Netherite is a secure & private operating system based on Calcite, an AlmaLinux-based immutable OS. It fills the gap for a secure, private, user-data-persistent, secure boot-capable, desktop OS.
Important
We have changed to AlmaLinux, please reinstall.
Warning
Setting up an internet connection is mandatory, otherwise installation will fail. If you can't set up an internet connection, do not install this software.
- hardened_malloc using weekly binaries
- Some remediations from ANSSI-BP-028 Minimal
- Replace Firefox with Chromium, and some policies/extensions to make it more secure/private
- Custom chrony config (time.grapheneos.org)
- Custom kernel tunables
- Modified
os-release
file - Enhanced NetworkManager privacy
- Count Me disabled
- usbguard installed (but not enabled)
You can use the ISO (highly recommended), or use bootc switch
if you are using Calcite or just plain AlmaLinux bootc:
bootc switch ghcr.io/charles8191/netherite/9
I prefer RHEL-based distros over Fedora and secureblue doesn't support bootc yet either.
The name is a really hard material in the video game Minecraft, further suggesting that this is a hardened Linux distribution.
A device with Windows 11 from the factory is a good baseline. Secure Boot doesn't need to be disabled. Adding a BIOS password is recommended.
Advanced users can install Mosby (updates the certificates, and can generate one and add it automatically) using the UEFI shell, which goes hand-in-hand with Netherite.