{"guid":"39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","title":"Platform security in NixOS","subtitle":null,"slug":"all-systems-go-2024-308-platform-security-in-nixos","link":"https://cfp.all-systems-go.io/all-systems-go-2024/talk/UQ3CYU/","description":"You may have heard about this weird distribution, NixOS, that breaks compatibility with /usr. \nThis talk explores the properties inherent to NixOS, focusing on its distinct approach to package management and system configuration. Learn how these principles combine with general upstream efforts at bringing TPM2, Secure Boot and more to your Linux distribution.\n\nEverything you wanted to know about why NixOS do things a certain way will be answered here. The idea is that you get out of this talk understanding the different compromises done by the NixOS community and what they get out of it.\n\nWe will cover https://github.com/nix-community/lanzaboote which is a Rust UEFI stub similar to systemd-stub with fewer features but with one unique special feature for NixOS, similar to UKI addons.\n\nWe will also do a status report of where NixOS stands in terms of adoption of systemd features such as systemd-pcrlock.\n\nLicensed to the public under https://creativecommons.org/licenses/by/4.0/de/","original_language":"eng","persons":["Ryan Lahfa","Niklas Sturm"],"tags":["308","asg2024","Main Hall","2024","Day 1"],"view_count":390,"promoted":false,"date":"2024-09-25T14:35:00.000+02:00","release_date":"2024-09-25T00:00:00.000+02:00","updated_at":"2026-04-12T18:45:06.581+02:00","length":1255,"duration":1255,"thumb_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/308-39db42ce-958c-56cd-b9a6-3ef6a3c03fbc.jpg","poster_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/308-39db42ce-958c-56cd-b9a6-3ef6a3c03fbc_preview.jpg","timeline_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/308-39db42ce-958c-56cd-b9a6-3ef6a3c03fbc.timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/events/all_systems_go/2024/308-39db42ce-958c-56cd-b9a6-3ef6a3c03fbc.thumbnails.vtt","frontend_link":"https://media.ccc.de/v/all-systems-go-2024-308-platform-security-in-nixos","url":"https://api.media.ccc.de/public/events/39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","conference_title":"All Systems Go! 2024","conference_url":"https://api.media.ccc.de/public/conferences/asg2024","related":[],"recordings":[{"size":121,"length":1255,"mime_type":"video/webm","language":"eng","filename":"asg2024-308-eng-Platform_security_in_NixOS_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-09-25T16:13:14.288+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/webm-hd/asg2024-308-eng-Platform_security_in_NixOS_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/80194","event_url":"https://api.media.ccc.de/public/events/39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":52,"length":1255,"mime_type":"video/webm","language":"eng","filename":"asg2024-308-eng-Platform_security_in_NixOS_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-09-25T16:09:39.153+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/webm-sd/asg2024-308-eng-Platform_security_in_NixOS_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/80192","event_url":"https://api.media.ccc.de/public/events/39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":40,"length":1255,"mime_type":"video/mp4","language":"eng","filename":"asg2024-308-eng-Platform_security_in_NixOS_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2024-09-25T15:56:51.733+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/h264-sd/asg2024-308-eng-Platform_security_in_NixOS_sd.mp4","url":"https://api.media.ccc.de/public/recordings/80185","event_url":"https://api.media.ccc.de/public/events/39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":13,"length":1255,"mime_type":"audio/opus","language":"eng","filename":"asg2024-308-eng-Platform_security_in_NixOS_opus.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2024-09-25T15:54:54.982+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/opus/asg2024-308-eng-Platform_security_in_NixOS_opus.opus","url":"https://api.media.ccc.de/public/recordings/80181","event_url":"https://api.media.ccc.de/public/events/39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":19,"length":1255,"mime_type":"audio/mpeg","language":"eng","filename":"asg2024-308-eng-Platform_security_in_NixOS_mp3.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2024-09-25T15:53:54.376+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/mp3/asg2024-308-eng-Platform_security_in_NixOS_mp3.mp3","url":"https://api.media.ccc.de/public/recordings/80180","event_url":"https://api.media.ccc.de/public/events/39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"},{"size":138,"length":1255,"mime_type":"video/mp4","language":"eng","filename":"asg2024-308-eng-Platform_security_in_NixOS_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2024-09-25T15:48:45.530+02:00","recording_url":"https://cdn.media.ccc.de/events/all_systems_go/2024/h264-hd/asg2024-308-eng-Platform_security_in_NixOS_hd.mp4","url":"https://api.media.ccc.de/public/recordings/80175","event_url":"https://api.media.ccc.de/public/events/39db42ce-958c-56cd-b9a6-3ef6a3c03fbc","conference_url":"https://api.media.ccc.de/public/conferences/asg2024"}]}