I was thinking about going immutable for a long time and now I’m choosing a distro to hop to.
My question is: what are good immutable distros other than Fedora Silverblue spins, UBlue family and NixOS?
Maybe someone uses/used any? What is/was your experience with it?

  • Laser@feddit.org
    1·
    4 months ago

    Regarding Secure Boot, that’s definitely a problem. However, not all distros support it OOTB. I might have dismissed it earlier because I consider FDE to be more important than Secure Boot. But I’m aware that this is not on technical merits.

    I’d consider FDE more important as well (apart from some fringe use cases). But it doesn’t cover all possible attacks, as unlikely as some of them are. However, together they create a solution that is both convenient and sufficiently secure, as long as you can’t just intercept the keys on the hardware.

    FDE protects the confidentiality of your data in offline attacks, Secure Boot protects integrity and authenticity of binaries started by UEFI. These complement, they don’t compete.

    • bsergay@discuss.online
      1·
      4 months ago

      After rereading my text, I came to the conclusion that I might have given of the impression that FDE and Secure Boot indeed compete with eachother. Which, as you’ve excellently noted, is not the case. Thank you for ensuring that others don’t misunderstand this!