Changes to UEK Content Distribution and Packaging

The following table provides details about how UEK 8 content is distributed and packaged and includes information about package dependencies, and any other notable requirements.

Note:

Kernel packaging is updated in UEK 8 and differs from previous UEK releases. Most notably, kernel modules are now shipped in a collection of separate packages. Separating modules out of the core kernel packages helps to reduce overhead, provides a mechanism to minimize attack surface, and improves kernel module maintenance.

Configuration files to identify modules that are denied from loading are renamed from 'blacklist' files to 'denylist' as part of Oracle's initiative to use more inclusive language in its products.

Also, some kernel utility tools that were bundled in the kernel-uek-core package in previous releases are moved into a separate package, kernel-uek-tools.

You can list the modules available in each package by running: 

rpm -q -l kernel-uek-modules-<ext>

To find which package a module that's available on the system belongs to, you can run:

rpm -q -f /lib/modules/$(uname -r)/<path to module>

If you run the modprobe command for a module and the package that the module belongs to isn't installed, the output notifies you and provides the package name that you must install. Note that you might need to update the kmod package to the latest version for this functionality to work. 

sudo modprobe wl1251_sdio
modprobe: FATAL: Module wl1251_sdio not found in directory /lib/modules/6.12.0-0.20.20.el9uek.x86_64, 
ensure the following package is installed: kernel-uek-modules-wireless-6.12.0-0.20.20.el9uek.x86_64

A package mapping file is included at /lib/modules/$(uname -r)/modules.packages and is shipped in the kernel-uek-core package for UEK 8 and later. You can also use this file to identify the module package that contains a particular driver.

Package Description

kernel-uek

This is a meta package that doesn't contain any files.

In Oracle Linux 9, the package has the following dependencies:

  • kernel-uek-core
  • kernel-uek-modules-core
  • kernel-uek-modules
  • kernel-uek-modules-desktop
  • kernel-uek-modules-extra-netfilter
  • kernel-uek-modules-usb
  • kernel-uek-modules-wireless

Installing this package is equal to installing the full UEK kernel. Installing this package maintains compatibility with previous releases.

kernel-uek-core

This package contains the UEK kernel binary and supporting files, which are copied to /boot. The package is installed along with the kernel-uek-modules-core package and the kernel-uek-modules package. Note that this package requires that the linux-firmware-core package also be installed.

kernel-uek-modules-core

This package contains a minimal number of core kernel modules and supporting files used for Oracle engineered systems. The package is a dependency of the kernel-uek-core and is installed by default.

kernel-uek-modules

This package contains various modules that are commonly used in most server configurations. Note that this package requires that the linux-firmware package also be installed.

kernel-uek-modules-desktop

This package contains modules for desktop-type hardware.

This package can be removed to harden the system on many server platforms if none of the modules are used.

kernel-uek-modules-usb

This package contains USB drivers.

This package can be removed to harden the system on many server platforms if none of the modules are used.

kernel-uek-modules-wireless

This package contains wireless drivers.

This package is can be removed to harden the system on many server platforms if none of the modules are used.

kernel-uek-modules-extra-netfilter

This package contains uncommon netfilter modules.

This package can be removed to harden the system on many server platforms if none of the modules are used.

kernel-uek-modules-deprecated

This package contains modules that we plan to remove in future releases.

This package is optional and you can install the package manually from the yum repository or ULN channel.

Modules included in this package are deprecated and might be removed in a future release.

kernel-uek-modules-extra

This package contains extra modules for server configurations, but which aren't commonly used.

This package is optional and you can install the package manually from the yum repository or ULN channel.

kernel-uek-tools

This package contains tools that are required to satisfy other build and runtime dependencies in the tools/perf code base, and which can be used after boot to interact with the kernel. For example, the perf tool used for system performance analysis is included in this package.

linux-firmware-core

This package contains core firmware components and is a dependency for the kernel-uek-core package.

linux-firmware

This package contains firmware components that aren't provided in the linux-firmware-core package and is a dependency for the kernel-uek-modules package.

Note that this package requires that the linux-firmware-core package also be installed.

For security hardening, we recommend that you remove any of the kernel-uek-modules-* packages that aren't required by the system. To remove packages:

  1. Mark the core modules packages that you require on the system to prevent them from being removed. For example:

    sudo dnf mark install kernel-uek-core kernel-uek-modules

  2. Remove the unused modules packages and the kernel-uek metapackage from the system: 

    sudo dnf erase kernel-uek-modules-desktop kernel-uek