Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Cellphones Open Source Linux

Greg Kroah-Hartman: Outside Phone Vendors Aren't Updating Their Linux Kernels (linux.com) 86

"Linux runs the world, right? So we want to make sure that things are secure," says Linux kernel maintainer Greg Kroah-Hartman. When asked in a new video interview which bug makes them most angry, he first replies "the whole Spectre/Meltdown problem. What made us so mad, in a way, is we were fixing a bug in somebody else's layer!" One also interesting thing about the whole Spectre/Meltdown is the complexity of that black box of a CPU is much much larger than it used to be. Right? Because they're doing -- in order to eke out all the performance and all the new things like that, you have to do extra-special tricks and things like that. And they have been, and sometimes those tricks come back to bite you in the butt. And they have, in this case. So we have to work around that.
But a companion article on Linux.com notes that "Intel has changed its approach in light of these events. 'They are reworking on how they approach security bugs and how they work with the community because they know they did it wrong,' Kroah-Hartman said." (And the article adds that "for those who want to build a career in kernel space, security is a good place to get started...")

Kroah-Hartman points out in the video interview that "we're doing more and more testing, more and more builds," noting "This infrastructure we have is catching things at an earlier stage -- because it's there -- which is awesome to see." But security issues can persist thanks to outside vendors beyond their control. Linux.com reports: Hardening the kernel is not enough, vendors have to enable the new features and take advantage of them. That's not happening. Kroah-Hartman releases a stable kernel every week, and companies pick one to support for a longer period so that device manufacturers can take advantage of it. However, Kroah-Hartman has observed that, aside from the Google Pixel, most Android phones don't include the additional hardening features, meaning all those phones are vulnerable. "People need to enable this stuff," he said.

"I went out and bought all the top of the line phones based on kernel 4.4 to see which one actually updated. I found only one company that updated their kernel," he said. "I'm working through the whole supply chain trying to solve that problem because it's a tough problem. There are many different groups involved -- the SoC manufacturers, the carriers, and so on. The point is that they have to push the kernel that we create out to people."

"The good news," according to Linux.com, "is that unlike with consumer electronics, the big vendors like Red Hat and SUSE keep the kernel updated even in the enterprise environment. Modern systems with containers, pods, and virtualization make this even easier. It's effortless to update and reboot with no downtime."
This discussion has been archived. No new comments can be posted.

Greg Kroah-Hartman: Outside Phone Vendors Aren't Updating Their Linux Kernels

Comments Filter:
  • by BrookHarty ( 9119 ) on Saturday October 06, 2018 @03:36PM (#57438830) Journal

    Its always been the same issue, over and over and over. If you need sources for 3rd party closed drivers, you cant update the kernel without them.

    This needs to be fixed. This will fix everything, older android can be updated, linux systems like phones and tablets can be updated, forever.

    • by Alwin Henseler ( 640539 ) on Saturday October 06, 2018 @04:49PM (#57439042)

      This will fix everything, older android can be updated, linux systems like phones and tablets can be updated, forever.

      No it won't. Basic premise for Android is:

      • Issue gets fixed in upstream kernel (Linux)
      • Fix 'trickles down' into some open source Android release
      • Carrier or phone vendor produces updated build that end users can install

      That last bit simply isn't happening. As much as they can get away with, carriers or phone vendors just do a few updates (say over a year, 2 years if you're lucky), and that's it.

      The way around that requires a couple of things:

      • Open source drivers for the hardware in the phone (as you stated)
      • Some community project that takes those drivers & produces updated builds for phone models X, Y or Z. In practice, there aren't many of those community projects (active), and # of supported models is limited.
      • Some way to upload that build to your phone. Read: an unlocked bootloader. Which is the exception rather than the rule for Android phones (eg. my phone doesn't come with an unlocked bootloader afaik).

      Bottom line: in most cases end users are still stuck, even if open source drivers are available. Android's update model is simply broken to begin with.

      • The way around that requires a couple of things:

        Just one actually: Governments legislate that phone vendors have to provide updates for at least three years after first sale.

        There are already plenty of laws around requiring manufacturers to support their product, this one is a simple follow-on from those. Nothing else will do it, there just aren't enough OSS enthusiasts around to keep playing catchup with what phone vendors are doing.

        • Governments legislate that phone vendors have to provide updates for at least seven years after first sale.

          FTFY

          • The battery won't last seven years. Until we have better energy storage technology, three makes much more sense.

            • Replaceable batteries. My Microsoft Lumia 950 has one of those. I think the only reason not to have one is to make sure you buy a new phone after a few years. (I've heard that the replaceable battery makes the phone thicker. I don't care.)

      • A phone with an unlocked bootloader is an extreme problem in terms of security. I relock my bootloader every time i finish installing a custom firmware.

        With an unlocked bootloader (or even custom recovery), you left a gaping security hole that anyone can modify the boot sequence \ software. They can, for example, shim your touch interface driver and capture all input. Modify the OS...

        Please, for the love of security, don't speak and don't do unless you understand the risks involved.

      • There's a HUGE difference between an unlocked bootloader and an unlockable bootloader.

        Most phones save a few have an unlockable bootloader. Precisely 0 factory devices have an unlocked bootloader

    • by Tough Love ( 215404 ) on Saturday October 06, 2018 @04:55PM (#57439064)

      As the mountains of orphaned but still perfectly functional phones continue to pile up, interest in and support for community supported custom ROMs continues to increase, LineageOS being the leading project. Because vendors aren't releasing the necessary technical details, a lot of this is reverse engineering and binary hacks to use the phone's original hardware drivers, while updating the kernel and all the libraries using open source Android. There is just an endless supply of hardware to play with, which is all basically free. I myself have a perfectly functional Nexus 4 sitting here, useless because Google refused to provide an update to fix the notorious navigation button touchscreen bug. So that makes it a toy to play with custom roms, nothing to lose, and a functional phone to gain.

      By the way, the Nexus was replace by a Moto. I'm never buying hardware from Google again because they got arrogant and don't stand behind it, never mind the Apple envy pricing.

      • Nope, most people won't do a procedure not endorsed by the manufacturer such as flashing an unofficial ROM, a procedure that is user unfriendly to begin with. They 'll just keep using their unpatched devices. A look at Google's own distribution chart is enough to prove this point. Any pre-Nougat devices shown there are guaranteed to be unpatched and hence potentially vulnerable to a "golden" exploit.
        • Nope, most people won't do a procedure not endorsed by the manufacturer such as flashing an unofficial ROM

          Most people don't need to do the procedure. One nerd or one screwdriver shop can do hundreds of these. The thing is, these phones are basically free because without a ROM update they are useless. By my count, orphaned smartphones already outnumber in service ones. Everybody has a couple stashed away in a drawer.

          • Most people won't go to a nerd with a screwdriver to fix a phone that works. For example, an Android 5.1.1 phone appears to the owner to work "just fine", despite missing several security patches. Again, Google's own dashboard is pretty telling on the state of the Android ecosystem when it comes to security patching. Every pre-Nougat device you see there is running unpatched (but appears to be running just fine to the owner).
            • They'll ebay it for next to nothing. It will keep changing hands for less and less money until it ends up in the hands of somebody who know how to reflash it. Especially if reflashing is easy, and it is. Then it goes from being junk to being a fun toy again. This is going to happen to some fraction of used phones, the only question is, how many. You can be sure it will increase over time as more rescue candidates heap up at the bottom.

              • But until they eBay it for next to nothing, they will be running an unpatched phone, as Google Dashboard stats show.
                • I'm talking about phones that are already out of service because the owner owns a newer one. As I see it, a lot of these become toys for playing with custom roms. I've got two of those now, how about you? Some of those will actually go back into service because of running the latest, fully patched Android release. Something you can hand your kids without getting to worked up if it gets lost, broken or stolen.

                  • Yes, I am sure this happens. But again, the official figures from Google show that there are KitKat, Lollipop and Marshmallow phones (with their factory unpatched ROM) in service in far greater numbers than you think. And that's a security problem. The Google dashboard doesn't measure activated devices but active devices.
                    • My Kitkat phone is useless because many important apps won't install on it. Over time, that factor alone will create enough pressure to create the "rescue" segment.

                    • But your phone went through a stage where it got apps but no security updates. This is the stage Lollipop phones are now. And there lies the security risk: These phones are perfectly functional and can run most play store apps but are unpatched, and the Google dashboard stats confirm that these phones are indeed active and used. Can't say it in simpler terms. Cheers.
    • A lack of driver source code could be a problem upgrading the kernel from for example 4.4 to 4.9, since internal kernel interfaces may have changed. However, upgrading the kernel from 4.4.7 to 4.4.123 will only include bug fixes with no interface changes and the vast majority of consumer electronics manufacturers aren't doing those upgrades either.

      • by Anonymous Coward

        As someone who has lived through the 1.2, 2.0, 2.2, 2.4, 2.6, 3.x, and 4.x kernel minors, I can tell you that there can be a lot of API/ABI flux even in patchlevel updates. 2.6.9-2.6.10 and 2.6.31 to 2.6.32 I believe were the most heinous. 2.2 and 2.4 also had similar issues where newer versions required everything from different compilers to different glibcs to work together properly.

        Maybe these particular patchlevels didn't, but it merits scrutiny.

        • The third digit since 3.0 is comparable to the fourth digit before 3.0.

          • Sorry, number, not digit. In any case, the patch level is the last number in the series and since 3.0 the version number was shortened from 4 numbers to 3 numbers.

    • by jonwil ( 467024 )

      The biggest problems with updating kernels are vendors who don't comply with the GPL (not releasing kernel source at all, releasing incomplete kernel source, releasing kernel source that doesn't match the shipping binaries, taking forever to release kernel source after a new update to the device, stuff like that) and vendors who lock down the devices so that replacing the kernel isn't possible.

    • Its always been the same issue, over and over and over. If you need sources for 3rd party closed drivers, you cant update the kernel without them.

      This needs to be fixed. This will fix everything, older android can be updated, linux systems like phones and tablets can be updated, forever.

      You don't need the sources if a kernel module to load the binary driver is provided (like how the nVidia linux drivers work) or if the kernel provides a stable ABI (like the way Windows works). It's nice to say "well every manufacturer of hardware should just release all their driver code as open source" but it's just not realistic, and anyway somebody has to then maintain that driver code and there is a cost to doing that.

  • by nospam007 ( 722110 ) * on Saturday October 06, 2018 @04:45PM (#57439034)

    Saul Goodman?

  • by Uldis Segliņš ( 4468089 ) on Saturday October 06, 2018 @10:49PM (#57439902)
    Phone vendors can not and do not want to support their phones software long term. That is fair deal. But the users should not suffer from that. We need a separation of hardware and software. Like on a PC, where I can update kernel, change repositories, install a new graphics driver, dual boot etc. Not like on phones now, where whole system has to be flashed just to get newer kernel with current security added. And this is a rock in Googles garden. They should make this change in Androids concepts. Require published interoperability documentation for components, standardisation of APIs. And make the first repository to be used regardless of phone model. Then other phone manufacturers could just add own repos with some specific drivers etc. Independent repos with fixes would pop up immediately. No need to reinwent the wheel.
    • Maybe that's what Android needs, a hypervisor, and what we know now as Android the operating system could just run as a VM. All the physical device drivers could be abstracted as virtual devices and supported in the OS with open source virtual device drivers.

      This would at least make the OS itself easier to update. The hypervisor would probably need updating as well, but I'd wager less often than the actual OS and without the burden of physical device drivers to worry about it could happen more often.

  • Back when the fit hit the shan with this issue, I found a reliable resource which stated which phones were vulnerable and which were not. I have a Samsung Galaxy something-or-other and its processor turns out not to be affected. The kernel is from early 2017 and I'm not particularly happy with that but this particular problem is a non-issue for a massive number of users.

  • by rainer_d ( 115765 ) on Sunday October 07, 2018 @12:12PM (#57441460) Homepage

    There's no income from updating android on a phone already sold. It's actually negative income because a new one doesn't get sold.
    Google may make some profit on the ads, but nothing of that reaches the vendor.

    Apple has Music, iCloud, the AppStore. When they provide an update to iOS on a five year old phone, people continue to use it and buy apps, in-app purchases , iCloud storage for it (and maybe an AppleMusic subscription). That, combined with a nice profit on the hardware itself, is apparently enough for them to backport all the fixes and all the performance-improvements five years down the hardware memory-lane.

  • The OP (and this is quoted directly from the linked-to article, which is no more enlightening):

    "...aside from the Google Pixel, most Android phones don't include the additional hardening features, meaning all those phones are vulnerable...I went out and bought all the top of the line phones based on kernel 4.4 to see which one actually updated. I found only one company that updated their kernel..."

    Color me confused. Is he saying that only Google (Pixel) updated their kernel? Or that one unnamed company (n

  • Maybe Fedora updates on a regular base, RHEL (Redhat Enterprise Linux) does not.

Never test for an error condition you don't know how to handle. -- Steinbach

Working...