Project

General

Profile

Feature #7575

Feature #7639: Disable useless and/or dangerous kernel modules

Decide whether to remove or blocklist kernel modules

Added by Dr_Whax about 5 years ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
-
Target version:
-
Start date:
07/11/2014
Due date:
% Done:

100%

Feature Branch:
Type of work:
Research
Starter:
No
Affected tool:

Description

History

#1 Updated by Dr_Whax about 5 years ago

  • Target version deleted (Hardening_M1)

#2 Updated by Dr_Whax about 5 years ago

To clarify, currently, we ship a Debian kernel not a custom kernel, this would mean we have to integrate a custom kernel into Tails, which actually is a lot of work.

#3 Updated by intrigeri about 5 years ago

  • Subject changed from Remove or blacklist kernel modules to Decide whether to remove or blacklist kernel modules
  • Status changed from New to Confirmed
  • Assignee set to Dr_Whax
  • Parent task set to #6457

Assigned to DrWhax, who started the discussion, and is now, by default, responsible to lead it to a conclusion :)

#4 Updated by intrigeri about 5 years ago

  • Status changed from Confirmed to In Progress

#5 Updated by intrigeri about 5 years ago

  • Parent task changed from #6457 to #7639

#6 Updated by Dr_Whax about 5 years ago

I'm in the process of formulating my thoughts, preparing a proof-of-concept and updating the blueprint for it.

#7 Updated by intrigeri about 5 years ago

I'm in the process of formulating my thoughts, preparing a proof-of-concept and updating the blueprint for it.

\o/

#8 Updated by BitingBird about 5 years ago

  • Blueprint set to https://tails.boum.org/blueprint/blacklist_modules/

#9 Updated by intrigeri over 4 years ago

  • Type of work changed from Discuss to Research

Calling this a research task for now, then.

#10 Updated by intrigeri over 4 years ago

I've argued that we should "blacklist modules as an initial step, and once we're happy with the blacklist, and haven't seen serious complains about it for a few releases, then we can remove modules for real". Is there any objection to do it this way?

#11 Updated by Dr_Whax over 4 years ago

I think that's a fine idea, I started working on a page to blacklist certain modules, more then are listed as of now. I'm also happy to provide a patch accordingly to my list.

#12 Updated by intrigeri over 4 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 0 to 100

Dr_Whax wrote:

I think that's a fine idea,

OK, closing this ticket as resolved, and summed up the decision on the parent ticket.

I started working on a page to blacklist certain modules, more then are listed as of now. I'm also happy to provide a patch accordingly to my list.

That's for #6457 and https://tails.boum.org/blueprint/blacklist_modules/.

#13 Updated by mercedes508 about 1 year ago

  • Subject changed from Decide whether to remove or blacklist kernel modules to Decide whether to remove or blocklist kernel modules

Also available in: Atom PDF