Jim Laurent's Weblog

While I can definitely see the value of SE Linux as an embedded play, given the constantly changing kernel revisions for the myriad of Linux distros, and the requirement for a certified OS/App/HW stack to be "locked down", I cannot imagine anyone broadly using SE Linux. The Linux kernel moves so fast and evolves without compatibility, and certification is so slow in comparison. The lack of compatibility in kernel updates is the problem with Linux.

I realize a static, certified stack is the case with most trusted computing, but Solaris' application and driver compatibility model has to offer much more flexibility on the part of the end user.

With Linux, a hardware vendor must develop and manage as many Linux driver versions as Linux kernel sub-revisions they wish to support. I don't mean Linux 2.4 vs. Linux 2.6. I don't mean 32-bit vs. 64-bit x86, nor do I mean AMD64 vs. EM64T 64-bit variations of 64-bitness. I mean the different Linux kernel revisions on which each Linux distributor bases their distributions, and the distribution updates. For example, Red Hat Enterprise Linux 4 currently has three Linux 2.6 kernel revisions, 2.6.9-11, 2.6.9-22, and 2.6.9-34 depending on the update. SuSE Linux Enterprise Server 9 uses 2.6.5-7.191 and 2.6.5-7.244 kernels. That is five kernel revisions hardware and software developers have to worry about. But that is not all. You may have uniprocessor, smp, bigsmp, and hugemem implementations of each kernel.

Compare this to the Solaris model. There are no separate driver packages for Solaris 10 3/05, Solaris 10 1/06, Solaris 10 6/06, and Solaris 10 11/06. These Solaris revisions are updates to the base product, and therefore equivalent to Red Hat's 2.6.9-11, 2.6.9-22, and 2.6.9-34 kernel revisions. And you don't have the up/smp/bigsmp etc. subversions in Solaris.

In trusted computing, longevity and supportability are important attributes. API and driver compatibility help provide longevity and supportability.

Posted by Mark on December 18, 2006 at 10:20 AM EST #