Coldkernel on Qubes pt.1

December 12, 2016

We are currently working on supporting both Debian and Fedora TemplateVMs, however the below instructions assume a Debian 8 TemplateVM.

It is suggested that you create a dedicated Debian TemplateVM for experimenting with coldkernel. This support is very experimental, and may result in broken Templates.

Configuring Debian TemplateVM

First, change your max storage size to be 10GB (you can likely get away with anything over 4GB, however running out of disk space at the end of a build can be frustrating).

Fix sources.list

Open /etc/apt/sources.list and uncomment the lines starting with deb-src . It should look something like this:

deb http://httpredir.debian.org/debian jessie main contrib non-free deb-src http://httpredir.debian.org/debian jessie main contrib non-free deb http://security.debian.org jessie/updates main contrib non-free deb-src http://security.debian.org jessie/updates main contrib non-free

Installing dependencies

Run in dom0:

sudo qubes-dom0-update grub2-xen

Run in your Debian TemplateVM:

sudo apt install qubes-kernel-vm-support grub2-common sudo apt install paxctl bc wget gnupg fakeroot build-essential devscripts libfile-fcntllock-perl git gcc-4.9-plugin-dev sudo apt-get build-dep linux

Building coldkernel

Cloning and verification

Once dependencies are installed, clone and verify the coldkernel build scripts on your TemplateVM:

wget "https://coldhak.ca/coldhak/keys/coldhak.asc" -O coldhak.asc gpg --import coldhak.asc git clone https://github.com/coldhakca/coldkernel cd coldkernel git verify-tag coldkernel-0.9a-4.8.13 git checkout tags/coldkernel-0.9a-4.8.13

Building

Next, begin the coldkernel build. This step may take multiple hours depending on your hardware.

make qubes-guest

Installing coldkernel

Run in your Debian TemplateVM post-build:

wget https://grsecurity.net/paxctld/paxctld_1.2.1-1_amd64. { deb,deb.sig } gpg --homedir = .gnupg --verify paxctld_1.2.1-1_amd64. { deb.sig,deb } sudo dpkg -i paxctld_1.2.1-1_amd64.deb sudo make install-deb sudo cp paxctld.conf /etc/paxctld.conf sudo paxctld -d sudo systemctl enable paxctld sudo mkdir /boot/grub sudo update-grub2 sudo shutdown -h now

Post-install TemplateVM configuration

Once the TemplateVM has been shutdown, you can change the kernel in the Qubes VM manager to pvgrub and start the VM.