Git-Mirrors/reliant-system
1
0
Fork 0
mirror of https://codeberg.org/andersonarc/reliant-system.git synced 2025-11-14 05:10:38 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

qubes-sflc build script and instructions

Browse source
This commit is contained in:
Anderson Rosenberg 2025-06-30 01:25:46 -04:00
parent 8f1ad19fae
commit d0a93f2442
No known key found for this signature in database
GPG key ID: 7ACF448C0590AB9C
6 changed files with 47 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitmodules vendored Normal file
View file

@ -0,0 +1,3 @@
[submodule "qubes-sflc/shufflecake-c"]
path = qubes-sflc/shufflecake-c
url = https://codeberg.org/shufflecake/shufflecake-c.git

2
qubes-sflc/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
shufflecake
dm-sflc.ko

31
qubes-sflc/BUILD.md Normal file
View file

@ -0,0 +1,31 @@
# qubes-sflc
To compile Shufflecake for QubesOS, you must first create a bootstrap qube. The template does not matter, but it will probably be easiest to use Fedora. Inside the bootstrap qube, you must install Git and Docker via
```sh
sudo dnf install -y git docker
```
or using the relevant package manager for another distribution. Then, clone the reliant-system repository,
```sh
git clone https://codeberg.org/andersonarc/reliant-system.git
cd reliant-system/qubes-sflc
git submodule update --init --recursive
```
and run the compilation script,
```sh
./build.sh
```
This will place the binaries for `shufflecake` and `dm-sflc` inside the current folder. To install them, run the following commands inside dom0 as root
```sh
qvm-run --pass-io bootstrap "cat /home/$USER/reliant-system/qubes-sflc/shufflecake" > /usr/bin/shufflecake
qvm-run --pass-io bootstrap "cat /home/$USER/reliant-system/qubes-sflc/dm-sflc.ko" > /usr/lib/modules/$(uname -r)/extra
depmod
```
where `bootstrap` is the name of your bootstrap qube. If successful, Shufflecake will now be available in your dom0 and could be used to mount secure volumes. Unfortunately, this is insufficient to securely operate the system while maintaining plausible deniability. Under normal conditions, the hidden qubes will inevitably leave some traces in the root filesystem of dom0. This is what reliant-system attempts to resolve by freezing the state of dom0.

4
qubes-sflc/Dockerfile Normal file
View file

@ -0,0 +1,4 @@
FROM fedora:37
RUN dnf install -y gcc make device-mapper-devel libgcrypt-devel
WORKDIR /root/shufflecake-c
ENTRYPOINT make clean && make

6
qubes-sflc/build.sh Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
set -eu
sudo docker build -t qubes-sflc .
sudo docker run --rm -v /usr/lib/modules:/usr/lib/modules:ro -v $PWD/shufflecake-c:/root/shufflecake-c qubes-sflc
cp shufflecake-c/dm-sflc.ko $PWD/dm-sflc.ko
cp shufflecake-c/shufflecake $PWD/shufflecake

1
qubes-sflc/shufflecake-c Submodule

@ -0,0 +1 @@
Subproject commit 96c1557cdde6d92c299592cbfcd39af1e51b7c29