Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Linux distribution with security support for Raspberry Pi?
10 points by zurn on Feb 1, 2017 | hide | past | favorite | 10 comments
It seems Debian security updates don't get ported over to Raspbian in a timely fashion. What options are there?



I have not looked deep into this, but you might try Arch Linux ARM [1], which might have newer versions of packages (if it is anything like its x86 variant). It used to be offered on the official Rpi distro page [2] but I think it has since been removed, though I am unsure if that indicates that less effort is going into maintaining it. Regardless, I too would be very interested in scrutinizing these Raspbian security patches to see how quickly they are built and distributed compared with their release date, and if an alternative build of Raspbian that focuses on this was to be released, I would be very interested.

[1] https://archlinuxarm.org/platforms/armv6/raspberry-pi

[2] https://www.raspberrypi.org/downloads/


+1 for Arch Linux ARM. Even if packages aren't available for something, you should be able to easily build it using makepkg.

I would not recommend running Arch (x86_64 or ARM) if you are a new Linux user, though. Batteries not included, some assembly required.


Void Linux, Arch Linux Arm. There is no Void image for RPi3 but the RPi2 image works fine, even the WiFi.


This really isn't meant to come across as flippant but if you're running something serious or important enough on your Rpi that makes you that concerned about security, maybe you shouldn't be running it on an Rpi.


Often, you care about security not because of the app running on the rpi, but the environmental risk: Having your home network become a malware distribution node and/or your backups on a connected NAS server compromised, say.

(Actually the replaceable/disposable nature of the rpi often makes it a more robust platform than the alternatives as long as you can tolerate short outages)


I think the project is at the investigating tradeoffs phase. I mean there's nothing that comes with a security guarantee and the default Debian that ships with an RPi is fairly well supported relative to embedded systems and the price of a RPi.


What I use: https://en.opensuse.org/Portal:ARM / https://www.suse.com/products/arm/

What exactly do you need? SELinux, AppArmor, generic base package security updates?


Just a Linux distribution that gets security updates to the userland and kernel. Raspbian's latest security updates are from many months ago, their kernel doesn't ship with a changelog that would show what has been fixed, and and Debian doesn't support the RPi's.

Thanks for the recomendation, Ubuntu and OpenSuse seem most promising so far.


If you have a fleet you might want to check out NixOS and Hydra. There is someone building nix pkgs for ARM/RPi not sure what is the current status... Just keep in mind that the learning curve is steep for NixOS, but the entire thing can be automated.

Broadly speaking if you want security you need to compile and distribute your own packages.


Ubuntu 16.04 claims to officially support RPi 2+. See eg https://www.ubuntu.com/usn/usn-3169-3/ for a recent security patch to the RPI kernel package.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: