Which OS for private secure internet browsing PC?

It rebooted to BIOS and I had to select options on a menu, I think I’ve done it right but not sure how to verify.

yeah we could add more details here, please open github issues for these documentation improvements

mokutil --sb-state btw

Also it mentions about rolling back to a snapshot but wasn’t sure how to create one.

That should probably say “deployment”, but anyways you don’t have to do anything. every time you make any changes via rpm-ostree, a new deployment is generated and deployed which you then boot into next reboot. The old deployment isn’t removed, two deployments are always kept. Please browse the silverblue docs as this isn’t specific to secureblue and isn’t something we’ll be documenting.

User add : Permission denied

sudo

which should probably be added as well, although it is somewhat implied by the nature of the changes

also you can run ujust audit-secureblue to check for steps you may have missed.

And again, like I mentioned previously, these are all steps you would want to do equivalent steps for on openSUSE Aeon as well if you want to harden it. So using Aeon wouldn’t really change anything in this regard except that you would have to modify the secureblue postinstall steps to be compatible with Aeon.

You may have deleted the page from github, but webarchive is forever (that is, if it’s not hacked yet again).
https://web.archive.org/web/20240711091023/https://github.com/secureblue/secureblue/blob/e33b73d9d3bceeb26eb40271d4aaae0ac37ff5ea/config/files/usr/etc/chromium/vanadium_comparison.readme.md

You say I spread misinformation and that all desktop-relevant patches were applied. But my “misinformation” is the factual observation that only 86 of the 135 ignored patches are marked as “Android only”.

Care to explain why?

And even if you have perfectly good explanations, would you care to appologize as well?

You may have deleted the page from github

Yes because it’s from before hardened-chromium even existed.

You say I spread misinformation and that all desktop-relevant patches were applied.

Yes, you are spreading misinformation and you’re now doubling down. The page you’re linking is from before we were applying a single patch, because hardened-chromium didn’t exist yet.

But my “misinformation” is the factual observation that only 86 of the 135 ignored patches are marked as “Android only”.

No, you are doubling down on misinformation. That page has nothing to do with hardened-chromium.

Care to explain why?

Because they patched Java code that only runs on Android and were not replicable using policies (remember this is before hardened-chromium). They do nothing on desktop. They have to be rewritten in cpp to have any effect, if they’re even relevant to begin with. Now that we have hardened-chromium, we can do so if needed.

But again, in your ignorance you’re pointing to a document that isn’t even about hardened-chromium. That’s a document describing drop-in policies, not patches.

would you care to appologize as well?

Wow. You have spread misinformation, doubled down on your misinformation, refused to correct your own misunderstanding, and then to top it all off demanded an apology from me? And for what, helping educate you on the difference between policies and patches? The difference between drop-ins on top of an application vs building the application yourself?

You have been blocked. I hope you don’t treat the work of others with the same contempt, especially offline.