I understand that you're overworked and underpaid. This is free software, so I won't demand more labor from any of you. That said, I think it would build trust to at least have a little temporary pop-up (not the right word but I dont know what it's called) on the homepage that says something like "Current kernels may be vulnerable to this bug, we're working to resolve this, here are some relevant links" and then post the kernel dot org patch for this bug and point people to the Armbian build system. Surely the amount of effort it would take to do that is equal to or even less than it took to give me such a thorough response (which I appreciate btw).

Thanks @bschnei! It built successfully. -- Success: NTIM Processing has completed successfully! Finish time: 05/05/26 20:14:07 TBB Exiting...! No input file for TIMN is supplied Total number of images to process in file[0] - 3 0 Image at offset 00000000 is TIM_ATF.bin 1 Image at offset 00004000 is wtmi.bin 2 Image at offset 00015000 is boot-image.bin Total number of images 3 Built ebu-bootloader/trusted-firmware-a/build/a3700/release/flash-image.bin successfully

I have been using Proton 11 Arm64 for weeks. It has good compatibilities in general (some games I have tested still broke). However, I prefer Proton 11 (Box64), it gives better performance.

We understand the concern, and we appreciate the effort put into testing and documenting the issue. At the same time, it is important to understand the realities of the embedded Linux ecosystem. Armbian supports a very large combination of SoCs, vendor kernels, boot chains, and downstream modifications across several hundred boards. Security response and validation in this environment is significantly more complex than in standardized desktop/server distributions. Explained here: https://github.com/armbian/build/issues/6937#issuecomment-4366571379 This is not a matter of ignoring the issue, but of limited engineering resources, kernel fragmentation, and the high cost of validating fixes safely across multiple platforms. Project can only finance security from your contributions https://github.com/sponsors/armbian volonteers or sponsors. Until none is taking this seriously, there is little what existing team members can do. We already attempted mitigation work on one of the most widely used kernel branches: https://github.com/armbian/linux-rockchip/pull/475 but even targeted fixes require substantial testing effort and may (i am sure it will) introduce regressions on affected hardware families. Current resources barely sustain even our regular release and maintenance process: https://docs.armbian.com/Process_Release-Model/ For users who need receiving upstream fixes faster and are willing to accept a higher risk of regressions on hardware feature breakage, there is always an option to switch to rolling/daily builds, where fix may already be available: https://docs.armbian.com/User-Guide_Armbian-Config/System/#rolling Tradeoff between stability, validation cost, hardware compatibility, and update speed is unfortunately a sad reality of embedded Linux maintenance.

@jock It looks like a known bug in the rk35xx u-boot code fixed by luckfox-lyra-ultra-yocto