On Thu, Jan 9, 2020 at 11:18 AM Clay Montgomery wrote: > I mean ALL kernels from 4.9.x onward. > > Many developers are using newer kernels on the i.MX6, but they got there > by going to mainline and either not using the VPU or GPUs at all, or using > the open source Etnaviv drivers, which are limited in functionality (mainly > OpenGL ES 3.0 and OpenCL stuff) compared to the Vivante package from NXP. > > For example, if you build Yocto Sumo, Warrior or Thud from the FSL > Community BSP, you get no functional VPU or GPU support. Even a lot of > NXP's unit tests fail to run. Pyro is the latest one that works, because it > has Vivante with 4.1.15 kernel. > > Maybe someone has manually integrated a Vivante package with a mainline > kernel themselves? But, that is likely a lot of work and undocumented. The > issues are mainly with the DRM, I think. I would really like to see > comments from anyone that has done that successfully, and what was required? > > As far as NXP ever fixing this. They will not even reply about it: > > https://community.nxp.com/thread/518771 > Thank you for the helpful detail. You are confusing the security needs of a desktop system with embedded. > With embedded linux, kernel updates are not needed for good security if you > configure the system well. > Hm, I don't agree. If an embedded Linux device uses Wi-Fi and Bluetooth communications, won't vulnerabilities affecting those parts of the kernel need to be patched? Examples: https://www.linuxkernelcves.com/cves/CVE-2019-17133 https://www.linuxkernelcves.com/cves/CVE-2019-16746 https://www.linuxkernelcves.com/cves/CVE-2019-9506 I believe some of these could be exploitable without accessing the device or gaining local privileges. Thanks, Jesse