@Yuki @OS1337 @bjornsdottirs no need to go beyond 1440kB when using mlb instead of #syslinux (which wastes 200kB on it's own!)

• Also including the #initramfs into the #Kernel can save more due to better compression than two seperate files.

Needless to say the core idea is to be a continuation of #tmsrtbt and a "minimalist #linux distro" as in "#SSH #Terminal #Firmware"...

@galaxis you might like https://evolvis.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=shellsnippets/shellsnippets.git;a=blob;f=posix/sysadmin/debchroot.sh;hb=HEAD to take care of the #chroot mount dance and perhaps even the #IPv6 support for #initramfs unlocking from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=627164#14 (which gets around issues with some IPv4 configs where the gateway is out of the subnet). HTH & HAND

@xeniac I know that this is the case, but it's not a technical unavoidance despite the #RaspberryPi being a non-#UEFI - #arm device.

• Even on the old, #32bit boards.

The solution in that regard would be to boot into a #live / #setup mode like with #RaspberryPiOS for #i586-based #PCs and extend it to a setup that allows creating a new custom image with #LUKS - #FDE enabled and properly encrypted.

• OFC on a #Pi0W that would mean one would've to plug in a 2nd MicroSD with a USB-Adapter but that's not the Point.

I'm not even demanding much, just a simple #TUI / #CLI setup like @ubuntu / #UbuntuServer has with basic customizations.

• I'm not even expecting it to go so far as to offer including #dropbear - #SSH in the #initramfs so one can boot into the encrypted install and unlock it remotely. Just gimme the blinking cursor at the boot asking me to enter the password for the encrypted partition...

@jemo07 UWU!

That sounds pretty awesome!!!

Next thing you gonna tell me you can make a tiny #bootloader in #Forth to load #Linux and an #initramfs fraight from a 3,5" FDD?

Cuz I'd love to see that for @OS1337 ...

@BrodieOnLinux oh, and I thought #syslinux and me shoving an entire distro into #initramfs was cringe...

@trysdyn Granted, this is why I want to avoid as many packages as possible for OS/1337...

Because the likelyhood if such a #SupplyChainAttack via a #SideChannel to work is exponentially greater the more components I include.

That being said, #Linux distros are quicker to fix that than any #Windows or #macOS version ever will, because those have to maintain #Govware #Backdoors in order to be legal to sell and offer globally - espechally in places like the "P.R." #China...

And yes, @OS1337 doesn't come with #xz but it does utilize XZ for #Kernel and #initramfs compression, tho that's the algorithm and the Linux-own implementation...

@eckes @isotopp immerhin scheint @OS1337 nicht betroffen, da #dropbear (nutzt #LibTomCrypt & #LibTomMath) statt #OpenSSH und #musl statt #GlibC genutzt werden und #xz nur im Build-Prozess zur Kompression von #initramfs & #Kernel genutzt wird.

Ein vollständiges Assessment steht allerdings noch aus...

@SweetAIBelle @starchy @OS1337

Yeah, I've barely built #mlb and sadly it seems like an abandoned project - I only pulled a fork so I can build the executeable and run it...

I also need to basically build everything except the FDD image, #linux #Kernel and mlb beforehand so I can just include the #initramfs.cpio into the kernel and finally shave ~ 200kB free...

Also thx for your continous contributions to OS/1337 ...

https://github.com/OS-1337/OS1337/issues/10

@SweetAIBelle @starchy @OS1337

I know...

I've to basically redo the entire build pipeline for #mlb because for that to work I've to integrate the #initramfs into the #kernel...

I just hope choosing #kernel666 for the #meme-factor doesn't bite me in the ass...

@starchy I mean, I don't have #xz as a tool in it, I merely use xz compression for the #Linux #Kernel and #initramfs, and the latter one is scheduled to be integrated into the Kernel Build Pipeline to save space and being able to use #mlb instead of #syslinux so @OS1337 fits on a #1440kB #Floppy and neither @SweetAIBelle nor I are failing builds be a few kB...

https://github.com/OS-1337/mlb/releases/tag/v0.0.1

@starchy does this also affect the toolchain for @linux / #Linux #Kernel?

Cuz I do set #kernel666 and the #initramfs for @OS1337 to be compressed with #xz and whilst it's statically compiled against @musl, I still want to enshure this isn't a #SupplyChainAttack affecting me or OS/1337.

On the other hand, someone called #GuilhemMoulin probably DOES have the answer I need and it almost as comprehensive and well written.

If it was you @guilhem , I want to thank you! (And let me know if it's not - I'll edit the post!)

But I'm far too tired to #fafo with #initramfs tonight with no #backup...

https://cryptsetup-team.pages.debian.net/cryptsetup/encrypted-boot.html

@duviobaz Theoretisch kannst du im #initramfs auch eine GUI aufziehen (sonst gäbe es die im Android ja auch gar nicht), aber ich wüsste nicht, dass sich die Mühe schon jemand sonst gemacht hätte. Es gibt in PCs wesentlich mehr Variation als bei #Android zugelassen sind, das kann allgemein sehr aufwendig werden.

Aber da ich sowas noch nie gesucht habe, kann ich da nix qualifiziertes zu sagen, sorry.