Nitrux 6.0.0: Immutable Linux Distribution with Enhanced Features and GPU Passthrough Support

Post Views: 7

Nitrux 6.0.0 Released with Enhanced Security Features and Improved Performance

The latest version of the Nitrux Linux distribution, released on March 3, 2026, introduces several significant security enhancements and performance improvements. Nitrux 6.0.0 targets hardware enthusiasts and power users, and its immutable root filesystem provides a robust security foundation.

Key Features and Enhancements

One of the key features of Nitrux 6.0.0 is the introduction of VxM, a new hypervisor orchestration utility written in C++. VxM enables concurrent execution of guest operating systems with GPU hardware passed directly to those guests using VFIO PCI passthrough. This feature is particularly useful for security practitioners who require hardware-level isolation between the host and guest domains.

VxM includes dynamic VFIO binding, which performs runtime driver overrides, handles BDF normalization, and validates IOMMU groups before binding. The utility also provisions hugepages automatically and initializes IVSHMEM for low-latency frame relay between host and guest. Additionally, VxM runs QEMU without elevated privileges during guest execution, and privileged operations are confined to a pre-flight hardware preparation stage.

Security Enhancements

Another significant security enhancement in Nitrux 6.0.0 is the rewritten update system, known as NUTS-CPP. This C++-based system replaces the previous Shell Script implementation and adopts a client-server architecture with a MauiKit graphical interface. All privileged operations are gated through PolicyKit integration, ensuring secure updates.

The NUTS-CPP system uses atomic operations to maintain transaction integrity during updates and creates XFS snapshots that are cryptographically verified before use. This feature enables offline rollbacks from those snapshots, providing an additional layer of security.

Nitrux 6.0.0 also includes a new recovery mechanism, Nitrux Rescue Mode, which operates without external media such as a Live ISO or USB drive. This initramfs-based recovery mechanism uses the cryptographically verified XFS backup created by NUTS to wipe and re-image the root partition. After restoration, it regenerates the bootloader configuration automatically.

Other security-related changes in Nitrux 6.0.0 include updates to the sysctl configuration, DNSCrypt-proxy resolver configuration, and initramfs. The distribution also includes a new login infrastructure, QMLGreet, which runs natively on Wayland compositors and integrates with logind or elogind via D-Bus.

Performance Improvements

In addition to these security enhancements, Nitrux 6.0.0 includes several performance improvements, such as the introduction of a new GRUB entry labeled Intel Xe Mode, which allows users with supported Intel iGPUs and Intel Arc GPUs to select the xe driver over the older i915 driver.