Kicksecure ™

Download

On Computer USB Installation Debian morph to Kicksecure Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Forum Best Practices Contribute

Support

Self Support First Policy Search Engines, Docs and AI Support (Limited) Reporting Bugs Contact (Restricted)

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

GRUB boot menu options Persistent User / Live user / Persistent Admin / Persistent Recovery Mode and their use cases.

Introduction

The page discusses different boot modes in the Kicksecure operating system, aimed at improving security by implementing role-based boot options. It describes modes like "Persistent User" for daily activities, "Persistent Admin" for updates, software installation and full system control. The goal is to isolate user activities and reduce security risks by restricting what each boot mode can access and modify. The page also explains potential opt-outs for users who prefer traditional root access.

These schemes are generic. They work for both, hosts and VMs. Both, Kicksecure and derivatives of Kicksecure such as (non-Qubes) Whonix^®.

Development Goals

These goals were and are the driving direction for our boot modes implementation.

• defeat login spoofing
• Prevent Malware from Sniffing the Root Password
• Strong Linux User Account Isolation
• Noexec
• Verified Boot

Grub Default Boot Menu Entries

These are the default grub boot menu entries that we offer:

• PERSISTENT mode USER (For daily activities.)
• LIVE mode USER (For daily activities.)
• PERSISTENT mode ADMIN (For software installation.)
• Recovery PERSISTENT mode ADMIN (Be very cautious!)

boot modes considered too unimportant to be added to grub default boot menu

We currently don’t see good use cases to include these modes as default. But we could be convinced otherwise by user feedback in the future.

• LIVE mode ADMIN
• Recovery LIVE mode ADMIN

DIY methods to include these and other entries intro the GRUB boot menu

A If anyone cares about these, there could be files in /etc/grub.d/ folder that add such entries but these files could be non-executable by default. Thereby update-grub would ignore them. To opt-in into such modes, users could just run sudo chmod +x /etc/grub.d/somenumber_name-of-boot-mode.

B Also users who really want something special/custom would be able to add whatever they want to /etc/grub.d/ folder / grub boot menu.

C Also by using grub boot menu editing (key e) at grub boot menu, kernel parameters can be adjusted and any combination would be possible.

Use Cases for the Different Boot Modes

These are common use cases that we tailored the available boot modes towards.

• PERSISTENT mode USER (For daily activities.): Useful for browsing, e-mail, chat, etc. or just letting an already set up and installed server run. Even upgrading through upgrade-nonroot.
• LIVE mode USER (For daily activities.): Same as above but without persistence.
• PERSISTENT mode ADMIN (For administrative tasks.): users could run sudo apt install whatever-software-package, then reboot into USER. Editing /etc/apt/sources.list.d, etc.
• Recovery PERSISTENT mode ADMIN: The usual recovery mode.

opt-out to get same behavior as old Kicksecure

Users who don’t like (any, multiple or all) of the new options...

• PERSISTENT mode USER (For daily activities.) [A]
• LIVE mode USER (For daily activities.) [B]
• PERSISTENT mode SECUREADMIN (For administrative tasks.) [C]

and who want "the old Kicksecure" "with unrestricted sudo for user user" back, who don't want to see any of the new options [A], [B], [C]... These could just make these /etc/grub.d folder / grub menu entries gone by running sudo chmod -x /etc/grub.d/somenumber_name-of-boot-mode. (There could be a script to simplify that.)

/etc/grub.d file names

Information for working on the /etc/grub.d file

filename                                     purpose
---------------------------------------      -----------------------------
/etc/grub.d/10_linux                         PERSISTENT mode USER
/etc/grub.d/11_linux_live                    LIVE mode USER
/etc/grub.d/12_linux_admin                   PERSISTENT mode ADMIN
/etc/grub.d/13_linux_admin_live              LIVE mode ADMIN
/etc/grub.d/16_linux_recovery_mode           PERSISTENT mode ADMIN
/etc/grub.d/17_linux_recovery_mode_live      Recovery LIVE mode ADMIN

Should stay in lexical order below files named /etc/grub.d/20_ because that is already used by an existing script.

Note: some files will not be created in the first iteration (and not sure ever) - those listed in chapter Boot modes considered too unimportant to be added to grub default boot menu: in my post above.

Server Support

grub boot menu isn’t easily accessible for many/most servers. How would these various boot modes be available for servers? No solution yet. See forum discussion: https://forums.whonix.org/t/multiple-boot-modes-for-better-security-persistent-user-live-user-persistent-admin-persistent-superadmin-persistent-recovery-mode/7708/50

Implementation

Outdated:

• https://github.com/Kicksecure/apparmor-profile-everything/tree/master/etc/grub.d

Prior Versions

Older concept version still containing "SUPERADMIN" and "SECUREADMIN".

Tickets

• create user admin by default and add user admin to group sudo by default
• Selective sudo Access Enabling in VMs Without qubes-core-agent-passwordless-root via qvm-service

Related

• disable newly (all) installed services by default
• Verified Boot
• forum discussion, AppArmor for Complete System - Including init, PID1, Systemd, Everything! - Full System MAC policy
• AppArmor for everything. APT, systemd, init, all systemd units, all applications. Mandatory Access Control. Security Hardening.
• Untrusted Root - improve Security by Restricting Root

Footnotes

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

Supported by Power Up Privacy

Kicksecure is proudly supported until 2025 by Power Up Privacy, a privacy advocacy group that seeks to supercharge privacy projects with resources so they can complete their mission of making our world a better place. (Strictly subject to our sponsorship policy.)

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012- 2025 ENCRYPTED SUPPORT LLC

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!