-
/usr contains the actual operating system binaries, and becomes immutable. /etc (config), /var (state), and /home (personal files) remain mutable and persist across updates.- duranium maintains two 5GB read-only partitions, acting as A/B slots for OS upgrades. updates are installed into the inactive slot, and upon a successful boot, that slot is promoted to primary, otherwise we fall back to the original slot. rinse and repeat.
-
/usr is cryptographically hashed, and authenticity is verified on the bootloader level. if the OS is tampered with, hash verification fails, and the boot fails. this verification requires UEFI support on the device, which can be provided by u-boot, but support is currently limited.- naturally, flatpak and coldbrew (homebrew but alpine linux repos) become the primary methods for installing software on duranium. both are sandboxed and can't tamper with the core OS. other options are available of course, but these are officially supported.
- even more than regular postmarketOS, this is very much in testing, and not recommended for stable use. but it does show a lot of promise for the future of pmOS!