Re-announcing the first working version of my "FedoraBook" with SELinux and UEFI secure boot. Readonly /etc, split passwd/shadow/group/gshadow , TPM2 support with LUKS2 and clevis. Updates are done via A/B partitions.

No ostree, because I want:
* secure boot to the login screen
* immutable base OS
* ensured integrity to the login screen

So on the fedorabook, even a remote attacker gaining root cannot modify /usr without I/O errors.

Sign in to participate in the conversation

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.