I’ve got an old HP laptop which I’ve been running a Jenkins server on for years. The fan died back in like 2018, and I just kept putting off buying a replacement, so it has been running with no fan for 7 years now. Remarkably it still works fine, although a but slower than it used to thanks to thermal throttling :P

This guy (Roscoe) is one of my professors and I’ve heard him give a few talks related to this before, so I’ll try to summarize the problem:

Basically, modern systems do not really match with the classic model of “there’s a some memory and perhipheral devices attached to a bus, and they’re all driven by the CPU running a kernel which is responsible for controlling everything”. Practically every component has it’s own memory and processor(s), each running their own software independently of the main kernel (sometime even with their own separate kernel!), there are separate buses completely inaccessible to the CPU specifically for communicating between components, often virtually every component is directly attached to the memory bus and therefore bypasses the CPU’s memory protection mechanisms, and a lot of these hidden coprocessors are completely undocumented. A modern smartphone SoC can have 10s of separate processors all running their own software independently of each other.

This is bad for a lot of reasons, most importantly that it becomes basically impossible to reason about the correctness or security of the system when the “OS kernel” is actually just one of many equally privileged devices sharing the same bus. An example of what this allows: it is (or was) possible to send malformed WiFi packets and trigger a buffer overrun in certain mobile WiFi modems, allowing an attacker to get arbitrary code execution on the modem and then use that to overwrite the linux kernel in main memory, thus achieving full kernel-level RCE with no user interaction required. You can have the most security-hardened linux kernel you want, but that doesn’t mean a damn thing if any one of dozens of other processors can just… overwrite your code or read sensitive data directly from applications!

As I understand it, the goal of these projects is basically to make the kernel truly control all the hardware again, by having them also provide the firmware/control software for every component in the system. Obviously this requires a very different approach than conventional kernel designs, which basically just assume they rule the machine.