/blackgrass-linux

Blackgrass Linux

Project Codename: Blackgrass Linux
Maintainer: Deep Fork Cyber
Motto: Truth is a Payload. Every Process is a Threat.

Overview

Blackgrass Linux is a hardened Linux distribution designed for researchers, operators, and dissidents who require maximum privacy, security, and adversarial resilience. This is not a "daily driver for normies" - it's a weaponized workspace that defaults to paranoia.

Core Philosophy

  • Minimal Attack Surface: No unnecessary services. If it doesn't defend you, it doesn't boot.
  • Compartmentalization First: Every app lives in its own jail, VM, or namespace.
  • Reproducible Builds: Trust but verify. Every binary has source equivalence proof.
  • Adversarial Defaults: Networking, logging, and memory hardened out-of-the-box.
  • Pseudonymity over Identity: No system accounts or services that tie to real-world IDs.

Current Status

🚧 EARLY DEVELOPMENT - Currently in Phase 1 of implementation

This project is in active development. See TODO.md for current implementation progress.

Architecture Highlights

  • Base: Hardened kernel with musl libc, Wayland-only
  • Init: runit or s6 (systemd banned)
  • Networking: Tor + Tallgrass overlay with QUIC-first stack
  • Filesystem: ZFS/btrfs with per-user subvolume encryption
  • Sandboxing: Mandatory seccomp + AppArmor + user namespaces
  • Isolation: KVM + Firecracker for lightweight VM compartmentalization
  • Package Management: Custom apk-based system with reproducible builds

Security Features

  • No telemetry or hidden daemons
  • System-wide firewall with kill-switch
  • Binary transparency logs
  • Disposable sandboxes for untrusted code
  • Real-time privacy dashboards
  • Randomized MAC addresses with per-session identity
  • Hardware-level adversary mitigation

Development Phases

  1. Phase 1: Bootstrap hardened Alpine-like fork, strip services ⏳
  2. Phase 2: Integrate reproducible build pipeline + binary transparency logs
  3. Phase 3: Hardened kernel + sandbox defaults
  4. Phase 4: Networking stack (Tor, Tallgrass overlay, QUIC-first)
  5. Phase 5: User experience layer (privacy dashboards, sandbox UX)
  6. Phase 6: Community audit and red-team release

Target Audience

This distribution is designed for:

  • Security researchers and penetration testers
  • Privacy advocates and journalists
  • Dissidents operating under surveillance
  • Operators requiring adversarial-resistant computing environments

NOT designed for: General consumers, beginners, or users seeking convenience over security.

Contributing

This project prioritizes security and privacy over user experience. All contributions must align with the adversarial threat model outlined in DESIGN.md.

License

[License details to be determined - likely GPL-compatible with additional security requirements]

Warning: This is experimental software designed for high-threat environments. Use at your own risk.