I see the phone is using a Mediatek Dimensity 900. I realize projects like this always involve tradeoffs, but I am slightly concerned. I know from my previous Mediatek phones (Cosmo Communicator) that Mediatek tend to provide an outdated linux kernel for their chips, without source and without any updates.
My Questions are these:
1. What kernel is the FLX1 using?
2. What plans are there to update the FLX1 kernel?
Hi there Sword. We are currently running a patched version of the vendor kernel, for which we have backported new features and security fixes. The entire kernel is open source, including all modules (yes, that includes the Wi-Fi and GPU kernel drivers), and can be found on our GitHub.
The current version we are running is Linux FuriPhoneFLX1 4.19.233-furiphone-krypton #1 SMP PREEMPT Wed Aug 21 03:33:04 UTC 2024. There are no immediate plans to update the kernel beyond security fixes and any backports that are needed to continue running the latest userspace, as we believe most end-users will not benefit directly from doing that. Our priorities are firmly aligned with "work on whatever makes the device immediately better" - so we are mostly focused on the userspace software right now.
That being said, we do not rule out the possibility of updating the kernel. It is just a very laborious task with little perceivable gain, and we do not have time to spare at the moment.
Thanks!
Hmm pretty old. My concern with the age is the security patches. Went back 2 years in the github, but haven't seen any security patches as yet.
Security fixes are not usually marked as "SECURITY: <whatever>". We went through all the Mali security bulletins and ensured they were patched in our kernel, which is the case. Many of the Linux kernel vulnerabilities that have come out in the past few year do not affect our device for one reason or another -- often due to the kernel being old enough that the vulnerable code was not there in the first place.
I see your point though and I will see if it would be feasible to get on the CIP kernel, which is supported until 2029. I assume that by 2029 we'll either have gone bankrupt or we'll have had time to look into a newer kernel.
Awesome thank you I appreciate the detailed response.
Perhaps another way to allay concerns like mine is to include the specific security fixes in the change log with the updates eg:
CVE 2024-xxx BLE vulnerability addressed and fixed on pull #214
I realize you guys are just getting your feet under you, and I am very excited for this phone
Good idea! We haven't actually applied any new security updates explicitly (i.e. Firefox did get updates and that probably resolved security issues), but I will be sure that we point out security fixes explicitly in the changelog. Thank you for your feedback!
