Re: [Tails-dev] Tails for arm64 (with support for Apple Sili…

Supprimer ce message

Répondre à ce message
Auteur: noisycoil
Date:  
À: The Tails public development discussion list
CC: Tails Dev
Sujet: Re: [Tails-dev] Tails for arm64 (with support for Apple Silicon)
Hi there.

If I were to speak as if I didn't build the images, I would tell you that you should NOT consider the prebuilt images as secure. Those are developer previews, not (yet) reproducible, uploaded by a random person on the internet. Even if that person is me, it would make no sense to trust me. What you can do to trust the images is building them yourself from source after reviewing the latter. Building the generic arm64 and Raspberry images is fairly easy (although it will take some time and you will need to hack your own DNS resolution to redirect from the Tails debian repository to the Debian archive, in order to obtain the arm64 packages), not quite so for the asahi images, because those use custom-built kernel and mesa drivers which are not available upstream. This means you must

1. build the kernel and mesa drivers
2. create your own debian repository (the image building process uses my own debian repository), upload them there and modify the Tails source code to use your own repository (the last part being the easiest one)
3. most importantly, the toolchain (compilers and the likes) for building the kernel and mesa drivers is NOT available in the Debian archive because both the asahi kernel and mesa drivers use versions of rust and the likes which are not available for bookworm, so you must also build the toolchain first. This means building roughly half of the debian packages hosted at https://gitlab.com/debian-asahi-nc (the other half is for debian testing) and then use those to compile the kernel and mesa drivers.

To be clear, the source code for building the arm64 Tails images is 100% publicly available. It is hosted at:

- https://gitlab.tails.boum.org/noisycoil/tails (wip/arm64, wip/asahi and wip/raspi branches: the actual arm64 Tails source code)
- https://gitlab.tails.boum.org/ <https://gitlab.tails.boum.org/noisycoil/gdm>noisycoil/gdm (a patched version of GNOME's GDM which is needed to make the automated test suite work on arm64 and is installed in all recent images)
- https://deb.tails.boum.org/ (contains the debian source packages for various binary packages which have been modified for Tails itself and I rebuild verbatim for arm64. This is from Tails itself)
- https://gitlab.com/debian-asahi-nc (asahi kernel, mesa drivers and toolchain to build them)


But to set up the build infrastructure (DNS redirection, custom Tails packages, and Asahi packages if you need those) you'll need to work a bit. If you are interested you can write to me either here on the mailing list or in private.

At some point I think I will document the build process step-by-step, which I somewhat did on the mailing list, but in a non-systematic way.

Best,

NC