I worked at Google on post-Aurora endpoints security. Windows laptops are alive and well at Google. Linux laptops have had one foot in the grave for a while now (it's a bummer). Google historically made gLinux work only with enormous investments in customised distros and D&R.
> But maybe you could elaborate a bit more concretely about what kind of intra-host security boundaries are missing
- no boundaries between applications, everything runs as $USER which can read your browser creds
- no boundary between user and root, everything can trivially escalate privs (maybe we will fix this post Glasswing, let's see)
- no boundary between boots, root can trivially persist a compromise (probably non-root too)
The tech exists to solve all these problems on Linux, but there isn't a distro that strings it all together. (Unless you count ChromeOS/Android which are not really OSS).
> Unless you count ChromeOS/Android which are not really OSS
Wouldn't ChromiumOS and AOSP count? Though I read a lot of people generally complaining about secure boot on desktop (for reasons I honestly don't understand: secure boot seems to be part of the Android security model, and it seems valuable to me).
It's a good technical artifact yeah but it would need to be forked and degoogled, today it is only really useful with Google services as a backend.
Also it's coupled to the device ecosystem which is organised by Google. This coupling with the HW is one of its major technical strengths though, including for the security things I'm yapping about.
So yeah I think the two options for a EuroOS are:
- Fork and degoogle ChromiumOS/AOSP
- Invest in a Silverblue/bootc/Flatpak style system and just keep filling the gaps there
Hard to say which would be the better option. Both require at least tens of millions in investment over 5+ years.
> But maybe you could elaborate a bit more concretely about what kind of intra-host security boundaries are missing
- no boundaries between applications, everything runs as $USER which can read your browser creds
- no boundary between user and root, everything can trivially escalate privs (maybe we will fix this post Glasswing, let's see)
- no boundary between boots, root can trivially persist a compromise (probably non-root too)
The tech exists to solve all these problems on Linux, but there isn't a distro that strings it all together. (Unless you count ChromeOS/Android which are not really OSS).