diff --git a/content/posts/linux/Choosing Your Desktop Linux Distribution/index.md b/content/posts/linux/Choosing Your Desktop Linux Distribution/index.md index b42430d..8341de4 100644 --- a/content/posts/linux/Choosing Your Desktop Linux Distribution/index.md +++ b/content/posts/linux/Choosing Your Desktop Linux Distribution/index.md @@ -67,11 +67,11 @@ Fedora's package manager, `dnf`, has a great rollback and undo feature that is g {{< youtube id="-hpV5l-gJnQ">}} -One caveat with Fedora Atomic Desktops is that `rpm-ostree` currently have a hard dependency on `grub` and does not support Unified Kernel Images at the moment. +One caveat with Fedora Atomic Desktops is that `rpm-ostree` currently has a hard dependency on `grub` and does not support Unified Kernel Images. The consequence of this is that unlike Fedora Workstation, it is not possible to set up a Fedora Atomic with meaningful Secure Boot to resist physical tampering. ### SecureBlue -[SecureBlue](https://github.com/secureblue/secureblue) provides hardened operating system images based on Fedora Atomic Desktops. While they do add another party of trust, their images are substantially hardened and not easily replicated by hand. There are several very interesting packages maintained by SecureBlue as well: +[SecureBlue](https://github.com/secureblue/secureblue) provides hardened operating system images based on Fedora Atomic Desktops. While they do additional parties of trust (SecureBlue, GitHub infrastructure, BlueBuild, Negativo, etc), their images are substantially hardened and not easily replicated by hand. There are several very interesting packages maintained by SecureBlue as well: - [Trivalent](https://github.com/secureblue/Trivalent), a hardened chromium desktop build with patches from GrapheneOS's [Vanadium](https://github.com/GrapheneOS/Vanadium). - [Hardened Malloc](https://github.com/secureblue/fedora-extras/tree/live/hardened_malloc). SecureBlue packages GrapheneOS's memory allocator and enforce it system wide, including for Flatpak applications.