Re: Kernel support for i.MX6UL and 4.9 LTS updates


Jesse Gilles <jesse.gilles@...>
 

On Thu, Jan 9, 2020 at 11:18 AM Clay Montgomery <clay@...> wrote:

I mean ALL kernels from 4.9.x onward.

Many developers are using newer kernels on the i.MX6, but they got there by going to mainline and either not using the VPU or GPUs at all, or using the open source Etnaviv drivers, which are limited in functionality (mainly OpenGL ES 3.0 and OpenCL stuff) compared to the Vivante package from NXP.

For example, if you build Yocto Sumo, Warrior or Thud from the FSL Community BSP, you get no functional VPU or GPU support. Even a lot of NXP's unit tests fail to run. Pyro is the latest one that works, because it has Vivante with 4.1.15 kernel.

Maybe someone has manually integrated a Vivante package with a mainline kernel themselves? But, that is likely a lot of work and undocumented. The issues are mainly with the DRM, I think. I would really like to see comments from anyone that has done that successfully, and what was required?

As far as NXP ever fixing this. They will not even reply about it:

https://community.nxp.com/thread/518771


Thank you for the helpful detail.

You are confusing the security needs of a desktop system with embedded. With embedded linux, kernel updates are not needed for good security if you configure the system well.


Hm, I don't agree.  If an embedded Linux device uses Wi-Fi and Bluetooth communications, won't vulnerabilities affecting those parts of the kernel need to be patched?

Examples:

I believe some of these could be exploitable without accessing the device or gaining local privileges.

Thanks,
Jesse
 

Join meta-freescale@lists.yoctoproject.org to automatically receive all group messages.