Skip to content

Proof, not promises.

LUKS2 on by default. Secure Boot end-to-end. Every release must pass a full encrypted install before it can ship — and you can verify every claim yourself.

Encrypted by default

Full-disk LUKS2, on out of the box

The installer sets up LUKS2 full-disk encryption by default, with an opt-out during setup, using the modern argon2 KDF. You unlock with your passphrase at boot — deliberately no keyfile is stashed on disk to weaken it — and the release gate re-verifies exactly that layout on every gated install.

Verified boot

A signed chain from firmware to kernel

UEFI Secure Boot works out of the box: the signed shim → GRUB → kernel chain is validated end-to-end — including the firmware fallback path, so a fresh machine with Secure Boot enforcing boots first try — and out-of-tree (DKMS) modules are signed through a MOK so a tampered or unsigned module won't silently load.

Self-preservation · ADR-0035

apt can't delete your desktop

A guard refuses any transaction — on both the apt and offline-update paths — that would remove the desktop or core system packages. No other apt-based distro ships this protection by default.

Self-heal · ADR-0037

It recovers before you have to

A boot-counting engine watches for trouble. Consecutive unhealthy boots are automatically routed to the last-known-good snapshot from the bootloader — recovery without a rescue USB.

Privacy

Nothing leaves the machine by default

The optional AI reasoner is off by default and runs on-device or on your own LAN. With it off, no system data is ever sent anywhere; when on, reports are redacted (hostnames, IPs, serials, tokens stripped) before anything is built.

Reproducible

Inspectable, deterministic builds

The whole OS is produced from one repository by a deterministic live-build — no hand-tweaked images. Anyone can read the config to know exactly what's on the system and why.

Hard-gated releases

A release that fails to install cannot ship

Publishing is mechanically blocked unless a real, headless, fully-encrypted install — boot, disk layout, runtime checks, and snapshot rollback — passes on the exact release commit. The installer is driven through the accessibility tree (the same interface assistive tech uses). The publish workflow refuses to sign if that gate isn't green on the exact commit; no human override path exists.

Key custody

The signing key has never touched a developer's disk

The production APT archive key was generated in a RAM-backed keyring and has never been written to any developer machine. It exists only as a CI secret and one offline vault backup — signing happens in an ephemeral CI keyring discarded when the job ends. The fingerprint is published below so you can verify it from a second channel, independent of the repository.

Verify what you download

Every release ships a GPG-signed SHA256SUMS. Check the signature against the FoundryOS signing key, then confirm your ISO matches — before you ever write it.

# 1. Import the FoundryOS signing key
#    Verify the printed fingerprint matches the value in the section below
curl -fsSL https://downloads.foundrylinux.com/apt/foundryos-archive-keyring.asc \
  | gpg --import

# 2. Verify the checksum file is authentically signed
gpg --verify SHA256SUMS.asc SHA256SUMS

# 3. Confirm the ISO matches the verified checksum
sha256sum --check SHA256SUMS --ignore-missing

The archive key fingerprint is published in the Verify the archive key section below — a second trust channel independent of the download itself.

Verify the archive key

The FoundryOS APT repository is signed by the key below. This page is a second trust channel — independent of the repository itself — so you can confirm the fingerprint you see after fetching the keyring matches what is published here before adding the repository to your system.

uid
FoundryOS Archive Automatic Signing Key <[email protected]>
type
RSA 4096-bit
created
2026-07-02
expires
2029-07-01
fingerprint
91A6 B451 133F 7273 76C2 1A27 A390 F094 259A 24A0

Click the fingerprint row to select it. Compact form: 91A6B451133F727376C21A27A390F094259A24A0

Check the fingerprint yourself

Fetch the keyring and confirm the fingerprint matches before trusting it. The binary and armored forms are both served from the same origin:

# Download the binary keyring to a temporary path
curl -fsSL https://downloads.foundrylinux.com/apt/foundryos-archive-keyring.gpg \
  -o /tmp/foundryos-archive-keyring.gpg

# Print the key details — compare the fingerprint against the value above
gpg --show-keys --with-fingerprint /tmp/foundryos-archive-keyring.gpg

# If the fingerprint matches, install the keyring
sudo install -Dm644 /tmp/foundryos-archive-keyring.gpg \
  /usr/share/keyrings/foundryos-archive-keyring.gpg

Prefer ASCII-armored? https://downloads.foundrylinux.com/apt/foundryos-archive-keyring.asc

Correct apt sources entry

A correct /etc/apt/sources.list.d/foundryos.sources entry uses Signed-By pointing at the installed keyring file. apt will reject packages not signed by that exact key:

Types: deb
URIs: https://downloads.foundrylinux.com/apt
Suites: stable
Components: main
Signed-By: /usr/share/keyrings/foundryos-archive-keyring.gpg

Replace stable with testing or edge for other release channels. By-hash is enabled on all channels.

Reporting a vulnerability

Found something? Please report it privately so it can be fixed before it's public: email[email protected]. A machine-readable contact lives at/.well-known/security.txt(RFC 9116); the full coordinated-disclosure policy ships with the 1.0 source release.

In the meantime, security fixes to the base flow automatically; feature and version upgrades stay gated behind your explicit consent. See the documentation for the full update policy.