DEₑSU Anonymouse

Liberté Linux FAQ

FAQ

General

Q: How can I trust an anonymity distribution whose source has no verified credentials?

A: Liberté Linux is based on Hardened Gentoo, which is a well-known and trusted Linux distribution. You are welcome to download and peruse the source code, and build a live image yourself. Extreme care has been devoted to this ability of users to build a custom Liberté image on any modern Linux distribution.

Q: How does Liberté Linux differ from other anonymity distributions?

A: Liberté is a specialized and lightweight live distribution with deep system integration and rapid development cycle; it is not a thin configuration wrapper for a major distribution. The focus is on adding innovative features, some of which require in-house research and development. A few of the capabilities that (to the best of my knowledge) were pioneered in Liberté Linux are:

  • Cables communication for transparent and reliable anonymous email-like message exchange
  • Immediate shutdown with anti-forensic memory erasure on boot media extraction
  • Encrypted persistence of user data and settings on resizable LUKS/OTFE volume
  • Initial clock setting from Tor consensus, entirely dropping the requirement for non-Tor communication (including DNS)
  • Separate Unsafe Browser for registration in public Wi-Fi hotspots
  • I2P communication over Tor means better firewall traversal and no need to rely on another anonymity framework

The purpose of Liberté is not to popularize Tor or I2P with computer-illiterate users — this distribution assumes willingness and capability to study operation of non-mainstream operating systems and software. It is entirely possible that you do not belong to the target userbase, and that using Liberté (if found) will result in stronger negative bias from the authorities.

Q: Why create a lightweight distribution when large-capacity media is commonly available?

A: Less code implies less attack vectors, less dispersion of attention during development, faster integration of upgrades and exploit fixes, better and faster testing, and more rapid development cycle overall. Lightweight packages also usually imply less RAM requirements, which matters for older hardware and for virtual machines. Smaller image allows to optionally load it into RAM (automatic on .iso), and enables non-disruptive image verification on boot. There are also more improvement opportunities — e.g., network boot of a current image is one such possibility. Note that being lightweight does not necessarily imply lack of features — e.g., Liberté has full multilingualization, including fonts and UI locales.

Q: In reference to the logo, is Liberté distributed by 4chan? Illuminati? Anonymous?

A: No. Actually, 4chan regulars tend to dislike the logo, as anonymity symbols fell out of fashion with the site community. The logo reflects the ability to communicate anonymously over the network, and how this ability empowers the users.

The Triforce is a powerful artifact from The Legend of Zelda. The Anonymous does not simply possess it, Anonymous is the Triforce. Freedom of action, that’s how I deciphered the logotype. —Anonymous, HiveMind

Q: I will configure my system to do the same in a week.

A: That’s great (and you won’t). In any case, it is not a question.

Usage

Q: How do I install new packages?

A: Liberté Linux is a deployment-only distribution, so there is no way to install software into its root tree — both due to lack of toolchain and portage, and due to read-only mode of most of the filesystem. The only way of adding software is building a custom image, or using portable binaries (provided that their required libraries are available).

Q: Is it possible to resize the OTFE encrypted virtual partition file?

A: Yes, run sudo otfe-resize from the terminal to grow or shrink the live partition.

As a sidenote, from FreeOTFE FAQ:

It should be noted that, although a number of other disk encryption systems claim to offer volume resizing functionality, they typically carry out [a full copy to a newly created volume] “behind the scenes” (often failing completely if insufficient storage is available to hold the new volume) […]

The above only reflects the complexity of this functionality as perceived by the authors of FreeOTFE, and is not true for Liberté Linux, which transparently and reliably resizes the encrypted volume.

Q: How do I change the OTFE encrypted virtual partition passphrase?

A: Get a root console (see Troubleshooting in Documentation), and run

$ cryptsetup luksChangeKey /mnt/boot/otfe/liberte.vol
$ rm /mnt/boot/otfe/liberte.vol-hdr.bak
$ cryptsetup luksHeaderBackup /mnt/boot/otfe/liberte.vol --header-backup-file /mnt/boot/otfe/liberte.vol-hdr.bak

NOTE: Modern flash memory devices with wear leveling (as well as modern HDDs with automatic bad sectors remapping) cannot guarantee that the original OTFE header and its backup have been erased.

Q: The screen goes blank at some stage of the boot process, or the brightness is too dark.

A: Upgrade your BIOS, if possible (it may have buggy ACPI). Try tuning the brightness up (it may have been reset after video mode change). See video issues troubleshooting suggestions in syslinux.cfg. Try the VESA boot menu option. See also bug #1.

Build

Q: I would like to go over the emerge messages carefully.

A: See /var/log/portage/emerge.log and /var/log/portage/elog/summary.log in the chroot’ed environment.

Q: Does the build process leak build environment information to the final images?

A: No, the build environment is sanitized by the enter script, and some additional precautions are taken as well.