summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2012-11-13 23:28:26 +0100
committerbnewbold <bnewbold@robocracy.org>2012-11-13 23:28:26 +0100
commitc4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7 (patch)
tree77f101bdba016693f6676830b91cfcd05301ebd7
parentdb54f77c4d7ed5bca710a3f684d38baa35c282bb (diff)
downloadrooter_wiki-c4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7.zip
rooter_wiki-c4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7.tar.gz
basic sw stack notes
-rw-r--r--design/stack.page21
1 files changed, 21 insertions, 0 deletions
diff --git a/design/stack.page b/design/stack.page
new file mode 100644
index 0000000..b4e9799
--- /dev/null
+++ b/design/stack.page
@@ -0,0 +1,21 @@
+
+short term base firmware:
+
+- custom OpenWRT build with LXC support, eglibc
+
+long term base kernel/firmware:
+
+- hardened OpenWRT (uclibc?) or minimalist hardened debian
+- < 128MB kernel+rootfs
+- NanoBSD-style dual partition upgrade procedure
+ - read-only rootfs
+ - fixed size writable /var and /etc
+ - possibly a small overlayfs
+- automatic fetching and application of signed security updates
+- bundle helpful services, but do not enable them by default
+
+guest os userspace:
+
+- debian 7 (wheezy)
+- with as many security build flags enabled as possible
+- manage with blueprint?