We expect that TLXOS 4.10.1 (release notes: https://help.thinlinx.com/knowledgebase.php?article=74) will probably be the last progressive TLXOS release in the 4.x series, although 4.x will continue for some time as Long Term Stable (LTS). TLXOS 5.0.0 and TMS 9.0.0 will include the following improvements: Guaranteed features: - Encryption of updates (TLXOS firmware, tms_client, hotfixes) will be removed, and the firmware format will be simplified to be a zip file containing binary firmware object(s) and metadata file(s) in a format that ThinLinX will publicly document, along with optional GPG signature(s). This will allow customers to create their own hotfixes. TMS will check GPG signatures against an approved keyring and report whether or not the update passes signature checks. - TLXOS 5.x releases will be based on Debian 11 (Bullseye), and will initially feature a 5.10 Linux kernel. - TLXOS will no longer have a separate Maintenance Mode partition (or Linux kernel). Maintenance Mode will be merged into the /boot filesystem, as an alternative initramfs that will use the same kernel as Normal Mode. - TLXOS installation will become more flexible with regard to filesystem sizes. Upgrades will be able to enlarge the base root filesystem (/actualroot) as needed, and if necessary will repartition to enlarge /boot also, although this will necessarily result in loss of midlayer (/config) data, i.e. reset to default settings. - Upgrade of boot[/TFM] and root filesystems will be completely separate, allowing upgrade to a newer Linux kernel (and Maintenance Mode image) while remaining at the same base firmware version. Likely features (not finalized, and subject to change): - Rewrite of TMS for internal client-server separation and multi-session capability, i.e. an "always on" background service/daemon component and one or more on-demand GUIs. TMS was not designed for this, so it is a very extensive and ambitious rewrite. TMS GUIs will be able to run on a different host than the service/daemon, and you will be be able to run two or more concurrently. - TLXOS licenses will be consolidated into a one-license-fits-all solution, i.e. you will be able to run any edition of TLXOS using a common entitlement. New licenses will be at the higher SFF/RePC cost (USD $15 per device); we will not retroactively compensate SFF/RePC owners with additional entitlements. - TMS 9.0.0 will introduce the concept of a "filestore" database, whereby downloaded updates, and files installed by the user, will be permanently stored in a hash tree such that clients can request download of such objects by hash rather than by name. This means that files installed using TMS' "File->Install File" option (e.g. SSH keys and CA certs) will be part of a saved profile, and client devices will automatically download these if they are missing. - Introduction of basic policy, i.e. association of saved profiles with TMS device groups, such that TMS will require any known client to conform to the saved profile linked to the device group of which they are a member, when they check in with TMS. - Overhaul of Digital Signage to use out-of-band rsync content synchronization (pull-based) instead of clumsy in-protocol content synchronization (push-based). This will be much more efficient, although clients will require direct access to the rsync service on the TMS server. The older scheme will still be available via a legacy option. - Improved VPN capabilities, including password-based OpenVPN and Wireguard.