Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2026-01-13 14:31:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

recommend secureblue over the other choices

Browse source 
Signed-off-by: Ganwtrs <morga.nwinters-99@aliasvault.net>
This commit is contained in:
Ganwtrs 2025-12-21 19:00:12 -08:00 committed by GitHub
parent b7746e4f4e
commit 54801d3f3c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 6 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

13
content/posts/linux/Choosing Your Desktop Linux Distribution/index.md
View file

@ -49,6 +49,12 @@ Wayland's predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), doe
Here is a quick, non-authoritative list of distributions we recommend over others:
### SecureBlue
[SecureBlue](https://secureblue.dev/) is the best traditional desktop Linux distribution for privacy and security. It provides hardened operating system images based on Fedora Atomic Desktops. While they do additional parties of trust (SecureBlue, GitHub infrastructure, BlueBuild, Negativo, etc), their images are substantially hardened and not easily replicated by hand. There are several very interesting packages maintained by SecureBlue as well:
- [Trivalent](https://github.com/secureblue/Trivalent), a hardened chromium desktop build with patches from GrapheneOS's [Vanadium](https://github.com/GrapheneOS/Vanadium).
- [Hardened Malloc](https://github.com/secureblue/fedora-extras/tree/live/hardened_malloc). SecureBlue packages GrapheneOS's memory allocator and enables it system wide, including for Flatpak applications.
### Fedora Workstation
![Fedora](fedora-screenshot.png)
@ -69,13 +75,6 @@ Fedora's package manager, `dnf`, has a great rollback and undo feature that is g
One caveat with Fedora Atomic Desktops is that `rpm-ostree` currently has a hard dependency on `grub` and does not support Unified Kernel Images. The consequence of this is that unlike Fedora Workstation, it is not possible to set up a Fedora Atomic system with meaningful Secure Boot to resist physical tampering.
### SecureBlue
[SecureBlue](https://secureblue.dev/) provides hardened operating system images based on Fedora Atomic Desktops. While they do additional parties of trust (SecureBlue, GitHub infrastructure, BlueBuild, Negativo, etc), their images are substantially hardened and not easily replicated by hand. There are several very interesting packages maintained by SecureBlue as well:
- [Trivalent](https://github.com/secureblue/Trivalent), a hardened chromium desktop build with patches from GrapheneOS's [Vanadium](https://github.com/GrapheneOS/Vanadium).
- [Hardened Malloc](https://github.com/secureblue/fedora-extras/tree/live/hardened_malloc). SecureBlue packages GrapheneOS's memory allocator and enables it system wide, including for Flatpak applications.
### openSUSE Aeon
Fedora Atomic Desktop's European counterpart. openSUSE Aeon is a rolling release, fast updating distributions with [transactional updates](https://kubic.opensuse.org/blog/2018-04-04-transactionalupdates/) using [Btrfs](https://en.wikipedia.org/wiki/Btrfs) and [Snapper](https://en.opensuse.org/openSUSE:Snapper_Tutorial).