Version: 20250626
Rating: 10
Date: 2025-08-21
Votes: 30
|
I was looking for a GrapheneOS "alternative" for desktop and I found this project on privacyguides, it was the only non-debian project (which is a must for me) that was aimed at hardening your security. I was a Fedora KDE user, gave this project a try, without ever using rpm-ostree and with little knowledge about atomic distros.
I have to say I was surprised and amazed by all the tools you can use to make your distro work just like a normal one. The distro is pretty much foolproof with rpm-ostree and with it's ujust menu that can install vpn, steam(flatpak or distrobox) and help you harden/customize your security features and much more.
I was able download apps via flatpak, packages via homebrew and use distrobox when I wouldn't want a flatpak for an app (examples would be: signal, which is non-verified on flatpak and I made a debian distrobox and installed from there and it's pretty much seamless, I know it still uses electron but it's still better ig; spyder, which is non-verified on flatpak so I got it directly on a fedora box and mpv+mpv-mpris which are also unverified and they work seamless on a fedora box even with kde-connect control, which I layered on the image).
Gaming for me had no performance loss, but using steam flatpak (which is not verified) was the only way I could make it work, distrobox wouldn't let me use the nvidia gpu, so installing steam on a box would result in using igpu (secureblue comes with nvidia container toolkit by default but I couldn't make it work for me, it's just nvidia shenanigans probably).
Security wise, there are many features, which I won't get to, cause I'm not that technical. You lose access to sudo (you can layer sudo-rs) but you can still have an admin user with run0 and I had no issues without sudo. Secureblue comes with Trivalent, which I didn't use much yet, I'm a librewolf user and I'm not sure how "ungoogled" the browser is, as that is necessary for me, so I'll trade a little security for now, until I find out more. You can use hardened_malloc from GOS, but you have to see which apps work with it, for me librewolf and steam won't work with it so it seems that most of the apps just work with it.
Overall, I enjoyed fedora atomic more than the classic, and with the "flavour" of secureblue, security wise, with no performance loss and everything working just as intended, I can say that I found MY distro :)
|
• 
• 
• 
• 
• 
• 
• 
bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx 
lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr 
86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le 
