SUSE SolidDriver Program

Goals of the SUSE SolidDriver Program

The fundamental goal of the SUSE SolidDriver Program can be summed up in the following sentence:

Ensure customers can deploy necessary 3rd party kernel drivers with ease and confidence.

The program achieves this by establishing standards to be followed by vendors who packaging and delivering kernel drivers that are used with SUSE Linux Enterprise OS’s. These standards are set out to ensure that kernel drivers are:

  • Easy to deploy
  • Compatible with SUSE Linux Enterprise products
  • Supported by SUSE and the driver vendor
  • Trusted by the end user
  • Usable with SUSE YES certifications

Easy to Deploy

Given the impact to system functionality that many kernel drivers bring, it’s important that they are installed properly. The first step in improving the reliability of kernel module installations is to remove complexity in the operation. We can remove complexity by removing the need to compile kernel modules, as well as using standard methods and tools to install them.

The SolidDriver program recommends that modules are provided to customers in standard RPM packages that contain pre-compiled kernel module binaries which are compatible with the SUSE Linux Enterprise kernels. The program utilizes a specific kernel module package RPM packaging standard that provides for automatic and correct installation relieving the end user of detailed knowledge around building and installing kernel drivers. This packaging standard will be covered in more depth in the section Kernel Module Packages later in this document.

Compatible with SUSE Linux Enterprise

There are two aspects of compatibility that the SolidDriver program is focused on. The first is related to kernel module updates properly co-existing with standard system files. This means that kernel module installations must preserve system files and system package installations must preserve kernel module files. As was described in the section on Third Party Kernel Modules , traditional installation involves installing the module object file in the location reserved for standard kernel modules - sometimes overwriting the default system files in the process. This leads to complications when installing SUSE kernel updates which will may remove or overwrite the files installed by the third party kernel module. In such cases, the third party kernel module will need to be re-installed after the kernel update before reboot in order to ensure the proper driver is available for system functionality. It’s up to the system admin to remember this crucial step - failing to do so can result in an un-bootable system that can be tricky to restore. The kernel module package standard defined by the SUSE SolidDriver program places driver updates in a pre-defined, SUSE standard location that is reserved for externally provided kernel modules. This allows for third party kernel modules to be installed in parallel with SUSE kernels without the complications of file collisions.

The second aspect of compatibility is concerned with the kABI (see The Kernel Module Programming Interface ). If the kABI required by the kernel module does not match the kABI of the running kernel, the module will not load. Once again the kernel module package standard gives the solution by handling kernel ABI requirements at the package dependency level. This protects users from installing incompatible kernel modules that could lead to systems not working. How this is managed is discussed in detail in the section [Kernel ABI Compatibility]later in this document.

Supportable by SUSE and 3rd Party Vendor

By using kernel module packages, the process of installation of kernel modules is fully supported by SUSE. In addition SUSE SolidDriver compliant drivers ensure that joint support agreements are established between SUSE and the third party vendor so that proper support can be given to customers having any issues related to the SUSE kernels. See Joint Support Agreements for more information.

Trusted by the End User

Kernel modules are proper pieces of kernel code and have the same access and privileges as the rest of the kernel. There is no added protection between the kernel module and the hardware, data, and complete runtime environment to protect against unwanted behavior.

Because of that, users need to have a sufficient level of trust in any kernel drivers that they install on their systems. How does the user establish that trust?

The SUSE SolidDriver Program helps the user establish trust by using a combination of proper package meta data (like package descriptions and vendor identification) along with digital signatures that the user can verify with the vendors he or she trusts. The verified digital signature ensures that the contents of the package indeed originate from the identified vendor and has not been tampered with by external forces.

Usable with SUSE YES Certifications

Hardware vendors will want to utilize their kernel drivers when running SUSE YES Certification tests. Doing so requires that the environment under test is available to end users in the exact configuration as has been certified. This means that any kernel drivers used must be available to the customers in the exact binary form as used for testing and should remain available for the life of the hardware product or SUSE Linux Enterprise OS that the certification is based on.

To help vendors maintain this availability, the SUSE SolidDriver Program offers the opportunity to have their drivers hosted at SUSE will make sure the drivers used in certifications remain available for the required amount of time.