In the evolving landscape of cybersecurity, protecting the integrity of computing systems from the moment they power on has become very important. As threats become more sophisticated, understanding and implementing advanced boot security mechanisms like Trusted Boot, Full Disk Encryption (FDE), Secure Boot, and Measured Boot are critical for safeguarding data and ensuring system integrity. This article demystifies these concepts, explores their significance, and examines their implementation in modern computing environments, particularly focusing on the Linux ecosystem and the approaches within the Kairos project.

It's all over the tech news. Someone managed to put a backdoor on xz Utils, a very common package on Linux systems. In this post I want to share with you about what happened, how it impacted Kairos images, and what you should do in case you were affected.

TL;DR​

A backdoor that can be used to exploit systemd based Linux via ssh was introduced in xz Utils. Only Kairos Tumbleweed v3.0.1 and v3.0.2 were affected. We deleted all related OCI images from our repos and artifacts from our releases. If you installed it and the system was exposed to the internet, you should do a complete re-install. If you hosted security keys in given system, you should rotate them.

I recently had the opportunity to attend KubeCon 2024. You can find my recap at the Spectro Cloud Blog, but I'd like to add some additional information about the Special Purpose Operating System Panel in which we participated.

The team is very excited to announce the next major release of Kairos, Kairos v3! This release marks a major milestone in our roadmap by adding support for Unified Kernel Images (UKI). This will enhance the level of security that you can achieve on your system with the help of Trusted Boot.

Last year I said you could expect Kairos to engage further during FOSDEM. And I'm quite pleased to say that's exactly what we did! As part of the open-source ecosystem, we recognize the importance of participating in these types of events. We do so, because we understand how critical it is to go where our users are, but this year we went a bit further and we also reached out to other similar projects.

Happy new year to all of you in the Kairos community! This 2024, we have many great plans that we want to achieve. You can find more about them in our roadmap.

We start the year with the release of Kairos v2.5.0. This time, we focused on the ground work for two major features that will land later in the year

1. Improving the Kairos Factory user experience: On previous releases we shared how our artifact names have changed to make it easier to distinguish between them. In this release we worked on Versioneer, a component that helps build such names in more sofisticated ways than the original script did. This has been aggregated to the kairos-agent upgrade command to help you filter through upgradable versions.
2. Adding support for UKI (Unified Kernel Images): This is still a WIP but we already have a proof of concept, meaning that Kairos will increase its security level by validating signatures using the EFI bootloader.

Did you ever look at a release and couldn't decide if it should be a patch, a minor or a major version bump? It has happened to everybody (if not, let me know). This Kairos release was a similar case. We didn't introduce any breaking changes and it was just bug fixes, which makes it a patch release. At least that's the story for user facing changes. Because, behind the scenes, we made some heavy changes, in the way we produce the Kairos artifacts and how we name them.

The detailed list of changes can be found in the release notes but the most important things to notice are listed below.

Hacktoberfest 2023 is here, and we are excited to announce that Kairos is taking part by creating some good first issues for new contributors to get started with and also by hosting a Hacktoberfest event on October 19th in Brussels.

We're thrilled to announce the release of version 2.4.0 of Kairos which brings a wealth of exciting improvements and essential bug fixes that we can't wait to share with you.

We're excited to roll out Kairos v2.3, the latest iteration of our project, packed with new features and enhancements. The most notable change in this version is the support for Federal Information Processing Standards (FIPS).