Release Notes #

It comes bundled with the latest versions of leading applications such as LibreOffice office productivity suite, Mozilla Firefox Web browser, and Evolution e-mail and calendar suite. In addition, it integrates with Microsoft SharePoint for group collaboration and supports a wide range of multimedia file formats, wireless and networking standards, and plug-and-play devices.

Through the latest enhancements in power management and security, SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension also provides an environmentally friendly IT experience (Green IT) and an error-proof desktop. Finally, SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension offers unparalleled flexibility. You can deploy it on a wide range of thick client devices (including desktops, notebooks, netbooks, and workstations), on thin client devices, or as a virtual desktop. By leveraging the power of SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension, your business can dramatically reduce costs, improve end user security and increase workforce productivity.

SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension 15 has a 10 year life cycle. The current version (GA) will be fully maintained and supported until 6 months after the release of SUSE Linux Enterprise 15 SP1.

SUSE does not support skipping Service Packs of SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension when upgrading.

SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension 15 introduces many innovative changes compared to SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension 12.

To receive support, you need an appropriate subscription with SUSE. For more information, see https://www.suse.com/support/programs/subscriptions/?id=SUSE_Linux_Enterprise_Server.

Technology previews are packages, stacks, or features delivered by SUSE. These features are not supported. They may be functionally incomplete, unstable or in other ways not suitable for production use. They are mainly included for customer convenience and give customers a chance to test new technologies within an enterprise environment.

Technology previews can be dropped at any time and SUSE does not commit to providing a supported version of such technologies in the future.

Give your SUSE representative feedback, including your experience and use case.

This section lists related products. Usually, these products have own release notes documents that are available from https://www.suse.com/releasenotes.

Additionally, there is the following extension which is not covered by SUSE support agreements, available at no additional cost and without an extra registration key:

This section includes information related to the initial installation of SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension 15 GA.

Important: Installation Documentation

The following release notes contain additional notes regarding the installation of SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension. However, they do not document the installation procedure itself.

For installation documentation, see Deployment Guide at https://www.suse.com/documentation/sled-15/singlehtml/book_sle_deployment/book_sle_deployment.html.

parted [DEVICE] set [PARTITION_NUMBER] msftdata off

This section includes upgrade-related information for SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension 15 GA.

Important: Upgrade Documentation

The following release notes contain additional notes regarding the upgrade of SUSE Linux Enterprise Desktop/SUSE Linux Enterprise Workstation Extension. However, they do not document the upgrade procedure itself.

For upgrade documentation, see https://www.suse.com/documentation/sled-15/singlehtml/book_sle_deployment/book_sle_deployment.html#cha.update.sle.

sudo old /etc/X11/xorg.conf

Scalable MCA improves hardware error reporting to better diagnose issues in AMD Zen processors. It provides a clearer, easier to use rules for the kinds of information supplied by the hardware when reporting errors.

This clearer separation of architectural and implementation-specific functions allows operating systems to better take advantage of architectural features.

In addition, it expands information logged in MCA banks to allow for improved error handling, better diagnosability, and future scalability.

To provide protection against physical attacks on a system, AMD SME can provide full or partial memory encryption depending on the use case, on AMD family 17h CPU processors. Full memory encryption means all DRAM contents are encrypted using random keys. This provides strong protection against cold boot, DRAM interface snooping and similar types of attacks. This technology is especially prominent for systems equipped with NVDIMMs whose contents remain intact after powering down the system.

Memory encryption support is present in SLE 15 kernels but not enabled by default. To enable it on compatible hardware (AMD family 17h CPU, with proper BIOS/UEFI support), supply the boot option mem_encrypt=on.

SLE 15 supports the Thunderbolt hardware interface. However, there are limitations to this support:

Systemd allows for new ways of starting services, such as the so-called socket-based activation. Services which are configured to be started on demand will not run until it is needed, for example, when a new request comes in.

The YaST Services Manager has been extended to allow setting services to be started on-demand. Currently, only a subset of services supports this configuration. The current start mode is displayed in the column Start of the YaST Services Manager. In the drop-down box Start Mode of the YaST Services Manager, the mode On-demand will only be shown when it is available for the selected service.

Additionally, the table column Active has been adapted to show the correct value provided by Systemd.

SLE 15 introduces a new default Btrfs subvolume layout that aims for the following:

Instead of using multiple Btrfs subvolumes for different subdirectories of /var, SLE 15 ships with a single subvolume for all of /var. This new subvolume has copy-on-write functionality disabled.

There is no defined way of upgrading to this new Btrfs subvolume layout. Therefore, if you want to take advantage of it, make sure to freshly install SLE 15 instead of upgrading.

For more information on the default Btrfs subvolume layout before and after this change, see https://en.opensuse.org/SDB:BTRFS.

SLE 12 shipped with GPG 2.0, while SLE 15 includes GPG 2.2. In between these GPG versions, support for GPG V3 keys was removed. If your system's key database still contains GPG V3 keys, you may receive warnings about this when executing Zypper or rpm commands, as these commands are checking the integrity of the package database. These warnings take the form warning: Unsupported version of key: V3.

Usually, these warnings are benign, as these keys may have been used for repositories that are no longer enabled on the system or that have since had key updates. However, if these keys are still in active use by the upstream repository, they must be replaced as soon as possible:

To delete such keys, perform the following:

Research was published that showed weakesses in the SHA-1 family of hashes for some applications. The use of stronger digests is advised for most applications.

The default behavior for GnuPG (gpg2) has been changed to use SHA-2 family digests for key certificates, default preferences stored in keys, and signature generation in the absense of a configuration file. GnuPG no longer generates a new configuration when called in an empty home. Existing GnuPG configurations are not altered. GnuPG continues to support SHA-1 digest generation and verification as mandated by OpenPGP standards.

Security consists of layers of defense. One of those layers of defense is randomizing address for programs, so offsets and functions and similar are at randomized addresses on every start.

All SUSE Linux Enterprise 15 binaries are built with support for PIE (Position-Independent Executables) which will randomize all code layout in memory on every startup of the binary.

SuSEfirewall2 was originally tailored towards running a router with forwarding and/or NAT rules. This use case is rarely required anymore. Furthermore, the static nature of SuSEfirewall2 made it difficult to react to today's dynamic networking events like hotplugged network interfaces or virtual networking.

To allow greater flexibility in SLE 15, the default firewall has been switched to the firewalld upstream solution. It provides a resident daemon process which can dynamically adjust firewall rules on behalf of the user or other programs. SuSEfirewall2 is no longer available.

There is no automatic migration from SuSEfirewall2 to firewalld. To migrate an existing SuSEfirewall2 configuration to firewalld, you can use the script from the package susefirewall2-to-firewalld. However, after running the script, you still need to manually adjust and verify the resulting firewalld rules.

More technical information about firewalld could be found in the Security Guide at https://www.suse.com/documentation/sles-15/singlehtml/book_security/book_security.html#sec.security.firewall.firewalld.

Mozilla Thunderbird is provided as a cross-platform graphical e-mail client with calendaring capabilities. It supports the S/MIME (RFC 2633) e-mail encryption standard. Support for OpenPGP (RFC 2440) can be added by installing the extension Enigmail (package enigmail).

Mozilla Thunderbird provides support for the S/MIME (RFC 2633) e-mail encryption standard, but needs and additional plugin-in to support OpenPGP (RFC 2440).

The Enigmail plugin for Mozilla Thunderbird is provided to add support for OpenPGP (RFC 2440) e-mail encryption. It uses the local GnuPG installation, configuration and keys.

Additionally, the plugin adds support for the following protocols, enabled by default:

In nested virtualization, the hypervisor has to intercept and emulate most virtualization instructions in KVM guests in software. This slows down nested virtualization.

Newer AMD processors have support for hardware virtualization of common virtualization instructions, making software emulation unnecessary. These features in newer AMD processors are now supported, making nested virtualization faster.

When you are using the graphical boot target (with GDM) but there is no display connected, Plymouth may be unable to quit. This affects the start of systemd services that are normally started subsequent to Plymouth.

To diagnose whether a system is in the problematic status, remotely log in to it and run the command systemctl list-jobs. The system is affected if the plymouth-quit-wait.service is shown as running.

Any of the following methods can be used as a workaround:

The drivers for the following graphics chipsets do not yet support Wayland sessions:

In all of these cases, even if the Wayland stack is fully installed, GNOME will automatically fall back to starting an X session.

In previous versions of SLE, the compose key combination allowed typing characters that were not part of the regular keyboard layout. For example, to produce "å", you could press and release Shift-Right Ctrl and then press a twice.

Starting with SLE 15, there is no longer a predefined compose key combination because Shift-Right Ctrl does not work as expected anymore.

On SLED 15, hybrid GPUs are not fully supported on Wayland. This affects, for example, laptops that have an integrated Intel GPU and a discrete Nvidia or AMD GPU connected to the HDMI ports. When the BIOS of a machine is set to use discrete graphics, GNOME will automatically fall back to starting an X session (which better supports the discrete GPU).

There is an unsupported workaround to use Wayland when a discrete graphic card is enabled. This workaround brings up GNOME on Wayland under SLED 15. However, external monitors with discrete graphic cards are not allowed in this configuration and it can lead to additional display-related issues.

To enable the unsupported workaround, do:

The following packages have been removed in this release.

sudo old /etc/X11/xorg.conf

This section contains information about important changes to modules.