Linux-raspi2 Version (Security Updates)


#1

Hi everyone,

I’m sorry if this is too noob a question, but I’m new to using Ubuntu Core.

I’m running Ubuntu Core on a Raspberry Pi 3 Model B. I read in the Ubuntu Security Notices that there was an issue affecting linux-raspi2 (as far as I understand, it’s the Linux kernel for Ubuntu Core): https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000364.html. When checking the current release in the package information (https://launchpad.net/ubuntu/xenial/+source/linux-raspi2), it seems as though the patched version had already been shipped, but I’ve been trying to upgrade with snap refresh and sudo snap refresh since I read the blog post last Friday and it keeps showing me the installed version is 4.4.0-1030-3. It says there is no new version available. I’m on the stable channel. When I run snap info pi2-kernel, this is the info that I get:

snap info pi2-kernel
name:      pi2-kernel
summary:   "The canonical raspi2 armhf kernel"
publisher: canonical
description: |
  The Ubuntu linux-raspi2 kernel package as a snap
type:        kernel
tracking:    stable
installed:   4.4.0-1030-3 (22) 89MB -
refreshed:   2016-10-26 06:36:06 -0500 COT
channels:                       
  stable:    4.4.0-1030-3  (22) 89MB  -
  candidate: 4.4.0-1051.52 (29) 100MB -
  beta:      4.4.0-1059.67 (33) 103MB -
  edge:      4.4.0-1051.52 (30) 100MB -

Might there be something wrong with my Pi or my setup, or am I just worried for no reason?

Thanks for your help!


#2

we sadly have a serious issue with the stable pi images, the broadcom bootloader will refuse to boot with a newer kernel and there is no mechanism yet to update the gadget snap. if you installed from a stable image you will be stuck until gadget updates are implemented (there is a snappy sprint this week where exactly this will be worked on but i assume this will still take a bit to actually land).

one way to get a new kernel (and gadget) as a workaround is to use a daily built image from http://people.canonical.com/~ogra/snappy/all-snaps/daily/
which builds from the edge channel, will get daily updates and comes with a newer gadget snap.
to keep the rootfs on stable you can “snap refresh core --stable” after installation, that way you get the new gadget, regular kernel updates and a stable rootfs.

sorry for the inconvenience …


Updating bootloader assets in the gadget snap
#3

Thanks for the quick and complete answer, @ogra --and I just realized you’re this ogra. It’s not an inconvenience at all. Ubuntu Core is a work in progress and it’s good to know that issue will be addressed. I’ll just download and install the daily build following your instructions. Thanks for being so responsive and welcoming!


#4

Are there any news on this?

Thanks!


#5

#6

What is the current status @ogra?


#7

the status is logged at:

@mvo is working on it …


Upgrade kernel to version past 4.4 on Core for Raspberry Pi 3