[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU-linux-libre] Fully FOSS Tails OS
From: |
parazyd |
Subject: |
Re: [GNU-linux-libre] Fully FOSS Tails OS |
Date: |
Mon, 27 Feb 2017 12:57:13 +0100 |
User-agent: |
Jaro Mail <https://www.dyne.org/software/jaromail> |
Greetings!
I've successfully managed to deblob the kernel after patching with
grsec.
I maintain my own repository of the kernel, and you can see the process
by looking at the commits: https://gogs.dyne.org/heads/linux-heads
Basically, I've started with a vanilla 4.4 (using the configs from
Alpine Linux, with some modifications (can be found here:
https://gogs.dyne.org/heads/build-system/src/master/extra/heads-amd64.config))
Afterwards, patched to 4.4.45, then applied grsec, and aufs4 (in that
order).
Grabbed the linux-libre scripts, and they ran successfully :)
A preview of heads is being released tomorrow, so you can try it out!
The website is at https://heads.dyne.org
Best regards!
On Mon, 27 Feb 2017, Kurtis Hanna wrote:
> I'd love to hear about any updates on Heads. I'm very excited about the
> project.
>
> Peace & Blessings,
> Kurtis
>
> Jaromil:
> >
> >
> > dear Luke,
> >
> > Many thanks for your detailed response, I include Parazyd in cc:
> >
> > I hope we can join forces and rely on your effort for Parabola, then
> > we'll also look for ways to make your work more sustainable.
> >
> > On Sun, 15 Jan 2017, Luke wrote:
> >
> >> On 01/15/2017 08:46 AM, Jaromil wrote:
> >>> I'll take the occasion to pose a question we have unanswered at the
> >>> moment: because of our plan to make heads really secure, the wish is
> >>> that of applying the -grsec patch to linux-libre.
> >>>
> >>> is there any concern regarding the free nature of the -grsec patch?
> >>
> >> There are non-free blobs in the grsec patch since 2015[1], Parabola is
> >> currently removing them for our grsec kernel.
> >> You can either use these deblobbed ones or remove the non-free firmware
> >> on your own.[2]
> >>
> >> I e-mailed spender about the issue and he provided a python script which
> >> removes *all* firmware. Unfortunately, it also removes free firmware
> >> since the script does not have any sanity checks.[3] It could be useful
> >> to revisit this script and get it working properly to automate blob /
> >> non-free firmware removal.
> >>
> >> [1] https://forums.grsecurity.net/viewtopic.php?f=3&t=4209
> >>
> >> [2] https://repomirror.parabola.nu/other/grsecurity-libre/test/
> >>
> >> [3] https://lists.parabola.nu/pipermail/dev/2016-December/004667.html
> >>
> >>
--
~ parazyd
GPG: 0333 7671 FDE7 5BB6 A85E C91F B876 CB44 FA1B 0274