Kernel configuration options

Mitch Bradley wmb at laptop.org
Tue Jan 1 17:39:01 EST 2008 

M. Edward (Ed) Borasky wrote:
> Mitch Bradley wrote:
>   
>>  From a security standpoint, there is an advantage to building in 
>> everything.  The main kernel is verified with a crypto signature before 
>> it is executed.  Loading a module without first verifying a 
>> similarly-strong signature weakens the security.
>>
>> Modules are a good idea for kernels that are intended to run on a wide 
>> variety of hardware.  I am in favor of treating XO like an appliance and 
>> making the kernel as monolithic as possible.
>>     
>
> I'm not familiar with the security stuff in general or this case in
> particular. But I think the "trend" in the Linux community has been
> towards more flexibility, moving stuff from kernel space to user space, etc.
>   

It depends on which part of the Linux community you focus on.

In the desktop sub-community, Linux runs on computers where 98% of the 
units of any individual model run Windows.  If you were to take a random 
sampling of 1000 Linux desktop users, you would probably find at least 
300 different hardware platforms.  In that scenario, flexibility is 
absolutely necessary, because Linux doesn't own any platform.

The situation is obviously different for Linux in embedded applications 
like little router boxes, and in server applications like Google server 
farms, but I expect that in many of those applications, the kernel is 
largely hard-compiled.

These non-desktop environments, while they probably account for a very 
substantial portion (perhaps even the marjority) of the total Linux 
installed base, don't have much "community visibility", because they are 
often done "in house" by hardware manufacturers and large organizations.

> Then again, since the *hardware* is soldered onto the mainboard and
> can't be easily expanded, why shouldn't the *kernel* be just as
> inflexible? ;)
>   
There seems to be an implied value judgment that "inflexible" is bad.

There is a tradeoff between flexibility and reliability.  One of the 
reasons why Macintoshes "just work" is because Apple doesn't have to 
deal with a near-infinite array of different hardware.

One of my goals for OLPC is to make a machine that "just works".  When I 
was younger, I used to be excited by every shiny new thing, but over 
time, I got pretty tired of spending a lot of time fixing stuff that was 
continually broken due to random churn in hardware and software.

EMACS (my favorite editor) is perhaps the most flexible editor on the 
planet.  One of its core flexibilities is the ability to rebind any key 
to any function.  That makes it difficult, bordering on impossible, to 
support EMACS in a community of diverse users, because you never know 
what you are dealing with for any given user.

Jaron Lanier, in this controversial essay  
http://discovermagazine.com/2007/dec/long-live-closed-source-software
argues that pinning down large portions of a system can be very 
advantageous in some respects.

Everything is a tradeoff.


> _______________________________________________
> Devel mailing list
> Devel at lists.laptop.org
> http://lists.laptop.org/listinfo/devel
>

More information about the Devel mailing list