Jump to content
Back to Release Notes for SUSE products / Release Notes
SUSE Linux Enterprise Micro 6.0

Release Notes

Publication Date: 2024-07-01, Version: @VERSION@

SUSE Linux Enterprise Micro is a modern operating system primarily targeted for edge computing. This document provides a high-level overview of features, capabilities, and limitations of SUSE Linux Enterprise Micro 6.0.

These release notes are updated periodically. The latest version of these release notes is always available at https://www.suse.com/releasenotes. General documentation can be found at https://documentation.suse.com/sle-micro/6.0.

1 About the release notes

These Release Notes are identical across all architectures, and the most recent version is always available online at https://www.suse.com/releasenotes.

Entries are only listed once but they can be referenced in several places if they are important and belong to more than one section.

Release notes usually only list changes that happened between two subsequent releases. Certain important entries from the release notes of previous product versions are repeated. To make these entries easier to identify, they contain a note to that effect.

However, repeated entries are provided as a courtesy only. Therefore, if you are skipping one or more service packs, check the release notes of the skipped service packs as well. If you are only reading the release notes of the current release, you could miss important changes.

1.1 Documentation and other information

1.1.1 Available on the product media

  • Read the READMEs on the media.

  • Get the detailed change log information about a particular package from the RPM (where FILENAME.rpm is the name of the RPM):

    rpm --changelog -qp FILENAME.rpm
  • Check the ChangeLog file in the top level of the installation medium for a chronological log of all changes made to the updated packages.

  • Find more information in the docu directory of the installation medium of SUSE Linux Enterprise Micro 6.0. This directory includes PDF versions of the SUSE Linux Enterprise Micro 6.0 Installation Quick Start Guide.

  • Get list of manual pages with usage information about a particular package from the RPM (where FILENAME.rpm is the name of the RPM):

    rpm --docfiles -qp FILENAME.rpm | grep man

1.1.2 Online documentation

For the most up-to-date version of the documentation for SUSE Linux Enterprise Micro 6.0, see:

2 Changes affecting all architectures

Information in this section applies to all architectures supported by SLE Micro 6.0.

3 Installation

3.1 Installation media

  • Image based deployment images

    • Base OS Image (Base OS + podman only)

      • Plus QCOW version of this image (x86_64, aarch64. S390x)

      • Plus VMware (VMDK) version of this image (x86_64)

    • OS image (Base OS, salt-minion, KVM + libvirt packages)

      • Plus QCOW version of this image (x86_64, aarch64. S390x)

      • Plus VMware (VMDK) version of this image (x86_64)

    • OS image with RT kernel (x86_64 only), no KVM support on this image

    • Base OEM image – self-installation image (Base OS + podman only) for x86_64

    • OEM image – self-installation image (Base OS, salt-minion, KVM + libvirt packages) for x86_64

    • OEM image with RT kernel – self-installation image, no KVM support on this image for x86_64

Images other than QCOW or VMDK target bare metal deployments.

3.2 Additional container images

  • SUSE Toolbox container for debugging, based on current SLE 15 SP, provided via registry.suse.com

  • PCP container image (unmodified)

3.3 High-level requirements

Use of SLE Micro without a container runtime is only supported when SLE Micro is used as a KVM host and workloads are installed into KVM virtual machines. Running workloads directly on the OS is not supported, with the exception of system management software.

3.4 Installation modes

SUSE Linux Enterprise Micro 6.0 only supports deployment via images. An installer based installation method is not offered.

Customization of the installation process with the provided images can be done with Ignition and Combustion (pre-configured images and self-installing images).

We will offer select images with support for cloud-init with a later milestone.

3.5 Supported architectures

  • Intel/AMD 64bit (x86_64)

  • Arm 64bit (aarch64)

  • IBM Z (s390x)

3.6 Upgrade path

An online migration of existing SUSE Linux Enterprise Micro 5.5 installations to SUSE Linux Enterprise Micro 6.0 is possible and is fully supported. Upgrading from SUSE Linux Enterprise Micro 5.5 is only possible via the transactional-update tool. For the upgrade procedure, refer to https://documentation.suse.com/sle-micro/6.0/html/Micro-upgrade/index.html

3.7 Change in installation methods

With previous releases we supported manual installation via a YaST based image. With SLE Micro we have dropped support for this installation method and only focus on RAW image based deployments. The SelfInstall image variant has been extended to allow setting of various parameters to direct it and also enable an unattended installation using the SelfInstall image.

3.8 Installing SUSE Linux Enterprise Micro

3.8.1 Unattended installation with Yomi (technology preview)

To learn how to install a system with Yomi, see the SUSE Manager documentation, section Install using Yomi. Installation with Yomi is a technology preview.

3.8.2 Deploying pre-built images

SLE Micro is provided as raw images which can be deployed directly to a storage device, for example, a memory card, a USB stick, or a hard drive. SLE Micro is also provided as images for specific hardware device with a customized software selection.

For a procedure of deploying an image refer to https://documentation.suse.com/sle-micro/6.0/html/Micro-deployment-raw-images/index.html

In addition to media provided by SLE Micro 5.4, this release includes qcow2 images for aarch64 and x86_64.

4 General features and fixes

4.1 Full-disk encryption

SLE Micro is focused on distributed infrastructures/Edge deployments, which means systems running SLE Micro are not necessarily within DCs or secure locations. We therefore have improved our security story and added support for full disk encryption (FDE) to SLE Micro.

4.2 Confidential compute

We are offering capabilities for confidential compute on SLE Micro via the included virtualization stack.

4.3 1:1 web-based system management

Since SUSE Linux Enterprise Micro is positioned to be used within decentralized infrastructures including Edge use cases and Industrial Edge, a system management based on current YaST2 is not within scope. Specifically, for Industrial Edge, a basic web-based system management was required. We have chosen the cockpit project as a base for that. Therefore, the cockpit packages are added to the common code base and adjusted for the Immutable OS setup of SUSE Linux Enterprise Micro.

4.4 Real-time kernel

For the Intel/AMD 64bit architecture (x86_64) the real-time (rt) kernel is provided in addition to the default kernel. Support for RT includes support for Kernel Live Patching on the RT kernel. Note: When using the RT kernel, KVM is not supported, and workloads need to be run within containers Containers need special treatment with RT.

4.5 Security/security framework

With SUSE Linux Enterprise we fully support AppArmor and in addition provide the framework for SELinux – without providing and supporting a policy for SELinux. On SUSE Linux Enterprise Micro we do not support AppArmor. SUSE Linux Enterprise Micro only supports SELinux and in addition we ship a supported policy. On top of that, we will look into providing dedicated SELinux policies for the containers we already provide or support on top of SUSE Linux Enterprise Micro (PCP and Nvidia). SUSE Linux Enterprise Micro 6.0 will have SELinux in enforced mode as a default.

4.6 Podman upgrade from 4.3.X. to 4.7.1

Podman 4.7 is a major release with tons of new features and extensive bug fixes compared to Podman 4.3. Individual changes are to be found upstream https://github.com/containers/podman/blob/main/RELEASE_NOTES.md

Podman 4.x brings a new container network stack based on Netavark, the new container network stack and Aardvark DNS server in addition to the existing container network interface (CNI) stack used by Podman 3.x. The new stack brings 3 important improvements:

  • Better support for containers in multiple networks

  • Better IPv6 support

  • Better performance

To ensure that nothing breaks with this major change, the old CNI stack will remain the default on existing installations. Bear in mind that Netavark will be released as part of a maintenance update.

Warning
Warning

Before testing Podman 4 and the new network stack, you will have to destroy all your current containers, images, and networks. You must export/save any import containers or images on a private registry, or make sure that your Dockerfiles are available for rebuilding and scripts/playbooks/states to reapply any settings, regenerate secrets, etc.

If you have run Podman 3.x before upgrading to Podman 4, Podman will continue to use CNI plugins as it had before. To begin using Podman 4 with Netavark, you need to run the command podman system reset. The command will destroy all images, networks and all containers.

For a complete overview of the changes, please check out the upstream 4.0.0 but also 4.1.1, 4.2.0 and 4.3.0 to be informed about all the new features and changes.

4.7 Legacy BIOS boot support is deprecated

With SUSE Linux Enterprise Micro 6.0 legacy BIOS boot support on Intel/AMD 64bit systems (x86_64) is deprecated and will be removed with a later release.

4.8 LTTng is deprecated

SUSE Linux Enterprise Micro 6.0 provides support for LTTng (Linux Trace Toolkit: next generation). Support for LTTng will however be removed in a later SUSE Linux Enterprise Micro version in favor of alternative solutions for tracing like bpftrace.

4.9 Cockpit web-based node management system

For web-based management of a single node, Cockpit is included. For details, refer to https://documentation.suse.com/sle-micro/6.0/html/SLE-Micro-all/article-administration-slemicro.html#sec-admin-Cockpit.

There have been new Cockpit modules added to the product. Due to the amount of dependencies, not all of the Cockpit modules are part of the raw images and some have to be installed additionally.

When enabling a firewall via the Cockpit user interface, be aware that your connection to the host may be interrupted unless the Cockpit port is configured to be open in advance.

The SELinux module for Cockpit provides basic functionality for users to troubleshoot their configuration. With this release the functionality has been extended with the introduction of the setroubleshoot-server package.

4.10 Managing SUSE Linux Enterprise Micro with SUSE Manager

SUSE Manager can be used to manage SUSE Linux Enterprise Micro hosts. There are certain limitations:

  • SUSE Linux Enterprise Micro host cannot be monitored with SUSE Manager

  • SUSE Manager does not provide integrated container management yet. As a workaround, you can use Salt via cmd.run podman.

  • SUSE Manager can manage the SUSE Linux Enterprise Micro hosts only with the Salt stack; the traditional stack is not supported

  • Ansible control node cannot be installed on SUSE Linux Enterprise Micro

We intend to resolve these issues in the future maintenance updates of SUSE Linux Enterprise Micro on SUSE Manager.

4.11 Public Cloud Images

The Public Cloud instance initialization code has been changed from using Ignition and Afterburn to cloud-init in AWS EC2, cloud-init and the Azure agent in Azure, and the Google guest environment for GCE. This means configuration of instances through user data now behaves the same as SUSE Linux Enterprise Server, any version, instances. This also addresses the issue in Azure with the state detection of the VM. The web console will now properly show a VM in "Running" state instead of appearing to be stuck in "Provisioning". This also allows user configuration through the web console in Azure and user configuration using the customary ways in AWS EC2 and GCE.

4.12 Default container registries

The container registry entries for Docker Hub and openSUSE Registry, which were previously included by default, have now been removed. If you want to pull container images from either of them, add them to the /etc/containers/registries.conf file.

4.13 Miscellaneous

4.13.1 IMA EVM signing plugin

A RPM plugin for IMA (Integrity Measurement Architecture)/EVM (Linux Extended Verification Module) signing has been added. The plugin is installed as part of the following package:

  • rpm-imaevmsign

5 Arm 64-bit-specific features and fixes (AArch64)

Information in this section applies to SLE Micro 6.0.

5.1 System-on-Chip driver enablement

SLE Micro 6.0 includes driver enablement for the following System-on-Chip (SoC) chipsets:

  • Ampere* X-Gene*, eMAG*, Altra*, Altra Max, AmpereOne*

  • AWS* Graviton, Graviton2, Graviton3

  • Broadcom* BCM2837/BCM2710, BCM2711

  • Fujitsu* A64FX

  • Huawei* Kunpeng* 916, Kunpeng 920

  • Marvell* ThunderX*, ThunderX2*; OCTEON TX*; Armada* 7040, Armada 8040

  • NVIDIA* Grace; Tegra* X1, Tegra X2, Xavier*, Orin; BlueField*, BlueField-2, BlueField-3

  • NXP* i.MX 8M, 8M Mini; Layerscape* LS1012A, LS1027A/LS1017A, LS1028A/LS1018A, LS1043A, LS1046A, LS1088A, LS2080A/LS2040A, LS2088A, LX2160A

  • Rockchip RK3399

  • Socionext* SynQuacer* SC2A11

  • Xilinx* Zynq* UltraScale*+ MPSoC

Note
Note

Driver enablement is done as far as available and requested. Refer to the following sections for any known limitations.

Some systems might need additional drivers for external chips, such as a Power Management Integrated Chip (PMIC), which may differ between systems with the same SoC chipset.

For booting, systems need to fulfill either the Server Base Boot Requirements (SBBR) or the Embedded Base Boot Requirements (EBBR), that is, the Unified Extensible Firmware Interface (UEFI) either implementing the Advanced Configuration and Power Interface (ACPI) or providing a Flat Device Tree (FDT) table. If both are implemented, the kernel will default to the Device Tree; the kernel command line argument acpi=force can override this default behavior.

Check for SUSE YES! certified systems, which have undergone compatibility testing.

5.2 NVIDIA Orin minimum firmware requirements

SLES 15 SP5 and SLE Micro 5.5 added initial enablement for the NVIDIA Orin* SoC (T234), which is found on Jetson* AGX Orin, Jetson Orin NX and Jetson Orin Nano System-on-Modules (SoM) as well as NVIDIA IGX Orin based systems.

NVIDIA JetPack* 6.0 boot firmware and Linux kernel 6.5 changed the Application Binary Interface (ABI) for numbering General Purpose Input/Output (GPIO) pins — specifically the main GPIO ports X, Y, Z, AC, AD, AE, AF and AG — referenced in the machine-specific vendor Device Tree (DT) binary for NVIDIA Orin based systems.

SLE Micro 6.0 adopts the behavior of the latest kernels and requires NVIDIA JetPack 6.0 or later boot firmware to be flashed on any NVIDIA Orin based platforms.

Refer to your system vendor’s documentation for how to enter Recovery Mode and to flash the boot firmware. For example: sudo ./flash.sh device-identifier-and-boot-medium external

6 Obtaining source code

This SUSE product includes materials licensed to SUSE under the GNU General Public License (GPL). The GPL requires SUSE to provide the source code that corresponds to the GPL-licensed material. The source code is available for download at https://www.suse.com/download/sle-micro/ on Medium 2. For up to three years after distribution of the SUSE product, upon request, SUSE will mail a copy of the source code. Send requests by e-mail to sle_source_request@suse.com. SUSE may charge a reasonable fee to recover distribution costs.