Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Fresh install with hardened sources, wayland, sway
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Installing Gentoo
View previous topic :: View next topic  
Author Message
Tomogui
n00b
n00b


Joined: 27 Aug 2016
Posts: 8

PostPosted: Tue Jun 06, 2017 1:03 pm    Post subject: Fresh install with hardened sources, wayland, sway Reply with quote

Hello everyone, I want to install gentoo on my laptop and plan on using hardened sources. I am pretty new to linux/gentoo, just want to try out some new stuff and in general be as secure as possible. i want a desktop-environment with wayland and sway as the window manager Given the fact, that there's no desktop profile and that i have never used wayland/sway before, i've been wondering, what use-flags i should specify in my make.conf? Any tips in general, as to what things i should consider? Cheers
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 43186
Location: 56N 3W

PostPosted: Tue Jun 06, 2017 1:46 pm    Post subject: Reply with quote

Tomogui,

Why do you want to use hardened-sources?

Do your research, define your threat model then deploy the defences to match your perceived threats.
That may or may not include hardened-sources. hardened-sources are part of a whole hardened system.
You will likely need the rest of it too, depending on the threats you want to defend against.

After you have defined your threat model and your defences, its time to look at USE flags.

-- edit --

Hint, you can look at the normal desktop profile and see what it sets.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
R0b0t1
Apprentice
Apprentice


Joined: 05 Jun 2008
Posts: 255

PostPosted: Tue Jun 06, 2017 2:03 pm    Post subject: Reply with quote

You don't actually need any useflags to get the setup you've described working. Generally you would enable the ones related to hardware acceleration (opengl, egl, gles2, maybe others). Anything more specific really depends on what you want to install. If you install a desktop environment that will enable many things most people tend to use.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 5761

PostPosted: Tue Jun 06, 2017 7:11 pm    Post subject: Reply with quote

Security starts at the bottom. If you're thinking you need hardened-sources then you also need trustworthy hardware: that means no Intel (backdoored RDRAND on the CPU, zero-day ME exploits, HDA audio spying), no new AMD (same problem as the ME), no nVidia (encrypted unauditable firmware, metadata harvesting in the blob driver), no proprietary BIOS (Coreboot or OpenFirmware only), no binary blob firmware (almost all modern hard disks use an ARM9 CPU).
Do that and then you're ready to start ricing the OS.
Back to top
View user's profile Send private message
R0b0t1
Apprentice
Apprentice


Joined: 05 Jun 2008
Posts: 255

PostPosted: Wed Jun 07, 2017 4:21 am    Post subject: Reply with quote

Ant P. wrote:
Security starts at the bottom. If you're thinking you need hardened-sources then you also need trustworthy hardware: that means no Intel (backdoored RDRAND on the CPU, zero-day ME exploits, HDA audio spying), no new AMD (same problem as the ME), no nVidia (encrypted unauditable firmware, metadata harvesting in the blob driver), no proprietary BIOS (Coreboot or OpenFirmware only), no binary blob firmware (almost all modern hard disks use an ARM9 CPU).
Do that and then you're ready to start ricing the OS.


And if you didn't know, there is no such modern consumer computer.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Installing Gentoo All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum