Linux Kernel Discussion - CIP/Long-term & More


This is related to Qubes, just as the ‘spectrum os’ thread is, so placed in General Discussion. (Unless it belongs in All Around Qubes? I’m never quite sure).

I’m seeking advice from linux kernel ‘experts’.


I’m currently setting up a custom Thinkpad T430 and shall be compiling ‘ultra-minimal’ linux kernels.
The relevance to Qubes is to increase security by eliminating or mitigating a number of vulnerabilities such as VM-VM co-operation attacks, kernel vulns, linux package vulns, or other vulns such as hardware or xen vulns enabled by execution of unnecessary kernel code.

I’ve a number of questions:

  1. Besides the below, are there any other long-term/super-long-term-supported kernels, including by any other projects/teams not mentioned?

I’m currently aware of:
The Linux Kernel Archives - Releases
civilinfrastructureplatform:start [Wiki]

  1. What are the relevant* abstract code/content differences (aside from h/w compatability/drivers) between the long-term-supported kernel versions? (specifically: 4.4, 4.19, 5.1).
    *i/e functionality&/security.

2.1) Following from 2), assuming a reduced functionality in ex-LTS kernels 3.2 and 3.12, could it be beneficial to use such kernels today with custom-security patches, or would the maintenance for said patches be disproportionately-time-consuming? (Is there any super-long-term-support for 3.2 or 3.12?).

2.2) Following from 2 and 2.1), can you please provide/refer-to some reading/knowledge in regards to applying custom security patches?

  1. Could you please provide in general any in-depth/advanced custom/minimal linux kernel reading? (i.e. more in depth than the make GUI).