blucaOct 8

Documentation on how to build #mkosi images, with all the #systemd security-relevant goodies, on SUSE's OBS @obshq is now published: https://openbuildservice.org/help/manuals/obs-user-guide/cha-obs-package-formats#sec-pkgfmt-mkosi

(NB: until we tag the next release this requires mkosi built from git main, hint hint @daandemeyer )

Supported Build Recipes and Package Formats

Supported Build Recipes and Package Formats

Jesień LinuksowaOct 1

🔥 Image-based Linux with systemd [EN]

@zbyszek, a #systemd developer and #Fedora maintainer, will explore the future of image-based, immutable, cryptographically verified #Linux installations, covering engineering challenges, secure updating/extending, and how tools like #mkosi build installation images, initrds, and extensions from distro packages.

📍 Where: Hotel przy Młynie, Rybnik
📅 When: 24–26 October 2025
🔗 Register now: https://jesien.org/2025/zapisy

#JesienLinuksowa #Immutable #OpenSource

Erik WierichAug 15, 2025

I wrote a blog post around modern secure boot options for embedded Linux devices. It showcases how new systemd features provide a turn-key solution for problems that previously required a lot of custom integration.

https://www.cnx-software.com/2025/08/15/embedded-device-security-protecting-linux-systems-with-modern-tools/

#systemd #mkosi #secureboot #embedded #linux

Embedded Device Security: Protecting Linux Systems with Modern Tools

CNXSoft: This is a guest port by Erik Wierich, Senior Engineer at RISCstar Solutions, demonstrating a practical security implementation for embedded devices using standard Linux tools like dm-verity and TPM 2.0. It covers threat models, filesystem security, and TPM-based encryption with working code examples. Nowadays, it is (rightfully) impossible to put an embedded device into the market without comprehensive embedded device security measures. Most new devices store private data that we do not want to see leaked in dark corners of the Internet. We also want to avoid our device ending up as part of a botnet. Linux has a large set of tools to help us with security. What has historically been lacking is a simple, off-the-shelf way to integrate these tools into a secure-by-default configuration. This post will demonstrate how modern tools simplify deployments while ensuring strong security. Embedded Device Security Scope When talking about embedded system security,

CNX Software - Embedded Systems News
openSUSE LinuxJul 29, 2025
New to #mkosi-initrd? It’s more than a #dracut alternative; it’s a #dev-friendly, RPM-driven #initrd builder with future potential.
✅ Integrated in #systemd
✅ Builds from known sources
⚠️ Still maturing (arch/feature limits)
Explore the pros/cons from this #oSC25 talk https://youtu.be/p78J3Ql7D6s?si=JbKZpq9fFb3Oesr9
openSUSE Conference 2025 - mkosi-initrd enablement on openSUSE

YouTube
openSUSE LinuxJul 17, 2025
Is #dracut your go-to for #initrds? It might be time for a mindset shift. This #oSC25 talk dives into #mkosi-initrd, which is a faster, package-based way to build initrds, used on #Tumbleweed and backed by #systemd devs. Built from RPMs, no third-party surprises. https://youtu.be/p78J3Ql7D6s?si=JbKZpq9fFb3Oesr9
openSUSE Conference 2025 - mkosi-initrd enablement on openSUSE

YouTube
Hacker NewsJul 16, 2025

Mkosi – Build Bespoke OS Images

https://mkosi.systemd.io/

#HackerNews #Mkosi #BespokeOS #CustomImages #LinuxDevelopment #Systemd

mkosi — Build Bespoke OS Images

openSUSE LinuxJul 7, 2025
Say goodbye to fragile early #boots 🚀Learn how #mkosi-initrd provides clearer ownership, faster boot times and smarter rebuilds in this #oSC25 talk. Based on #distro packages. Avoids 10+ #dracut service delays #initrd #systemd #openSUSE. https://youtu.be/p78J3Ql7D6s?si=JbKZpq9fFb3Oesr9
openSUSE Conference 2025 - mkosi-initrd enablement on openSUSE

YouTube
ClaytonJun 23, 2025

Introducing initial support for #postmarketOS in #mkosi 🥳

https://github.com/systemd/mkosi/pull/3781

Show threadAlex D'AndreaMar 1, 2025

Found some examples in this repo:

https://github.com/nosada/mkosi-files

Have several build attempts, but still struggle at customizing the built image automatically: file access permissions aren't allowing modifications, sudo in the container does not work, etc.

Anyways, liking that mkosi / systemd-nspawn nicely integrate into the systemd ecosystem - and come with superb documentation.

#systemd #mkosi

GitHub - nosada/mkosi-files: Configs and files for creating basic Arch Linux container image on systemd-nspawn using mkosi

Configs and files for creating basic Arch Linux container image on systemd-nspawn using mkosi - nosada/mkosi-files

GitHub
Show threadkcxtFeb 20, 2025

@katzenmann @chimera_linux yeah once we get mount namespaces going as well and some more pluggable CLI i will absolutely be dropping a justfile in and composing more complicated setups like having packages to build firmware.

we could also then pretty easily add some #mkosi templates to wrap pmb so you can easily script building custom images.