Build script for Fedora added | Documentation update

README.md

@@ -1,30 +1,15 @@
 ### Steps to create
 1. Set the KVER variable to which version you want to obtain from Anthraxx's linux-hardened repository
-2. Run `bash kernel_build.sh`
-
-### Steps to import/configure release
-- Built into PlagueOS installer
-
-### Troubleshooting:
-- `lsinitrd -v /boot/initramfs-5.10."$KVER"-hardened1_1.img`
+2. Run `bash void_build.sh` if running Void Linux OR `bash fedora_build.sh` if running Fedora
 
 #### Additional Resources:
-- https://www.kernel.org/doc/html/v5.10/
-- https://github.com/Whonix/hardened-kernel
 - https://docs.clip-os.org/clipos/kernel.html
 - https://github.com/anthraxx/linux-hardened
 - https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project
-- https://notabug.org/anonymous-lestat/Void-Hardened-Kernel
 - https://madaidans-insecurities.github.io/guides/linux-hardening.html#kernel
 
 ### Trimming Efforts
-- While linux-hardened security patchsets along with kernel configurations are notable for this kernel project, the core purpose was to practice minimalism by reducing the size of the linux kernel, thereby cutting attack surface. This is not a trivial thing to record, therefore we are displaying the size purely as a point of comparison.
-
-| |PlagueOS (plague-kernel) |Whonix (LTS)|
-|--- | --- | ---|
-|Size (compressed)|159.2 MB |285.6 MB|
-
-
+- While linux-hardened security patchsets along with kernel configurations are notable for this kernel project, the purpose was to practice minimalism by reducing the size of the linux kernel, thereby cutting attack surface. This is not a trivial thing to record, therefore we are displaying the size purely as a point of comparison.
 
 
 ### Current kconfig-hardened-check results

fedora_build.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# Set VAR
+KVER='6.6.13-hardened1'
+#KVER='5.10.145-hardened1'
+#KVER='5.15.74-hardened1'
+
+# Dependencies
+sudo dnf install binutils /usr/include/{libelf.h,openssl/pkcs7.h} \
+  /usr/bin/{bc,bison,flex,gcc,git,openssl,make,perl,pahole,zstd}
+
+# Staging w/ error handling
+if [[ ! -f /usr/src/"$KVER".tar.gz ]]; then
+	/usr/bin/curl --verbose --tlsv1.3 --proto =https -L -O --url "https://github.com/anthraxx/linux-hardened/archive/refs/tags/$KVER.tar.gz"
+fi
+
+if [[ ! -d /usr/src/linux-hardened-"$KVER" ]]; then
+	tar -xf "$KVER".tar.gz -C /usr/src/
+fi
+
+cd /usr/src/linux-hardened-"$KVER"
+wget https://0xacab.org/optout/plague-kernel/-/raw/main/6.6.13-hardened.config -O .config
+
+
+# Compilation
+yes "" | make olddefconfig
+make menuconfig
+# Exit if making no changes
+
+echo "Compiling "$KVER""
+make -j $(nproc --all)
+
+# Installing kernel
+## Ensure /boot is rw
+mount -o remount,rw /boot
+command -v installkernel && sudo make modules_install install
+
+# remove sysmap/signing keys
+rm /lib/modules/"$KVER"_1/source/certs/signing_key*
+rm /lib/modules/"$KVER"_1/source/System.map
+rm /lib/modules/"$KVER"_1/source
+rm /lib/modules/"$KVER"_1/build

void_build.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # Set VAR
-KVER=''
+KVER='6.6.13-hardened1'
 #KVER='5.10.145-hardened1'
 #KVER='5.15.74-hardened1'
 
@@ -29,6 +29,7 @@ make clean
 # Compilation
 make oldconfig
 make menuconfig
+
 echo "Compiling "$KVER""
 make --jobs=$(nproc)
 make modules_install