From c4391ddb9afe622a5b8ad4efc62dfdd3b5e301a7 Mon Sep 17 00:00:00 2001
From: bnewbold <bnewbold@robocracy.org>
Date: Tue, 13 Nov 2012 23:28:26 +0100
Subject: basic sw stack notes

---
 design/stack.page | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 design/stack.page

diff --git a/design/stack.page b/design/stack.page
new file mode 100644
index 0000000..b4e9799
--- /dev/null
+++ b/design/stack.page
@@ -0,0 +1,21 @@
+
+short term base firmware:
+
+- custom OpenWRT build with LXC support, eglibc
+
+long term base kernel/firmware:
+
+- hardened OpenWRT (uclibc?) or minimalist hardened debian
+- < 128MB kernel+rootfs 
+- NanoBSD-style dual partition upgrade procedure
+  - read-only rootfs
+  - fixed size writable /var and /etc
+  - possibly a small overlayfs
+- automatic fetching and application of signed security updates
+- bundle helpful services, but do not enable them by default
+
+guest os userspace:
+
+- debian 7 (wheezy)
+- with as many security build flags enabled as possible
+- manage with blueprint?
-- 
cgit v1.2.3