Platform security in NixOS

https://media.ccc.de/v/all-systems-go... You may have heard about this weird distribution, NixOS, that breaks compatibility with /usr. This talk explores the properties inherent to NixOS, focusing on its distinct approach to package management and system configuration. Learn how these principles combine with general upstream efforts at bringing TPM2, Secure Boot and more to your Linux distribution. Everything you wanted to know about why NixOS do things a certain way will be answered here. The idea is that you get out of this talk understanding the different compromises done by the NixOS community and what they get out of it. We will cover https://github.com/nix-community/lanz... which is a Rust UEFI stub similar to systemd-stub with fewer features but with one unique special feature for NixOS, similar to UKI addons. We will also do a status report of where NixOS stands in terms of adoption of systemd features such as systemd-pcrlock. Ryan Lahfa, Niklas Sturm https://cfp.all-systems-go.io/all-sys... #asg2024 Licensed to the public under https://creativecommons.org/licenses/...

Join Today
Reproducible and Immutable OS Images with NixOS
▶︎

Reproducible and Immutable OS Images with NixOS

Fort Kairos: A New Dawn for Secure Linux in Untrusted Environments
▶︎

Fort Kairos: A New Dawn for Secure Linux in Untrusted Environments

We let AI buy a robot and a car, it does exactly what experts warned.
▶︎

We let AI buy a robot and a car, it does exactly what experts warned.

Android 17 sucks. So I put Linux on a phone.
▶︎

Android 17 sucks. So I put Linux on a phone.

No Drama, Just Power. Why I Switched to openSUSE Tumbleweed.
▶︎

No Drama, Just Power. Why I Switched to openSUSE Tumbleweed.

China Just Built What TSMC Said Was Impossible
▶︎

China Just Built What TSMC Said Was Impossible

Dirlock: a new tool to manage encrypted filesystems
▶︎

Dirlock: a new tool to manage encrypted filesystems

One Boot Config to Rule Them All: Bringing UAPI Boot Specification to Legacy BIOS
▶︎

One Boot Config to Rule Them All: Bringing UAPI Boot Specification to Legacy BIOS

The Most Famous AI Company Isn't Winning. Here's Who Is.
▶︎

The Most Famous AI Company Isn't Winning. Here's Who Is.

Warum die Sperre von Claude Fable vorhersehbar war
▶︎

Warum die Sperre von Claude Fable vorhersehbar war

ALASKA: Where did this peculiar server come from?
▶︎

ALASKA: Where did this peculiar server come from?

What the Armor of God Really Means When You Feel Too Weak to Fight (No Ads)
▶︎

What the Armor of God Really Means When You Feel Too Weak to Fight (No Ads)

Forget zbus, zlink is the future of IPC in Rust
▶︎

Forget zbus, zlink is the future of IPC in Rust

Trump verrät wahren Grund für Frieden & dankt sogar Putin!
▶︎

Trump verrät wahren Grund für Frieden & dankt sogar Putin!

China’s Secret | The Most Unbelievable Megaprojects in China | 4K Travel Documentary
▶︎

China’s Secret | The Most Unbelievable Megaprojects in China | 4K Travel Documentary

Lokale KI ist jetzt WIRKLICH brauchbar (und auf dieser Hardware läuft sie)
▶︎

Lokale KI ist jetzt WIRKLICH brauchbar (und auf dieser Hardware läuft sie)

Zig says NO to AI
▶︎

Zig says NO to AI

Leveraging bootable OCI images in Fedora CoreOS and RHEL CoreOS
▶︎

Leveraging bootable OCI images in Fedora CoreOS and RHEL CoreOS

The Future of AI Agents with Andrew Ng | Interrupt 26
▶︎

The Future of AI Agents with Andrew Ng | Interrupt 26

God Says:"I JUST CONFIRMED — ONLY YOU CAN SEE THIS LETTER"/God Message Now/God Message
▶︎

God Says:"I JUST CONFIRMED — ONLY YOU CAN SEE THIS LETTER"/God Message Now/God Message