Liberté Linux is a secure, lightweight, reliable and easy to use Gentoo-based LiveUSB Linux distribution intended as a communication aid in hostile environments. Liberté installs as a regular directory on a USB/SD key, and after a single-click setup, boots on any desktop computer or laptop. Available internet connection is then used to set up a Tor circuit which handles all network communication. During first boot, a unique email ID is generated from fingerprints of user's certificate and Tor hidden service key. This persistent ID allows one to stealthily communicate with other Liberté users (the communication part is not yet finished). The distribution includes image and document processing applications, and can function as a secure web browsing platform.
For developers, Liberté can also serve as a robust framework for mastering Gentoo-based LiveUSBs/CDs. The build process is fully automated with incremental build support, and is more mature and reliable than most of Gentoo's own outdated LiveCD tools. Gentoo is an extremely flexible distribution for safely generating custom live media from source — for instance, Liberté does not contain Portage, GCC, Perl or Python.
Here are some key features of "Liberté Linux":
· Kernel: Gentoo Hardened 2.6.32 + Unionfs 2.5.7 + fbcondecor framebuffer console decoration using uvesafb
· System requirements: x86 PentiumPro+, ~128 MiB RAM, ~240 MiB on bootable removable media (USB key, SD card, ...)
· Laptop Mode Tools handle power management; hard disks are switched to quiet acoustic mode and spun down
· Extensive Ethernet and Wi-Fi network devices support
· Extensive autoconfiguration, including X server setup
· NetworkManager manages Internet connectivity
· Static and removable devices are available via udev + AutoFS
· No user interaction is required during boot, except for OTFE password entry
· User's important configuration changes are saved on OTFE virtual partition upon shutdown
· Applications are pre-configured and ready to use
· Fully modular X server, with TrueType-only fonts for all SCIM-supported languages (with custom ebuilds for Sinhala and Dhivehi)
· LXDE- and GTK+-based desktop with lightweight applications: no GNOME/KDE
· Multilingualization using SCIM: all input languages that are supported by m17n-lib, native support for CJK languages (pinyin, anthy, hangul), an input pad and a virtual keyboard
· Application-level UI internationalization: all unicode locales are available; locale and timezone are easily switched with a custom tool
· Basic: LXPanel, Openbox, PCManFM / Midnight Commander, Xarchiver, Sakura / LXTerminal
· Editors/Viewers: gedit, AbiWord, Gnumeric, Evince (with DjVu support) / ePDFView
· Internet: Midori, Claws Mail (customized communication layer)
· Audio/Video: Gnome MPlayer, Audacious, Geeqie / GPicView, GraphicsMagick, X-CD-Roast
· Extras: GNU Privacy Assistant, Qalculate!
What's New in This Release: [ read full changelog ]
· Kernel 3.4.7 with better hardware support (e.g., brcmsmac), and Unionfs replaced by overlayfs, which is expected to be eventually accepted into mainline. Incidentally, overlayfs allows for stricter read-write layer permissions (changed executables cannot be run).
· EFI boot binaries are signed for Secure Boot (tested in OVMF), establishing a trusted boot chain starting with a KEK / DB certificate (located in EFI directory). The certificate signs GRUB EFI images, which verify GRUB configuration files and the Linux kernel. Kernel's initramfs (now embedded into kernel image) then verifies the compressed root filesystem image. With regular BIOS-based Syslinux boot, only the last stage is performed (as was done in previous releases). However, a minimal bootstrap .iso image (lacking a compressed root filesystem) is now shipped, which can be burned to read-only media and used to boot a regular install of Liberté on writable media.
· Xorg server 1.12 and Mesa 8.0 with Gallium3D for Radeon cards, nouveau driver for Nvidia cards, and support for accelerated VMware graphics virtualization.
· Simplified boot parameters handling — most previous parameters are now omitted. If you are using a custom bootloader configuration, make sure to update it, and to remove initrd parameters. This release still ships an empty initrd file to avoid issues with upgrading customized setups, but next release will omit the file.
· Added “blacklist” boot parameter for blacklisting kernel modules from autoloading. E.g.:blacklist=nouveau,tg3.
· Added “bridges” boot parameter for specifying Tor bridges to use instead of direct connections to relays. E.g.: bridges=172.16.1.2,172.16.3.4:6001 (port :443 can be omitted).
· Added "gentoo=noanon" boot parameter for non-anonymous usage mode, which disables automatic Torification of clearnet traffic (user-level settings are kept separately).
· Added optional PKCS#11 smart-cards support to GnuPG.
· Added reaver-wps, a WiFi Protected Setup cracking tool.
· Added Redshift, a screen color temperature adjuster (command-line only).
· Disabled GnuPG-S/MIME autoimport of expired certificates — removes clutter in GNU Privacy Assistant.
· GTK-2 and GTK-3 themes are now uniform (Light Themes variants).