|
|
Subscribe / Log in / New account

Super long-term kernel support

Super long-term kernel support

Posted Mar 20, 2018 16:32 UTC (Tue) by mjthayer (guest, #39183)
In reply to: Super long-term kernel support by tlamp
Parent article: Super long-term kernel support

Just on a devil's advocate sort of line of thought, what would have to happen to make the mainline kernel usable for this sort of purpose? Not that I can imagine anything that would make either side (the kernel developers and maintainers or the consumers) remotely happy.

to post comments

Super long-term kernel support

Posted Mar 20, 2018 19:48 UTC (Tue) by smoogen (subscriber, #97) [Link] (3 responses)

For the mainline kernel, it would require that a kernel was not released until it ran through every different industries test suites which would have to be run on a wildly different hardware and environments (the same system may need to be tested in -40F, 0F, 32F, 120F, 180F over N days depending on what environment the system is supposed to go into.) It might need to be run in a turbine at different speeds while other environment factors are going. Etc etc. It would also require that all those industries publish their testing systems and make them available to developers. [Airplane radars, satellite communication, medical equipment, manufacturing devices, ATMs, sewage control, water pumps, oil pumps, fire control devices, traffic signal devices, etc all have different testing requirements that depend on the state/province, country, and treaty area. Some of them may be short done testing and others require the entire environment be replicated and run from the ground up until the device has failed.]

For a long term security kernel, it would take them to wait the 6-9 months for feedback from one set of changes to be run through.

These devices are going to sit on a shelf for years at a time until put into replacement due to some forklift upgrade. They will then get looked at years later. Most of the devices may be only hooked up to some sort of serial network so updates are done by hand as the bandwidth for updating is faster that way.

Super long-term kernel support

Posted Mar 21, 2018 12:01 UTC (Wed) by mjthayer (guest, #39183) [Link] (2 responses)

And presumably then the sort of updates such a SLTS kernel will receive are not going to include fixes for any security problems which can be solved by better isolating the device running it (which will also presumably not be in any way network-facing)? So no Spectre and Meltdown for example. Only conservative bug fixes to prevent crashes which might occur in the normal course of operation.

Super long-term kernel support

Posted Mar 21, 2018 14:10 UTC (Wed) by mjthayer (guest, #39183) [Link] (1 responses)

Ahem, I could have read Cyberax's comment slightly further down.

Super long-term kernel support

Posted Mar 21, 2018 14:19 UTC (Wed) by mjthayer (guest, #39183) [Link]

That said, they say that "CIP works towards reducing the window of vulnerability to zero".

https://wiki.linuxfoundation.org/civilinfrastructureplatf...


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds