EulerOS
EulerOS is a commercial Linux distribution developed by Huawei Technologies for enterprise servers, cloud environments, and digital infrastructure applications.[1] It prioritizes high security through features like CVE vulnerability management, scalability for diverse hardware including ARM64 architectures, and optimized performance for computing-intensive workloads.[1] Originally launched around 2019 and based on CentOS source code for compatibility with enterprise Linux ecosystems, EulerOS has evolved to align with openEuler, Huawei's open-source counterpart maintained under the OpenAtom Foundation.[2][3] Key defining characteristics include its support for Huawei's TaiShan servers powered by Kunpeng processors, integration with container technologies like Kubernetes and Docker, and certifications such as UNIX 03 for mission-critical variants.[1][4] EulerOS addresses enterprise needs by offering stability, ease of maintenance, and compatibility with mainstream hardware and software, while contributing to upstream Linux kernel and ARM64 developments.[5] Despite its technical merits, adoption has been influenced by geopolitical tensions, including U.S. restrictions on Huawei products citing national security risks, though no specific backdoors in EulerOS have been publicly verified by independent audits.[6][7]History
Origins and Initial Development (2012–2016)
EulerOS originated within Huawei as an internal operating system project aimed at supporting the company's server hardware, particularly for mission-critical applications requiring high stability and reliability. Drawing from the CentOS codebase, which provides a stable foundation derived from Red Hat Enterprise Linux source code, the OS was engineered to meet enterprise demands for consistent performance in server environments.[2][6] This approach leveraged proven Linux stability to address Huawei's needs for an OS integrated with its proprietary hardware ecosystem, minimizing risks associated with operational disruptions in high-stakes computing. Development aligned closely with Huawei's KunLun series of x86 mission-critical servers, designed for workloads demanding extreme availability, such as fault-tolerant processing and hot-swappable components. KunLun models, including the 9032 variant introduced in March 2016, necessitated an OS optimized for such hardware capabilities, enabling continuous operation during maintenance.[8] EulerOS thus served as a customized platform to enhance server reliability, focusing on kernel-level optimizations suited to these systems without relying on external vendor dependencies for core functionality. In September 2016, Huawei's EulerOS 2.0 for KunLun servers achieved UNIX 03 certification from The Open Group, confirming compliance with the Single UNIX Specification Version 3 standards.[4][9] This milestone validated the OS's POSIX conformance and portability for UNIX applications, positioning it for deployment in environments prioritizing standardized, robust computing. Initial efforts emphasized domestic applications within China, supporting Huawei's hardware sales and aligning with national priorities for technological infrastructure resilience.Shift to Open-Source Alignment and openEuler (2019–Present)
In response to United States sanctions imposed in May 2019 that restricted Huawei's access to American technologies, including potential disruptions to Red Hat Enterprise Linux (RHEL) supply chains, Huawei established the openEuler open-source community on December 31, 2019.[10] This initiative created a CentOS-based Linux distribution aimed at providing a stable, enterprise-grade alternative, with its source code released to foster community contributions and reduce dependency on proprietary or geopolitically vulnerable ecosystems. EulerOS, Huawei's commercial server operating system previously derived from CentOS, transitioned to incorporating the openEuler codebase, enabling commercial support while leveraging open-source development for long-term sustainability.[11] The December 2020 announcement of CentOS Stream as a rolling-release upstream to RHEL, diverging from the prior stable downstream model favored by enterprises for predictability, accelerated the strategic rationale for openEuler. Enterprises required binary-compatible, rigorously tested distributions with extended support cycles, which CentOS Stream's development-oriented nature could not guarantee without additional verification efforts; openEuler addressed this by committing to LTS releases, such as its inaugural 20.03 LTS on March 27, 2020, mirroring RHEL's stability while incorporating Huawei's performance enhancements. By 2021, EulerOS releases synchronized with openEuler milestones, reflecting Huawei's pivot to a dual community-commercial model that prioritized verifiable independence from upstream volatility.[12][10] Huawei bolstered this alignment through substantial upstream contributions, submitting over 13,000 patches to the Linux kernel historically and ranking first in code contributions for kernel 5.10 in late 2020. On November 9, 2021, Huawei donated the openEuler codebase to the OpenAtom Foundation, transitioning governance to a broader consortium to enhance credibility and attract global developers, with over 5,000 downloads and 5,300 code submissions within weeks of early releases. As of 2025, this evolution manifests in Huawei Cloud EulerOS (HCEOS), a commercial openEuler derivative optimized for cloud-native workloads, offering seamless migration from CentOS post its December 31, 2021 EOL and supporting Huawei's cloud infrastructure with enhanced security and compatibility features.[12][13][14]Key Milestones and Version Releases
EulerOS 2.0 attained UNIX 03 certification from The Open Group on September 8, 2016, validating its compliance for deployment on Huawei KunLun mission-critical servers.[4] This certification underscored EulerOS's adherence to POSIX standards, distinguishing it among Linux distributions.[9] Huawei initiated the openEuler project as an open-source counterpart to EulerOS, releasing the openEuler 20.03 LTS edition on March 27, 2020, which served as the first long-term support version and influenced subsequent EulerOS alignments.[10] On November 9, 2021, Huawei transferred openEuler's codebase to the OpenAtom Foundation, enabling broader community contributions while EulerOS maintained commercial enhancements. EulerOS continued iterative service pack releases, with version 2.5 reaching end-of-service status on June 30, 2024.[15] In 2024, EulerOS integrated updates aligning with openEuler 24.03 LTS, incorporating kernel advancements. By early 2025, EulerOS 2.0 SP13 delivered security patches for the kernel addressing multiple vulnerabilities, including those in BPF verifier and packet data handling.[16] These updates extended support for legacy deployments amid ongoing maintenance commitments for active versions.[17]Technical Foundations
Kernel and Base Distribution
EulerOS utilizes a hardened variant of the Linux kernel, configured for enterprise-grade stability and reliability, with versions such as 5.10 in Huawei Cloud EulerOS (HCEOS) 2.0 incorporating community-developed enhancements for long-term support and fault tolerance.[18][19] This kernel base prioritizes minimal changes to upstream code, backporting only essential patches to maintain compatibility and reduce regression risks, as evidenced by Huawei's maintenance model that extends kernel lifecycles beyond standard community releases.[19] The distribution's foundational lineage traces from Red Hat Enterprise Linux (RHEL) via CentOS, ensuring application binary interface (ABI) compatibility with RHEL and CentOS ecosystems to support seamless migration of enterprise software packages and dependencies.[2] Following Huawei's open-sourcing efforts in 2020, EulerOS shifted upstream to openEuler, an open-source project under the OpenAtom Foundation that serves as the community-driven base for subsequent commercial releases, allowing Huawei-specific hardening while contributing patches back to the community.[20][21] Kernel support extends to x86-64 and AArch64 architectures, with tailored optimizations for Huawei's Kunpeng ARM-based processors to leverage hardware-specific features like advanced power management and vector processing extensions, contributing to measured performance gains in multi-core workloads on compatible servers.[22][23] This multi-architecture foundation enables deployment across diverse hardware environments while preserving the stability of the RHEL-derived package ecosystem.Architecture and Compatibility
EulerOS utilizes a monolithic Linux kernel architecture, incorporating loadable kernel modules to enable flexibility for server environments while eschewing significant microkernel influences that could introduce overhead in performance-critical deployments.[24] This kernel design supports high scalability on multi-core systems, with versions such as EulerOS V2.0SP10 leveraging Linux kernel 5.10 for enterprise-grade reliability.[19] The system provides backward compatibility with Red Hat Enterprise Linux (RHEL) applications through binary-level equivalence derived from its CentOS heritage, facilitating straightforward migration of legacy workloads without requiring source code modifications.[25] This compatibility extends to mainstream software ecosystems, including support for SysV and LSB init scripts via systemd integration.[26] EulerOS incorporates native containerization support via Docker and containerd engines, enabling orchestration with Kubernetes for scalable deployments; for instance, EulerOS 2.9 clusters from version 1.23 onward default to containerd for reduced resource overhead and enhanced stability.[27][28] Multi-architecture builds are a core aspect, with official support for x86-64 and AArch64 platforms, including certification on Huawei's TaiShan ARM servers such as the TaiShan 200 and TaiShan 100 models under EulerOS V2.0SP10.[29] This cross-architecture capability aids interoperability across diverse hardware, from Intel/AMD x86 systems like the Huawei 2288H V5 to Kunpeng-powered ARM infrastructure.[29][23]Core Features
Security Mechanisms
EulerOS incorporates several built-in security mechanisms derived from its Linux kernel foundation, including support for mandatory access control (MAC) through SELinux policies that enforce fine-grained permissions on subjects and objects such as files and processes.[30] These controls assign security labels to resources, preventing unauthorized access beyond discretionary user-defined rules, and extend to system-wide enforcement for elevated protection in enterprise environments.[31] Additionally, the kernel enables seccomp (secure computing mode) for syscall filtering, allowing processes—particularly in containerized workloads—to restrict available system calls via Berkeley Packet Filter (BPF) rules, thereby minimizing the attack surface by blocking potentially exploitable interfaces.[32] The operating system adheres to POSIX standards through its UNIX 03 conformance certification, achieved by EulerOS 2.0 on Huawei KunLun servers in September 2016, which validates reliable implementation of security-related interfaces like user authentication and access controls, reducing vulnerabilities from non-standard behaviors.[4] This certification, issued by The Open Group, confirms compliance with the Single UNIX Specification for x86-64 architecture, including standard C library functions critical for secure application development.[9] EulerOS has also attained Common Criteria (CC) EAL4+ certification, demonstrating robust evaluation of its security functions against international standards for protection against intentional misuse.[18] Security maintenance involves regular issuance of advisories addressing Common Vulnerabilities and Exposures (CVEs), with updates backported to stable branches; for instance, EulerOS-SA-2025-2264 patched multiple kernel flaws including CVE-2025-38399 and CVE-2025-38449, while EulerOS-SA-2025-2304 resolved issues in ncurses such as CVE-2025-6141.[16] [33] These advisories, published via Huawei's security portal, ensure timely remediation for components like the kernel and user-space libraries, often incorporating FIPS-validated cryptographic modules such as OpenSSL for compliant encryption handling.[34] [35] Despite these measures, some variants like Huawei Cloud EulerOS disable SELinux by default, requiring manual enabling for full MAC enforcement, which may introduce configuration dependencies in deployments.[36]Performance and Reliability Optimizations
EulerOS incorporates carrier-class reliability mechanisms, leveraging advanced hardware reliability, availability, and serviceability (RAS) features to ensure ultra-long-term stability for applications on physical or virtual machines.[23] These include support for clustering through a cluster manager and the GFS2 clustered file system, which enable high-availability configurations with automated failover to minimize downtime.[23] Kernel-level safeguards such as the Out-of-Memory (OOM) killer, which prioritizes process termination based on scoring to prevent system hangs during memory shortages, hung task detection via the khungtaskd thread for monitoring prolonged uninterruptible sleeps exceeding 120 seconds by default, and watchdog timers for lockup detection further enhance operational resilience.[37] Performance optimizations in EulerOS target multi-core ARM64 and x86 architectures, with refinements to the compilation system, virtual memory management, CPU scheduling via the Completely Fair Scheduler (CFS) using nanosecond granularity tunable through parameters like sched_min_granularity_ns, I/O drivers, networking stacks, and file systems.[23][37] The BiSheng compiler supports high-performance compilation for C, C++, and Fortran languages, facilitating efficient code generation for compute-intensive tasks.[37] Additional tools like the Workload Accelerator provide static optimizations (e.g., via BOLT) and dynamic real-time process enhancements, while huge pages reduce TLB miss rates in memory-heavy applications such as databases.[37] NUMA balancing adjustments, including scan delay and size parameters, optimize memory locality on non-uniform memory access systems.[37] For big data and AI workloads, EulerOS employs fine-grained resource controls through control groups (cgroups) and Linux containers to manage CPU, memory, and network allocation, enabling efficient scaling and isolation.[23] Multi-level memory reclamation via cgroup attributes like memory.min and memory.high protects critical tasks from eviction under pressure.[37] The Linux kernel 5.10 base incorporates community-developed stability hardening for enterprise-grade uptime.[19] However, these optimizations are closely tied to hardware compatibility, requiring tools like oec-hardware for validation of components such as RAID controllers and NICs, which can constrain portability to non-tested platforms and emphasize dependency on vendor-coordinated architectures like those from Huawei.[23][37]Enterprise and Cloud Capabilities
Huawei Cloud EulerOS (HCEOS), derived from openEuler, integrates cloud-native functionalities tailored for enterprise environments, enabling synergy between cloud infrastructure and edge devices through APIs designed for device-cloud interactions.[38] This setup supports orchestration platforms such as OpenStack for infrastructure management and Kubernetes for container deployment, facilitating scalable business workloads with high performance and security features like hierarchical memory expansion.[14][39] Migration from Red Hat Enterprise Linux (RHEL) or CentOS to HCEOS is streamlined via automated tools, including thecentos2hce1.py script, which handles RPM package updates, dependency resolution, and configuration synchronization remotely on source systems before deployment to target Elastic Cloud Servers (ECS).[40] The process requires pre-installation of necessary software packages and compatibility testing, typically spanning 20 minutes to 1 hour based on package count and size, with post-migration validation ensuring service continuity.[41] HCEOS preserves RHEL binary and API compatibility, allowing developers to redeploy applications with limited code changes and minimal recompilation.[42]
As of 2025 updates in HCEOS 2.0.2503, enhancements include refined OS migration workflows, automated compatibility evaluation for enterprise software stacks, and bolstered container support through workload accelerators for static and dynamic optimization on x86 and Arm architectures.[38][39] These features extend to edge computing via unified scheduling for container instances across hybrid environments, reducing latency in distributed deployments while maintaining enterprise-grade reliability.[43] The "2+4+2" lifecycle model provides 2 years of mainstream support with free maintenance, followed by 4 years of extended support and 2 years of sustained support, ensuring long-term stability for business-critical operations.[44]
Related Projects and Derivatives
Integration with KunLun Mission-Critical Servers
EulerOS was designed from its inception to integrate closely with Huawei's KunLun series of mission-critical servers, which are engineered for high-reliability applications in sectors such as telecommunications and finance. EulerOS 2.0, released in 2016, runs natively on KunLun platforms like the 9008, 9016, and 9032 models, enabling certified high-availability configurations that leverage the servers' multi-layer fault-tolerant architecture. This includes support for redundant components and proactive fault detection, ensuring continuous operation with minimal downtime.[4][45][46] The integration achieves UNIX 03 conformance certification from The Open Group on September 8, 2016, specifically for EulerOS 2.0 deployed on KunLun hardware, validating its adherence to standards for robustness and portability in mission-critical environments. This certification underscores optimizations for fault-tolerant computing, such as efficient resource allocation for CPU, memory, and storage to handle demanding workloads without single points of failure. KunLun's Reliability, Availability, and Serviceability (RAS) 2.0 features, including CPU and memory hot-swapping, are fully exploited by EulerOS, surpassing traditional UNIX systems in recovery speed and service continuity for enterprise applications.[9][4][47] This hardware-software synergy provides certified configurations tailored for high-stakes deployments, but it inherently promotes vendor lock-in by tying optimal performance to Huawei's proprietary KunLun architecture, limiting seamless migration to alternative hardware without reconfiguration or performance trade-offs. Empirical data from Huawei's testing shows KunLun with EulerOS delivering over 30% lower total cost of ownership compared to legacy UNIX servers in similar fault-tolerant setups, driven by open Linux efficiencies combined with specialized hardware optimizations.[46][8]Code Sharing with HarmonyOS and OpenHarmony
EulerOS, via its foundational open-source project openEuler, incorporates shared kernel architecture with HarmonyOS and OpenHarmony, allowing for targeted reuse of components such as multi-kernel support and stability modules to bolster distributed computing across device ecosystems.[48] In November 2021, Huawei disclosed that this shared kernel enables features like enhanced resource scheduling and fault tolerance, derived from EulerOS's Linux-based robustness adapted for HarmonyOS's microkernel environment.[48] OpenHarmony, initiated as an IoT-oriented open-source initiative in 2020, draws on openEuler's embedded device components for reliability in low-resource scenarios, including kernel patches exceeding 17,000 contributions to upstream Linux over the prior decade, which indirectly support OpenHarmony's lightweight layers. This reuse facilitates interoperability, such as through distributed soft bus protocols that interconnect openEuler servers with OpenHarmony endpoints for data sharing and task offloading.[49] Developments from 2021 to 2025 emphasize selective integration rather than wholesale adoption; for instance, the openEuler 22.09 release in October 2022 added optimizations for cross-OS feature alignment with HarmonyOS, including better handling of shared drivers for hardware abstraction in embedded contexts.[50] HarmonyOS Next, launched in 2024, retains these elements in its pure microkernel design, prioritizing EulerOS-derived stability for server-to-device extensions without embedding the full Linux kernel.[50] Limitations persist in scope: code sharing avoids full OS convergence, focusing instead on modular elements like drivers and middleware to ensure consistency in Huawei's ecosystem while preserving HarmonyOS's independence from Linux dependencies in consumer-facing builds. This approach mitigates compatibility overhead but requires explicit adaptation for architecture-specific variances, as evidenced by ongoing community contributions to openEuler's multi-architecture masking for shared source code.[51]NestOS Variant
NestOS is a specialized variant of EulerOS developed by Huawei for cloud-native environments, emphasizing container orchestration and virtualization workloads. Launched in November 2021 under the Cloud Native Special Interest Group (SIG) of the openEuler community, it builds directly on EulerOS's core architecture while integrating advanced container hosting capabilities to support large-scale containerized applications.[52][53] The system offers dual modes tailored to distinct deployment needs: NestOS For Container (NFC), optimized as a lightweight container host with enhanced security for running Kubernetes-based tasks, and NestOS For Virt (NFV), which includes pre-installed virtualization components for virtual machine orchestration. These modes facilitate simplified Kubernetes cluster deployment through tools like NKD (NestOS Kubernetes Deployment), ensuring consistency with Huawei's container cloud services and base OS operations. NestOS aligns its release cycles with upstream EulerOS updates, such as the version based on openEuler 22.09 released in October 2022, to incorporate timely security patches and performance improvements.[54][55][53] In Huawei's ecosystem, NestOS powers components of cloud stacks, including edge and hybrid deployments, by providing robust isolation and scalability for microservices without diverging from EulerOS's enterprise-grade stability. Its design prioritizes minimal overhead for orchestration layers, enabling seamless integration with Huawei's CloudStack for automated provisioning and management of containerized infrastructures.[52][53]Relationship to openEuler Community Edition
openEuler functions as the open-source upstream project for EulerOS, with Huawei releasing its source code in January 2020 to enable community collaboration on core components originally derived from CentOS and adapted for servers, cloud, and edge environments.[56][57] EulerOS, in turn, builds upon openEuler's codebase as Huawei's commercial offering, incorporating enterprise-specific optimizations while aligning with community releases like the 24.03 LTS version, which was introduced on May 30, 2024, based on Linux kernel 6.6.[58][14] Governed by the OpenAtom Foundation following Huawei's codebase donation in late 2021, openEuler emphasizes community-driven development through special interest groups (SIGs) and a technical committee, where Huawei serves as a standing member and leads substantial contributions to sustain innovation across architectures.[59] This structure contrasts with EulerOS's proprietary model, which includes Huawei-funded enhancements for high-security and scalability features unavailable in the free community edition.[20] The upstream-downstream dynamic benefits EulerOS by integrating diverse community inputs, such as expanded hardware compatibility and open contributions exceeding thousands of commits since inception, fostering a wider ecosystem without Huawei bearing all development costs alone.[60] However, EulerOS's addition of closed-source extensions for mission-critical reliability can create dependencies on Huawei's ecosystem, differentiating it from the fully auditable openEuler baseline.Adoption and Reception
Deployment in Enterprise and Government Sectors
EulerOS has achieved notable uptake primarily within Chinese enterprises and government entities, serving as a foundational operating system for servers in sectors emphasizing technological independence and data localization. In telecommunications, it supports infrastructure for major state-backed carriers, aligning with China's self-reliance initiatives in critical networks. Financial institutions, including over 500 that leverage Huawei Cloud services—where EulerOS underpins server operations—have integrated it for secure, scalable computing environments. Government deployments are extensive, bolstered by EulerOS's role in Huawei Cloud, which has topped China's overall, IaaS, PaaS, and dedicated government cloud markets for seven consecutive years through 2024.[61] As of 2023, EulerOS was in use by approximately 2,000 enterprises across China, reflecting its positioning for high-stakes applications in finance, public administration, and telecom.[62] Integration with Huawei's ecosystem, including KunLun servers and cloud platforms, facilitates its deployment in mission-critical setups, such as those certified under UNIX standards for enterprise reliability since 2016.[4] In Huawei Cloud EulerOS variants, it enables automated OS migrations and consistent configurations across hybrid environments, aiding large-scale government and enterprise rollouts.[37] Global adoption, particularly in Western markets, is negligible due to prohibitions on Huawei equipment in entities like U.S. federal networks and allied telecoms, restricting EulerOS to Huawei-dependent infrastructures. In the Asia-Pacific, growth aligns with regional pushes for supply chain resilience, though specific 2025 metrics for EulerOS remain tied to Huawei Cloud's expansion to 34 regions and service to over 170 countries, with emphasis on non-Western partners.[63]Market Position Amid Geopolitical Tensions
EulerOS has established a competitive edge in markets insulated from US-dominated software ecosystems, serving as a RHEL-compatible option that mitigates risks from upstream changes like the CentOS-to-Stream transition in December 2021. Its binary compatibility enables enterprises to leverage existing RHEL investments without licensing fees, positioning it favorably in cost-sensitive sectors. In China, where policies promote domestic alternatives amid supply chain vulnerabilities, EulerOS supports Huawei's push for tech sovereignty, with reported cumulative installations exceeding 430 million globally by mid-2023, driven largely by enterprise and government deployments.[64] US sanctions on Huawei, initiated with the entity's addition to the Commerce Department's Entity List on May 16, 2019, have constrained EulerOS's global footprint by heightening scrutiny on Chinese-origin software in critical infrastructure. These measures, aimed at curbing technology transfers, indirectly favor Western RHEL clones like Rocky Linux, launched in June 2020 as a bug-for-bug equivalent free of geopolitical entanglements, which have since captured significant shares among users wary of vendor lock-in or compliance risks. EU member states, aligning with similar export controls, have echoed restrictions, limiting EulerOS to niche or non-sensitive applications outside aligned regions. Reception reflects these divides: in China and Belt and Road partner countries, EulerOS garners praise for reliability and integration with local hardware, bolstering Huawei's 22% revenue growth in 2024 despite sanctions. Internationally, however, adoption lags due to preferences for alternatives untainted by state-linked development concerns, with analysts noting its marginal presence in non-Chinese enterprise surveys as of 2025.[65][66]