Re-announcing the first working version of my "FedoraBook" with SELinux and UEFI secure boot. Readonly /etc, split passwd/shadow/group/gshadow , TPM2 support with LUKS2 and clevis. Updates are done via A/B partitions.
No ostree, because I want:
* secure boot to the login screen
* immutable base OS
* ensured integrity to the login screen
So on the fedorabook, even a remote attacker gaining root cannot modify /usr without I/O errors.
Also not the evil maid
Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.