TCP ISN CPU Information Leak Protection - tirdad

[user ~]% sudo apt -t bookworm-backports install linux-image-$(dpkg --print-architecture) linux-headers-$(dpkg --print-architecture)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  linux-headers-6.10.11+bpo-amd64 linux-headers-6.10.11+bpo-common
  linux-image-6.10.11+bpo-amd64 linux-kbuild-6.10.11+bpo linux-libc-dev
Suggested packages:
  linux-doc-6.10 debian-kernel-handbook
The following NEW packages will be installed:
  linux-headers-6.10.11+bpo-amd64 linux-headers-6.10.11+bpo-common
  linux-image-6.10.11+bpo-amd64 linux-kbuild-6.10.11+bpo
The following packages will be upgraded:
  linux-headers-amd64 linux-image-amd64 linux-libc-dev
3 upgraded, 4 newly installed, 0 to remove and 80 not upgraded.
Need to get 117 MB of archives.
After this operation, 175 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 tor+https://deb.debian.org/debian bookworm-backports/main amd64 linux-headers-6.10.11+bpo-common all 6.10.11-1~bpo12+1 [10.6 MB]
Get:2 tor+https://deb.debian.org/debian bookworm-backports/main amd64 linux-image-6.10.11+bpo-amd64 amd64 6.10.11-1~bpo12+1 [101 MB]
Get:3 tor+https://deb.debian.org/debian bookworm-backports/main amd64 linux-kbuild-6.10.11+bpo amd64 6.10.11-1~bpo12+1 [1,146 kB]
Get:4 tor+https://deb.debian.org/debian bookworm-backports/main amd64 linux-headers-6.10.11+bpo-amd64 amd64 6.10.11-1~bpo12+1 [1,437 kB]
Get:5 tor+https://deb.debian.org/debian bookworm-backports/main amd64 linux-headers-amd64 amd64 6.10.11-1~bpo12+1 [1,412 B]
Get:6 tor+https://deb.debian.org/debian bookworm-backports/main amd64 linux-image-amd64 amd64 6.10.11-1~bpo12+1 [1,476 B]
Get:7 tor+https://deb.debian.org/debian bookworm-backports/main amd64 linux-libc-dev all 6.10.11-1~bpo12+1 [2,400 kB]
Fetched 117 MB in 1min 1s (1,907 kB/s)                                         
Selecting previously unselected package linux-headers-6.10.11+bpo-common.
(Reading database ... 120405 files and directories currently installed.)
Preparing to unpack .../0-linux-headers-6.10.11+bpo-common_6.10.11-1~bpo12+1_all
.deb ...
Unpacking linux-headers-6.10.11+bpo-common (6.10.11-1~bpo12+1) ...
Selecting previously unselected package linux-image-6.10.11+bpo-amd64.
Preparing to unpack .../1-linux-image-6.10.11+bpo-amd64_6.10.11-1~bpo12+1_amd64.
deb ...
Unpacking linux-image-6.10.11+bpo-amd64 (6.10.11-1~bpo12+1) ...
Selecting previously unselected package linux-kbuild-6.10.11+bpo.
Preparing to unpack .../2-linux-kbuild-6.10.11+bpo_6.10.11-1~bpo12+1_amd64.deb .
..
Unpacking linux-kbuild-6.10.11+bpo (6.10.11-1~bpo12+1) ...
Selecting previously unselected package linux-headers-6.10.11+bpo-amd64.
Preparing to unpack .../3-linux-headers-6.10.11+bpo-amd64_6.10.11-1~bpo12+1_amd6
4.deb ...
Unpacking linux-headers-6.10.11+bpo-amd64 (6.10.11-1~bpo12+1) ...
Preparing to unpack .../4-linux-headers-amd64_6.10.11-1~bpo12+1_amd64.deb ...
Unpacking linux-headers-amd64 (6.10.11-1~bpo12+1) over (6.1.112-1) ...
Preparing to unpack .../5-linux-image-amd64_6.10.11-1~bpo12+1_amd64.deb ...
Unpacking linux-image-amd64 (6.10.11-1~bpo12+1) over (6.1.112-1) ...
Preparing to unpack .../6-linux-libc-dev_6.10.11-1~bpo12+1_all.deb ...
Unpacking linux-libc-dev (6.10.11-1~bpo12+1) over (6.1.112-1) ...
Setting up linux-libc-dev (6.10.11-1~bpo12+1) ...
Setting up linux-image-6.10.11+bpo-amd64 (6.10.11-1~bpo12+1) ...
I: /vmlinuz.old is now a symlink to boot/vmlinuz-6.1.0-26-amd64
I: /initrd.img.old is now a symlink to boot/initrd.img-6.1.0-26-amd64
I: /vmlinuz is now a symlink to boot/vmlinuz-6.10.11+bpo-amd64
I: /initrd.img is now a symlink to boot/initrd.img-6.10.11+bpo-amd64
/etc/kernel/postinst.d/30_remove-system-map:
INFO: Deleting system.map files...
INFO: removed '/boot/System.map-6.10.11+bpo-amd64'
INFO: Done. Success.
/etc/kernel/postinst.d/dkms:
dkms: running auto installation service for kernel 6.10.11+bpo-amd64.
Sign command: /lib/modules/6.10.11+bpo-amd64/build/scripts/sign-file
Signing key: /var/lib/dkms/mok.key
Public certificate (MOK): /var/lib/dkms/mok.pub

Building module:
Cleaning build area...
make -j2 KERNELRELEASE=6.10.11+bpo-amd64 all...(bad exit status: 2)
Error! Bad return status for module build on kernel: 6.10.11+bpo-amd64 (x86_64)
Consult /var/lib/dkms/tirdad/0.1/build/make.log for more information.
Error! One or more modules failed to install during autoinstall.
Refer to previous errors for more information.
dkms: autoinstall for kernel: 6.10.11+bpo-amd64 failed!
run-parts: /etc/kernel/postinst.d/dkms exited with return code 11
dpkg: error processing package linux-image-6.10.11+bpo-amd64 (--configure):
 installed linux-image-6.10.11+bpo-amd64 package post-installation script subpro
cess returned error exit status 1
Setting up linux-headers-6.10.11+bpo-common (6.10.11-1~bpo12+1) ...
Setting up linux-kbuild-6.10.11+bpo (6.10.11-1~bpo12+1) ...
dpkg: dependency problems prevent configuration of linux-headers-6.10.11+bpo-amd
64:
 linux-headers-6.10.11+bpo-amd64 depends on linux-image-6.10.11+bpo-amd64 (= 6.1
0.11-1~bpo12+1) | linux-image-6.10.11+bpo-amd64-unsigned (= 6.10.11-1~bpo12+1); 
however:
  Package linux-image-6.10.11+bpo-amd64 is not configured yet.
  Package linux-image-6.10.11+bpo-amd64-unsigned is not installed.

dpkg: error processing package linux-headers-6.10.11+bpo-amd64 (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of linux-headers-amd64:
 linux-headers-amd64 depends on linux-headers-6.10.11+bpo-amd64 (= 6.10.11-1~bpo
12+1); however:
  Package linux-headers-6.10.11+bpo-amd64 is not configured yet.

dpkg: error processing package linux-headers-amd64 (--configure):
 dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of linux-image-amd64:
 linux-image-amd64 depends on linux-image-6.10.11+bpo-amd64 (= 6.10.11-1~bpo12+1
); however:
  Package linux-image-6.10.11+bpo-amd64 is not configured yet.

dpkg: error processing package linux-image-amd64 (--configure):
 dependency problems - leaving unconfigured
Processing triggers for security-misc (3:39.9-1) ...
INFO: triggered security-misc: 'security-misc' security-misc DPKG_MAINTSCRIPT_NA
ME: 'postinst' $\@: 'triggered /usr' 2: '/usr'
/usr/libexec/security-misc/mmap-rnd-bits: INFO: Successfully written ASLR map co
nfig file:
/etc/sysctl.d/30_security-misc_aslr-mmap.conf
Running SUID Disabler and Permission Hardener... See also:
https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener
/var/lib/dpkg/info/security-misc.postinst: INFO: running: permission-hardener en
able
permission-hardener: [NOTICE]: To compare the current and previous permission mo
des, install 'meld' (or preferred diff tool) for comparison of file mode changes
:
    sudo apt install --no-install-recommends meld
    meld /var/lib/permission-hardener/existing_mode/statoverride /var/lib/permis
sion-hardener/new_mode/statoverride
/var/lib/dpkg/info/security-misc.postinst: INFO: Permission hardening success.
Errors were encountered while processing:
 linux-image-6.10.11+bpo-amd64
 linux-headers-6.10.11+bpo-amd64
 linux-headers-amd64
 linux-image-amd64
E: Sub-process /usr/bin/dpkg returned an error code (1)
zsh: exit 100   sudo apt -t bookworm-backports install  
[user ~]%

Can confirm that using latest kernel from backports on fresh kicksecure doesnt go so well.

1 Like