[lupire]

Is something wrong with using Fuchsia kernel insted of Linux?

It's open source and it has a modern, secure capability architecture.

Running Linux binaries, not just source code, is a design goal of Fuchsia: https://news.ycombinator.com/item?id=26104667

[posguy]

Fuchsia has separated the drivers from the kernel[1], enabling proprietary drivers that are never updated to become acceptable. This can result in Blueborne[2], GPU vulnerabilities[3], and any other proprietary driver remaining permanently vulnerable as the hardware manufacturer has no incentive to update the driver.

In Fuchsia's model, you can run the latest OS with these vulnerable, non-updated drivers, or your device ODM could even release nothing and you don't have the GPLv2 to fall back on to get the Board Support Package for your hardware to build your own updates with.

1 - https://www.theverge.com/2020/12/8/22163225/google-fuchsia-o...

2 - https://en.wikipedia.org/wiki/BlueBorne_(security_vulnerabil...

3 - https://redd.it/s48lz

[spankalee]

Those types of driver vulnerabilities are exactly why Fuchsia's sandboxed driver model is needed.

[kelnos]

I see that as a sort of capitulation. What is actually needed is manufacturers who remain responsible and responsive when it comes to the quality of their drivers. They need to support them much longer than they currently do, and they need to release security fixes promptly.

I think having a sandboxed driver model is a great idea in general, but this will only encourage hardware manufacturers to care even less about supporting their drivers beyond the initial more-or-less-working release.

[zepto]

> What is actually needed is manufacturers who remain responsible and responsive when it comes to the quality of their drivers. They need to support them much longer than they currently do, and they need to release security fixes promptly.

That requires a level of investment in engineering competence that they aren’t doing because there is little incentive.

How would you suggest changing that?

[fsflover]

When the support ends, drivers must be open-sourced.

[zepto]

That’s just a wish.

How do you create the incentive for it?

[fabrice_d]

Fuchsia has a lot of good features technically, there is no doubt about that - it was time to revisit how an OS should be designed given the usage patterns of devices it powers. I hope the capability model will put to rest the insanity that is SELinux (just look at the amount and complexity of SELinux rules in AOSP). The license choice for the kernel is more controversial, but no one expected Google to ship under the GPL.

It also happens to solve some of the pain points with Android: in a way it is "Project Treble on steroids" aiming to resolve the issue with fragmentation and lack of long term support from Android chipsets and OEMs.

[fragileone]

Except there still won't be long-term support from OEMs, you've instead just pushed the security responsibility onto Fuschia and hoping that the kernel maintaining a strong sandbox will be sufficient to mitigate all driver security vulnerabilities (hint: it won't be).

[ognarb]

Most (all?) the drivers will be closed source since the license allows it.

[posguy]

Worse yet, the OS itself is non-GPL, an OEM can modify Fuchsia outside just the drivers to support their device (eg: create a board support package) and never release their modifications to their customers, meaning the community can't compile their own updates to the software running on the device (worse than our current Android situation).

[Google234]

At least they won’t break with every minor update.

[fabrice_d]

Unless the OEMs customize the whole stack to only allow the kernel to talk to their drivers. That is only enforceable by legal constraints from Google akin to the CTS [0].

[0] https://source.android.com/compatibility/cts