blob: b4e97999cba9e328f83b43f56e6d331e58ff65d0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
short term base firmware:
- custom OpenWRT build with LXC support, eglibc
long term base kernel/firmware:
- hardened OpenWRT (uclibc?) or minimalist hardened debian
- < 128MB kernel+rootfs
- NanoBSD-style dual partition upgrade procedure
- read-only rootfs
- fixed size writable /var and /etc
- possibly a small overlayfs
- automatic fetching and application of signed security updates
- bundle helpful services, but do not enable them by default
guest os userspace:
- debian 7 (wheezy)
- with as many security build flags enabled as possible
- manage with blueprint?
|