Platform security in NixOS
09-25, 14:35–15:15 (Europe/Berlin), Main Hall

You may have heard about this weird distribution, NixOS, that breaks compatibility with /usr.
This talk explores the properties inherent to NixOS, focusing on its distinct approach to package management and system configuration. Learn how these principles combine with general upstream efforts at bringing TPM2, Secure Boot and more to your Linux distribution.


Everything you wanted to know about why NixOS do things a certain way will be answered here. The idea is that you get out of this talk understanding the different compromises done by the NixOS community and what they get out of it.

We will cover https://github.com/nix-community/lanzaboote which is a Rust UEFI stub similar to systemd-stub with fewer features but with one unique special feature for NixOS, similar to UKI addons.

We will also do a status report of where NixOS stands in terms of adoption of systemd features such as systemd-pcrlock.

A NixOS developer, maintainer of https://github.com/nix-community/lanzaboote and various low-level stuff in NixOS.