SUSE Linux Enterprise Server 15 SP7

Release Notes

Abstract

SUSE Linux Enterprise Server is a modern, modular operating system for both
multimodal and traditional IT. This document provides a high-level overview of
features, capabilities, and limitations of SUSE Linux Enterprise Server 15 SP7
and highlights important product updates.

These release notes are updated periodically. The latest version of these
release notes is always available at https://www.suse.com/releasenotes. General
documentation can be found at https://documentation.suse.com/sles/15-SP7.

Publication Date: 2025-05-07, Version: 15.7.20250507

1 About the release notes
2 SUSE Linux Enterprise Server
3 Modules, extensions, and related products
4 Installation and upgrade
5 Changes affecting all architectures
6 POWER-specific changes (ppc64le)
7 IBM Z-specific changes (s390x)
8 Arm 64-bit-specific changes (AArch64)
9 Removed and deprecated features and packages
10 Obtaining source code
11 Legal notices
A Changelog for 15 SP7
    A.1 2025-04-07
    A.2 2025-03-10
    A.3 2025-01-14
    A.4 2024-09-12
B Kernel parameter changes
    B.1 Changes from SP6 to SP7

1 About the release notes

These Release Notes are identical across all architectures, and the most recent
version is always available online at https://www.suse.com/releasenotes.

Entries are only listed once but they can be referenced in several places if
they are important and belong to more than one section.

Release notes usually only list changes that happened between two subsequent
releases. Certain important entries from the release notes of previous product
versions are repeated. To make these entries easier to identify, they contain a
note to that effect.

However, repeated entries are provided as a courtesy only. Therefore, if you
are skipping one or more service packs, check the release notes of the skipped
service packs as well. If you are only reading the release notes of the current
release, you could miss important changes.

2 SUSE Linux Enterprise Server

SUSE Linux Enterprise Server 15 SP7 is a multimodal operating system that paves
the way for IT transformation in the software-defined era. It is a modern and
modular OS that helps simplify multimodal IT, makes traditional IT
infrastructure efficient and provides an engaging platform for developers. As a
result, you can easily deploy and transition business-critical workloads across
on-premises and public cloud environments.

SUSE Linux Enterprise Server 15 SP7, with its multimodal design, helps
organizations transform their IT landscape by bridging traditional and
software-defined infrastructure.

2.1 Interoperability and hardware support

Designed for interoperability, SUSE Linux Enterprise Server integrates into
classical Unix and Windows environments, supports open standard interfaces for
systems management, and has been certified for IPv6 compatibility.

This modular, general-purpose operating system runs on four processor
architectures and is available with optional extensions that provide advanced
capabilities for tasks such as real-time computing and high-availability
clustering.

SUSE Linux Enterprise Server is optimized to run as a high-performance guest on
leading hypervisors. This makes SUSE Linux Enterprise Server the perfect guest
operating system for virtual computing.

2.2 What is new?

2.2.1 General changes in SLE 15

SUSE Linux Enterprise Server 15 introduces many innovative changes compared to
SUSE Linux Enterprise Server 12. The most important changes are listed below.

Migration from openSUSE Leap to SUSE Linux Enterprise Server

    SLE 15 SP2 and later support migrating from openSUSE Leap 15 to SUSE Linux
    Enterprise Server 15. Even if you decide to start out with the free
    community distribution, you can later easily upgrade to a distribution with
    enterprise-class support. For more information, see the Upgrade Guide at
    https://documentation.suse.com/sles/15-SP7/html/SLES-all/
    cha-upgrade-online.html#sec-upgrade-online-opensuse-to-sle.

Extended package search

    Use the new Zypper command zypper search-packages to search across all SUSE
    repositories available for your product, even if they are not yet enabled.
    For more information see Section 5.11.2, "Searching packages across all SLE
    modules".

Software Development Kit

    In SLE 15, packages formerly shipped as part of the Software Development
    Kit are now integrated into the products. Development packages are packaged
    alongside other packages. In addition, the Development Tools module
    contains tools for development.

RMT replaces SMT

    SMT (Subscription Management Tool) has been removed. Instead, RMT
    (Repository Mirroring Tool) now allows mirroring SUSE repositories and
    custom repositories. You can then register systems directly with RMT. In
    environments with tightened security, RMT can also proxy other RMT servers.
    If you are planning to migrate SLE 12 clients to version 15, RMT is the
    supported product to handle such migrations. If you still need to use SMT
    for these migrations, beware that the migrated clients will have all
    installation modules enabled. For more information see Section 4.2.3, "SMT
    has been replaced by RMT".

Media changes

    The Unified Installer and Packages media known from SUSE Linux Enterprise
    Server 15 SP1 have been replaced by the following media:

      ? Online Installation Medium: Allows installing all SUSE Linux Enterprise
        15 products. Packages are fetched from online repositories. This type
        of installation requires a registration key. Available SLE modules are
        listed in Section 3.1, "Modules in the SLE 15 SP7 product line".

      ? Full Installation Medium: Allows installing all SUSE Linux Enterprise
        Server 15 products without a network connection. This medium contains
        all packages from all SLE modules. SLE modules need to be enabled
        manually during installation. RMT (Repository Mirroring Tool) and SUSE
        Manager provide additional options for disconnected or managed
        installations.

SLE for HPC product removal

    Instead of a separate product, HPC is now available as a module in SUSE
    Linux Enterprise Server. For more information see Section 2.2.4, "SLE for
    HPC HPC no longer a separate product".

Major updates to the software selection:

Salt

    SLE 15 SP7 can be managed via Salt, making it integrate better with modern
    management solutions such as SUSE Manager.

Python 3

    As the first enterprise distribution, SLE 15 offers full support for Python
    3 development in addition to Python 2.

Directory Server

    389 Directory Server replaces OpenLDAP as the LDAP directory service.

2.2.2 Changes in 15 SP7

SUSE Linux Enterprise Server 15 SP7 introduces changes compared to SUSE Linux
Enterprise Server 15 SP6. The most important changes are listed below:

2.2.3 Package and module changes in 15 SP7

The full list of changed packages compared to 15 SP6 can be seen at this URL:

  o https://documentation.suse.com/package-lists/sle/15-SP7/
    package-changes_SLE-15-SP6-GA_SLE-15-SP7-GA.txt

The full list of changed modules compared to 15 SP6 can be seen at this URL:

  o https://documentation.suse.com/package-lists/sle/15-SP7/
    module-changes_SLE-15-SP6-GA_SLE-15-SP7-GA.txt

2.2.4 SLE for HPC HPC no longer a separate product

As of 15 SP7, SUSE Linux Enterprise for High-Performance Computing is no longer
a separate product. As a result:

  o the HPC Module can now be enabled in SUSE Linux Enterprise Server

  o when migrating from SUSE Linux Enterprise for High-Performance Computing 15
    SP3, SP4, and SP5, only SUSE Linux Enterprise Server 15 SP6 will be
    available as migration target. The result of such a migration will be an
    installation of SUSE Linux Enterprise Server with all the previously
    enabled modules.

Modules

For an HPC installation the user should enable the following modules:

  o Development Tools Module

  o HPC Module

On SUSE Linux Enterprise Server system, make sure the following modules are all
enabled:

  o Server Application Module

  o Web and Scripting Module

  o HPC Module

  o Desktop Applications Module

  o Development Tools Module

Roles

The HPC system roles are no longer available:

  o HPC Management Server (Head Node)

  o HPC Compute Node

  o HPC Login and Development Node

It is recommended to start with a Text Mode or Minimal System istallation. The
admin should make sure that the system is partitioned to the respective
requirements and the firewall is configured appropriately. Also, the admin
should select the software components required. This may include slurm for the
management server, slurm-node for the compute nodes. For login and compute
nodes the pattern HPC Modularized Libraries (patterns-hpc-libraries) is
available.

2.3 Important sections of this document

If you are upgrading from a previous SUSE Linux Enterprise Server release, you
should review at least the following sections:

  o Section 2.7, "Support statement for SUSE Linux Enterprise Server"

  o Section 4.2, "Upgrade-related notes"

  o Section 5, "Changes affecting all architectures"

2.4 Security, standards, and certification

SUSE Linux Enterprise Server 15 SP7 will be submitted for Common Criteria
certification but will not be submitted for NIST FIPS 140-3 certification.

For more information about certification, see https://www.suse.com/support/
security/certifications/.

2.5 Documentation and other information

2.5.1 Available on the product media

  o Read the READMEs on the media.

  o Get the detailed change log information about a particular package from the
    RPM (where FILENAME.rpm is the name of the RPM):

    rpm --changelog -qp FILENAME.rpm

  o Check the ChangeLog file in the top level of the installation medium for a
    chronological log of all changes made to the updated packages.

  o Find more information in the docu directory of the installation medium of
    SUSE Linux Enterprise Server 15 SP7. This directory includes PDF versions
    of the SUSE Linux Enterprise Server 15 SP7 Installation Quick Start Guide.

2.5.2 Online documentation

  o For the most up-to-date version of the documentation for SUSE Linux
    Enterprise Server 15 SP7, see https://documentation.suse.com/sles/15-SP7.

2.6 Support and life cycle

SUSE Linux Enterprise Server is backed by award-winning support from SUSE, an
established technology leader with a proven history of delivering
enterprise-quality support services.

The current version (SP7) will be fully maintained and supported until 31 Jul
2034.

If you need additional time to design, validate and test your upgrade plans,
Long Term Service Pack Support can extend the support duration. You can buy an
additional 12 to 36 months in twelve month increments. This means that you can
receive support up to Dec 2037.

For more information, see the pages Support Policy and Long Term Service Pack
Support.

2.7 Support statement for SUSE Linux Enterprise Server

To receive support, you need an appropriate subscription with SUSE. For more
information, see https://www.suse.com/support/?id=SUSE_Linux_Enterprise_Server.

The following definitions apply:

L1

    Problem determination, which means technical support designed to provide
    compatibility information, usage support, ongoing maintenance, information
    gathering, and basic troubleshooting using the documentation.

L2

    Problem isolation, which means technical support designed to analyze data,
    reproduce customer problems, isolate the problem area, and provide a
    resolution for problems not resolved by Level 1 or prepare for Level 3.

L3

    Problem resolution, which means technical support designed to resolve
    problems by engaging engineering to resolve product defects which have been
    identified by Level 2 Support.

For contracted customers and partners, SUSE Linux Enterprise Server is
delivered with L3 support for all packages, except for the following:

  o Technology Previews, see Section 2.8, "Technology previews"

  o Sound, graphics, fonts and artwork

  o Packages that require an additional customer contract, see Section 2.7.2,
    "Software requiring specific contracts"

  o Some packages shipped as part of the module Workstation Extension are
    L2-supported only

  o Packages with names ending in -devel (containing header files and similar
    developer resources) will only be supported together with their main
    packages.

SUSE will only support the usage of original packages. That is, packages that
are unchanged and not recompiled.

2.7.1 General support

To learn about supported features and limitations, refer to the following
sections in this document:

  o Section 5.5, "Kernel"

  o Section 5.9, "Storage and file systems"

  o Section 5.12, "Virtualization"

  o Section 9, "Removed and deprecated features and packages"

2.7.2 Software requiring specific contracts

Certain software delivered as part of SUSE Linux Enterprise Server may require
an external contract. Check the support status of individual packages using the
RPM metadata that can be viewed with rpm, zypper, or YaST.

Major packages and groups of packages affected by this are:

  o PostgreSQL (all versions, including all subpackages)

2.7.3 Software under GNU AGPL

SUSE Linux Enterprise Server 15 SP7 (and the SUSE Linux Enterprise modules)
includes the following software that is shipped only under a GNU AGPL software
license:

  o Ghostscript (including subpackages)

SUSE Linux Enterprise Server 15 SP7 (and the SUSE Linux Enterprise modules)
includes the following software that is shipped under multiple licenses that
include a GNU AGPL software license:

  o MySpell dictionaries and LightProof

  o ArgyllCMS

2.8 Technology previews

Technology previews are packages, stacks, or features delivered by SUSE to
provide glimpses into upcoming innovations. Technology previews are included
for your convenience to give you a chance to test new technologies within your
environment. We would appreciate your feedback! If you test a technology
preview, contact your SUSE representative and let them know about your
experience and use cases. Your input is helpful for future development.

Technology previews come with the following limitations:

  o Technology previews are still in development. Therefore, they may be
    functionally incomplete, unstable, or in other ways not suitable for
    production use.

  o Technology previews are not supported.

  o Technology previews may only be available for specific hardware
    architectures. Details and functionality of technology previews are subject
    to change. As a result, upgrading to subsequent releases of a technology
    preview may be impossible and require a fresh installation.

  o Technology previews can be removed from a product at any time. This may be
    the case, for example, if SUSE discovers that a preview does not meet the
    customer or market needs, or does not comply with enterprise standards.

2.8.1 Technology previews for Arm 64-Bit (AArch64)

2.8.1.1 KVM virtualization with 64K page size kernel flavor

As a technology preview, SUSE Linux Enterprise Server for Arm 15 SP3 added a
kernel flavor 64kb. SUSE Linux Enterprise Server for Arm 15 SP6 introduced
support for this 64kb kernel flavor (Section 8.5, "64K page size kernel flavor
is supported").

KVM virtualization with this 64kb kernel flavor remains a technology preview.
Use the default kernel flavor for virtualization support.

2.8.1.2 Driver enablement for NVIDIA BlueField-2 DPU as host platform

SUSE Linux Enterprise Server for Arm 15 SP1 and later kernels include drivers
for installing on NVIDIA* BlueField* Data Processing Unit (DPU) based server
platforms and SmartNIC (Network Interface Controller) cards.

As a technology preview, the SUSE Linux Enterprise Server for Arm 15 SP6 and
SP7 kernels include drivers for running on NVIDIA BlueField-2 DPU.

Should you wish to use SUSE Linux Enterprise Server for Arm on NVIDIA
BlueField-2 or BlueField-2X (or BlueField-3) in production, contact your SUSE
representative.

Note

Note: Host drivers and tools for NVIDIA BlueField-2 SmartNICs

This Technology Preview status applies only to installing SUSE Linux Enterprise
Server for Arm 15 SP7 on NVIDIA BlueField-2 DPUs.

For an NVIDIA BlueField-2 DPU PCIe card inserted as SmartNIC into a SUSE Linux
Enterprise Server 15 SP7 or SUSE Linux Enterprise Server for Arm 15 SP7 based
server, check Section 2.8, "Technology previews" and Section 5.5, "Kernel" for
support status or known limitations of NVIDIA ConnectX* network drivers for
BlueField-2 DPUs (mlx5_core and others).

The rshim tool is available from SUSE Package Hub (Section 5.10, "SUSE Package
Hub").

2.8.1.3 etnaviv drivers for Vivante GPUs are available

The NXP* Layerscape* LS1028A/LS1018A System-on-Chip (SoC) contains a Vivante
GC7000UL Graphics Processor Unit (GPU), and the NXP i.MX 8M SoC contains a
Vivante GC7000L GPU.

As a technology preview, the SUSE Linux Enterprise Server for Arm 15 SP7 kernel
includes etnaviv, a Display Rendering Infrastructure (DRI) driver for Vivante
GPUs, and the Mesa-dri package contains a matching etnaviv_dri graphics driver
library. Together they can avoid the need for third-party drivers and
libraries.

Note

Note

To use them, the Device Tree passed by the bootloader to the kernel needs to
include a description of the Vivante GPU for the kernel driver to get loaded.
You may need to contact your hardware vendor for a bootloader firmware upgrade.

2.8.1.4 lima driver for Arm Mali Utgard GPUs available

The Xilinx* Zynq* UltraScale*+ MPSoC contains an Arm* Mali*-400 Graphics
Processor Unit (GPU).

Prior to SUSE Linux Enterprise Server for Arm 15 SP2, this GPU needed
third-party drivers and libraries from your hardware vendor.

As a technology preview, the SUSE Linux Enterprise Server for Arm 15 SP2 kernel
added lima, a Display Rendering Infrastructure (DRI) driver for Mali Utgard
microarchitecture GPUs, such as Mali-400, and the Mesa-dri package contains a
matching lima_dri graphics driver library.

Note

Note

To use them, the Device Tree passed by the bootloader to the kernel needs to
include a description of the Mali GPU for the kernel driver to get loaded. You
may need to contact your hardware vendor for a bootloader firmware upgrade.

Note

Note

The panfrost driver for Mali Midgard microarchitecture GPUs is supported since
SUSE Linux Enterprise Server for Arm 15 SP2.

2.8.1.5 mali-dp driver for Arm Mali Display Processors available

The NXP* Layerscape* LS1028A/LS1018 System-on-Chip contains an Arm* Mali*-DP500
Display Processor.

As a technology preview, the SUSE Linux Enterprise Server for Arm 15 SP2 kernel
added mali-dp, a Display Rendering Manager (DRM) driver for Mali Display
Processors. It has undergone only limited testing because it requires an
accompanying physical-layer driver for DisplayPort* output (see Section 8.6.3,
"No DisplayPort graphics output on NXP LS1028A and LS1018A").

2.8.1.6 Btrfs file system is enabled in U-Boot bootloader

For Raspberry Pi* devices, SUSE Linux Enterprise Server for Arm 12 SP3 and
later include Das U-Boot as bootloader, in order to align the boot process with
other platforms. By default, it loads GRUB as UEFI application from a
FAT-formatted partition, and GRUB then loads Linux kernel and ramdisk from a
file system such as Btrfs.

As a technology preview, SUSE Linux Enterprise Server for Arm 15 SP2 added a
Btrfs driver to U-Boot for the Raspberry Pi (package u-boot-rpiarm64). This
allows its commands ls and load to access files on Btrfs-formatted partitions
on supported boot media, such as microSD and USB.

The U-Boot command btrsubvol lists Btrfs subvolumes.

2.8.2 Technology previews for Intel 64/AMD64 (x86-64)

2.8.2.1 Support for AMD Wheat Nas GPU

SLES 15 SP7 includes the kernel driver support for AMD Wheat Nas GPU (Navi32
dGPU). However because the corresponding firmware is still not publicly
released yet, this feature is considered a technology preview.

2.8.2.2 Add IAA Crypto Driver

SLES 15 SP7 includes the Intel Analytics Accelerators (IAA) crypto compression
kernel driver. Since this is a new upstream feature, is is considered a
technology preview.

2.8.2.3 Confidential Computing module

A new Confidential Computing module has been added in SUSE Linux Enterprise
Server 15 SP7. It provides hosts with confidential capabilities and all the
tools needed to deploy secure virtual machines with remote attestation. Because
the module contains unsupported packages, it is disabled by default and only
available as technical preview.

3 Modules, extensions, and related products

This section comprises information about modules and extensions for SUSE Linux
Enterprise Server 15 SP7. Modules and extensions add functionality to the
system.

Note

Note: Package and module changes in 15 SP7

For more information about all package and module changes since the last
version, see Section 2.2.3, "Package and module changes in 15 SP7".

3.1 Modules in the SLE 15 SP7 product line

The SLE 15 SP7 product line is made up of modules that contain software
packages. Each module has a clearly defined scope. Modules differ in their life
cycles and update timelines.

The modules available within the product line based on SUSE Linux Enterprise
15 SP7 at the release of SUSE Linux Enterprise Server 15 SP7 are listed in the 
Modules and Extensions Quick Start at https://documentation.suse.com/sles/
15-SP7/html/SLES-all/article-modules.html.

Not all SLE modules are available with a subscription for SUSE Linux Enterprise
Server 15 SP7 itself (see the column Available for).

For information about the availability of individual packages within modules,
see https://scc.suse.com/packages.

3.2 SLE extensions

SLE Extensions add extra functionality to the system and require their own
registration key, usually at additional cost. Most extensions have their own
release notes documents that are available from https://www.suse.com/
releasenotes.

The following extensions are available for SUSE Linux Enterprise Server 15 SP7:

  o SUSE Linux Enterprise Live Patching: https://www.suse.com/products/
    live-patching

  o SUSE Linux Enterprise High Availability: https://www.suse.com/products/
    highavailability

  o SUSE Linux Enterprise Workstation Extension: https://www.suse.com/products/
    workstation-extension

The following extension is not covered by SUSE support agreements, available at
no additional cost and without an extra registration key:

  o SUSE Package Hub: https://packagehub.suse.com/ (see Section 5.10, "SUSE
    Package Hub")

3.3 Derived and related products

This sections lists derived and related products. Usually, these products have
their own release notes documents that are available from https://www.suse.com/
releasenotes.

  o SUSE Linux Enterprise JeOS: https://www.suse.com/products/server/jeos (see
    Section 4.3, "Minimal VM and Minimal Image")

  o SUSE Linux Enterprise Desktop: https://www.suse.com/products/desktop

  o SUSE Linux Enterprise Server for SAP Applications: https://www.suse.com/
    products/sles-for-sap

  o SUSE Linux Enterprise for High-Performance Computing: https://www.suse.com/
    products/server/hpc

  o SUSE Linux Enterprise Real Time: https://www.suse.com/products/realtime

  o SUSE Manager: https://www.suse.com/products/suse-manager

4 Installation and upgrade

SUSE Linux Enterprise Server can be deployed in several ways:

  o Physical machine

  o Virtual host

  o Virtual machine

  o System containers

  o Application containers

4.1 Installation

This section includes information related to the initial installation of SUSE
Linux Enterprise Server 15 SP7.

Important

Important: Installation documentation

The following release notes contain additional notes regarding the installation
of SUSE Linux Enterprise Server. However, they do not document the installation
procedure itself.

For installation documentation, see the Deployment Guide at https://
documentation.suse.com/sles/15-SP7/html/SLES-all/book-deployment.html.

4.1.1 New media layout

The set of media has changed with 15 SP2. There still are two different
installation media, but the way they can be used has changed:

  o You can install with registration using either the online-installation
    medium (as with SUSE Linux Enterprise Server 15 SP1) or the full medium.

  o You can install without registration using the full medium. The installer
    has been added to the full medium and the full medium can now be used
    universally for all types of installations.

  o You can install without registration using the online-installation medium.
    Point the installer at the required SLE repositories, combining the install
    = and instsys= boot parameters:

      ? With the install= parameter, select a path that contains either just
        the product repository or the full content of the media.

      ? With the inst-sys= parameter, point at the installer itself, that is, /
        boot/ARCHITECTURE/root on the medium.

    For more information about the parameters, see https://en.opensuse.org/
    SDB:Linuxrc#p_install.

4.2 Upgrade-related notes

This section includes upgrade-related information for SUSE Linux Enterprise
Server 15 SP7.

Important

Important: Upgrade documentation

The following release notes contain additional notes regarding the upgrade of
SUSE Linux Enterprise Server. However, they do not document the upgrade
procedure itself.

For upgrade documentation, see the Upgrade Guide at https://
documentation.suse.com/sles/15-SP7/html/SLES-all/cha-upgrade-online.html.

4.2.1 Make sure the current system is up-to-date before upgrading

Upgrading the system is only supported from the most recent patch level. Make
sure the latest system updates are installed by either running zypper patch or
by starting the YaST module Online Update. An upgrade on a system that is not
fully patched may fail.

4.2.2 Skipping service packs requires LTSS

Skipping service packs during an upgrade is only supported if you have a Long
Term Service Pack Support contract. Otherwise, you need to first upgrade to SLE
15 SP6 before upgrading to SLE 15 SP7.

4.2.3 SMT has been replaced by RMT

SLE 12 is the last codestream that SMT (Subscription Management Tool) is
available for.

When upgrading your OS installation to SLE 15, we recommend also upgrading from
SMT to its replacement RMT (Repository Mirroring Tool). RMT provides the
following functionality:

  o Mirroring of SUSE-originated repositories for the SLE 12-based and SLE
    15-based products your organization has valid subscriptions for.

  o Synchronization of subscriptions from SUSE Customer Center using your
    organization's mirroring credentials. (These credentials can be found in
    SCC under Select Organization, Organization, Organization Credentials)

  o Selecting repositories to be mirrored locally via rmt-cli tool.

  o Registering systems directly to RMT to get required updates.

  o Adding custom repositories from external sources and distributing them via
    RMT to target systems.

  o Improved security with proxying: If you have strict security requirements,
    an RMT instance with direct Internet access can proxy to another RMT
    instance without direct Internet access.

  o Nginx as Web server: The default Web server of RMT is Nginx which has a
    smaller memory footprint and comparable performance than that used for SMT.

Note that unlike SMT, RMT does not support installations of SLE 11 and earlier.

For more feature comparison between RMT and SMT, see https://github.com/SUSE/
rmt/blob/master/docs/smt_and_rmt.md.

For more information about RMT, also see the new RMT Guide at https://
documentation.suse.com/sles/15-SP3/html/SLES-all/book-rmt.html.

4.3 Minimal VM and Minimal Image

SUSE Linux Enterprise Server Minimal VM and Minimal Image is a slimmed-down
form factor of SUSE Linux Enterprise Server that is ready to run in
virtualization environments and the cloud. With SUSE Linux Enterprise Server
Minimal VM and Minimal Image, you can choose the right-sized SUSE Linux
Enterprise Server option to fit your needs.

SUSE provides virtual disk images for Minimal VM and Minimal Image in the file
formats .qcow2, .vhdx, and .vmdk, compatible with KVM, Xen, OpenStack, Hyper-V,
and VMware environments. All Minimal VM and Minimal Image images set up the
same disk size (24 GB) for the system. Due to the properties of different file
formats, the size of Minimal VM and Minimal Image image downloads differs
between formats.

4.4 JeOS renamed Minimal VM and Minimal Image

We have received feedback from users confused by the name JeOS, as a matter of
fact the acronym JeOS, which meant Just enough Operating System, was not well
understood and could be confused with other images provided by SUSE or
openSUSE.

We have decided to go with simplicity and rename JeOS by "Minimal VM" for all
our Virtual Machine Images and "Minimal Image" for the Raspberry Pi Image. We
have also removed a few other characters, in the full images name to make it
more simple and clear:

  o SLES15-SP4-Minimal-VM.x86_64-kvm-and-xen-GM.qcow2

  o SLES15-SP4-Minimal-VM.x86_64-OpenStack-Cloud-GM.qcow2

  o SLES15-SP4-Minimal-VM.x86_64-MS-HyperV-GM.vhdx.xz

  o SLES15-SP4-Minimal-VM.x86_64-VMware-GM.vmdk.xz

  o SLES15-SP4-Minimal-VM.aarch64-kvm-GM.qcow2

  o SLES15-SP4-Minimal-Image.aarch64-RaspberryPi-GM.raw.xz

4.5 For more information

For more information, see Section 5, "Changes affecting all architectures" and
the sections relating to your respective hardware architecture.

5 Changes affecting all architectures

Information in this section applies to all architectures supported by SUSE
Linux Enterprise Server 15 SP7.

5.1 Containers

5.1.1 STIG-compliant container

A STIG-compliant SUSE Linux Enterprise Base Container Image (SLE BCI) is now
available via the DoD's Iron Bank repository, supporting secure software supply
chains for US Government agencies.

For more information see https://www.suse.com/c/
sle-bci-base-container-available-for-us-government-agencies-on-iron-bank/.

5.1.2 Default container registries

The container registry entries for Docker Hub and openSUSE Registry, which were
previously included by default, have now been removed. If you want to pull
container images from either of them, add them to the /etc/containers/
registries.conf file.

5.1.3 suse/sle15 container uses NDB as the database back-end for RPM

Starting with SUSE Linux Enterprise 15 SP3, the rpm package in the suse/sle15
container image no longer supports the BDB back-end (based on Berkeley DB) and
switches to the NDB back-end. Tools for scanning, diffing, and building
container image using the rpm binary of the host for introspection can fail or
return incorrect results if the host's version of rpm does not recognize the
NDB format.

To use such tools, make sure that the host supports reading NDB databases, such
as hosts with SUSE Linux Enterprise 15 SP2 and later.

5.2 Databases

5.2.1 pgAdmin has been updated

The pgadmin4 package has been updated to version 8.5. It is now part of the 
Python 3 Module.

5.3 Development

5.3.1 Ruby 3 has been added

In SLES 15 SP7, Ruby version 3.4 has been added. This is in addition to the
existing Ruby 2.5.

5.3.2 Python 3 packages staying in Basesystem

The python311-base and libpython3_11-1_0 packages have been moved to the 
Basesystem Module for technical reasons. These two packages still follow the
lifecycle of the Python 3 Module and that is reflected in the metadata as well.

5.3.3 glibc 2.38

The glibc package has been updated to version 2.38.

  o A couple of internal glibc interfaces has changed; if an application uses
    these internal interfaces, the application needs fixing (note that internal
    interfaces should never be used)

  o Split deprecated library libnsl1 into separate package

5.3.4 Supported Java versions

The following Java implementations are available in SUSE Linux Enterprise
Server 15 SP7:

Warning

Warning

IBM Java will be removed in 15 SP7.

+--------------------+-------+--------+---------------------------------------+
|Name (Package Name) |Version|Module  |Support                                |
+--------------------+-------+--------+---------------------------------------+
|IBM Java            |1.8.0  |Legacy  |External, until 2025-04-30             |
|(java-1_8_0-ibm)    |       |        |                                       |
+--------------------+-------+--------+---------------------------------------+
|OpenJDK             |1.8.0  |Legacy  |SUSE, L3, until 2026-12-31             |
|(java-1_8_0-openjdk)|       |        |                                       |
+--------------------+-------+--------+---------------------------------------+
|OpenJDK             |11     |Legacy  |SUSE, L3, until 2026-12-31             |
|(java-11-openjdk)   |       |        |                                       |
+--------------------+-------+--------+---------------------------------------+
|OpenJDK             |17     |Legacy  |SUSE, L3, until 2027-12-31             |
|(java-17-openjdk)   |       |        |                                       |
+--------------------+-------+--------+---------------------------------------+
|OpenJDK             |21     |Base    |SUSE, L3, until 2031-06-30, pending    |
|(java-21-openjdk)   |       |System  |upstream release                       |
+--------------------+-------+--------+---------------------------------------+

5.4 Hardware

5.4.1 Lack of PMU support for Intel hybrid CPUs

Performance Monitoring Unit (PMU) features do not function correctly on systems
with Intel hybrid CPUs in this release. The Linux kernel requires additional
changes to fully support the PMU on these processors, which were only
introduced in Linux kernel version 6.9.

Because SLES 15 SP7 is based on kernel 6.4, these improvements are not
included.

5.5 Kernel

5.5.1 smc driver has been updated

The smc (Shared Memory Communication) kernel driver has been updated to the
latest upstream version.

Note that currently using the smc driver can cause the system to freeze. This
will be fixed in a future release.

5.5.2 cgroupv2 CPU load-balancing

The cgroups-v2 CPU load-balancing feature has been backported to the 15 SP7
kernel.

5.5.3 Externally supported flag change

The externally supported flag is no longer stored as a taint flag now. This
means that the kernel is no longer tainted after an externally-supported module
is inserted.

5.5.4 Userspace live patching

Currently, libpulp supports user space live patching of glibc and openssl
binaries on the following architectures:

  o x86-64

  o ppc64le

For more information see https://documentation.suse.com/sles/15-SP7/html/
SLES-all/cha-ulp.html

5.5.5 CONFIG_HZ value changes

The SUSE Linux Enterprise Server 15 SP6 kernels diverged from latest CONFIG_HZ
default settings for multiple architectures.

The SUSE Linux Enterprise Server for Arm 15 SP7 kernel changed the CONFIG_HZ
value (Section 8.3, "Changed kernel CONFIG_HZ value"): x86-64 and Arm*
architectures now use the same value of 250 Hz.

PowerPC and IBM Z architectures continue to share a value of 100 Hz.

These configuration values cannot be overridden from the kernel command line.
If your applications run into issues, contact your SUSE representative.

5.5.6 Kernel limits

This table summarizes the various limits which exist in our recent kernels and
utilities (if related) for SUSE Linux Enterprise Server 15 SP7.

+--------------------------+----------------+----------+----------+-----------+
|SLES 15 SP7 (Linux 6.4)   |AMD64/Intel 64  |IBM Z     |POWER     |Armv8      |
|                          |(x86_64)        |(s390x)   |(ppc64le) |(AArch64)  |
+--------------------------+----------------+----------+----------+-----------+
|CPU bits                  |64              |64        |64        |64         |
+--------------------------+----------------+----------+----------+-----------+
|Maximum number of logical |8192            |256       |2048      |768        |
|CPUs                      |                |          |          |           |
+--------------------------+----------------+----------+----------+-----------+
|Maximum amount of RAM     |>1 PiB/64 TiB  |10 TiB/   |1 PiB/    |256 TiB/   |
|(theoretical/certified)   |                |256 GiB  |64 TiB   |n.a.      |
+--------------------------+----------------+----------+----------+-----------+
|Maximum amount of user    |128 TiB/128 TiB|n.a.      |4 PiB^1/  |256 TiB/   |
|space/kernel space        |                |          |2 EiB    |256 TiB   |
+--------------------------+----------------+----------+----------+-----------+
|Maximum amount of swap    |Up to 29 * 64 GB|Up to 30 * 64 GB                 |
|space                     |                |                                 |
+--------------------------+----------------+---------------------------------+
|Maximum number of         |1,048,576                                         |
|processes                 |                                                  |
+--------------------------+--------------------------------------------------+
|Maximum number of threads |Upper limit depends on memory and other parameters|
|per process               |(tested with more than 120,000)^2.                |
+--------------------------+--------------------------------------------------+
|Maximum size per block    |Up to 8 EiB on all 64-bit architectures           |
|device                    |                                                  |
+--------------------------+--------------------------------------------------+
|FD_SETSIZE                |1024                                              |
+--------------------------+--------------------------------------------------+

^1 By default, the user space memory limit on the POWER architecture is
128 TiB. However, you can explicitly request mmaps up to 4 PiB.

^2 The total number of all processes and all threads on a system may not be
higher than the "maximum number of processes".

5.5.7 Restoring default Btrfs file compression

Previously in kernel 5.14, it was possible to disable compression by passing an
empty string instead of explicitly mentioning none or no.

In SLES 15 SP7, this behavior is changed to the more expected one. From kernel
5.14 onwards, empty string will reset the default setting instead of disabling
compression.

5.6 Miscellaneous

5.6.1 FADump and kdump speed improvement

The default for KDUMP_CPUS changed from 1 to 32, allowing kdump to use up to 32
threads to generate a kernel dump.

5.6.2 New systems-management module

A new module called Systems Management Module has been added. This module will
include systems-management packages, such as Ansible.

5.6.3 Ansible is now available

In SLES 15 SP7, Ansible has been added to the Systems Management Module.

5.6.4 "IDXD: user: probe of wq1.0 failed with error -95" errors

Certain configurations can cause errors viewable using the dmesg command, with
the following content:

IDXD: user: probe of wq1.0 failed with error -95

These can be safely ignored for now. They will be fixed in a future release.

5.6.5 Support of BPF-related tools

  o The main userspace library and tooling, libbpf and bpftool, is only
    supported when running on a kernel of the same product. Pairing libbpf and
    bpftool from different products is not supported.

  o bcc/libbcc is only supported when running on a kernel of the same product,
    and additionally uses kernel headers from the kernel-*-devel package of the
    same product to access in-kernel data types.

  o bpftrace is only supported when running on a kernel of the same product,
    and additionally uses one of these:

      ? kernel headers from the kernel-*-devel package of the same product

      ? builtin BTF of kernel, when accessing in-kernel data types

5.7 Networking

5.7.1 Kea DHCP has been added

Kea DHCP (as package kea) is a DHCP server that is replacing the end-of-life
dhcpd package (also known as ISC DHCP). For more information see https://
www.isc.org/kea/

5.7.2 bind version 9.18

The bind package has been updated from version 9.16 to version 9.18. This is a
major update that removes several options but also adds, among others, the
following features:

  o DoT and DoH (DNS over TLS and DNS over HTTPS) support

  o OpenSSL version 3.0.0

See the full changelog for more information.

5.7.3 Samba

The version of Samba shipped with SUSE Linux Enterprise Server 15 SP7 delivers
integration with Windows Active Directory domains. In addition, we provide the
clustered version of Samba as part of SUSE Linux Enterprise High Availability
15 SP7.

5.7.4 NFS

5.7.4.1 NFSv4

NFSv4 with IPv6 is only supported for the client side. An NFSv4 server with
IPv6 is not supported.

5.8 Security

5.8.1 OpenSSH and crypto policies update

The openssh package has been updated to version 9.6p1, aligning with system
crypto policies from the crypto-policies package. This update excludes insecure
cryptographic algorithms, notably disallowing RSA keys under 2048 bits. This
change may affect users with RSA host keys under 2048 bits for server
connections.

To check for affected keys:

grep ssh-rsa ~/.ssh/known_hosts | ssh-keygen -lf -

The output lists key sizes and associated hostnames/IPs. After upgrade,
connections to hosts with 1024 bit keys will fail if no alternative valid key
exists.

Note

Note: Troubleshooting

Before upgrade

 a. Either update openssh to version 8.4p1, which enables UpdateHostkeys by
    default, allowing ssh to update known_hosts with all server's host keys.
    Users must connect to the host with a 1024-bit RSA key after updating to
    this version and before upgrading to SP6.

 b. Or, manually add host keys:

    ssh-keyscan hostname >> ~/.ssh/known_hosts

    Note that this method adds keys without verification; use only if manual
    host verification is possible.

After upgrade

 a. Either temporarily use insecure algorithms by setting the crypto policy to
    LEGACY:

    sudo update-crypto-policies --set LEGACY

    Then, revert to the default secure policy after connecting:

    sudo update-crypto-policies --set DEFAULT

 b. Or, remove the invalid host key from known_hosts and reconnect, manually
    verifying the new host key.

5.8.2 Automatic CPU mitigations and how to change them

By default, the CPU mitigations setting to prevent CPU side-channel attacks is
set to Auto. However, the kernel boot parameters included in the Auto option
may change from one Service Pack to the next due to the necessity of applying
new security patches. This may result in performance loss in some scenarios.
You might want to change these to achieve a different tradeoff between
performance and security.

For more information on how to configure these settings, see https://
documentation.suse.com/sles/15-SP7/single-html/SLES-administration/#
vle-grub2-yast2-cpu-mitigations.

5.8.3 OpenSSL 3.1.4 is now default

In SLES 15 SP7, OpenSSL has been updated to version 3.1.4, replacing OpenSSL
1.1.1.

Because the development packages of different versions are mutually exclusive
and automatic conflict resolution is not performed during updates,
libopenssl1_1-devel should be manually selected for de-installation.

5.8.4 TLS 1.1 and 1.0 are no longer recommended for use

The TLS 1.0 and 1.1 standards have been superseded by TLS 1.2 and TLS 1.3. TLS
1.2 has been available for considerable time now.

SUSE Linux Enterprise Server packages using OpenSSL, GnuTLS, or Mozilla NSS
already support TLS 1.3. We recommend no longer using TLS 1.0 and TLS 1.1, as
SUSE plans to disable these protocols in a future service pack. However, not
all packages, for example, Python, are TLS 1.3-enabled yet as this is an
ongoing process.

5.9 Storage and file systems

5.9.1 Reusing LVM no longer default

The installer no longer tries to re-use existing LVM configurations. See the 
Deployment Guide at https://documentation.suse.com/sles/15-SP7/single-html/
SLES-deployment/#yast-installer-reuse-lvm for more information.

5.9.2 LUKS2 support in the installer

LUKS2 is no longer technical preview but is now fully supported in YaST
Partitioner.

For more information see the Partioning section of the AutoYaST Guide at https:
//documentation.suse.com/sles/15-SP7/single-html/SLES-autoyast/#
CreateProfile-Partitioning

5.9.3 Comparison of supported file systems

SUSE Linux Enterprise was the first enterprise Linux distribution to support
journaling file systems and logical volume managers in 2000. Later, we
introduced XFS to Linux, which allows for reliable large-scale file systems,
systems with heavy load, and multiple parallel reading and writing operations.
With SUSE Linux Enterprise 12, we started using the copy-on-write file system
Btrfs as the default for the operating system, to support system snapshots and
rollback.

The following table lists the file systems supported by SUSE Linux Enterprise.

Support status: + supported / - unsupported

+----------------------------+--------------+-------+------------+------------+
|Feature                     |    Btrfs     |  XFS  |    Ext4    |  OCFS 2^1  |
+----------------------------+--------------+-------+------------+------------+
|Supported in product        |     SLE      |  SLE  |    SLE     |   SLE HA   |
+----------------------------+--------------+-------+------------+------------+
|Data/metadata journaling    |    N/A^2     | - / + |   + / +    |   - / +    |
+----------------------------+--------------+-------+------------+------------+
|Journal internal/external   |    N/A^2     | + / + |   + / +    |   + / -    |
+----------------------------+--------------+-------+------------+------------+
|Journal checksumming        |    N/A^2     |   +   |     +      |     +      |
+----------------------------+--------------+-------+------------+------------+
|Subvolumes                  |      +       |   -   |     -      |     -      |
+----------------------------+--------------+-------+------------+------------+
|Offline extend/shrink       |    + / +     | - / - |   + / +    |  + / -^3   |
+----------------------------+--------------+-------+------------+------------+
|Inode allocation map        |    B-tree    |B+-tree|   Table    |   B-tree   |
+----------------------------+--------------+-------+------------+------------+
|Sparse files                |      +       |   +   |     +      |     +      |
+----------------------------+--------------+-------+------------+------------+
|Tail packing                |      -       |   -   |     -      |     -      |
+----------------------------+--------------+-------+------------+------------+
|Small files stored inline   |    + (in     |   -   |+ (in inode)|+ (in inode)|
|                            |  metadata)   |       |            |            |
+----------------------------+--------------+-------+------------+------------+
|Defragmentation             |      +       |   +   |     +      |     -      |
+----------------------------+--------------+-------+------------+------------+
|Extended file attributes/   |    + / +     | + / + |   + / +    |   + / +    |
|ACLs                        |              |       |            |            |
+----------------------------+--------------+-------+------------+------------+
|User/group quotas           |    - / -     | + / + |   + / +    |   + / +    |
+----------------------------+--------------+-------+------------+------------+
|Project quotas              |      -       |   +   |     +      |     -      |
+----------------------------+--------------+-------+------------+------------+
|Subvolume quotas            |      +       |  N/A  |    N/A     |    N/A     |
+----------------------------+--------------+-------+------------+------------+
|Data dump/restore           |      -       |   +   |     -      |     -      |
+----------------------------+--------------+-------+------------+------------+
|Block size default          |                    4 KiB^4                     |
+----------------------------+--------------+-------+------------+------------+
|Maximum file system size    |    16 EiB    | 8 EiB |   1 EiB    |   4 PiB    |
+----------------------------+--------------+-------+------------+------------+
|Maximum file size           |    16 EiB    | 8 EiB |   1 EiB    |   4 PiB    |
+----------------------------+--------------+-------+------------+------------+

^1 OCFS 2 is fully supported as part of the SUSE Linux Enterprise High
Availability.

^2 Btrfs is a copy-on-write file system. Instead of journaling changes before
writing them in-place, it writes them to a new location and then links the new
location in. Until the last write, the changes are not "committed". Because of
the nature of the file system, quotas are implemented based on subvolumes
(qgroups).

^3 To extend an OCFS 2 file system, the cluster must be online but the file
system itself must be unmounted.

^4 The block size default varies with different host architectures. 64 KiB is
used on POWER, 4 KiB on other systems. The actual size used can be checked with
the command getconf PAGE_SIZE.

Additional notes

Maximum file size above can be larger than the file system's actual size
because of the use of sparse blocks. All standard file systems on SUSE Linux
Enterprise Server have LFS, which gives a maximum file size of 2^63 bytes in
theory.

The numbers in the table above assume that the file systems are using a 4 KiB
block size which is the most common standard. When using different block sizes,
the results are different.

In this document:

  o 1024 Bytes = 1 KiB

  o 1024 KiB = 1 MiB;

  o 1024 MiB = 1 GiB

  o 1024 GiB = 1 TiB

  o 1024 TiB = 1 PiB

  o 1024 PiB = 1 EiB.

See also http://physics.nist.gov/cuu/Units/binary.html.

Some file system features are available in SUSE Linux Enterprise Server 15 SP7
but are not supported by SUSE. By default, the file system drivers in SUSE
Linux Enterprise Server 15 SP7 will refuse mounting file systems that use
unsupported features (in particular, in read-write mode). To enable unsupported
features, set the module parameter allow_unsupported=1 in /etc/modprobe.d or
write the value 1 to /sys/module/MODULE_NAME/parameters/allow_unsupported.
However, note that setting this option will render your kernel and thus your
system unsupported.

5.9.4 Supported Btrfs features

The following table lists supported and unsupported Btrfs features across
multiple SLES versions.

Support status: + supported / - unsupported

+--------------------------+--------+--------+-------+--------+--------+--------+
|Feature                   |SLES 11 |SLES 12 |SLES 15|SLES 15 |SLES 15 |SLES 15 |
|                          |  SP4   |  SP5   |  GA   |  SP1   |  SP2   |  SP3   |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Copy on write             |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Free space tree (Free     |   -    |   -    |   -   |   +    |   +    |   +    |
|Space Cache v2)           |        |        |       |        |        |        |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Snapshots/subvolumes      |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Swap files                |   -    |   -    |   -   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Metadata integrity        |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Data integrity            |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Online metadata scrubbing |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Automatic defragmentation |   -    |   -    |   -   |   -    |   -    |   -    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Manual defragmentation    |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|In-band deduplication     |   -    |   -    |   -   |   -    |   -    |   -    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Out-of-band deduplication |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Quota groups              |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Metadata duplication      |   +    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Changing metadata UUID    |   -    |   -    |   -   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Multiple devices          |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|RAID 0                    |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|RAID 1                    |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|RAID 5                    |   -    |   -    |   -   |   -    |   -    |   -    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|RAID 6                    |   -    |   -    |   -   |   -    |   -    |   -    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|RAID 10                   |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Hot add/remove            |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Device replace            |   -    |   -    |   -   |   -    |   -    |   -    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Seeding devices           |   -    |   -    |   -   |   -    |   -    |   -    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Compression               |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Big metadata blocks       |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Skinny metadata           |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Send without file data    |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Send/receive              |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Inode cache               |   -    |   -    |   -   |   -    |   -    |   -    |
+--------------------------+--------+--------+-------+--------+--------+--------+
|Fallocate with hole punch |   -    |   +    |   +   |   +    |   +    |   +    |
+--------------------------+--------+--------+-------+--------+--------+--------+

5.10 SUSE Package Hub

SUSE Package Hub brings open-source software packages from openSUSE to SUSE
Linux Enterprise Server and SUSE Linux Enterprise Desktop.

Usage of software from SUSE Package Hub is not covered by SUSE support
agreements. At the same time, usage of software from SUSE Package Hub does not
affect the support status of your SUSE Linux Enterprise systems. SUSE Package
Hub is available at no additional cost and without an extra registration key.

5.10.1 KDE migration issue

Installing the full KDE Plasma Desktop (using the kde pattern) requires an
extra subscription for the Workstation Extension. Upgrading to 15 SP7 might
fail if you have the kde pattern installed but do not have the required
subscription.

A new kde_minimal pattern provides the KDE Plasma Desktop with fewer packages
and does not require the Workstation Extension subscription. If your upgrade
fails because of the missing subscription, finish the upgrade, then run these
commands:

zypper rm -t pattern kde
zypper in -t pattern kde_minimal

5.11 System management

5.11.1 Effective user limits in systemd setup

Before, the lookup of the effective session limit in a systemd setup was not
trivial. Now these new properties have been added:

  o EffectiveMemoryMax

  o EffectiveMemoryHigh

  o EffectiveTasksMax

5.11.2 Searching packages across all SLE modules

In SLE 15 SP7 you can search for packages both within and outside of currently
enabled SLE modules using the following command:

zypper search-packages SEARCH_TERM

This command contacts the SCC and searches all modules for matching packages.
This functionality makes it easier for administrators and system architects to
find the software packages needed. This feature is now also available when a
system is registered against RMT.

5.12 Virtualization

For more information about acronyms used below, see https://
documentation.suse.com/sles/15-SP7/html/SLES-all/book-virtualization.html.

Important

Important: Virtualization limits and supported hosts/guests

These release notes only document changes in virtualization support compared to
the immediate previous service pack of SUSE Linux Enterprise Server. Full
information regarding virtualization limits for KVM and Xen as well as
supported guest and host systems is now available as part of the SUSE Linux
Enterprise Server documentation.

See the Virtualization Guide at https://documentation.suse.com/sles/15-SP7/html
/SLES-all/cha-virt-support.html.

5.12.1 Xen

Xen has been updated to version 4.20, for more information: https://
wiki.xenproject.org/wiki/Xen_Project_4.20_Release_Notes

5.12.2 QEMU

QEMU has been updated to version 9.2.2, full list of changes are available at
https://wiki.qemu.org/ChangeLog/9.2

Highlights include:

  o Removed features: https://qemu-project.gitlab.io/qemu/about/
    removed-features.html

  o Deprecated features: https://qemu-project.gitlab.io/qemu/about/
    deprecated.html

5.12.3 libvirt

libvirt has been updated to version 11.0.0, this include many incremental
improvements and bug fixes, see https://libvirt.org/news.html#
v11-0-0-2025-01-15

Since SP6 libvirt provides two daemon deployment options: monolithic or modular
daemons. Modular daemons are now enabled by default, but a deployment can be
switched to the traditional monolithic daemon by disabling the individual
daemons and enabling libvirtd.

5.12.4 VMware

5.12.4.1 open-vm-tools

open-vm-tools has been updated to version 12.5.0 that addresses a few critical
problems and bug fixes. See https://github.com/vmware/open-vm-tools/blob/
stable-12.5.0/ReleaseNotes.md

5.12.5 Others

5.12.5.1 NVIDIA GRID

Support for NVIDIA Virtual GPU (vGPU) v16.9 has been added, including migration
under some specific scenarios.

5.12.5.2 sanlock

sanlock has been removed.

5.12.5.3 libguestfs

libguestfs has been updated to version 1.55.6.

5.12.5.4 virt-v2v

Update to version 2.7.7. ee main changes at: https://libguestfs.org/
virt-v2v-release-notes-2.7.7.html

  o Implement --parallel=N for parallel disk copies

  o Update Translations

  o Various fixes

5.12.5.5 sevctl

The sevctl package has been updated to version 0.6.0.

5.12.5.6 snpguest

The snpguest package has been updated to version 7.1.

5.12.5.7 virtiofsd

The virtiofsd has been updated to 1.12.0.

6 POWER-specific changes (ppc64le)

Information in this section applies to SUSE Linux Enterprise Server for POWER
15 SP7.

6.1 Storage

6.1.1 DLPAR remove operation fails with Emulex FC adapters

Broadcom Emulex Fibre Channel (FC) adapters might fail to be properly removed
with DLPAR operations in SUSE Linux Enterprise Server 15 SP7. All POWER 9 and
Power10 systems with any Emulex FC adapter are affected.

When you perform DLPAR remove operations on Emulex FC adapters, there is a
possibility that the adapter is not properly removed from the system. This
operation can cause future DLPAR operations to fail. A future DLPAR add
operation on the same FC adapter might cause symptoms including an EEH error
followed by a kernel oops and system crash. The following messages might be
seen on a failing system:

LTC Bug 205755 LinuxAlert screenshot

Figure 1: Screenshot of an error on a failing system

There is currently no workaround nor fix available for this issue. Instead of
using the DLPAR operation, you can shutdown the logical partition before you
remove or add Emulex FC adapters to the configuration.

6.2 Miscellaneous

6.2.1 Out of memory during installation

There is a limit on the memory available to the GRUB bootloader. The installer
ramdisk is particularly large because it includes kernel drivers for all
possible installation scenarios as well as tools for loading the installer from
different types of media. Enabling secure boot and vTPM on the LPAR further
increases memory requirements.

When loading the OS from the installation medium the following message might
appear:

Loading kernel ...
Loading initial ramdisk ...
error: ../../grub-core/kern/mm.c:548:out of memory.

Press any key to continue...

The recommended workaround is to disable vTPM support during installation.

7 IBM Z-specific changes (s390x)

Information in this section applies to SUSE Linux Enterprise Server for IBM Z
and LinuxONE 15 SP7. For more information, see https://www.ibm.com/docs/en/
linux-on-systems?topic=distributions-suse-linux-enterprise-server

7.1 Security

7.1.1 Secure boot IPL requirements

Secure boot IPL has the following minimum system requirements, depending on the
boot device to be IPLed:

  o NVMe disk: IBM LinuxONE III or newer.

  o FC-attached SCSI disk: IBM LinuxONE III, IBM z15 or newer.

  o ECKD DASD with CDL layout: IBM z16, LinuxONE 4 or newer.

If these requirements are not met, the system can be IPLed in non-secure mode
only.

8 Arm 64-bit-specific changes (AArch64)

Information in this section applies to SUSE Linux Enterprise Server for Arm
15 SP7.

8.1 System-on-Chip driver enablement

SUSE Linux Enterprise Server for Arm 15 SP7 includes driver enablement for the
following System-on-Chip (SoC) chipsets:

  o AMD* Opteron* A1100

  o Ampere* X-Gene*, eMAG*, Altra*, Altra Max, AmpereOne*

  o AWS* Graviton, Graviton2, Graviton3

  o Broadcom* BCM2837/BCM2710, BCM2711

  o Fujitsu* A64FX

  o Huawei* Kunpeng* 916, Kunpeng 920

  o Marvell* ThunderX*, ThunderX2*; OCTEON TX*; Armada* 7040, Armada 8040

  o NVIDIA* Grace; Tegra* X1, Tegra X2, Xavier*, Orin; BlueField*, BlueField-2

  o NXP* i.MX 8M, 8M Mini; Layerscape* LS1012A, LS1027A/LS1017A, LS1028A/
    LS1018A, LS1043A, LS1046A, LS1088A, LS2080A/LS2040A, LS2088A, LX2160A

  o Qualcomm* Centriq* 2400

  o Rockchip RK3399

  o Socionext* SynQuacer* SC2A11

  o Xilinx* Zynq* UltraScale*+ MPSoC

Note

Note

Driver enablement is done as far as available and requested. Refer to the
following sections for any known limitations.

Some systems might need additional drivers for external chips, such as a Power
Management Integrated Chip (PMIC), which may differ between systems with the
same SoC chipset.

For booting, systems need to fulfill either the Server Base Boot Requirements
(SBBR) or the Embedded Base Boot Requirements (EBBR), that is, the Unified
Extensible Firmware Interface (UEFI) either implementing the Advanced
Configuration and Power Interface (ACPI) or providing a Flat Device Tree (FDT)
table. If both are implemented, the kernel will default to the Device Tree; the
kernel command line argument acpi=force can override this default behavior.

Check for SUSE YES! certified systems, which have undergone compatibility
testing.

8.2 New features

8.2.1 Memory Tagging in GNU C Library

SUSE Linux Enterprise Server for Arm 15 SP4 and SP5 prepared their kernels for
the Armv8.5 Memory Tagging Extension (FEAT_MTE). Their glibc packages were
based on version 2.31 and did not yet support Memory Tagging.

SUSE Linux Enterprise Server for Arm 15 SP7 updates glibc base version to 2.38
and enables Memory Tagging in the GNU C Library as well.

8.3 Changed kernel CONFIG_HZ value

SUSE Linux Enterprise Server for Arm 15 SP6 and earlier kernels have used a
CONFIG_HZ value of 100 Hz.

The SUSE Linux Enterprise Server for Arm 15 SP7 kernel instead uses a value of
250 Hz. This matches the latest default and the value for x86-64 architecture (
Section 5.5.5, "CONFIG_HZ value changes").

8.4 Changed kernel I/O MMU default

SUSE Linux Enterprise Server for Arm 15 SP6 and earlier kernels have defaulted
the I/O MMU (Input/Output Memory Management Unit) to passthrough mode. This was
the most performant setting, but did not work on all machines. It then required
the user to override the default via iommu.passthrough=0 kernel command line
option.

SUSE Linux Enterprise Server for Arm 15 SP7 kernel instead defaults to 
translated mode. This achieves a greater hardware compatibility.

To force the previous behavior, use the kernel command line option
iommu.passthrough=1.

8.5 64K page size kernel flavor is supported

SUSE Linux Enterprise Server for Arm 12 SP2 and later kernels have used a page
size of 4K. This offers the widest compatibility also for small systems with
little RAM, allowing to use Transparent Huge Pages (THP) where large pages make
sense.

As a technology preview, SUSE Linux Enterprise Server for Arm 15 SP3 added a
kernel flavor 64kb, offering a page size of 64 KiB and physical/virtual address
size of 52 bits. Same as the default kernel flavor, it does not use preemption.

SUSE Linux Enterprise Server for Arm 15 SP6 largely removed this technology
preview status, offering support for kernel-64kb on select platforms, such as
NVIDIA Grace*. KVM virtualization remains a technology preview on this 64kb
kernel flavor (Section 2.8.1.1, "KVM virtualization with 64K page size kernel
flavor").

Note

Note: Default file system no longer needs to be changed

SUSE Linux Enterprise Server for Arm 15 SP7 SP4 and later allow the use of
Btrfs based file systems with 4 KiB block size also with 64 KiB page size
kernels.

Important

Important: Swap needs to be re-initialized

After booting the 64K kernel, any swap partitions need to re-initialized to be
usable. To do this, run the swapon command with the --fixpgsz parameter on the
swap partition. Note that this process deletes data present in the swap
partition (for example, suspend data). In this example, the swap partition is
on /dev/sdc1:

swapon --fixpgsz /dev/sdc1

Warning

Warning: RAID 5 uses page size as stripe size

It is currently possible to configure stripe size by setting the following
kernel parameter:

echo 16384 > /sys/block/md1/md/stripe_size

Keep in mind that stripe_size must be in multiples of 4KB and not bigger than
PAGE_SIZE. Also, it is only supported on systems where PAGE_SIZE is not 4096,
such as arm64.

Avoid RAID 5 volumes when benchmarking 64K vs. 4K page size kernels.

See the Storage Guide for more information on software RAID.

Note

Note: Cross-architecture compatibility considerations

The SUSE Linux Enterprise Server 15 SP7 kernels on x86-64 use 4K page size.

The SUSE Linux Enterprise Server for POWER 15 SP7 kernel uses 64K page size.

8.6 Known limitations

8.6.1 No graphics drivers on NVIDIA Grace Hopper

The NVIDIA Grace Hopper* System-on-Chip contains an integrated, Hopper
microarchitecture-based Graphics Processor Unit (GPU).

SUSE Linux Enterprise Server for Arm 15 SP7 maintenance updates currently
provide packages nvidia-open-driver-G06-signed-kmp-default and
kernel-firmware-nvidia-gspx-G06 in version 535.104.05, which does not yet
enable NVIDIA Grace Hopper GH200.

Check for maintenance updates of those packages with version 545.29.02 or
later, or contact the system vendor or chip vendor NVIDIA for whether
third-party graphics drivers are available for SUSE Linux Enterprise Server for
Arm 15 SP7.

Note

Note: PCIe GPUs not affected

Discrete GPU cards with Hopper microarchitecture, such as NVIDIA H100, are
already enabled in shipping package versions.

8.6.2 No graphics drivers on NVIDIA Jetson

The NVIDIA* Tegra* System-on-Chip chipsets include an integrated Graphics
Processor Unit (GPU).

SUSE Linux Enterprise Server for Arm 15 SP7 does not include graphics drivers
for any of the NVIDIA Jetson*, NVIDIA IGX or NVIDIA DRIVE* platforms.

Contact the chip vendor NVIDIA for whether third-party graphics drivers are
available for SUSE Linux Enterprise Server for Arm 15 SP7.

8.6.3 No DisplayPort graphics output on NXP LS1028A and LS1018A

The NXP* Layerscape* LS1028A/LS1018A System-on-Chip contains an Arm*
Mali*-DP500 Display Processor, whose output is connected to a DisplayPort*
TX Controller (HDP-TX) based on Cadence* High Definition (HD) Display
Intellectual Property (IP).

A Display Rendering Manager (DRM) driver for the Arm Mali-DP500 Display
Processor is available as technology preview (Section 2.8.1.5, "mali-dp driver
for Arm Mali Display Processors available").

However, there was no HDP-TX physical-layer (PHY) controller driver ready yet.
Therefore no graphics output will be available, for example, on the
DisplayPort* connector of the NXP LS1028A Reference Design Board (RDB).

Contact the chip vendor NXP for whether third-party graphics drivers are
available for SUSE Linux Enterprise Server for Arm 15 SP7.

Alternatively, contact your hardware vendor for whether a bootloader update is
available that implements graphics output, allowing to instead use efifb
framebuffer graphics in SUSE Linux Enterprise Server for Arm 15 SP7.

Note

Note

The Vivante GC7000UL GPU driver (etnaviv) is available as a technology preview
(Section 2.8.1.3, "etnaviv drivers for Vivante GPUs are available").

9 Removed and deprecated features and packages

This section lists features and packages that were removed from SUSE Linux
Enterprise Server or will be removed in upcoming versions.

Note

Note: Package and module changes in 15 SP7

For more information about all package and module changes since the last
version, see Section 2.2.3, "Package and module changes in 15 SP7".

9.1 Removed features and packages

The following features and packages have been removed in this release.

  o intel-opencl and intel-graphics-compiler packages have been moved to SUSE
    Package Hub after being deprecated in 15 SP6.

  o redis has been removed in SLES 15 SP7 and will not be supported in SLES 15
    after June 2031. Use valkey instead.

  o ntp has been removed. Use chrony instead.

  o PHP 7.4 has been removed.

  o numad has been removed.

  o IBM Java has been removed. See Section 5.3.4, "Supported Java versions".

  o The OpenLDAP server has been removed. Use 389 Directory Server instead.

9.1.1 ceph client packages removal

The following ceph client packages have been removed:

  o ceph-common

  o libcephfs-devel

  o python3-ceph-common

  o python3-rbd

  o python3-rgw

9.1.2 intel-opencl and intel-graphics-compiler packages removal

Since SLE15 SP5, Intel stopped requesting updates for intel-opencl and
intel-graphics-compiler packages, and thus the packages have been deprecated in
15 SP6. They have now been removed from 15 SP7, and moved to Package Hub.

9.2 Deprecated features and packages

The following features and packages are deprecated and will be removed in a
future version of SUSE Linux Enterprise Server.

  o netiucv and lcs drivers have been deprecated and will be removed in SLES
    16.

  o The 2MB OVMF image will be deprecated and removed in SLES 16.1.

10 Obtaining source code

This SUSE product includes materials licensed to SUSE under the GNU General
Public License (GPL). The GPL requires SUSE to provide the source code that
corresponds to the GPL-licensed material. The source code is available for
download at https://www.suse.com/products/server/download/ on Medium 2. For up
to three years after distribution of the SUSE product, upon request, SUSE will
mail a copy of the source code. Send requests by e-mail to
sle_source_request@suse.com. SUSE may charge a reasonable fee to recover
distribution costs.

11 Legal notices

SUSE makes no representations or warranties with regard to the contents or use
of this documentation, and specifically disclaims any express or implied
warranties of merchantability or fitness for any particular purpose. Further,
SUSE reserves the right to revise this publication and to make changes to its
content, at any time, without the obligation to notify any person or entity of
such revisions or changes.

Further, SUSE makes no representations or warranties with regard to any
software, and specifically disclaims any express or implied warranties of
merchantability or fitness for any particular purpose. Further, SUSE reserves
the right to make changes to any and all parts of SUSE software, at any time,
without any obligation to notify any person or entity of such changes.

Any products or technical information provided under this Agreement may be
subject to U.S. export controls and the trade laws of other countries. You
agree to comply with all export control regulations and to obtain any required
licenses or classifications to export, re-export, or import deliverables. You
agree not to export or re-export to entities on the current U.S. export
exclusion lists or to any embargoed or terrorist countries as specified in U.S.
export laws. You agree to not use deliverables for prohibited nuclear, missile,
or chemical/biological weaponry end uses. Refer to https://www.suse.com/company
/legal/ for more information on exporting SUSE software. SUSE assumes no
responsibility for your failure to obtain any necessary export approvals.

Copyright (C) 2010-2025 SUSE LLC.

This release notes document is licensed under a Creative Commons
Attribution-NoDerivatives 4.0 International License (CC-BY-ND-4.0). You should
have received a copy of the license along with this document. If not, see
https://creativecommons.org/licenses/by-nd/4.0/.

SUSE has intellectual property rights relating to technology embodied in the
product that is described in this document. In particular, and without
limitation, these intellectual property rights may include one or more of the
U.S. patents listed at https://www.suse.com/company/legal/ and one or more
additional patents or pending patent applications in the U.S. and other
countries.

For SUSE trademarks, see the SUSE Trademark and Service Mark list (https://
www.suse.com/company/legal/). All third-party trademarks are the property of
their respective owners.

A Changelog for 15 SP7

A.1 2025-04-07

A.1.1 New

  o Section 5.1.1, "STIG-compliant container" (Jira)

  o Section 5.3.1, "Ruby 3 has been added" (Jira)

  o Added redis removal notice in Section 9.1, "Removed features and packages"
    (Jira)

  o Section 5.6.1, "FADump and kdump speed improvement" (Jira)

  o Section 5.5.1, "smc driver has been updated" (Jira)

A.2 2025-03-10

A.2.1 New

  o Section 5.6.2, "New systems-management module" (Jira)

  o Section 5.6.3, "Ansible is now available" (Jira)

  o Section 5.5.2, "cgroupv2 CPU load-balancing" (Jira)

  o Section 5.7.1, "Kea DHCP has been added" (Jira)

  o Section 5.5.3, "Externally supported flag change" (Jira)

  o Section 5.5.4, "Userspace live patching" (Jira)

  o Added netiucv and lcs to Section 9.2, "Deprecated features and packages"

  o Added chrony to the list of removed packages in Section 9, "Removed and
    deprecated features and packages"

  o Section 5.6.4, ""IDXD: user: probe of wq1.0 failed with error -95" errors"
    (Bugzilla)

A.3 2025-01-14

A.3.1 New

  o Section 5.6.5, "Support of BPF-related tools" (Jira)

A.4 2024-09-12

A.4.1 New

  o Initial SP7 release

B Kernel parameter changes

Warning

Warning

This list of changes may not be exhaustive.

B.1 Changes from SP6 to SP7

These Linux kernel parameters have been changed since SLES 15 SP6.

(C) 2025 SUSE

