Release Notes #

SUSE Linux Enterprise Server 15 introduces many innovative changes compared to SUSE Linux Enterprise Server 12. The most important changes are listed below.

SUSE Linux Enterprise Server 15 SP2 introduces changes compared to SUSE Linux Enterprise Server SP1. The most important changes are listed below.

To learn about supported features and limitations, refer to the following sections in this document:

Certain software delivered as part of SUSE Linux Enterprise Server may require an external contract. Check the support status of individual packages using the RPM metadata that can be viewed with rpm, zypper, or YaST.

Major packages and groups of packages affected by this are:

SUSE Linux Enterprise Server 15 SP2 (and the SUSE Linux Enterprise modules) includes the following software that is shipped only under a GNU AGPL software license:

SUSE Linux Enterprise Server 15 SP2 (and the SUSE Linux Enterprise modules) includes the following software that is shipped under multiple licenses that include a GNU AGPL software license:

The set of media has changed with 15 SP2. There still are two different installation media, but the way they can be used has changed:

With previous versions of SUSE Linux Enterprise Server for Arm, when installing on a Raspberry Pi* machine with an SD card with no ESP/firmware partition, such a partition had to be created manually.

With 15 SP2, the installer makes sure to propose an MS-DOS type partition for the SD card. This new partitioning proposal can be used out-of-the-box without further changes.

By default, AutoYaST enables Secure Boot based on its availability and firmware settings. However, in some cases, it may be desirable to force disabling it unconditionally.

In this case, it is now possible to disable UEFI Secure Boot via the AutoYaST profile. For more information, see https://documentation.suse.com/sles/15-SP2/single-html/SLES-autoyast/.

AutoYaST now supports Btrfs file systems that are spread over more than a single partition or device. This includes support for both cloning a system (to create a profile) and support for applying such a profile during an auto-installation.

The graphical menu of the installation media now contains a quick switch between English and Chinese. You can switch between these two languages using the F8 key.

Upgrading the system is only supported from the most recent patch level. Make sure the latest system updates are installed by either running zypper patch or by starting the YaST module Online-Update. An upgrade on a system that is not fully patched may fail.

Skipping service packs during an upgrade is only supported if you have a Long Term Service Pack Support contract. Otherwise you need to first upgrade to SP1 before upgrading to SP2.

Significant changes in SLES 15 required changes in AutoYaST. If you want to reuse existing SLES 12 profiles with SLES 15, you need to adjust them as documented in https://documentation.suse.com/sles/15-SP2/html/SLES-all/appendix-ay-12vs15.html.

All SUSE Linux Enterprise Server JeOS (and openSUSE JeOS) image flavors now use the Mount by UUID setting for disks.

Switching to Mount by UUID for all JeOS images has the following benefits:

This change only affects the JeOS images based on 15 SP2. Previous images, even if upgraded or migrated to 15 SP2, are not affected (JeOS images upgraded or migrated to 15 SP2 will not change their mount by setting).

We have simplified the name of the package that contains SUSE Linux Enterprise Server JeOS images templates to kiwi-templates-JeOS. This package is available in the Development Tools Module.

In previous releases, there were two JeOS images for Xen platforms:

Starting with SLES JeOS 15 SP2, the kvm-and-xen image should be used for both environments.

The XEN image does not exist anymore because it has become redundant:

The various tools available in the lib389 package to administrate the 389-ds server are now available in SUSE Linux Enterprise Server.

The OpenLDAP server (package openldap2, part of the Legacy SLE module) is deprecated and will be removed from SUSE Linux Enterprise Server 15 SP4. The OpenLDAP client libraries are widely used for LDAP integrations and and are compatible with 389 Directory Server. Hence, the OpenLDAP client libraries and command-line tools will continue to be supported on SLES 15 to provide an easier transition for customers that currently use the OpenLDAP Server.

To replace OpenLDAP server, SLES includes 389 Directory Server. 389 Directory Server (package 389-ds) is a fully-featured LDAPv3-compliant server suited for modern environments and for very large LDAP deployments. 389 Directory Server also comes with command-line tools of its own.

For information about setting up and upgrading to 389 Directory Server, see the SLES 15 SP2 Security Guide, chapter LDAP—A Directory Service.

A completion for Docker commands has been added to the Bash shell. For more information, see https://docs.docker.com/machine/completion/.

In 15 SP2, the kubernetes-client package has been renamed to kubernetes1.18-client.

Before SLES 15 SP2, building Docker images with Kiwi was not possible without installing the unsupported package umoci on the build host.

To resolve this, the package umoci has been added.

Starting with SUSE Linux Enterprise Server 15 SP2, podman is a supported container engine. However, certain features of podman are currently not supported:

System containers using LXC have been deprecated and will be removed in SUSE Linux Enterprise Server 15 SP4. This includes the following packages:

As a replacement, we recommend commonly used alternatives like Docker or Podman.

Previously in SLES 12, the postgresql10-odbc package was located in /usr/pgsql-10/lib/psqlodbcw.so. In SLES 15 SP2, the psqlODBC-10 package is located in /usr/lib64/psqlodbcw.so.

For some more information, see: https://bugzilla.suse.com/show_bug.cgi?id=1169697.

Drivers in the unixODBC package are not suitable for production use. The drivers are provided for test purposes only. We have added a reference to the package’s README file with information about third-party unixODBC drivers that are suitable for production use (http://www.unixodbc.org/drivers.html).

PostgreSQL 13 has been added to SUSE Linux Enterprise Server. For information about changes between PostgreSQL 13 and 12, see the upstream release notes:

Warning: REINDEX is required

If you migrate a PostgreSQL server to SLES 15 SP2, a REINDEX is required before using the database productively again to avoid database corruptions. See https://www.suse.com/support/kb/doc/?id=000020305 for details.

MariaDB has been updated to version 10.4.

For information about changes between MariaDB 10.2 and 10.4, see the upstream release notes:

In addition, see the corresponding upgrade notes:

With MariaDB 10.4, we have introduced the following file and packaging changes:

PostgreSQL 12 has been added to SUSE Linux Enterprise Server. PostgreSQL 10 remains available in SUSE Linux Enterprise Server 15 SP2.

For information about changes between PostgreSQL 10 and 12, see the upstream release notes:

With PostgreSQL 12, there are the following packaging changes:

All new packages have an accompanying noarch package without a version number in its name, such as postgresql-server-devel and postgresql-llvmjit.

RabbitMQ Server 3.8.3 has been added to SUSE Linux Enterprise Server 15 SP2. For more information about RabbitMQ, see the RabbitMQ releases notes.

Several different versions of pytest have been added or updated:

The python-kubernetes package has been added. It is the official Python client library for Kubernetes.

The package python-apache-libcloud has been updated to version 2.8.0. This release contains important fixes and enhancements over 2.0.0, especially for new APIs related to Microsoft Azure, and Amazon EC2 zones. For more information about the changes in this release, see http://libcloud.apache.org/blog/2020/01/02/libcloud-2-8-0-released.html.

The package golang-packaging has been updated to version 15.0.12. This release improves compatibility with Go 1.10 and Bazel.

SUSE Linux Enterprise Server now includes version 2.26.2 of the version control Git. This version of Git supports the SHA-256 cipher.

For more informationm, see the Git Release Notes.

This update fixes the following security vulnerabilities:

SUSE Linux Enterprise Server 15 SP2 now includes the JSON query tool jq in version 1.6. For more information about this release, see the upstream release notes.

The following Java implementations are available in SUSE Linux Enterprise Server 15 SP2:

We have updated LLVM to version 9 to support new hardware. For more information, see the release notes of LLVM 9.

We upgraded PHP to version 7.4 to provide you with the latest release. To learn more about PHP version 7.4, we recommend reading the PHP release announcement and the 7.3.x to 7.4.x migration guide.

The python executable is only provided via the Python 2 module, not via the default repositories.

With SUSE Linux Enterprise Server 15 SP1, SUSE has started to phase out support for Python 2 in SLE. Within the standard distribution, only Python 3 (executable name python3) is available. Python 2 (executable names python2 and python) is only provided via the Python 2 SLE module. This module is disabled by default and will be removed entirely starting with SLE 15 SP4.

Python scripts usually expect the python executable (without a version number) to refer to the Python 2.x interpreter. If the Python 3 interpreter is started instead, this can lead to misbehaving applications. For this reason, SUSE has decided to not ship a symbolic link /usr/bin/python pointing to the Python 3 executable.

To run Python 2 scripts, make sure to enable the Python 2 module and install the package python.

The SCons build tool is now available in version 3.1.2. For more information about the new version, see the upstream change log.

The vncserver command creates multiple GNOME sessions for the same user which is not supported by GNOME. This can cause strange behaviors, for example when unlocking the screen.

The GNOME Desktop (and associated applications) has been updated to version 3.34 (from version 3.26). This updates brings many improvements, performance improvements, and new features. Among those, you might notice visual refreshes for a number of applications, including the desktop itself and the icon set, custom folders in application overview, redesign of various control panels, and a new on-screen keyboard.

With the version of GNOME shipped in SUSE Linux Enterprise Server 15 SP1 and earlier, it was possible to enable desktop icons from a setting in the GNOME Tweaks tool. With GNOME 3.34, shipped in SUSE Linux Enterprise Server 15 SP2, this option has been removed.

To enable desktop icons in SUSE Linux Enterprise Server 15 SP2, enable Desktop Icons from the Extensions panel of GNOME Tweaks. This extension is part of the package gnome-shell-classic, meaning this package needs to be installed. When upgrading from older versions of SUSE Linux Enterprise Server, by default, the extension Desktop Icons will only be enabled for the SLE Classic session of GNOME but not for the default GNOME session.

Various packages used for remote desktop have been updated: xrdp to 0.9.11 and xorgxrdp to 0.2.11.

Qt5 libraries have been updated to latest 5.12 LTS branch.

The Gstreamer multimedia framework has been updated to version 1.16.2. This version includes among various bug fixes and features, support for WebRTC.

Libxml++ libraries are available and supported in SUSE Linux Enterprise Server 15 SP2.

In SUSE Linux Enterprise Server 12 SP5 and earlier, you could use /etc/sysconfig or the YaST module /etc/sysconfig Editor to define the display manager (also called the login manager) and desktop session. Starting with SUSE Linux Enterprise Server 15 GA, the values are not defined using /etc/sysconfig anymore but with the alternatives system.

To change the defaults, use the following alternatives:

For example, to check the value of default-displaymanager, use:

sudo update-alternatives --display default-displaymanager

To switch the default-displaymanager to xdm, use:

sudo update-alternatives --set default-displaymanager \
  /usr/lib/X11/displaymanagers/xdm

To enable graphical management of alternatives, use the YaST module Alternatives that can be installed from the package yast2-alternatives.

SUSE Linux Enterprise was the first enterprise Linux distribution to support journaling file systems and logical volume managers back in 2000. Later, we introduced XFS to Linux, which today is seen as the primary work horse for large-scale file systems, systems with heavy load and multiple parallel reading and writing operations. With SUSE Linux Enterprise 12, we went the next step of innovation and started using the copy-on-write file system Btrfs as the default for the operating system, to support system snapshots and rollback.

y supported

n unsupported

¹ OCFS 2 is fully supported as part of the SUSE Linux Enterprise High Availability Extension.

² Btrfs is a copy-on-write file system. Instead of journaling changes before writing them in-place, it writes them to a new location and then links the new location in. Until the last write, the changes are not "committed". Because of the nature of the file system, quotas are implemented based on subvolumes (qgroups).

³ To extend an OCFS 2 file system, the cluster must be online but the file system itself must be unmounted.

⁴ The block size default varies with different host architectures. 64 KiB is used on POWER, 4 KiB on other systems. The actual size used can be checked with the command getconf PAGE_SIZE.

Additional Notes

Maximum file size above can be larger than the file system’s actual size because of the use of sparse blocks. All standard file systems on SUSE Linux Enterprise Server have LFS, which gives a maximum file size of 2⁶³ bytes in theory.

The numbers in the table above assume that the file systems are using a 4 KiB block size which is the most common standard. When using different block sizes, the results are different.

In this document:

See also http://physics.nist.gov/cuu/Units/binary.html.

Some file system features are available in SUSE Linux Enterprise Server 15 SP2 but are not supported by SUSE. By default, the file system drivers in SUSE Linux Enterprise Server 15 SP2 will refuse mounting file systems that use unsupported features (in particular, in read-write mode). To enable unsupported features, set the module parameter allow_unsupported=1 in /etc/modprobe.d or write the value 1 to /sys/module/MODULE_NAME/parameters/allow_unsupported. However, note that setting this option will render your kernel and thus your system unsupported.

The following table lists supported and unsupported Btrfs features across multiple SLES versions.

y supported

n unsupported

Customers who have created XFS file system on SLE 11 or prior will see the following message:

Deprecated V4 format (crc=0) will not be supported after September 2030

While the file system will work and be supported until the date mentioned, it is best to re-create the file system:

Under SLES 15 SP2 and later, only drivers with support for kernel mode-setting will continue to work. Pure userspace X drivers do not work anymore and are not supported. In particular, this affects the virtualization-related qxl and vmware drivers that will no longer work.

With SUSE Linux Enterprise Server 15 SP2, Intel Optane DIMMs can be used in different modes on YES-certified platforms:

Not all certified platforms support all modes mentioned above. Direct hardware-related questions at your hardware partner. SUSE works with all major hardware vendors to make use of Intel Optane a perfect experience on the OS- and open-source infrastructure level.

SUSE Linux Enterprise Server 15 SP2 includes a kernel driver for Pensando* PCI Ethernet controllers.

A large amount of security issues was found and fixed in the Extended Berkeley Packet Filter (eBPF) code. To reduce the attack surface, its usage has been restricted to privileged users only.

Privileged users include root. Programs with the CAP_BPF capability in the newer versions of the Linux kernel can still use eBPF as-is.

To check the privileged state, you can check the value of the /proc/sys/kernel/unprivileged_bpf_disabled parameter. Value of 0 means "unprivileged enable", and value of 2 means "only privileged users enabled".

This setting can be changed by the root user:

The Linux console used to support a software scrollback buffer that could be reached with Shift-Page Up.

This functionality has been removed from the Linux kernel’s framebuffer and VGA console due to lack of usage and maintainers.

In alignment with the established cycle, the operating system kernel was upgraded to version 5.3 in this service pack.

On modern SUSE Linux Enterprise Server systems, device drivers are probed asynchronously. This has resulted in traditional device names like /dev/sda or eth0 becoming non-deterministic. To solve this, persistent device naming was introduced. For example, for network devices like eth0, udev would rename the interfaces to be consistent with device MAC addresses. For disk devices like /dev/sda, persistent device name links in /dev/disk/by-id have been introduced.

In the Linux 5.3 kernel, asynchronous probing has been added to more drivers. The sd driver handling SCSI disk devices uses asynchronous probing, too. The result is that /dev/sdX names even within individual SCSI hosts become non-deterministic.

You might now see a device order like:

# lsscsi

[0:2:0:0]    disk    Lenovo   RAID 930-8i-2GB  5.08  /dev/sdd
[0:2:1:0]    disk    Lenovo   RAID 930-8i-2GB  5.08  /dev/sdc
[0:2:2:0]    disk    Lenovo   RAID 930-8i-2GB  5.08  /dev/sde

When using persistent device names as recommended, this will not pose a problem. Modern tools are well-equipped to handle this.

However, some tools might expect a fixed device order or a predefined /dev/sdX name which then will fail to operate properly. In such cases, it is possible to disable asynchronous probing for specific drivers:

If a swap device is not available and the system cannot enable it during boot, booting may fail completely.

To make such a system reliably bootable, you can disable the activation of swap devices. Append the following options on the kernel command line:

systemd.device_wants_unit=off systemd.mask=swap.target

This prevents activation of all swap units. You can also mask only specific swap units, for example:

systemd.mask=dev-sda1.swap

SUSE Linux Enterprise Server 15 SP2 supports NVMe surprise removal, that is, the removal of NVMe devices without any preceding prepare-to-remove operation. NVMe surprise removal is helpful in the field, allowing simple replacement of failed NVMe drives.

With efivar v37, installing the OS and booting from NVDIMM devices is now supported.

The scheduler allows reserving runtime proportion to tasks with real-time priority. As an extension, the CONFIG_RT_GROUP_SCHED build option further allows distributing this real-time allocation among cgroups. However, there are limitations in the current mainline kernel implementation of this feature.

Aligned with upstream recommendations, SUSE Linux Enterprise Server kernel is now shipped with the CONFIG_RT_GROUP_SCHED build option disabled. The cpu.rt_runtime_us and cpu.rt_runtime_us CPU cgroup attributes have been removed.

Kernel-purge functionality has been integrated into zypper. The original /usr/sbin/purge-kernels script has been removed from the dracut package and replaced by the new zypper purge-kernels command. There is a new package purge-kernels-service that is responsible for running kernel package clean-up upon boot.

Copy-on-write data extent sharing (reflinks), known from Btrfs, is now fully supported on XFS. This feature primarily allows for better storage space utilization.

Reflinks are available only on file systems formatted with the -m reflink=1 option of mkfs.xfs. The duperemove utility can be used for data deduplication on a reflink-enabled file system. Note that this feature is not yet compatible with file system DAX and is available on SUSE Linux Enterprise Server 15 SP2 and later. Earlier releases of SUSE Linux Enterprise Server can read reflink-enabled XFS file systems but not write them. Read-write mounts of reflink-enabled XFS file systems are strongly discouraged on these systems.

squashfs 3.x file systems could last be created with SLE 11 GA. Since SLE 11 SP1, the tools produce the squashfs 4.0 format. Until now, the SLE kernel included convenience code allowing to mount file systems with the old format. Starting with SLE 15 SP2, however, the operating system kernel supports only the squashfs 4.0 format.

To migrate a squashfs file system from squashfs 3.x to squashfs 4.0:

The core AMD PMU has a 4-bit wide per-cycle increment for each performance monitor counter which works for most events. However, for AMD Zen CPU and later processors, some events can occur more than 15 times in a cycle. SUSE Linux Enterprise Server 15 SP2 adds the support for handling such Large Increment per Cycle Events.

SUSE Linux Enterprise Server 15 SP2 adds code to support EDAC (Error Detection and Correction) for the new AMD Zen 3 CPU architecture.

Systemtap has been upgraded to version 4.2 to match the upgraded kernel.

The kernel now implements time namespaces for enhanced container support. Time namespaces allow containers to keep their notion of time, specifically CLOCK_MONOTONIC and CLOCK_BOOTTIME, even after container migration.

The legacy /dev/cpu/microcode microcode loading interface has been removed. SUSE Linux Enterprise Server updates CPU microcode during system boot through the early loading method in the initial system ramdisk.

Loading microcode at runtime is discouraged in most scenarios and should only be used when absolutely necessary. For example, when early microcode loading is impossible as CPU features enabled by the microcode fail to be detected properly by the rest of the running system.

This table summarizes the various limits which exist in our recent kernels and utilities (if related) for SUSE Linux Enterprise Server 15 SP2.

¹ By default, the user space memory limit on the POWER architecture is 128 TiB. However, you can explicitly request mmaps up to 512 TiB.

² The total number of all processes and all threads on a system may not be higher than the "maximum number of processes".

The gssproxy package, previously available in the Package Hub, has now been added to the Basesystem Module.

The package wireguard-tools version 1.0.20200827 has been added. It contains userland tools for the kernel WireGuard module.

WireGuard is a secure, fast, and easy-to-use VPN that uses modern cryptography. For more information, see https://www.wireguard.com.

The net-snmp package has been updated to version 5.8. It provides tools and libraries relating to the Simple Network Management Protocol.

Because the default NTP zone names are not meant to be used by vendors, chrony can not be pre-configured by SUSE to synchronize time using these. This makes it harder to configure and also prevents using time synchronization during first boot.

To resolve this, a SUSE NTP pool has been created (suse.pool.ntp.org) and SLES 15 SP3 configures chrony to use it by default.

The following packages have been added:

These packages configure chrony to use the SUSE or an empty NTP server pool by default, respectively.

The Apache module mod_ssl now includes a backported patch to enable support for Key IDs (via a PKCS#11 URL) in the SSLCertificateKeyFile Directive.

The version of Samba shipped with SUSE Linux Enterprise Server 15 SP2 delivers integration with Windows Active Directory domains. In addition, we provide the clustered version of Samba as part of SUSE Linux Enterprise High Availability Extension 15 SP2.

NFSv4 with IPv6 is only supported for the client side. An NFSv4 server with IPv6 is not supported.

The TLS 1.0 and 1.1 standards have been superseded by TLS 1.2 and TLS 1.3. TLS 1.2 has been available for considerable time now.

Packages using GnuTLS and Mozilla NSS already supported TLS 1.3 in earlier SUSE Linux Enterprise 15 service packs. Starting with SUSE Linux Enterprise 15 SP2, we also enable TLS 1.3 in packages that use OpenSSL.

We recommend no longer using TLS 1.0 and TLS 1.1, as SUSE plans to disable these protocols in a future service pack. However, not all packages, for example, Python, are TLS 1.3-enabled yet as this is an ongoing process.

The GeoIP database allows approximately geo-locating users by their IP address. In the past, the company MaxMind made such data available for free in its GeoLite Legacy databases. On January 2, 2019, MaxMind discontinued the GeoLite Legacy databases, now offering only the newer GeoLite2 databases for download. To comply with new data protection regulation, since December 30, 2019, GeoLite2 database users are required to comply with an additional usage license. This change means users now need to register for a MaxMind account and obtain a license key to download GeoLite2 databases. For more information about these changes, see the MaxMind blog.

Previous versions of SUSE Linux Enterprise Server included the GeoIP package of tools that are only compatible with GeoLite Legacy databases. With SUSE Linux Enterprise Server 15 SP2, we introduce the following new packages to deal with the changes to the GeoLite service:

The following SUSE Linux Enterprise Server packages use GeoIP data in the GeoLite2 format:

Intel Omni-Path Architecture (OPA) host software is fully supported in SUSE Linux Enterprise Server 15 SP2. Intel OPA provides Host Fabric Interface (HFI) hardware with initialization and setup for high performance data transfers (high bandwidth, high message rate, low latency) between compute and I/O nodes in clustered environments. For documentation about installing Intel Omni-Path Architecture, see: https://cdrdv2.intel.com/v1/dl/getContent/627110.

Wireshark has been updated from version 2.4, now at its end of life upstream, to version 3.2. The new version brings the following changes:

A SAP plugin for supportconfig has been added. This plugin collects information about SAP applications to enhance support for SAP customers.

The Linux performance analyzing tool perf now supports Intel Idaville (ICX-D) CPU uncore events. Uncore provides additional performance monitoring information for advanced users.

AppArmor has been updated to version 2.13. The main new feature is a boot speed-up enabled by using precompiled profiles and caching.

For information about changes in AppArmor 2.13, see the AppArmor release notes

Until SUSE Linux Enterprise Server 15 GA, seccheck scripts were run automatically using cron.

Starting with SUSE Linux Enterprise Server 15 SP1, seccheck scripts are run automatically using systemd timers. For more information, see the seccheck documentation.

When using remote servers serviced by a third party, it is necessary to balance convenience with privacy requirements. cryptctl allows encrypting sensitive directories on such servers using LUKS and offers the following additional features:

In the past, cryptctl was shipped as part of SLES-SAP only. With SLE 15 SP2, it is now available directly as part of SUSE Linux Enterprise Server.

For more information, see the cryptctl documentation.

Starting in 15 SP2, MD/RAID auto-assembly is disabled by default. To enable it again, use the autoassembly=1 boot option.

A module has been added to dracut to support installation and booting to NVMe-oF-based storage.

In SLES 15 SP2, there is no legacy block layer anymore. All the devices are handled by the blk-mq framework.

For more information, see the System Analysis and Tuning Guide at https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-tuning-io.html

Plugins for HP (hpsa) and LSI (megaraid) hardware are now available for the libstoragemgmt package.

In previous versions of SUSE Linux Enterprise Server, when a file system relied on an encrypted network block device (such as iSCSI), systemd would wait for the network block device before setting up networking. If the cryptsetup device could not be initialized, the boot process could fail, leaving you in emergency mode. This happened because there was no way to indicate in /etc/crypttab that a cryptsetup device requires network.

To prevent this scenario from happening, the new option _netdev has been introduced in /etc/crypttab. It can be used to mark cryptsetup devices as requiring network. Such devices will only be initialized after networking is available, similarly to /etc/fstab entries marked with _netdev. New versions of the YaST installer are aware of this option and will use it accordingly.

If your system was installed with an older version of the YaST installer, the option might be missing. In this case, add the option manually to relevant entries of your /etc/crypttab file.

LVM2 has been updated to version 2.03.05. To simplify the design, lvmetad was removed. Its functionality was consolidated into the improved LVM2 operations.

During boot, pvscan is now fast enough to handle a large number of disks without lvmetad. Native disk scanning is both reduced and synchronous (parallelized), which makes it comparable in performance (and often faster) when compared to LVM using lvmetad.

Units or software installed in /usr/local do not activate at early boot stages. To work around this, add the x-systemd.initrd mount option to the /usr/local mount in /etc/fstab.

Starting with SUSE Linux Enterprise Server 15 SP2, the YaST module for NTP client configuration configures the systemd-timer (instead of the cron daemon) to execute cronie if it is not configured to run as a daemon and still performs a regular time sync.

The following networking technologies are no longer supported by the YaST module for network configuration:

Starting with SUSE Linux Enterprise Server 15 SP2, YaST writes sysctl settings to a separate file called /etc/sysctl.d/70-yast.conf.

This helps reduce conflicts with applications that override system settings.

Unlike other Zypper commands, zypper download did not allow specifying the repository to download a package from.

With this release, it is possible to specify the repository the same way as with other commands using the --repo option (or its alias --from).

The Snapper plug-in for Zypper has been rewritten from Python to C. This includes along a different implementation of regular expressions.

If you use regular expressions in /etc/snapper/zypp-plugin.conf, they may stop working correctly in some cases. This is true for regular expressions that rely on syntax that differs between the previous Python implementation and the new POSIX implementation.

In general, using wildcards instead of regular expressions is strongly recommended.

The script for scrubbing all XFS file systems in the system has been removed from the distribution. The SLE kernel does not support XFS scrubbing, meaning it could only be used with a custom kernel.

The YaST software management module can only install packages from enabled modules or repositories. In the past, finding out which module needed to be enabled for a specific package could be tricky. In SLE 15 SP2, if the system is registered against SUSE Customer Center, the software management module you can now search for packages from disabled modules.

Archive files created by supportconfig now use the file name prefix scc_ instead of nts.

In past versions of SLE, when cloning a system, AutoYaST used relatively permissive settings for package signature handling. AutoYaST would accept unsigned files, files without checksum, and use unknown and untrusted GPG keys. These default settings could be a security risk.

In SLE 15 SP2, AutoYaST uses stricter signature handling settings by default. If needed, adjust those settings manually.

For more information, see the AutoYaST Guide.

Support for IP filtering, as described in http://0pointer.net/blog/ip-accounting-and-access-lists-with-systemd.html is now available in systemd on SUSE Linux Enterprise Server 15 SP2.

The TasksMax limit for both user and system slices has been removed because it caused issues with large database or JVM workloads.

Salt has been upgraded to upstream version 3000, plus a number of patches, backports and enhancements by SUSE. In particular, CVE-2020-11651 and CVE-2020-11652 fixes are included in our release.

As part of this upgrade, cryptography is now managed by the Python-M2Crypto library (which is itself based on the well-known OpenSSL library).

We intend to regularly upgrade Salt to more recent versions.

For more details about changes in your manually-created Salt states, see the Salt 3000 upstream release notes.

Salt 3000 is the last version of Salt which will support the old syntax of the cmd.run module.

systemd in SUSE Linux Enterprise Server 15 SP2 automatically converts System V init.d scripts to service files. Support for System V init.d scripts is deprecated and will be removed with the next major version of SUSE Linux Enterprise Server. systemd, as shipped with the next major version of SUSE Linux Enterprise Server will also stop converting System V init.d scripts to service files.

To prepare for this change, use the automatically generated systemd service files directly instead of using System V init.d scripts. To do so, copy the generated service files to /etc/systemd/system. To then control the associated services, use systemctl.

The automatic conversion provided by systemd (specifically, systemd-sysv-generator) is only meant to ensure backward compatibility with System V init.d scripts. To take full advantage of systemd features, it can be beneficial to manually rewrite the service files.

This deprecation also causes the following changes:

+

Support status of SUSE Linux Enterprise Server 15 running as a guest operating system on top of various virtualization hosts (hypervisors).

The following SUSE host environments are supported:

The following third-party host environments are supported:

The level of support is as follows:

Support status of guest operating systems running virtualized on top of SUSE Linux Enterprise Server.

The following guest operating systems are fully supported (L3 in accordance with the respective product life cycle):

The following guest operating systems are supported as a technology preview (L2, fixes if reasonable):

The following Red Hat guest operating systems are supported on a best-effort basis for all customers (L2, fixes if reasonable) and fully supported for customers with Expanded Support (L3):

The following Microsoft guest operating systems are supported on a best-effort basis (L2, fixes if reasonable):

All guest operating systems are supported both fully virtualized and paravirtualized, with the exception of Windows guests, which are only supported fully virtualized and OES and NetWare guests, which are only supported paravirtualized.

All guest operating systems are supported both in 32-bit and 64-bit environments, unless stated otherwise (NetWare).

SUSE Linux Enterprise Server supports migrating a virtual machine from one physical host to another.

On SUSE Linux Enterprise Server 15 SP1 and higher, if the YaST installer detects that it is running within a KVM or Xen virtual machine, the package qemu-guest-agent is automatically installed. The guest agent allows management applications running on the host OS to communicate with SUSE Linux Enterprise Server running inside the virtual machine. For more information about using the guest agent, see the Virtualization Guide at https://documentation.suse.com/sles/15-SP2/html/SLES-all/cha-qemu-ga.html.

Libvirt has been updated to version 6.0.x (https://www.libvirt.org/news.htm).

vagrant box add --name SLES-15-SP2 SLES15-SP2-Vagrant.x86_64-15.2-libvirt-*.vagrant.libvirt.box

vagrant init SLES-15-SP2
vagrant up
vagrant ssh

  config.vm.provider :libvirt do |libvirt|
    libvirt.driver = "kvm"
    libvirt.host = 'localhost'
    libvirt.uri = 'qemu:///system'
    libvirt.host = "main"
    libvirt.features = ["apic"]
    # path to the UEFI loader for aarch64
    libvirt.loader = "/usr/share/qemu/aavmf-aarch64-code.bin"
    libvirt.video_type = "vga"
    libvirt.cpu_mode = "host-passthrough"
    libvirt.machine_type = "virt-3.1"
    # path to the qemu aarch64 emulator
    libvirt.emulator_path = "/usr/bin/qemu-system-aarch64"
  end

SUSE has worked with AMD to improve the AMD SEV Tool (https://github.com/AMDESE/sev-tool).

Version 11.1.x of open-vm-tools has a new subpackage for a Service Discovery Plugin called open-vm-tools-sdmp. For more information, see the upstream release notes.

SUSE is committed to helping provide better insights into the consumption of SUSE subscriptions regardless of where they are running or how they are managed; physical or virtual, on-prem or in the cloud, connected to SCC or Repository Mirroring Tool (RMT), or managed by SUSE Manager. To help you identify or filter out systems in SCC that are no longer running or decommissioned, SUSEConnect now features a daily “ping”, which will update system information automatically.

For more details see the documentation at https://documentation.suse.com/subscription/suseconnect/single-html/SLE-suseconnect-visibility/.

The SHA-1 hash function is not secure. For more information, see CVE-2019-14855.

The repositories for NVIDIA CUDA are available as the NVIDIA Compute module for x86-64 and AArch64. These repositories are provided by NVIDIA and the software in them is not supported by SUSE. All software in these repositories is licensed under the third-party NVIDIA CUDA EULA.

The NVIDIA Compute module is not enabled by default when installing SUSE Linux Enterprise Server. During installation, the module can be selected manually from the Extension and Modules screen in YaST. Within an installed system, you can add it as follows: Run yast registration from a shell as root, select Select Extensions, search for NVIDIA Compute Module and continue with Next. Verify and accept the NVIDIA repository GPG key.

Important: Do not use the SUSEConnect tool to add this repository

Do not try to add this module with the SUSEConnect CLI tool. SUSEConnect is not yet capable of handling third-party repositories.

Important: Combining Workstation Extension and NVIDIA Compute module is unsupported

The Workstation Extension module includes some of the same drivers for NVIDIA graphics cards as the NVIDIA Compute module. However, their package versions may differ. As SUSE package management installs the latest package versions by default, enabling both modules at the same time can lead to a system with a mixture of packages from both modules.

Such a setup can result in drivers not working as expected and is not supported by SUSE.

Binutils, glibc and gdb have been updated to support instructions introduced with IBM z15.

The zlib library has been updated to exploit the IBM z15 compression capabilities.

The gzip tool has been updated to exploit the IBM z15 compression capabilities.

For optimized performance tuning, the CPU-measurement counter facility now supports counters, including the MT-diagnostic counter set, which was originally introduced with IBM z14.

Multi-Write allows transferring multiple 64 KB buffers with a single instruction. This reduces CPU utilization, speeds up data transfer, and reduces receiver-side interrupts.

Using default settings of SUSE Linux Enterprise Server 15 SP1, 15 SP2, and 15 SP3, the performance of RoCE ConnectX-4 hardware on IBM z14 and IBM z15 systems is degraded compared to when used under SUSE Linux Enterprise Server 15 GA.

To improve performance to the same level as with SUSE Linux Enterprise Server 15 GA, set the following flag for all RoCE ethernet interfaces: ethtool --set-priv-flags DEVNAME rx_striding_rq. This needs to be done for each RoCE interface and at each boot.

Enhances the hardware sampling in the perf PMU driver to export additional information for improved perf tool post-processing. Displays the address and function name from where a sample was taken.

Support for hardware acceleration in the kernel for the SHA3 algorithm (CPACF MSA6) on CPACF hardware.

Added a new tool zcryptstats to the s390-tools package to obtain and display measurement data from crypto adapters for capacity planning.

Support for a NIST compliant pseudo-random number generator that can be seeded with true random numbers based on CPACF functions for the NIST curves P256, P384, and P521.

The generation and transformation of AES cipher keys is now supported in the pkey and paes modules and zkey.

Added support for the new IBM z15 Crypto Express7S crypto card.

Added support for the following mechanisms to the libica token of openCryptoki: CKM_SHA256_RSA_PKCS_PSS, CKM_SHA384_RSA_PKCS_PSS, CKM_SHA512_RSA_PKCS_PSS.

Use functions provided by IBM z15 with CPACF MSA9 to implement, for example, EC key generation (PCC) and ECDSA sign/verify functions (including the Ed25510, Ed448, X25519, and X448 curves).

Use functions provided by IBM z15 with CPACF MSA9 to implement, for example, EC key generation (PCC) and ECDSA sign/verify functions (including the Ed25510, Ed448, X25519, and X448 curves).

Various zkey enhancements have been added based on customer experiences, including checks to ensure that all HSMs used to encrypt a volume use the same encryption keys.

Use functions provided by IBM z15 with CPACF MSA9 to implement, for example, EC key generation (PCC) and ECDSA sign/verify functions (including the P256, P384, P521, Ed25510, Ed448, X25519 and X448 curves).

With kernel address space layout randomization (KASLR), the kernel can be loaded to a random location in memory. This offers protection against certain security attacks that rely on knowledge of the kernel addresses.

The installer has been enhanced to support dm-crypt to use protected keys to encrypt partitions.

SUSE Linux Enterprise Server 15 SP2 supports the IBM Secure Execution for Linux technology introduced with IBM z15 and LinuxONE III. For more information, see https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.lxse/lxse_t_secureexecution.html.

In SUSE Linux Enterprise Server 15 SP2, We have added libp11 in version 0.4.10. libp11 is a library implementing a thin layer on top of the RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki) API to make using PKCS#11 implementations easier.

For more information, see https://github.com/OpenSC/libp11/wiki.

A Linux application can now access new data sets that were created after zdsfs was mounted without the need to remount zdsfs.

YaST now allows the user to process device configuration data obtained from the IBM Dynamic Partition Manager at boot time.

Enables the user to separately configure DIF and DIF+DIX integrity protection mechanisms for zFCP-attached SCSI devices.

Provide the CPU model for the IBM z14 ZR1 to enable KVM guests to transparently exploit new hardware features on the z14 ZR1.

Provide the CPU model for the IBM z15 to enable KVM guests to transparently exploit new hardware features on the z15.

Enabled APIs for libvirt CPU model comparison and baselining for IBM Z that will allow customers to optimize utilization of heterogeneous KVM host environments.

Enables KVM guests to directly access ECKD DASD devices using CCW passthrough. This allows the exploiting advanced features like HyperPAV and reserve/release. IPL from DASD is provided as a technology preview in SUSE Linux Enterprise Server 15 SP2.

Added interrupt support to improve performance and CPU utilization.

Linux operating system images using a secure boot on-disk format can now be run in KVM without modifications required, lowering overall administrative overhead.

Firmware-assisted dump (fadump) support has been added to OPAL firmware. Corresponding support is added to the SLES 15 SP2 kernel. Systems running OPAL firmware with this support can now use fadump.

In addition to the Raspberry Pi Compute Module 3, the Compute Module 3+ is now also supported. It uses the BCM2837 System-on-Chip silicon revision B0, same as Raspberry Pi 3 Model B+.

Also enabled is the Raspberry Pi 3 Model A+, with BCM2837 B0 silicon revision. Compared to Model B+ it offers a reduced feature set and less RAM.

Initial enablement is provided for Raspberry Pi 4 Model B, which uses a new BCM2711 System-on-Chip. For known limitations, see Section 9.4.6, “Some Drivers Not Ready for Raspberry Pi”.

In the provided U-Boot bootloader the Btrfs file system is now enabled, offering additional flexibility for partitioning, scripting and recovery (Section 2.8.2.4, “Btrfs File System Has Been Enabled in U-Boot Bootloader”).

Starting with SUSE Linux Enterprise Server for Arm 15 SP1, the .iso installation media allow booting directly from USB storage devices on supported boards, such as Raspberry Pi 3 Model B+. The Unified Installer in 15 SP2 now simplifies installation from USB to microSD by offering a default partitioning proposal for a bootable installation target, avoiding the need for manual partitioning in the most common scenarios. For more details on the boot process please refer to the SUSE Linux Enterprise Server Deployment Guide.

The bootloader package u-boot-rpi3 has been replaced with a new u-boot-rpiarm64 package that covers both Raspberry Pi 3 and 4 generations.

The package containing the Kiwi templates for the image has been renamed from kiwi-templates-SLES15-JeOS to kiwi-templates-JeOS (Section 4.3.2, “kiwi-templates-SLES15-JeOS Has Been Renamed to kiwi-templates-JeOS”).

If you upgraded from the SUSE Linux Enterprise Server for Arm 12 SP3 image for the Raspberry Pi, an X11 config file /etc/X11/xorg.conf.d/20-kms.conf will be left over, which disables acceleration. You can safely remove this file in later versions (see Section 9.4.5, “No 3D Graphics Acceleration for Broadcom VideoCore IV”).

Raspberry Pi 3 Model A+ and B/B+ as well as Raspberry Pi 4 Model B all offer a 40-pin General Purpose I/O connector, with multiple software-configurable functions such as UART, I²C and SPI. This pin mux configuration along with any external devices attached to the pins is defined in the Device Tree which is passed by the bootloader to the kernel.

SUSE does not currently provide support for any particular Hardware Attached on Top (HATs) or other expansion boards attached to the 40-pin GPIO connector. However, insofar as drivers for pin functions and for attached chipsets are included in SUSE Linux Enterprise, they can be used. SUSE does not provide support for making changes to the Device Tree, but successful changes will not affect the support status of the operating system itself. Be aware that errors in the Device Tree can stop the system from booting successfully or can even damage the hardware.

The bootloader and firmware in SUSE Linux Enterprise Server for Arm 15 SP2 support Device Tree Overlays. The recommended way of configuring GPIO pins is to create a file extraconfig.txt on the FAT volume (/boot/efi/extraconfig.txt in the SUSE image) with a line dtoverlay=filename-without-.dtbo per Overlay. For more information about the syntax, see the documentation by the Raspberry Pi Foundation: https://www.raspberrypi.org/documentation/configuration/device-tree.md

If not already shipped in the /boot/efi/overlays/ directory (installed by raspberrypi-firmware-dt package), .dtbo files can be obtained from the manufacturer of the HAT or compiled from self-authored sources.

For more information, see the Raspberry Pi Quick Start guide at https://documentation.suse.com/sles/15-SP2/html/SLES-rpi-quick/.

The dtc package has been added to the Development Tools module.

The SUSE Linux Enterprise Server for Arm 15 SP2 kernel raises the limit of logical CPUs (physical cores and threads) from 480 to 768 CPUs.

The number of virtual CPUs (vCPUs) that can be assigned to a guest with the Kernel-based Virtual Machine (KVM) is limited by the interrupt controllers emulated by QEMU for the guest virtual machine (VM). SUSE Linux Enterprise Server for Arm 15 SP1 and earlier were therefore unable to assign all the logical host CPUs of a Marvell* ThunderX2* to a single guest VM, affecting the YES! System Test Kit.

SUSE Linux Enterprise Server for Arm 15 SP2 raises the limit from 123 to 512 virtual CPUs per KVM guest VM.

Note

Please observe any recommendations regarding vCPU over-commit in relation to physical cores (compare Section 5.14.5.2, “KVM Limits”).

The SUSE Linux Enterprise Server for Arm 15 SP2 kernel raises the limit of Non-Uniform Memory Access (NUMA) nodes from 4 to 64 nodes.

The Armv8.2 Scalable Vector Extensions (SVE) were initially enabled in the SUSE Linux Enterprise Server for Arm 15 SP1 kernel. The Kernel-based Virtual Machine (KVM) in SUSE Linux Enterprise Server for Arm 15 SP2 is now enabled for SVE, too.

The Arm* Neoverse* N1 CPU core is enabled since a SUSE Linux Enterprise Server for Arm 15 SP1 kernel maintenance update.

Note

While the Neoverse N1 CPU core is enabled, the Arm Neoverse N1 SDP system is not enabled (Section 9.4.1, “Arm Neoverse N1 SDP Not Supported”).

SUSE Linux Enterprise Server for Arm 15 SP2 adds enablement for servers based on Ampere* Altra* System-on-Chip (SoC). The Altra SoC uses Arm* Neoverse* N1 CPU cores (Section 9.3.6, “Driver Enablement for Arm Neoverse N1”).

Amazon EC2* A1 instances based on the AWS* Graviton System-on-Chip (SoC) are enabled since a SUSE Linux Enterprise Server for Arm 15 kernel maintenance update. The AWS Graviton SoC uses Arm* Neoverse* Cosmos (Cortex*-A72) CPU cores.

A1.metal instances are enabled since a SUSE Linux Enterprise Server for Arm 15 SP1 kernel maintenance update.

Amazon EC2* instances based on the AWS* Graviton2 System-on-Chip (SoC), such as M6g, are enabled since a SUSE Linux Enterprise Server for Arm 15 SP1 kernel maintenance update. The AWS Graviton2 SoC uses Arm* Neoverse* N1 CPU cores (Section 9.3.6, “Driver Enablement for Arm Neoverse N1”).

SUSE Linux Enterprise Server for Arm 15 SP2 adds enablement for servers based on Marvell* ThunderX3* System-on-Chip (SoC). The ThunderX3 SoC uses custom cores compliant with Armv8.3+ and the Server Base System Architecture (SBSA).

SUSE Linux Enterprise Server for Arm 15 SP2 adds enablement for the NVIDIA* Jetson* TX1 and Jetson Nano System-on-Module (SoM) using the NVIDIA Tegra* X1 System-on-Chip (SoC), as well as for the Jetson TX2/TX2i SoM using the Tegra X2 SoC.

The SUSE Linux Enterprise Server for Arm installation media are known not to boot with the bootloaders based on U-Boot v2016.07 of NVIDIA L4T R32.3.1 and earlier. When loading GRUB from the SUSE installation medium and selecting a kernel from the GRUB menu, then after loading kernel and ramdisk, you will encounter this error:

EFI stub: Booting Linux Kernel...
EFI stub: EFI_RNG_PROTOCOL unavailable, no randomness supplied
EFI stub: ERROR: Could not determine UEFI Secure Boot status.
EFI stub: Using DTB from configuration table
EFI stub: ERROR: Failed to install memreserve config table!
EFI stub: Exiting boot services and installing virtual address map...
EFI stub: ERROR: Failed to update FDT and exit boot services

Contact your hardware vendor or NVIDIA as the module vendor for how to obtain and flash an EBBR 1.0-compliant bootloader for use with SUSE Linux Enterprise Server for Arm.

SUSE Linux Enterprise Server for Arm 15 SP2 adds initial enablement for the NXP* Layerscape* LS1028A family of System-on-Chip (SoC) chipsets. LS1027A is a SoC variant without the 3D Graphics Processor Unit (GPU), DisplayPort* PHY and LCD controller found on LS1028A SoC. LS1017A and LS1018A are single-core variants of dual-core LS1027A and LS1028A SoCs respectively.

Known limitations for LS1028A and LS1018A built-in graphics are detailed in Section 9.4.3, “No DisplayPort Graphics Output on NXP LS1028A and LS1018A”. As a consequence, the Display Processor driver (mali-dp) and the 3D GPU driver (etnaviv) are available as technology previews (Section 2.8.2.3, “mali-dp Driver for Arm Mali Display Processors Has Been Added” and Section 2.8.2.1, “etnaviv Drivers for Vivante GPUs Have Been Added”).

The FlexCAN driver (flexcan) was not ready yet for the LS1028A SoC family (Section 9.4.4, “No CAN Interfaces on NXP Layerscape”).

The Rockchip RK3399 System-on-Chip contains an Arm* Mali*-T864 Graphics Processor Unit (GPU).

Previously, this GPU needed third-party drivers and libraries from your hardware vendor.

The SUSE Linux Enterprise Server for Arm 15 SP2 kernel includes panfrost, a Display Rendering Infrastructure (DRI) driver for Arm Mali Midgard microarchitecture GPUs, such as Mali-T864, and the Mesa-dri package contains a matching panfrost_dri graphics driver library.

To use them, the Device Tree passed by the bootloader to the kernel needs to include a description of the Mali GPU for the kernel driver to get loaded. You may need to contact your hardware vendor for a bootloader firmware upgrade.

Note

The lima driver for Mali Utgard microarchitecture GPUs is available as a technology preview (Section 2.8.2.2, “lima Driver for Arm Mali Utgard GPUs Has Been Added”).

The SUSE Linux Enterprise Server for Arm 15 SP2 kernel adds a Serial Peripheral Interface (SPI) driver for the Socionext* SynQuacer* SC2A11 System-on-Chip.

The Arm* Neoverse* N1 System Development Platform (SDP) contains a custom System-on-Chip, whose PCIe controller has multiple known errata.

The SUSE Linux Enterprise Server for Arm 15 SP2 kernel does not include any quirks to handle these errata, leading to bus faults when enumerating the PCIe root complex. Installation from SUSE Linux Enterprise Server for Arm 15 SP2 media is therefore not possible.

For more information, see https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git/about/docs/n1sdp/pcie-support.rst.

Note that this is not an issue with the Neoverse N1 CPU core itself (Section 9.3.6, “Driver Enablement for Arm Neoverse N1”). Other Neoverse N1 based System-on-Chip chipsets are not affected (see Section 9.3.9, “Driver Enablement for AWS Graviton2” and Section 9.3.7, “Driver Enablement for Ampere Altra”).

Servers based on the Fujitsu* A64FX System-on-Chip do not support Collaborative Processor Performance Control (CPPC). This means the CPUs will always run at maximum performance, irrespective of their load.

Contact your hardware vendor for whether third-party drivers are available for SUSE Linux Enterprise Server for Arm 15 SP2.

The NXP* Layerscape* LS1028A/LS1018A System-on-Chip contains an Arm* Mali*-DP500 Display Processor, whose output is connected to a DisplayPort* TX Controller (HDP-TX) based on Cadence* High Definition (HD) Display Intellectual Property (IP).

A Display Rendering Manager (DRM) driver for the Arm Mali-DP500 Display Processor is available as technology preview (Section 2.8.2.3, “mali-dp Driver for Arm Mali Display Processors Has Been Added”).

However, there was no HDP-TX physical-layer (PHY) controller driver ready yet. Therefore no graphics output will be available, for example, on the DisplayPort* connector of the NXP LS1028A Reference Design Board (RDB).

Contact the chip vendor NXP for whether third-party graphics drivers are available for SUSE Linux Enterprise Server for Arm 15 SP2.

Alternatively, contact your hardware vendor for whether a bootloader update is available that implements graphics output, allowing to instead use efifb framebuffer graphics in SUSE Linux Enterprise Server for Arm 15 SP2.

Note

The Vivante GC7000UL GPU driver (etnaviv) is available as a technology preview (Section 2.8.2.1, “etnaviv Drivers for Vivante GPUs Have Been Added”).

The NXP* Layerscape* LS1028A and LX2160A System-on-Chip families both contain multiple FlexCAN Controller Area Network (CAN) controllers.

The SUSE Linux Enterprise Server for Arm 15 SP2 kernel does not include the flexcan driver.

The vc4 Display Rendering Manager (DRM) driver for the Broadcom* VideoCore* IV Graphics Processor Unit (GPU) has not reached enterprise-grade stability expectations for 3D acceleration on Raspberry Pi* 3 devices under memory pressure.

Since SUSE Linux Enterprise Server for Arm 15 (and 12 SP4) the Mesa-dri package does not include the vc4_dri graphics library, forcing fallback to 2D-only accelerated graphics.

Note

For VideoCore VI, found on Raspberry Pi 4, see Section 9.4.6, “Some Drivers Not Ready for Raspberry Pi”.

The SUSE Linux Enterprise Server for Arm 15 SP2 kernel does not include a driver for VideoCore* Host Interface Queue (VCHIQ), which was still in staging. The tool vcgencmd depends on VCHIQ and is therefore not included. Any drivers depending on vchiq driver are not included either, in particular snd-bcm2835 for 3.5 mm TRRS audio jack and bcm2835-camera (kernel module bcm2835-v4l2) for MIPI* CSI‑2* camera connector are unavailable. Also dependent on VCHIQ is the Multi-Media Abstraction Layer (MMAL) driver vchiq-mmal (kernel module bcm2835-mmal-vchiq), whose absence precludes you from using OpenMAX* (OMX) API based tools using MMAL, such as raspivid and raspistill.

A performance monitoring driver for the Advanced eXtensible Interface (AXI) bus on the Raspberry Pi (raspberrypi_axi_monitor) is not available.