ParticleOS: Can we make Lennart Poettering run an image based distribution?!

Lennart Poettering likes to evangelize image based distributions, their security properties and all the good stuff systemd supports these days to make secure image based distributions possible (https://0pointer.net/blog/fitting-everything-together.html, https://0pointer.net/blog/brave-new-trusted-boot-world.html, https://www.youtube.com/watch?v=vT2uw25o0uM, ...).

However!!! Does Lennart actually run an image based system himself?!! The answer is no! He runs a mostly stock Fedora system (luckily without grub). So how do we get Lennart onto an image based system? That's where ParticleOS comes in, an image based distribution built completely on top of systemd tooling that intends to implement all of the ideas presented and implemented by Lennart across the years.

Unlike other image based distributions, ParticleOS focuses on letting users assemble, configure and sign their own image based distribution instead of providing a prebuilt and presigned one that is hard to customize. Users build ParticleOS themselves and sign it with their own keys. As ParticleOS is built with mkosi, any distribution supported by mkosi can be used as the base distribution and users can customize the image to their liking (adding packages, running arbitrary commands, switching to a different filesystem, ...).

This talk will first expose Lennart, then introduce ParticleOS, compare it to other image based distributions and hopefully convince the listeners that ParticleOS is a good fit for power users looking for a customizable, self-signed image based distribution based on top of all the ideas evangelized by Lennart over the years.

ParticleOS: https://github.com/systemd/particleos mkosi: https://mkosi.systemd.io/