L4T Security Patches / Kernel Updates

Hey,

I am most concerned and sad about the current development of the new Jetson Nano roadmap, as discussed in this thread [1]. I am currently developing a new product using the Jetson Nano and would have loved to use the Nano. It would be the ideal choice. We are planning for a lifetime of 8+ years.

Security updates are a top priority for us, as the Nano would be directly connected to the internet. Maybe some Nvidia officials could clarify the situation, especially about the two following points:

The official documentation [2] points to the current kernel sources located here [3], i.e., tegra-l4t-r32.5.1. The last security patch from the official Linux kernel I could identify is the merge “Merge branch ‘android-201’ into rel-32” if I see it correctly. Now, Android-201 is using Linux 4.9.201, which was released on November 16th, 2019. After this merge, I couldn’t find any other security/bugfix patches from the official Linux kernel merged to the L4T kernel. Quickly scanning over the kernel log revealed that over 5000 security/bugfix patches of 18 months are not in the current L4T kernel. In the case I looked at the wrong L4T kernel tree, I would love to get a pointer to the correct tree.

However, I am also worried that there won’t be any backported patches to the 4.9 L4T kernel after the official EOL of mainline Linux kernel 4.9 on Jan’23.

In the last post in [1] suhash wrote:
“For the future, we are working towards enabling developers and customers to bring different kernel and distributions on Jetson for greater flexibility.”

Does this statement include the current Jetson Nano or only future devices?

Is there any current (experimental) 5.10 based kernel, with hardware acceleration, for current Jetson Nano devices?

[1] Jetson Software Roadmap for 2H-2021 and 2022
[2] nv-tegra.nvidia.com Git - linux-4.9.git/summary
[3] nv-tegra.nvidia.com Git - linux-4.9.git/shortlog

1 Like

hello mander1000,

could you please share the criteria of your secure process.
note, Jetson Nano series did not support Trusty. there’s no trusty sources if you download the t210 source package.

NO. we don’t

@JerryChang

Have there been any kernel security updates since this one?

https://nv-tegra.nvidia.com/gitweb/?p=linux-4.9.git;a=commit;h=2608a4e64947853c9eb4e659913cf5bdf38b1b68

hello mdegans,

yes, I see several related changes has check-in to the rel-32 release code-line, which will be the next JetPack public release candidate.
as you can see, JetPack-4.6 is our next production release, currently scheduled for July 2021.
thanks

Thanks for your reply Jerry. Could you point us to one of these patches. Or are you saying that these patches are not released yet and will come with the JetPack release in July?

hello mander1000,

since I’ve just went through the code-line and there’ll be changes include into JetPack-4.6 public release. I don’t sure what’s the bug fix you’re looking for, could you please point-out?

Hello Jerry,

I’m looking for all of the 5500+ bug fixes which were committed to the official Linux kernel between Linux 4.9.201 and Linux 4.9.271. For a list of patches, please see kernel/git/stable/linux.git - Linux kernel stable tree

hello zhuyonghui,

we are doing minor version upgrade and eventually reach 4.9.271
thanks

So you did not reach any version after 4.9.201 yet? Is that correct?

hello mander1000,

that’s correct, as you can see in the r32.5.1 release git logs.