I made this thread because I am interested in using a grsecurity+pax kernel. But my knowledge about using a proprietary graphics driver with such kernels is limited. Maybe I should be asking: "Is it even advisable or viable to use proprietary drivers?". In the past I've been trying to use a grsecurity kernel and I understand that you have to know what to disable or enable to be able to make certain that graphics drivers work. But in the past I've been unable to get it to work. Does anyone have an opinion about using proprietary drivers, especially for graphics ? Or is it just better to use open-source drivers and use as little 'proprietary' drivers as possible to avoid any security problems ?
It depends. Since NVIDIA (or nGreedia) doesn't have an open-source driver, you're pretty much stuck with the proprietary. Good thing is that Spengler maintains a patch for the proprietary NVIDIA blob driver. So yes, GRSecurity is compatible with NVIDIA's proprietary driver. Still on NVIDIA, you could totally use nouveau with grsec. On AMD's side, things are more complicated. I don't know why, maybe because Spengler is a NVIDIA fanboy? You can build the module for fglrx on grsec Kernel, but you won't be able to run it afterwards. Trust me, I gave "pemrs" permissions to ALL fglrx/Catalyst files and still wasn't able to boot. And when it boots, I must set sysctl to "kernel.pax.softmode=1" which is pretty ridiculous. I haven't tried to use grsec with the AMDGPU-PRO stack (because support for GCN 1.0 cards will come in early 2017), but I assume you can do that if you have a GCN=>1.1 card, because you can use the FOSS Kernel driver 'amdgpu' with the userspace OGL and OCL (you don't need the kernel driver that comes with the amdgpu-pro stack, you can use the FOSS driver that comes directly from upstream Kernel). However, note that the only advantage of using proprietary AMD drivers today is OpenCL, and you don't even need it for that anymore. I'm running the amdgpu Kernel driver on my R9 270X (GCN 1.0) and it surpass the proprietary driver in many cases, and that is also true for MAAANY games on more modern GPU's. There are a few titles that run better on the -PRO stack, but for the most part the OSS driver + Mesa is on par with the proprietary ones.
Thank you amarildojr for your extensive reply. Since I've a Nvidia card (not the latest, I've got a 700 series), I'll stay with nouveau drivers for the time being. Sorry for my short reply back, but I have a bit of reading to do about the whole subject. It's been a couple of years since I've been busy with grsec.
It's totally up to you. If I had a NVIDIA card, I wouldn't use the nouveau driver, but the proprietary one (because it is unfortunately way better and compatible with grsec).
