Release Announcement: Nitrux 3.7.1 “sp”

We are pleased to announce the launch of Nitrux 3.7.1. This new version combines the latest software updates, bug fixes, performance improvements, and ready-to-use hardware support.

Nitrux 3.7.1 is available immediately.

🔰 Information: The codename for this release is “sp,” which highlights the improvements to security and performance in this release.

⚠️ Important: Despite the efforts and improvements in this and previous releases, we’re not claiming to be security or forensic experts or that the distribution is “impenetrable” or “unhackable,” so there isn’t any misunderstanding. Suggestions to continue improving on this area are welcome at our organization at GitHub (open a new discussion).

🔰 Information: The ISO file is signed with a GPG key, and we only provide SHA512 checksum files; please check the Notes to know more.

Consider sponsoring Nitrux at Open Collective or Ko-fi. By sponsoring Nitrux, you give the development team a regular and predictable income to cover our hosting, development, and hardware testing costs.

✨ What’s new

We recommend new users do a fresh installation using the latest media. For users of the previous version (3.7.0), please check the Notes for information about upgrading Nitrux.

Nitrux 3.7.1 build.311024.sp uses Linux 6.11.5-1 (Liquorix)

The list below highlights the components we’ve updated in the distribution.

• Firefox to version 132.0.
• MESA 3D Graphics Library to version 24.2.4.
• NVIDIA Linux x64 (AMD64/EM64T) Display Driver to version 565.57.01.
• AMD Open Source Driver for Vulkan® to version v-2024.Q4.1.
• We have updated our linux-firmware package to include newer files from the Linux firmware repository (up to the commit c01656f9) for the following drivers.
  • “ath11k”: Qualcomm Atheros QCA6390, QCA9984 and newer Wi-Fi 6 chips.
  • “cirrus”: Cirrus Logic video cards.
  • “i915”: Intel graphics driver for integrated graphics processors.
  • “intel_avs”: Intel Audio Visual Speech (AVS) hardware for processing audio and voice.
  • “intel_ibt”: Intel Bluetooth devices.
  • “intel_ish”: Intel Integrated Sensor Hub (ISH) low-power devices.
  • “intel_xe”: Intel Xe Graphics architecture for integrated and discrete GPUs.
  • “iwlwifi”: Intel Wireless Wi-Fi Link adapters.
  • “mediatek_MT7961”: Driver for MediaTek MT7961 chipset.
  • “mediatek_MT7988”: Driver for MediaTek MT7988 chipset.
  • “mediatek_MT7992”: Driver for MediaTek MT7992 chipset.
  • “mediatek_MT7996”: Driver for MediaTek MT7996 chipset.
  • “qat_4xxx”: Intel QuickAssist Technology 4xxx series accelerators.
  • “qca”: Qualcomm Atheros wireless network adapters.
  • “qcom”: Various Qualcomm devices.
  • “realtek_rt1320”: Realtek RT1320 chipset for wireless communication devices.
  • “rtl_bt”: Realtek Bluetooth USB devices.
  • “rtl_nic”: Realtek network interface controllers (NICs).
  • “rtlwifi”: Realtek wireless network adapters.
  • “rtw89”: Realtek Wi-Fi 6 and Wi-Fi 6E adapters.
  • “tas2781”: Texas Instruments TAS2781 audio amplifier.
• Valve’s gamescope to version 3.15.3.
• We’ve updated our base-files package to correct the Debian base codename to trixie/testing.
• Our Sysctl settings have been updated with the additional changes for better security and increased performance.
  • • Increase Linux autotuning TCP buffer limits. These TCP buffer settings enhance high-speed network performance by dynamically adjusting buffer sizes to improve throughput, reduce packet loss, prevent congestion, and ensure smooth data transfers, all while efficiently managing system memory.
    • Increase the maximum number of packets queued for processing before they are dropped. It improves the handling of burst traffic, reduces packet drops, and enhances performance and stability on high-speed networks during heavy loads.
    • Reuse Time-Wait TCP connections to reduce the number of open TCP connections. Efficiently manage network connections, reducing open TCP connections, freeing up system resources, and improving performance.
    • Enable Reverse Path Filtering. It prevents IP spoofing attacks, enhances security, and reduces vulnerability to DDoS attacks.
    • Disable Source Routing. Prevents IP spoofing and strengthens security by disabling source routing, blocking potential bypassing of security controls.
    • Restricts access to kernel pointer addresses. Improves security by restricting access to kernel pointer addresses to privileged processes, preventing information leaks.
    • Disable the SysRq key. It enhances security by disabling the SysRq key and preventing unauthorized system commands.
    • Disable timer migration across CPUs. Improve the CPU scheduling consistency for real-time or latency-sensitive applications by disabling timer migration across CPUs.
      
    • Control the boost applied to the watermark (the minimum number of free pages the kernel tries to maintain). Maintain higher free memory to ensure the system doesn’t stall due to memory shortages.
    • Change dirty page settings to reduce I/O disk access. Allow for efficient memory usage without frequent disk access.
• We’ve updated our desktop settings to include the following.
  • Enable soft wrap and word wrap by default in micro.
• We’ve updated our SDDM configuration with the following changes.
  • Organize our configuration files in /etc/sddm.conf.d.
  • Add configuration files for SDDM to use rootless Wayland or X11.
    • ⚠️ Important: SDDM using Wayland is experimental. From our tests, we encountered problems when using SDDM on Wayland and the NVIDIA proprietary driver; specifically, games using DXVK or VKD3D were crashing or only showed a black screen; this problem was not present when using the MESA drivers.
• We’ve updated our configuration for Calamares, which includes the following changes.
  • Ensure the kernel parameters used for the installation match those in the Live ISO for the following features.
    • Enable support for AMD GCN 2.0 (CIK) GPUs in the AMDGPU driver.
    • Change the update mode for the virtual memory in the AMDGPU driver to improve performance in specific workloads.
    • Disable the High Precision Event Timer (HPET) for systems where it may cause issues.
    • Enable expedited RCU grace periods, improving system responsiveness in specific scenarios.
  • Add new kernel parameters for the following features to improve performance and security.
    • Offload all RCU (Read-Copy-Update) callbacks to kernel threads, reducing interrupt contention on CPUs.
    • Enable “lazy” RCU mode, delaying some operations to optimize performance.
    • Enable additional security checks for user copy operations.
    • Disable the 32-bit VDSO (Virtual Dynamic Shared Object) on 64-bit systems.
    • Enable Kernel Control Flow Integrity (KCFI). This security feature helps prevent specific attacks, like control flow hijacking, by ensuring that indirect function calls are only made to valid, expected targets.
  • Create the group gamemode and add the user to it to avoid permission issues when GameMode applies the settings from its configuration file.
• Extensible Virtual Display Interface (EVDI) driver to version 1.14.7.
• DisplayLink driver to version 6.1.0.
• AppArmor to version 4.1.0-beta1.
• Updated xone driver to a fork that compiles against Linux 6.11+.
• We’ve updated our slight modifications to casper to remove configuration for display managers other than SDDM during the Live session.
• We’ve updated the included offline Documentation.

We’ve added the following components to the distribution.

• Add an OpenRC service script to identify the Broadcom wireless chip used for wlan0 and decide which driver to load (b43, b43legacy, wl, or brcmsmac) during boot, as not all Broadcom chips are supported by the open source drivers or the support is partial or untested.
• Add module configuration to disable 40mhz bandwidth on the 2.4ghz band for the Broadcom BCM4360 wireless chip when using the Broadcom proprietary driver to avoid connection issues.
• Add firmware for the Broadcom BCM4301, BCM4306/2, and BCM4306 wireless chips.
• Add firmware for Facetime HD (Broadcom 1570) PCIe webcam found in recent MacBooks.
• Add 32 and 48px-size icons for CoreCtrl.
• Add default configuration file for GameMode.
• Add a configuration file for Bluetooth audio devices using the SBC audio codec (not to be confused with SBC-XQ) to achieve a balance between audio quality and bandwidth efficiency, ensuring a reliable and high-quality Bluetooth audio experience.
• KZones. A KDE KWin Script that snaps windows into zones.

KZones Configuration.

KZones in action. Image for reference.

We’ve fixed or closed the following issues in the distribution; see Report bugs.

• Fix an issue with our Calamares package not using the same desktop launcher file in /usr/share/applications.

We’ve removed the following components from the distribution.

• –

📥 Download

Here are different ways to download our ISOs.

• ISO — Direct HTTP Download from our server.
• FOSS Torrents (Torrent).

Check our tutorial to verify the ISO file’s integrity and authenticity.

• Import our public key using the command below.
  • 🔰 Information: Starting with Nitrux 3.5.0, the key we use to sign the ISO file will change monthly. Remove the old one from your keyring before adding the new one.

gpg --keyserver keyserver.ubuntu.com --recv-keys B26952C27338C2F82CADA9194C8B721C5A323C6F

⛔ Known issues

To see a list of known issues, click here.

🗒 Notes

To see a list of release notes, click here.

🐞 Report bugs

To report bugs, please use our bug tracker on GitHub.

📝 Changelog history

To see a list of previous changelogs, click here for the changes archived at our site or for the changes archived at Sourceforge.

📰 Resources

Here are various articles, tutorials, and other information on our blog.

📢 PSA (Post-release service announcements)

Here’s a list of post-release service announcements for this version of Nitrux.

🚀 Get involved

Everyone can participate in the Nitrux community on many levels, from advising fellow Nitrux users to becoming a maintainer. Any contribution, even the smallest, is valued. To start contributing to Nitrux, click here.