Greetings! I've successfully managed to deblob the kernel after patching with grsec.
I maintain my own repository of the kernel, and you can see the process by looking at the commits: https://gogs.dyne.org/heads/linux-heads Basically, I've started with a vanilla 4.4 (using the configs from Alpine Linux, with some modifications (can be found here: https://gogs.dyne.org/heads/build-system/src/master/extra/heads-amd64.config)) Afterwards, patched to 4.4.45, then applied grsec, and aufs4 (in that order). Grabbed the linux-libre scripts, and they ran successfully :) A preview of heads is being released tomorrow, so you can try it out! The website is at https://heads.dyne.org Best regards! On Mon, 27 Feb 2017, Kurtis Hanna wrote: > I'd love to hear about any updates on Heads. I'm very excited about the > project. > > Peace & Blessings, > Kurtis > > Jaromil: > > > > > > dear Luke, > > > > Many thanks for your detailed response, I include Parazyd in cc: > > > > I hope we can join forces and rely on your effort for Parabola, then > > we'll also look for ways to make your work more sustainable. > > > > On Sun, 15 Jan 2017, Luke wrote: > > > >> On 01/15/2017 08:46 AM, Jaromil wrote: > >>> I'll take the occasion to pose a question we have unanswered at the > >>> moment: because of our plan to make heads really secure, the wish is > >>> that of applying the -grsec patch to linux-libre. > >>> > >>> is there any concern regarding the free nature of the -grsec patch? > >> > >> There are non-free blobs in the grsec patch since 2015[1], Parabola is > >> currently removing them for our grsec kernel. > >> You can either use these deblobbed ones or remove the non-free firmware > >> on your own.[2] > >> > >> I e-mailed spender about the issue and he provided a python script which > >> removes *all* firmware. Unfortunately, it also removes free firmware > >> since the script does not have any sanity checks.[3] It could be useful > >> to revisit this script and get it working properly to automate blob / > >> non-free firmware removal. > >> > >> [1] https://forums.grsecurity.net/viewtopic.php?f=3&t=4209 > >> > >> [2] https://repomirror.parabola.nu/other/grsecurity-libre/test/ > >> > >> [3] https://lists.parabola.nu/pipermail/dev/2016-December/004667.html > >> > >> -- ~ parazyd GPG: 0333 7671 FDE7 5BB6 A85E C91F B876 CB44 FA1B 0274