You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The recent news of Fedora Atomic Desktops has got me thinking. What if the same technology could be used for enterprise workstations/laptops? In my company, all business laptops currently run Windows 10. The reason supposedly is security and ease of administration. Features used today are: Users are authenticated using AD, disks are encrypted with BitLocker, there is no admin access, apps can only be installed via the internal SoftwareManager, execution of files that are not signed is prohibited, VPN is configured to connect when working remotely automatically, custom certificates. The entire system is sealed off.
Linux probably supports all of these features but requires a lot of manual configuration. What if rpm-ostree is used to provision and manage these machines centrally and remotely? What is still missing in terms of guaranteeing a trusted execution chain (Secure boot and signed images) from firmware to user level?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The recent news of Fedora Atomic Desktops has got me thinking. What if the same technology could be used for enterprise workstations/laptops? In my company, all business laptops currently run Windows 10. The reason supposedly is security and ease of administration. Features used today are: Users are authenticated using AD, disks are encrypted with BitLocker, there is no admin access, apps can only be installed via the internal SoftwareManager, execution of files that are not signed is prohibited, VPN is configured to connect when working remotely automatically, custom certificates. The entire system is sealed off.
Linux probably supports all of these features but requires a lot of manual configuration. What if rpm-ostree is used to provision and manage these machines centrally and remotely? What is still missing in terms of guaranteeing a trusted execution chain (Secure boot and signed images) from firmware to user level?
Beta Was this translation helpful? Give feedback.
All reactions