PosrtmarketOS, the Linux ‘distribution’ for mobile devices, now also has an immutable variant, called Duranium.
Duranium is an immutable variant of postmarketOS, built around the idea that your device should just work, and keep working. You shouldn’t need to know what a terminal is to keep your device running.
“Immutable” means the core operating system is read-only and can’t be modified while it’s running. System updates are applied as complete, verified images rather than individual packages. Either the new image works, or the system falls back to the previous one automatically. No partially-applied state. No debugging audio when you need to make a phone call and no fussing with a broken web browser when you just want to doomscroll cat photos. It also means developers can reproduce the exact state of a user’s device, making it much easier to track down and fix issues.
↫ Clayton Craft on the postmarketOS blog
Duranium is built around the various functionalities and tooling provided by systemd, meaning the project didn’t have to reinvent the wheel. It works similarly to other immutable distributions, in that images for the base are downloaded and installed as a whole, with the preferred application installation method being Flatpak. Security-wise, Duranium uses dm-verity to protect /usr, cryptographically verifying data as it’s read. The image simply won’t boot if anything’s been tampered with. LUKS2 is used to encrypt mutable user and operating system data and configuration on the root file system.
Duranium is still under heavy development, but it makes sense to implement something like this now, since in the world of mobile devices, this has become the norm. I’m glad postmarketOS is taking these steps, and I sincerely hope I’ll eventually be able to use a postmarketOS device with KDE’s Plasma mobile shell at some point in the near future in my day-to-day life. This requires both postmarketOS to improve as well as for the regulatory landscape to break the duopoly on banking and government applications held by Android and iOS, and with the state of the US government as it is, this might actually be something Europe’s interested in achieving.
