I’m happy to announce that we have sealed bootable container images ready for testing for the Fedora Atomic Desktops! What are sealed bootable container images? Sealed bootable container images include all the components needed to create a fully verified boot chain, from the firmware to the operating system composefs image. This relies on Secure Boot and thus only supports system booting with UEFI on x86_64 & aarch64. The components are: systemd-boot as bootloader a Unified Kernel Image (UKI) which includes the Linux kernel, an initrd and the kernel command line a composefs repository with fs-verity enabled. This is managed by bootc. Both systemd-boot and the UKI are signed for Secure Boot. The images are test images so the components are not signed with the official keys from Fedora. The main direct benefit that we will get from this support is that we will be able to enable passwordless disk unlocking using the TPM in a way that will be reasonably secure by default. How do I test those images? See the instructions at github.com/travier/fedora-atomic-desktops-sealed on how to give the pre-built container and disk images a try and how to build your own. We welcome testing and feedback! Please see the…
Read More
2 Likes
No Fedora Budgie Atomic build ?
Trying to download the qcow2 image is presenting error:
$ oras pull "quay.io/fedora-atomic-desktops-sealed/kinoite:${VERSION}.qcow2"
Error response from registry: failed to resolve 44.20260518.0.qcow2: quay.io/fedora-atomic-desktops-sealed/kinoite:44.20260518.0.qcow2: not found
Edit: Seems the qcow2 isn’t created for every tagged version. Latest available is 44.20260504.0