An introduction to immutable OS images
An immutable image is a OS installation that limits the user by modifying sensitive parts of the OS.
But what shall this be good for?
- Limit myself of using my computer?
- Increasing security by detecting modifications?
- Protecting end users of an embedded device?
What kind of immutable images can we build? Read-only RFS? Only ‘/usr’ is immutable. What are the benefits / drawbacks / use-cases of different concepts?
What about runtime security? Using Integrity Policy Enforcement, to go beyond SecureBoot.