Hi, I saw Ubuntu updated the kernel some weeks ago but the oem kernel suggested in the official guide is still the same (6.1.0-1027-oem)
I’m a little worried about bugs and security of that kernel, is the oem kernel still needed and why?
Does anyone know if there is a plan and the timing to go mainstream with the oem kernel configurations so that with can use the default Ubuntu kernel?
Thank you but not really reassuring, I expected that the oem version was a temporary solution for Ubuntu 22.04 and to be able to use the mainstream kernel after a while.
I can switch to Ubuntu 23.10 if it is now ok without changing the kernel (like Fedora 39)
The 6.1.0-1027-oem kernel comes from this. AMD for example, applies updates to this OEM kernel. You will see it evolve over time as 6.1.0-1028-oem, 6.1.0-1029-oem and so on. This is where the updating takes place.
The OEM kernel is kept up with security patches and hwe changes, OEM C is what our partners are focused on that meets with the needs of Framework laptops.
When you use the generic or hwe kernels, you are left to best efforts support. We test against OEM C only. We highly recommend using the code (paste into a terminal, press enter, enter password, reboot). This code creates an alert box when the 6.1.0-1027-oem is outdated and 6.1.0-1028-oem is released, providing a link with the next steps to get back to current.
For Framework Laptop 16 for example, we are using OEM D as the kernel to meet the needs of that configuration. I anticipate switching over to OEM D for Framework Laptop 13 in the near future as we continue to test against it.
We work with our distro partners to make sure you have a secure, stable experience.
Here is a sneak peak of something coming soon, to 22.04.
You are encouraged to use whatever you wish, however, we officially support and provided ticketed support for the heavily vetted Ubuntu 22.04.3 OEM C kernel or Fedora 39.
Thank you for the detailed answer, I understand that is for example to have a more “robust” testing environment but I confess I’m still a little concerned about security bugs, hopefully it is strongly considered.
I already followed the guide so have the code for the check of the kernel although at the moment I had it only on the administrator user.
EDIT: I forgot to ask, what about Fedora 39, can you explain why doesn’t need anything special with the kernel and uses the default?
If I may chime in, Fedora doesn’t generally have “LTS” releases like Ubuntu does. Fedora keeps the kernel up to date with whatever upstream is working on, for each release. Ubuntu LTS releases will generally be running outdated kernels compared to Fedora releases.
By the way - outdated kernel doesn’t necessarily mean insecure. Lots of old boxes and mainframes running kernels and software way past EoL. If you are worried about the firmware vulnerability - don’t be. It looks to me like it would be nearly impossible without having root access to your system.
We will not, ever, suggest folks jump onto the new LTS until we feel it’s ready. Day of release is a recipe of headaches. I imagine I will include it into official support status 30 days after release, as historically there is a flurry of patches released. I also know many folks will install it anyway. If an existing install is working, leave it alone. If the hope is that it will fix an issue, then yes, it’s worth installing day of understanding there will be bugs.
We ideally want folks on the OEM kernel as that is where our patches land fastest. How this shakes out will be TBD.