Hardened operating system images based on Fedora Atomic Desktop and Fedora CoreOS

cross-posted from: https://lemmy.ml/post/26453685

Not many people have heard about secureblue, and I want to spread the word about it. secureblue provides hardened images for Fedora Atomic and CoreOS. It’s an operating system “for those whose first priority is using linux, and second priority is security.”

secureblue provides exploit mitigations and fixes for multiple security holes. This includes the addition of GrapheneOS’s hardened_malloc, their own hardened Chromium-based browser called Trivalent, USBGuard to protect against USB peripheral attacks, and plenty more.

secureblue has definitely matured a lot since I first started using it. Since then, it has become something that could reasonably be used as a daily driver. secureblue recognizes the need for usability alongside security.

If you already have Fedora Atomic (e.g. Secureblue, Kinoite, Sericea, etc.) or CoreOS installed on your system, you can easily rebase to secureblue. The install instructions are really easy to follow, and I had no issues installing it on any of my devices.

I’d love more people to know about secureblue, because it is fantastic if you want a secure desktop OS!

  • @[email protected]
    713 hours ago

    I believe your confusion comes from the following line: “secureblue does not claim to be the most secure option available on the desktop.”

    Which is simply their acknowledgement that more secure options like Qubes OS exist. Note, however, that Qubes OS is not based on Linux, but instead on Xen.

      • @[email protected]
        312 hours ago

        secureblue absolutely does.

        Qubes OS does too. But that’s becomes dom0 and most of the qubes you’d interact with are just Linux. But the qube can be based on BSD instead. Heck, you could have it based on Windows even. These qubes are VMs; so you can basically do whatever you want with them. The heavy use of virtualization is exactly what makes Qubes OS as secure as it is.