[$] Building secure images with NixOS
Image-based Linux distributions have seen increasing popularity, recently. They
promise reliability and security, but pose packaging problems for
existing distributions. Ryan Lahfa and Niklas Sturm spoke about the work that
NixOS has done to enable an image-based workflow at this year's
<a href="https://all-systems-go.io/" rel="nofollow">
All Systems Go!</a>
conference in Berlin.
Unfortunately, LWN was not able to cover the conference for scheduling reasons,
but the
<a href="https://www.youtube.com/watch?v=YAl27ciB6c8&list=PLWYdJViL9EipIImmvuoGFAeS-lKeHH2DD" rel="nofollow">
videos of the event</a> are available for anyone interested in watching the
talks.
Lahfa and Sturm explained that it is currently possible to create a
<a href="https://nixos.org/" rel="nofollow">
NixOS</a> system that
cryptographically verifies the kernel, initrd, and Nix store on boot — although
doing so still has some rough edges. Making an image-based NixOS installation is
similarly possible.
https://lwn.net/Articles/996329/