gnu-linux-libre
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNU-linux-libre] Fully FOSS Tails OS

From: parazyd
Subject: Re: [GNU-linux-libre] Fully FOSS Tails OS
Date: Mon, 27 Feb 2017 12:57:13 +0100
User-agent: Jaro Mail <https://www.dyne.org/software/jaromail> 
Greetings!

I've successfully managed to deblob the kernel after patching with
grsec.

I maintain my own repository of the kernel, and you can see the process
by looking at the commits: https://gogs.dyne.org/heads/linux-heads

Basically, I've started with a vanilla 4.4 (using the configs from
Alpine Linux, with some modifications (can be found here:
https://gogs.dyne.org/heads/build-system/src/master/extra/heads-amd64.config))

Afterwards, patched to 4.4.45, then applied grsec, and aufs4 (in that
order).

Grabbed the linux-libre scripts, and they ran successfully :)

A preview of heads is being released tomorrow, so you can try it out!
The website is at https://heads.dyne.org


Best regards!


On Mon, 27 Feb 2017, Kurtis Hanna wrote:

> I'd love to hear about any updates on Heads. I'm very excited about the
> project.
> 
> Peace & Blessings,
> Kurtis
> 
> Jaromil:
> > 
> > 
> > dear Luke,
> > 
> > Many thanks for your detailed response, I include Parazyd in cc:
> > 
> > I hope we can join forces and rely on your effort for Parabola, then
> > we'll also look for ways to make your work more sustainable.
> > 
> > On Sun, 15 Jan 2017, Luke wrote:
> > 
> >> On 01/15/2017 08:46 AM, Jaromil wrote:
> >>> I'll take the occasion to pose a question we have unanswered at the
> >>> moment: because of our plan to make heads really secure, the wish is
> >>> that of applying the -grsec patch to linux-libre.
> >>>
> >>> is there any concern regarding the free nature of the -grsec patch?
> >>
> >> There are non-free blobs in the grsec patch since 2015[1], Parabola is
> >> currently removing them for our grsec kernel.
> >> You can either use these deblobbed ones or remove the non-free firmware
> >> on your own.[2]
> >>
> >> I e-mailed spender about the issue and he provided a python script which
> >> removes *all* firmware. Unfortunately, it also removes free firmware
> >> since the script does not have any sanity checks.[3] It could be useful
> >> to revisit this script and get it working properly to automate blob /
> >> non-free firmware removal.
> >>
> >> [1] https://forums.grsecurity.net/viewtopic.php?f=3&t=4209
> >>
> >> [2] https://repomirror.parabola.nu/other/grsecurity-libre/test/
> >>
> >> [3] https://lists.parabola.nu/pipermail/dev/2016-December/004667.html
> >>
> >>
-- 
~ parazyd
GPG: 0333 7671 FDE7 5BB6 A85E  C91F B876 CB44 FA1B 0274
reply via email to
[Prev in Thread] Current Thread [Next in Thread]