Secureblue: Is This the Most Secure Linux Distro?

This is the first time we have done a video review/overview of a project that was added to the website, we hope to continue this when other changes are made on the website.

Today, we’re exploring secureblue, a project aimed at addressing security concerns in traditional Linux distributions by significantly hardening existing components and systems.

Have you tried secureblue? What do you think of the project now that we’ve done a comprehensive overview of it?

Looking forward to hearing everyone’s thoughts on this new style of video! :smiley:

about the title

I understand that secureblue isn’t technically a Linux distribution, but we’re using it in this case because it will help the video appeal to more people.

14 Likes

There have been Cryptpad and Onion Browser reviews, but this is the first video review.

It’s not hard to tell that I really like it! :grin: GrapheneOS has looked favorably on it, so I’m looking forward to see if secureblue will be an option for Linux VMs on GrapheneOS desktop mode!

2 Likes

Thanks for the correction, missed that! Yes this is the first video review/overview that we have done so far.

I’m glad you’re enjoying it, I like it too. It’s my daily driver now :smiley:

It would be cool if there was an option to use it in a Linux VM on GrapheneOS.

I think these video reviews are a good way of concisely summarizing why something may be recommended. This kind of (shorter) video is also imo easier to share with many people than telling them to “go to Privacy Guides and read this article”.

I’ve been using fedora workstation for about four years now (i switched to Linux during the Covid-19 pandemic) for sector specific reasons I moved to using mainly Ubuntu desktop while retaining fedora for personal use cases. About a year ago i heard about Secureblue from the GrapheneOS community.

Since then i have on occasion taken Secureblue for a test run on a spare machine. Unfortunately, I cannot replace my existing Ubuntu install with secureblue without some overly complex distrobox configuration. On the upside there is nothing preventing me from installing Secureblue over my fedora workstation install (except time and comfort with my current setup).

3 Likes

I currently use Aurora which is one of the main projects coming out of the Universal Blue effort. UBlue is actually the source of Secureblue as they provide the base images that several other projects take and customize to their liking. I don’t know how dependent Secureblue still is on UBlue’s images, but that is where they got their start and all of their work is enabled by cloud native technologies and methodologies.

In all, its a cool project but it makes too many sacrifices for my use case. That’s why I’m in the middle with Aurora where I get a lot of the same benefits like the atomic image, Homebrew, emphasis on flatpaks, and community of users all using the same image, without as many tradeoffs.

Still super happy to see Secureblue is starting to get recognition!

2 Likes

Immutable distros are a hassle to use and I went back to vanilla Fedora after using Silverblue on my daily driver.

I have a new Minisforum that I will put SecureBlue on and use it as a burner device for DEFCON.

We will see. I don’t really have a use case for it other than for browsing and maybe getting an SDR for fun.

1 Like

I agree only because I have esoteric hardware (Asahi Linux user lol), which I hope atomic distros get better at supporting in the future.

Other than that I do strongly feel that they are no more of a hassle or complicated than regular distros, they are just a different hassle than people are used to, which makes switching difficult. It’s why I like to recommend Silverblue to new Linux users, who have to learn new paradigms anyways, more than existing ones.

I mean it took me years longer than it should’ve to understand and embrace Docker and Ansible, just because relearning how to do things you can already do sucks.

6 Likes

Great video like always. Congratulations.

Question: how is secureblue (or any atomic distro) for gaming? I do play Guild Wars 2 on steam (currently on fedora WS) and it runs perfectly on any distro that I tried, from Ubuntu to Arch.
I just don’t know how the atomic system would handle that, is it just like any other Linux distro?

Thanks for the video, you saved me from making a mistake.

Considering SecureBlue falls far short of Android security, I don’t see the point in putting up with all the hassle.

2 Likes

Considering SecureBlue falls far short of Android security, I don’t see the point in putting up with all the hassle.

What will you use on desktop then?

Staying with Workstation. Insecure but private.
SecureBlue is a little less insecure, private, and a hassle.
If SB was just as secure as Android, I would give it a try.

GrapheneOS desktop is even more secure than stock Android, and private :grin:

1 Like

I don’t know how Secureblue would handle gaming, but Bluefin and Aurora should be mostly fine, and Bazzite is literally a gaming OS that started as a SteamOS clone. All are custom images of Fedora Atomic Desktops.

Osrs and 404 Dino runs great on Secureblue :melting_face:

what hassle? you pick what you want to use, if you want more security than silverblue, then you got secureblue.

Just learned SecureBlue has Sway as a viable DE. Time for me to switch over! Excited to give this a go.

1 Like

This video finally nudged me to try it on my laptop, and I’m really enjoying it so far!

Most things I need are working properly, and if not, they can be configured easily. Only complaint is how there is no straightforward way to allow specific container repositories in the container policy, but that’s easy enough to fix manually for now.

1 Like

If you find something that is a manual fix for you, consider contributing with that fix upstream! The nice thing about atomic images is that everyone else is using the same OS as you. That means you’re fix will fix it for everyone else and it will become part of the image overall rather than just being something you maintain. The cloud native approach makes it much easier for users to contribute improvements because at its core all yours doing is editing a containerfile.

2 Likes

For this particular case, it’s not necessary, since it already has an open issue with suggestions for implementations. Also, fun fact, this particular issue was made by this forum’s own @dngray.

But for future issues, I will try to contribute, if possible. :slight_smile:

1 Like