The purpose of this ticket is to get a grsecurity kernel to work in Whonix (same as Debian for these purposes here) at all. Having user documentation on how a user could install it. From there we could build up with automation, perhaps installation by default, verifiable (kernel) builds, etc.
Also started a discussion with the mempo developers of deterministic grsecurity kernel deb:
https://github.com/rickard2/grsecurity-Debian-Installer looks most promising for now. Much simpler than the mempo-kernel.
Licensing is not sorted out yet:
Has some other issues:
That script is relatively small and simple. Fixing these issues and/or forking and/or rewriting it depending on how responsive upstream is should be no issue.
- Foremost, check if that installer is actually working.