What's in the Linux kernel for Debian 7.0 'wheezy', part 2
The Debian package has some additional features not present in mainline Linux 3.2. Some of these were described in part 1, and this continues the list.
CPU devices
CPUs are exposed in the device model as normal devices, not 'sysdevs'. For x86 CPUs, model and feature information is included in the uevent for the CPU device. This results in automatic loading of appropriate device drivers with the help of udev, rather than specialised init scripts:
- CPU frequency scaling drivers
- The intel_idle driver
- CPU temperature monitoring drivers
- Crypto drivers that use extensions such as SSE or VIA Padlock
Control groups
Most control groups (cgroups) features are included, but some are disabled by default at run-time:
- The memory controller is disabled and can be enabled using the kernel parameter cgroup_enable=memory.
- Scheduler auto-grouping is disabled and can be enabled through the sysctl kernel.sched_autogroup_enabled.
EFI stub
On x86 architectures the kernel is built as an EFI executable which can be directly loaded from an EFI shell, e.g.:
Shell> vmlinuz-3.2.0-4-amd64 root=/dev/sda2 initrd=initrd.img-3.2.0-4-amd64
Debian will usually boot on an EFI system via grub-efi, but this can be useful for some unusual configurations and some of the simple EFI boot loaders that are currently being developed.
Linux Security Modules
The kernel side of AppArmor has some extensions for backward compatibility with AppArmor userland versions 2.4-2.7, matching wheezy userland.
Debian appears to be the only major distribution to provide a choice of LSMs: AppArmor, SELinux or TOMOYO. Use the security= boot parameter to enable any of them.
CPU microcode updates for Xen
Like all hardware, CPUs have bugs, which can sometimes be fixed in microcode. x86 microcode updates may be applied by either the BIOS or operating system, but it's easier to upgrade packages than to upgrade the BIOS. Xen 4.1 can apply microcode updates but relies on the dom0 kernel to load them, and the mainline Linux kernel does not do this. We include an extension of the microcode loader that does so.