Inside this week's LWN.net Weekly Edition:

• Front: Don't fear the TPM; Python performance; Offensive Debian packages; NNCPNET; 6.17 Merge window; Transparent huge pages; SilverBullet.
• Briefs: AUR malware; Secure boot; kbuild and kconfig maintenance; GPU drivers; NVIDIA on AlmaLinux; Proxmox 9.0; Quotes; ...
• Announcements: Newsletters, conferences, security updates, patches, and more.

The AlmaLinux project has announced the availability of packages to enable native NVIDIA driver support, including CUDA and Secure Boot, for AlmaLinux 9 and 10.

When AlmaLinux started just 5 years ago, this wouldn't have been possible. With NVIDIA's open source version of their graphics drivers things have changed. This open source version is slowly becoming the flagship driver, with new products being added exclusively to it. With the help of some incredible people in the open source ecosystem and the AlmaLinux community, we were able to do something that has yet to be done in the EL ecosystem - ship Secure Boot signed, open source, NVIDIA kernel modules.

Full documentation is available on the AlmaLinux wiki.

Daniel Almeida continues his look at graphics drivers on the Collabora blog.

The starting point is to understand that a kernel-mode GPU driver connects a much larger UMD (user-mode driver) to the actual GPU. The UMD will actually implement APIs like Vulkan, OpenGL, OpenCL, and others. These APIs, in turn, will be used by actual programs to describe their workload to the GPU. This includes allocating and using not only the geometry and textures, but also the shaders being used to process said data into the final result. This means that a key aspect of GPU drivers is actually allocating GPU memory to house data related to the current scene being drawn so that it can actually be operated on by the hardware.

There is a great deal of misunderstanding, and some misinformation, about the Trusted Platform Module (TPM); to combat this, Debian developer Jonathan McDowell would like to clear the air and help users understand what it is good for, as well as what it's not. At DebConf25 in Brest, France, he delivered a talk about TPMs that explained what they are, why people might be interested in using them, and how users might do so on a Debian system.

Version 0.10.0 of the Tuba fediverse client has been released. Notable changes in this release include a new post composer, an in-app web browser, search history, and many other refinements. See this thread for more details and highlights.

For eight years, Masahiro Yamada has been the sole maintainer of the kernel's build and configuration systems — two complex pieces of infrastructure that many people interact with, but few truly understand. Yamada has just stepped down from that position. Maintenance of the build system will be taken up by Nathan Chancellor and Nicolas Schier (in the "odd fixes" capacity), while the configuration system is now entirely unmaintained.

Thanks are due to Yamada for all that work, and to Chancellor and Schier for stepping up. Hopefully a way will be found to better support these important subsystems in the near future.

Security updates have been issued by AlmaLinux (kernel and python3.12-setuptools), Fedora (perl-Crypt-CBC and unbound), Gentoo (FontForge, GPL Ghostscript, Mozilla Network Security Service (NSS), and PAM), Oracle (gdk-pixbuf2, jq, kernel, mod_security, ncurses, python-requests, and python3-setuptools), Red Hat (python-requests and socat), SUSE (docker, kernel-livepatch-MICRO-6-0-RT_Update_2, kernel-livepatch-MICRO-6-0-RT_Update_4, kernel-livepatch-MICRO-6-0-RT_Update_5, kernel-livepatch-MICRO-6-0-RT_Update_6, kernel-livepatch-MICRO-6-0-RT_Update_7, kernel-livepatch-MICRO-6-0_Update_2, kernel-livepatch-MICRO-6-0_Update_4, kernel-livepatch-MICRO-6-0_Update_5, kernel-livepatch-MICRO-6-0_Update_6, kubeshark-cli, libgcrypt, pam-config, perl, python-requests, python311, and python313), and Ubuntu (linux-raspi).

Proxmox Virtual Environment 9.0, based on Debian 13 ("trixie"), has been released. Notable new features include snapshots for thick-provisioned LVM shared storage, affinity rules for high availability (HA) clusters, and a modernized mobile web interface for managing Proxmox systems. See the release notes and known issues for more details about the release.

The use of huge pages can significantly increase the performance of many workloads by reducing both memory-management overhead in the kernel and pressure on the system's translation lookaside buffer (TLB). The addition of transparent huge pages (THP) for the 2.6.38 kernel release in 2011 caused the kernel to allocate huge pages automatically to make their benefits available to all workloads without any effort needed on the user-space side. But it turns out that use of huge pages can make some workloads slower as the result of internal memory fragmentation, so the THP feature is often disabled. Two patch sets aimed at better targeting the use of transparent huge pages are currently working their way through the review process.

The call for topics for the 2025 Maintainers Summit has been posted. The Summit, to be held in Tokyo on December 10, will involve around 30 developers gathered to discuss development-process issues for the kernel. Anybody who is interested in attending is encouraged to post a nomination along with the topic they would like to discuss. Nominations and topics are best sent before September 10.

The call for topics for the Kernel Summit, which runs as a Linux Plumbers Conference track, is also out.