Nitrux 6.0.0, launched on March 3, 2026, introduces several noteworthy features aimed at security practitioners using Linux workstations. This release includes a new hypervisor orchestrator with IOMMU-enforced isolation, a revamped update system featuring cryptographic verification, and a recovery mechanism that functions directly within the boot process.
Developed by Nitrux Latinoamericana, this distribution operates on an immutable root filesystem and caters to hardware enthusiasts as well as power users. It offers two ISO variants: one optimized for NVIDIA GPUs utilizing the NVIDIA Open Kernel Module 590.48.01, and another designed for AMD and Intel hardware powered by MESA 25.3.3. The kernel version is Linux 6.13.2, enhanced with CachyOS patches.
GPU Passthrough with IOMMU Isolation
The new hypervisor orchestration utility, known as VxM, is included in this release. Written in C++, it allows for the concurrent running of guest operating systems with direct GPU passthrough via VFIO PCI. The utility validates IOMMU groups at runtime, ensuring hardware-level isolation between host and guest environments.
VxM features dynamic VFIO binding, which allows runtime driver overrides to vfio-pci, manages BDF normalization, and checks IOMMU groups prior to binding. It also automatically provisions hugepages and initializes IVSHMEM to facilitate low-latency frame relay between host and guest. The rootless model executes QEMU without elevated privileges, confining privileged operations to a pre-flight hardware setup stage.
Input arbitration employs evdev passthrough with interrupt handling. Additionally, DDC/CI automation sends VCP commands to the monitor bus to switch input sources when the VM state changes, minimizing the need for a physical KVM switch in multi-GPU setups.
Update System Rewritten in C++ with PolicyKit Control
The Nitrux Update Tool System, known as nuts-cpp, has replaced the previous Shell Script version. The new implementation adopts a client-server architecture in C++ and features a MauiKit graphical interface. All privileged operations are controlled through PolicyKit integration.
This system employs atomic operations to ensure transaction integrity during updates. It creates cryptographically verified XFS snapshots prior to their use and allows for offline rollbacks from these snapshots.
The older Shell Script version of NUTS will no longer be available. The transition from Nitrux 5.1.0 to 6.0.0 represents the final upgrade supported through the outdated implementation.
Rescue Mode Integrated into the Boot Process
Nitrux Rescue Mode is an initramfs-based recovery mechanism that functions without the need for external media, such as a Live ISO or USB drive. It utilizes the cryptographically verified XFS backup created by NUTS to wipe and re-image the root partition. After the restoration process, it automatically regenerates the bootloader configuration. This recovery option appears as a selectable entry in the GRUB menu.
This self-contained recovery method is particularly beneficial in environments where removable media is either restricted or unavailable.
Network and Kernel Hardening Adjustments
A configuration change in sysctl prevents the system from altering its routing table based on unauthenticated network messages. Furthermore, the NVMe drive is configured to avoid deep power-saving states, which eliminates wake-up timeouts that previously prolonged boot times.
The DNSCrypt-proxy resolver configuration has been updated to utilize the latest resolvers. Additionally, the initramfs now includes the exfat driver for early boot, and the upstream initramfs microcode hooks have been replaced with custom versions.
Login Infrastructure Enhanced for Wayland
The login screen has been upgraded to QMLGreet, which replaces QtGreet. It operates natively on Wayland compositors utilizing the wlr-layer-shell-unstable-v1 protocol and integrates with logind or elogind through D-Bus, without requiring systemd. This implementation, built in C++ with MauiKit, supports customizable color schemes, font settings, icon themes, and wallpapers with automatic blur effects.
Also introduced in this release is NudgeOSD, a QML-based on-screen display for keyboard shortcuts and system notifications. It runs in the background and listens for D-Bus commands, compatible with both system icon themes and Nerd Fonts.
Intel Xe Driver Selection
A new GRUB entry named “Intel Xe Mode” allows users with supported Intel integrated GPUs and Intel Arc GPUs to select the xe driver instead of the older i915 driver. This feature supports Gen12 (Xe-LP), Meteor Lake (Xe-LPG), and Lunar Lake with Xe2, while hardware older than Gen12, including Ice Lake and Skylake components, is not compatible with the new driver path.
Component Versions
Additional updated components in this release include Hyprland 0.53.3, Flatpak 1.16.2, NetworkManager 1.54.3, Python 3.13.9, Wireplumber 0.5.13, Calamares 3.3.14, and Distrobox 1.8.2.4. The scx scheduler and utilities have been updated to version 1.0.20.
