BaochengSu
commented
3 months ago Dear Stefano,
According to [1], the "upstream" kernel you mentioned is the "mainline tree":
Mainline tree is maintained by Linus Torvalds. It's the tree where all new features are introduced and where all the exciting new development happens. New mainline kernels are released every 9-10 weeks
This tree is where the development happens and is considered "unstable"; hence, it should not be used for production purposes as new feature introductions may bring breakages.
When choosing the kernel version for an industrial IoT device, we considered the following factors:
-. Stable. This is the key factor for an industrial application. -. Long Term Maintenance. Industrial devices tend to have long lifecycles; the longer the maintenance time, the better.
This means we should at least choose the Longterm release category. This is why we chose 6.1, which was the latest LTS version when we were planning the latest kernel version bump.
Another factor is that Debian 12 also uses 6.1 as its kernel version, so we are aligned with Debian 12.
Additionally, the CIP [2] project provides a super-long-term stable kernel program to extend the maintenance lifecycle for a minimum of 10 years after its initial release. This is why we chose the CIP kernel flavor (the -cipN postfix).
Regarding the CVE-2024-1086 patch, from [3], you can see it has been backported into v6.1 LTS, specifically the v6.1.76 version. So it will be integrated into the example image kernel in the next kernel version bump.
SCordibella
jan-kiszka
Dear All, I just want to know the the difference between the default kernel for iot2050 (6.1.54-cip6) and the upstream one. I see that the upstream is more updated (6.10 at the time of writing) and I guess to choose that kernel since it contains security patch like the one for CVE 2024-1086 .
Are there other significant changes between the two kernels?
Best regards, Stefano.