Skip to content

Desktop profile

Rationale

Providing a configuration for an encrypted immutable* but very flexible and easily upgradable live desktop Archiso profile with most requested software which boots everywhere, load homes from permanent storage and it's the same on every device and architecture.

Pro

  • The system is never actually installed, just rebuilt and copied over. When put on an USB drive it can be both a functional desktop as well as a key to another encrypted profile.
  • It can easily be built even by end users on enterprise level online services.
  • It lessen the burden of managing multi-arch setups for a variety of device formats.
  • It's simpler than a standard arch system on many levels.

Cons

  • Currently building and deploying a new ISO takes a lot of time with FDE with images >40GB.

General principles
*Sorted by priority.*

To maximize:
  • security
  • portability
  • availability (uptime)
  • data redundancy
  • speed
  • usability
  • software availability
To minimize
  • redundancies in system interactions
  • time spent on the wiki
  • risk of data loss

Applications selection criteria:

  • explicit preference
  • hardware constraints (input devices, discrete graphics, mobile, headless)
  • crowdsourced feedback
  • etc

Proposals
*with (un)published and completion states.*

Security

  • Full disk encryption for root file system enabled by default in the source.
    • Support for the easiest access mechanism (USB dongle)
    • Authenticated encryption.
    • Semi-trusted online build
    • Fake pre-built dongle image in the archlinux official mirrors' download links.
  • UEFI secure boot support
  • The system should be made aware of potential physical threats directed towards the machine it currently lives on and act accordingly.
    • SELinux
    • Disable external and internal physical I/O ports (I'm thinking USB) on untrusted machines.
  • Replacement for UEFI secure boot in BIOS systems
    • Simplest mitigation against Evil Maids could be to also move bootloader, kernel and signatures on the dongle.
    • Generate stable unique metadata dependent on hardware constants at install time to be checked against at runtime.
    • It should be more difficult for a physical attacker to compromise the hardware unnoticed if it's always on, so the system should be equipped with a public "sentry" boot mode to be activated at "shutdown".
  • Until we have safe, easy and cheap sandboxing, configurations to use separate users should be added to applications which need confidentiality should be provided, like we already do with system services.
  • Automatic GPG and SSH keys generation for new users.
  • Remove public pkglist

More in general I think we need to tackle the issues reported here.

No data loss, no install, always synced between devices

  • Policies have to be set that say at any given time how the system should reproduce parts of itself by itself on any storage medium, even across networks.
  • The "install drive", if writable, should have a persistent quota.
    • fixed quota (build time, mkarchiso).
    • dynamic quota (run time, systemd).
  • It should also have persistent encrypted swap.
  • Buildable with AUR helper.
  • Portable homes with systemd-homed.
    • Since homectl password prompt it is currently not scriptable a plymouth prompt at first run is required
  • Solving #58 (closed) may help accomplish this.
  • If install has to mean something it has to be at the very least create on-demand software raids.

Performance

  • The base system should always run on RAM. An easy solution could be to split the airootfs into overlayable layers at build time, so that we can maximize the payload depending on memory availability.
    • ebaseline (1.4Gb)
    • ereleng (1.8Gb)
    • desktopbase (2.1Gb)
    • desktop (5.0Gb)

Software availability

  • Splashscreen (needs test)
  • Base GNOME desktop.
  • Base dwm desktop.
  • Base real world people software.
  • gnome-packagekit.
  • Flatpak.
  • AUR support**.
    • argon.
    • make compatible with gnome-packagekit.

Test

  • install and burn archlinux-desktop (AUR) or archlinux-desktopbase-git (AUR)

Related issues

MRs

Silverblue-like?*
**This is articulated.

Edited by Tallero Tallero
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information