Hi Clay, thanks very much for your answers. On Fri, Jan 3, 2020 at 4:22 PM Clay Montgomery wrote: > Jesse, > > 1. The best answer is probably to take a look at NXP's notes and > defconfigs here: > > repo init -u https://source.codeaurora.org/external/imx/imx-manifest > -b imx-linux-sumo -m imx-4.14.98-2.0.0_ga.xml > > ~/Yocto/imx-yocto-bsp/sources/meta-freescale/recipes-kernel/linux/ > > 2. There were a lot of changes made to the DRM in the 4.9 kernels that > had a major impact on NXP's IPU and V4L2 support drivers. Some fundamental > stuff (like /dev/fb, X11 and Wayland) were broken and NXP seems unlikely to > ever fix that for newer kernels on the i.MX6. > When you say that NXP is unlikely to fix IPU/video related driver support in newer kernels, which kernel versions are you referring to? Later NXP-released 4.9 kernels like 4.9.123-2.3.0ga? > 3. Certainly not NXP. > > Most developers still on the i.MX6 seem to either stick with 4.1.15 or > move to a mainline kernel. > Do you know which mainline kernel version has full support for the i.MX6 or how I would be able to find out the status of support in various kernel versions? If mainline is stable for the i.MX6 and the driver support is on-par with the NXP-released kernels, I may considering moving to mainline at some point. I was under the assumption that mainline might be missing critical driver support or bug fixes and I would be better off with an NXP kernel, but perhaps that is not the case. If developers stick with 4.1.15, how do they address kernel CVEs? This is the main issue I am concerned about. I'm coming at this from a maintenance and security perspective. I need to be able to support shipping products by providing fixes for any major CVEs and that includes the Linux kernel, especially if any CVEs are remotely exploitable. I would also like to do this with the least impact possible, so avoiding major kernel upgrades is preferable in my mind. Can anyone comment on how they are handling kernel CVEs for products that are i.MX-based? Are you using a mainline LTS kernel and keeping up with upstream updates? Are you using an NXP kernel and manually patching specific CVEs? Thanks, Jesse