diff options
| -rw-r--r-- | design/stack.page | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/design/stack.page b/design/stack.page new file mode 100644 index 0000000..b4e9799 --- /dev/null +++ b/design/stack.page @@ -0,0 +1,21 @@ + +short term base firmware: + +- custom OpenWRT build with LXC support, eglibc + +long term base kernel/firmware: + +- hardened OpenWRT (uclibc?) or minimalist hardened debian +- < 128MB kernel+rootfs +- NanoBSD-style dual partition upgrade procedure + - read-only rootfs + - fixed size writable /var and /etc + - possibly a small overlayfs +- automatic fetching and application of signed security updates +- bundle helpful services, but do not enable them by default + +guest os userspace: + +- debian 7 (wheezy) +- with as many security build flags enabled as possible +- manage with blueprint? |