Proof, not promises.
LUKS2 on by default. Secure Boot end-to-end. Every release must pass a full encrypted install before it can ship — and you can verify every claim yourself.
Full-disk LUKS2, on out of the box
The installer sets up LUKS2 full-disk encryption by default, with an opt-out during setup, using the modern argon2 KDF. You unlock with your passphrase at boot — deliberately no keyfile is stashed on disk to weaken it — and the release gate re-verifies exactly that layout on every gated install.
A signed chain from firmware to kernel
UEFI Secure Boot works out of the box: the signed shim → GRUB → kernel chain is validated end-to-end — including the firmware fallback path, so a fresh machine with Secure Boot enforcing boots first try — and out-of-tree (DKMS) modules are signed through a MOK so a tampered or unsigned module won't silently load.
apt can't delete your desktop
A guard refuses any transaction — on both the apt and offline-update paths — that would remove the desktop or core system packages. No other apt-based distro ships this protection by default.
It recovers before you have to
A boot-counting engine watches for trouble. Consecutive unhealthy boots are automatically routed to the last-known-good snapshot from the bootloader — recovery without a rescue USB.
Nothing leaves the machine by default
The optional AI reasoner is off by default and runs on-device or on your own LAN. With it off, no system data is ever sent anywhere; when on, reports are redacted (hostnames, IPs, serials, tokens stripped) before anything is built.
Inspectable, deterministic builds
The whole OS is produced from one repository by a deterministic live-build — no hand-tweaked images. Anyone can read the config to know exactly what's on the system and why.
A release that fails to install cannot ship
Publishing is mechanically blocked unless a real, headless, fully-encrypted install — boot, disk layout, runtime checks, and snapshot rollback — passes on the exact release commit. The installer is driven through the accessibility tree (the same interface assistive tech uses). The publish workflow refuses to sign if that gate isn't green on the exact commit; no human override path exists.
The signing key has never touched a developer's disk
The production APT archive key was generated in a RAM-backed keyring and has never been written to any developer machine. It exists only as a CI secret and one offline vault backup — signing happens in an ephemeral CI keyring discarded when the job ends. The fingerprint is published below so you can verify it from a second channel, independent of the repository.
Verify what you download
Every release ships a GPG-signed SHA256SUMS. Check the signature against the FoundryOS signing key, then confirm your ISO matches — before you ever write it.
# 1. Import the FoundryOS signing key
# Verify the printed fingerprint matches the value in the section below
curl -fsSL https://downloads.foundrylinux.com/apt/foundryos-archive-keyring.asc \
| gpg --import
# 2. Verify the checksum file is authentically signed
gpg --verify SHA256SUMS.asc SHA256SUMS
# 3. Confirm the ISO matches the verified checksum
sha256sum --check SHA256SUMS --ignore-missingThe archive key fingerprint is published in the Verify the archive key section below — a second trust channel independent of the download itself.
Verify the archive key
The FoundryOS APT repository is signed by the key below. This page is a second trust channel — independent of the repository itself — so you can confirm the fingerprint you see after fetching the keyring matches what is published here before adding the repository to your system.
- uid
- FoundryOS Archive Automatic Signing Key <[email protected]>
- type
- RSA 4096-bit
- created
- 2026-07-02
- expires
- 2029-07-01
- fingerprint
- 91A6 B451 133F 7273 76C2 1A27 A390 F094 259A 24A0
Click the fingerprint row to select it. Compact form: 91A6B451133F727376C21A27A390F094259A24A0
Check the fingerprint yourself
Fetch the keyring and confirm the fingerprint matches before trusting it. The binary and armored forms are both served from the same origin:
# Download the binary keyring to a temporary path
curl -fsSL https://downloads.foundrylinux.com/apt/foundryos-archive-keyring.gpg \
-o /tmp/foundryos-archive-keyring.gpg
# Print the key details — compare the fingerprint against the value above
gpg --show-keys --with-fingerprint /tmp/foundryos-archive-keyring.gpg
# If the fingerprint matches, install the keyring
sudo install -Dm644 /tmp/foundryos-archive-keyring.gpg \
/usr/share/keyrings/foundryos-archive-keyring.gpgPrefer ASCII-armored? https://downloads.foundrylinux.com/apt/foundryos-archive-keyring.asc
Correct apt sources entry
A correct /etc/apt/sources.list.d/foundryos.sources entry uses Signed-By pointing at the installed keyring file. apt will reject packages not signed by that exact key:
Types: deb
URIs: https://downloads.foundrylinux.com/apt
Suites: stable
Components: main
Signed-By: /usr/share/keyrings/foundryos-archive-keyring.gpgReplace stable with testing or edge for other release channels. By-hash is enabled on all channels.
Reporting a vulnerability
Found something? Please report it privately so it can be fixed before it's public: email[email protected]. A machine-readable contact lives at/.well-known/security.txt(RFC 9116); the full coordinated-disclosure policy ships with the 1.0 source release.
In the meantime, security fixes to the base flow automatically; feature and version upgrades stay gated behind your explicit consent. See the documentation for the full update policy.