PosrtmarketOS, the Linux ‘distribution’ for mobile devices, now also has an immutable variant, called Duranium.
Duranium is an immutable variant of postmarketOS, built around the idea that your device should just work, and keep working. You shouldn’t need to know what a terminal is to keep your device running.
“Immutable” means the core operating system is read-only and can’t be modified while it’s running. System updates are applied as complete, verified images rather than individual packages. Either the new image works, or the system falls back to the previous one automatically. No partially-applied state. No debugging audio when you need to make a phone call and no fussing with a broken web browser when you just want to doomscroll cat photos. It also means developers can reproduce the exact state of a user’s device, making it much easier to track down and fix issues.
↫ Clayton Craft on the postmarketOS blog
Duranium is built around the various functionalities and tooling provided by systemd, meaning the project didn’t have to reinvent the wheel. It works similarly to other immutable distributions, in that images for the base are downloaded and installed as a whole, with the preferred application installation method being Flatpak. Security-wise, Duranium uses dm-verity to protect /usr, cryptographically verifying data as it’s read. The image simply won’t boot if anything’s been tampered with. LUKS2 is used to encrypt mutable user and operating system data and configuration on the root file system.
Duranium is still under heavy development, but it makes sense to implement something like this now, since in the world of mobile devices, this has become the norm. I’m glad postmarketOS is taking these steps, and I sincerely hope I’ll eventually be able to use a postmarketOS device with KDE’s Plasma mobile shell at some point in the near future in my day-to-day life. This requires both postmarketOS to improve as well as for the regulatory landscape to break the duopoly on banking and government applications held by Android and iOS, and with the state of the US government as it is, this might actually be something Europe’s interested in achieving.
This is one of those times where systemd shows its versatility and utility, despite the continuing debates surrounding it as a whole. The OSes I use daily (Void Linux, OpenBSD, FreeBSD, Haiku) don’t have systemd, but that’s not why I use them; it’s just happenstance that they are the ones I “jive” best with — and in the case of Haiku, have a nostalgic connection to. I feel like systemd has reached a point where it makes sense for most Linux distros without caveats, though I’m still not a fan of the developers’ attitudes towards end users. Suffice to say, when it’s good it’s really good, but it still has a ton of room for improvement.
As for Duranium, I’m eager to check it out and see if it might eventually be a good fit for my hybrid tablet. PostmarketOS boots on it but is nearly unusable, so it may have a long way to go yet. I’ve always been intrigued by immutable OSes that aren’t iOS and Android, and for a phone running Linux it only makes sense to use that paradigm. Security and usability and privacy in a phone, without giving up rights and personal info to the big corporations? Sign me up!
Android used to have full-disk encryption; it gave the same warranties as dm-verity but was also hiding what is actually installed. But no fancy unlock screen or receiving SMSes while locked.
Lately I’m looking at alternative mobile platforms more seriously. Google haven’t been forthcoming with details, but apparently their push to restrict sideloading for APKs that are not signed through google’s chain of trust on certified android devices is still happening.
https://troypoint.com/google-confirms-android-sideloading-restrictions-for-2026/
Obviously there was already a hidden setting to enable sideloading, so it’s very unclear to me what additional barriers are going to be with respect to this “high-friction flow”?
Google used to be a far better advocate of user rights (distinguishing themselves from apple) and this made the duopoly more bearable. For better or worse that era’s gone now, and google are pushing hard for closed ecosystems to cage users. It makes me feel like jumping ship to protect my liberty. I really wish there was a viable alternative that didn’t require so much compromise. I already gave up on certain banking and work apps to run unofficial android images. The fact remains I’m dependent on android for everything:multimeters/IOT lights/solar charge controllers/security cameras/etc. The support for other platforms in the wild is zilch. If I had to loose everything to switch to a non-android device, that would be a really hard pill to swallow.
I hope the best for postmarketOS and others, we need them now more than ever!