Skip to content

Now closing on 1.0 — self-heal shipped & VM-validated

The stable desktop
everyone wanted.

The rock-solid foundation of Debian Stable, with fresh tooling for productivity, AI development, and enterprise deployment — and boot-time rollback so a bad update is never fatal.

Debian 13 · Trixie·Wayland / GNOME·UEFI Secure Boot·LUKS2 encrypted·Btrfs + snapper

A bad update, handled

live recovery
boot health · Boot #2 unhealthy — gpu-manager.service failed after a driver update
grub-btrfs · Booting the last known-good snapshot #12 straight from the bootloader
recovered · Working desktop restored in seconds — no rescue USB, no reinstall

Why FoundryOS

Stability you can trust. Freshness you can use.

Debian Stable is the most trusted desktop foundation in the world — and it ships deliberately old packages. FoundryOS resolves that tension with layering instead of compromise, then makes the whole machine impossible to permanently break.

Boot-level rollback

A bad update is never fatal

Every change is snapshotted. If an update breaks the system, reboot and pick the previous snapshot straight from the bootloader — back to a working machine in seconds, no rescue USB.

Self-heal · ADR-0037

It heals itself

A boot-counting engine watches for trouble. Consecutive unhealthy boots are automatically routed to the last-known-good snapshot — the machine recovers before you have to.

Self-preservation · ADR-0035

apt can't delete your desktop

A self-preservation guard refuses any transaction that would rip out the desktop or core system — on both the apt and offline-update paths. No other apt-based distro ships this.

Diagnostics · ADR-0033

Breakage is explainable

A deterministic substrate journals every change and health-checks every boot, so the system tells you what changed and what likely broke — then fixes the culprit instead of nuking the whole update.

Security

Encrypted, verified, and hard-gated

Full-disk LUKS2 encryption and UEFI Secure Boot are baked in. Every release must also pass a full headless VM install — accessibility-tree-driven, fully encrypted, with snapshot rollback exercised — before the publish pipeline will sign it. No override flag exists.

Enterprise / AD

Ready for the org

Active Directory join and domain login work out of the box, with an image IT can standardize — without giving up Debian's stability or recoverability.

The design in one picture

Four layers. One cardinal rule.

Freshness flows down from the top; stability is protected at the bottom. A package belongs in the highest layer that can host it — so newer software can never contaminate the base.

L4

Apps

Flatpak (Flathub) — browsers, IDEs, productivity, comms

Newest
L3

Dev environments

Distrobox / Podman — bleeding-edge AI, CUDA, Python

Fresh
L2

Hardware enablement

Curated overlay — Mesa, kernel, NVIDIA, firmware

Curated
L1

Base OS

Debian 13 Trixie — frozen · Btrfs + snapper + GRUB rollback

Frozen

If an update ever breaks the system, you reboot, pick the previous snapshot directly from the bootloader, and you're back to a working machine in seconds.

See it

A clean GNOME desktop — with tools for the hard parts.

GNOME on Wayland out of the box, and FoundryOS's own apps for the things a desktop should never make you open a terminal for: snapshots, health, updates, and the Freshness catalog.

The FoundryOS GNOME desktop showing the molten 'pour' wallpaper and dock
The FoundryOS Snapshots app

Snapshots

Browse every snapshot, see the exact package diff, mark known-good, and restore — no terminal.

The FoundryOS Health app

Health

Rule-based boot diagnosis that names the likely culprit and the one command to fix it.

The FoundryOS Updates app

Updates

See what's pending, what needs a reboot, and apply with a snapshot recorded automatically.

The FoundryOS Freshness app

Freshness

Install verified-newer kernels, drivers, and Mesa from the catalog — each one tested.

Foundry Control

Everything FoundryOS adds, in one place.

One first-party settings hub for the things that make FoundryOS different — each one off until you choose it, every risky change spelled out in plain language, and all of it lockable by IT for a fleet.

Self-heal

Recovery

Switch on automatic rollback and choose how many bad boots trigger it — or have the machine boot the last good snapshot and let you promote the fix yourself.

Freshness

Software

Opt in to fresher backports beyond the verified catalog, behind a clear risk dialog. The tested catalog always stays available.

Off by default

AI assistant

Optional diagnosis that runs on-device or on your own network — never in the cloud unless you deliberately wire it up. With it off, nothing about your system is ever sent anywhere.

Enterprise

Smartcard & web auth

Register a PIV/CAC/YubiKey into your browsers for corporate sign-in — without ever touching how you log in to the machine.

The Foundry Control AI assistant page, showing analysis turned off by default
The AI assistant page — off by default, and on-device or your own LAN when you want it.

The Freshness catalog

Newer software, only when it's proven safe.

Security fixes flow automatically. Feature and version jumps require your explicit consent — and a curated Freshness catalog tracks which fresher packages have actually been tested against the FoundryOS base.

We want that catalog to be deep and constantly re-verified. That testing runs on real machines and AI tooling — which costs money. Donations fund automated verification, so the approved catalog gets richer for everyone.

Help grow the catalog →

The flywheel

  1. 1

    Donations offset tokens

    Community support covers the AI + compute cost of testing fresher packages.

  2. 2

    Automated verification runs

    Each candidate is installed, snapshotted, boot-health-checked, and rolled back in a clean VM.

  3. 3

    Catalog gets richer

    Proven packages join the approved Freshness catalog — fresh and safe.

  4. 4

    Everyone benefits

    You get newer software on a base that still can't be broken.

Maybe this really is the year of the Linux desktop.

Stable to the core, fresh where it counts, and impossible to permanently break. Free, open source, and built in the open — try FoundryOS in a VM or on real hardware today.