single-root I/O virtualisation (SR-IOV).
Virtualisation and tracing
Things have been comparatively quiet in the virtualisation area this time. One of the bigger changes is the support of nested virtualisation – running a guest system within a guest system [–] on AMD CPUs. The debugging options in KVM have also been improved. The Xen-Dom0 code has still been left out in the cold, however – and it currently looks unlikely that it will be included in the near future.
Several changes will allow developers to retrieve more information about the current state of modern CPUs, which is helpful for troubleshooting and performance optimisation (1, 2). The Ftrace tracing framework now also works on IA64 CPUs (Itanium). New are the kmemtrace (memory), blktrace (block devices like storage media) and the workqueue tracer plug-ins.
Next: New drivers for networking, audio and video
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
