Greg Kroah-Hartman: few mobile phone vendors update the kernel

Greg Kroah-Hartman, the Linux kernel maintainer, was most annoyed when asked about a video interview. He replied that it was the entire Spectre/Meltdown issue. What makes them angry is that they are engaged in software development, but they have to fix bugs at the hardware level.

The CPU black box is more complicated than it used to be because CPU vendors try to do everything they can to take advantage of all the features that require specialised skills that sometimes get burned. This is the case with Spectre/Meltdown. In addition to bug fixes, the Linux community is continuously refining the kernel. But hardening the kernel itself is not enough to improve security, and hardware vendors are required to enable the newly introduced security hardening feature, which usually does not happen.

Take the Android platform as an example. Except for Google’s Pixel smartphone, most Android phones do not include additional hardening features, which means that all of these phones are vulnerable. Kroah-Hartman once purchased all first-line brand Android phones based on the kernel 4.4 kernels, and observed which companies’ phones have updated the kernel, and only one update was made. He is trying to work with the entire supply chain to solve this problem and make it possible to update the kernel.

Enterprise Linux system vendors typically update the kernel promptly compared to consumer-grade electronics.