Linux Patch Notes for CTE v7.8.0.116

Enhancements

Confidential Computing

CTE now supports Confidential Computing on RHEL 9.x platforms.

• See Confidential Computing: Integrating Intel® Tiber™ Trust Services and Intel TDX, with Microsoft Azure or Google Cloud Platform

Vantage Cloud Enterprise (VCE) 3.0

Vantage Cloud Enterprise (VCE) 3.0 now supported with Teradata SLES 15 SP4.

Known Issues

• AGT-28604: Linux GlusterFS Trash Translate does not work if .trashcan directory is outside of GuardPoint

  AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.121

  CTE has an issue with subdirectories in Gluster FS. If a file deleted from a GuardPoint is moved to a subdirectory that is outside of the GuardPoint, then it shows only the garbage values because it is encrypted.

  Currently, CipherTrust Transparent Encryption does not support the GlusterFS Trash Translator.

• AGT-62836: The command to get the vm process logs dumped the logs into vorvmd during the first association of a FAM policy with CTE

  AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.121

  These logs are generated when a FAM policy is pushed for the first time. They do not affect the functioning of FAM, or any other feature, and can be ignored.

• AGT-65002: LDT-AutoFS: Not Removing Shadow directory after auto unmount of NAS mount point

  AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.121

  Unmounting automount directories, configured as a CTE AutoGuard GuardPoint under an LDT policy protection, does not remove the mount point subdirectories that are dynamically created when mount points are auto-mounted.

• AGT-65631: COS | File upload/download fails with "Internal server error" when using awscli version 2.23.0 or subsequent versions

  AFFECTED VERSIONS: 10.5.0.49

  Beginning with AWS CLI version 2.23.0 and subsequent versions, AWS implemented enhanced and more efficient checksum algorithms, including CRC-64/NVME, CRC32, CRC32C, SHA1, and SHA256, with CRC64-NVME set as the new default for the CLI. This results in file upload/download failing.

  There are two work-arounds for this issue. Choose one:

  • Use an older version of AWS CLI.

  • Add the following lines to the ~/aws/config file:

    response_checksum_validation = when_required
    request_checksum_calculation = when_required
    

• AGT-66914 | 67160 : Warning trace while loading seccrypto module in RHEL10

  AFFECTED VERSIONS: 7.8.0.79 — 7.8.0.121

  The warning message Unpatched return thunk in use displayed in the system log during system boot. It is harmless and can be ignored. The message type will be changed to: information.

• AGT-68212: Unable to guard the raw device in RHEL 10 after restarting SecFS

  AFFECTED VERSIONS: 7.8.0.121

  Workaround

  • When creating a GuardPoint on a raw/block device, ensure that the policy contains a signature set for the following system processes that require access to the guarded devices:

    /usr/bin/udevadm
    /usr/sbin/dmsetup
    

  Failure to include the above processes in the policy might cause the GuardPoint creation to fail with the error Busy, will continue to retry.

• AGT-68919 [CS2197449]: Kernel module hung during installation of mariadb-server on Ubuntu 24 while already having a GuardPoint enabled

  AFFECTED VERSIONS: 7.8.0.121

  Workaround

  Disable io_uring for RHEL 10. Type:

  if ! grep kernel.io_uring_disabled /etc/sysctl.conf ; then echo 'kernel.io_uring_disabled = 2' >> /etc/sysctl.conf; fi;
  sysctl -p
  reboot
  

Support Advisory

End of Life Notices

Linux Kernels End of Life Notices