I’ve got kind of a weird use case where I have a lot of laptops used for specifically for sensitive customer environments. These aren’t used by everyone all the time, but only when the need arises. We need to have persistence when needed, but in some environments where exfiltration is a concern, we need to be able to work with a machine that ‘forgets’.
Basically I need something like a live distro installed on the local system. but somehow allow luks encrypted persistence volumes on USB or something so our folks can maintain their own persistence when its allowed. I’ve used TAILS in the past for this, but some contracts specifically stipulate no USBs, and from what I understand, TAILS on HD is an adventure…
I’ve never heard of anything like this, and I don’t have the funding to spin our own distro at the moment. Anyone have any suggestions?
Haven’t used it myself, but maybe QubesOS? Seems similar to what you’re describing.
We used to use virtual box on windows with an immutable hard disk to boot the environment with storage, for persistence, elsewhere (usb for example) if required. Just used standard ubuntu for the guest distro.
Once you shut down the VM the vhd reverts to as installed. It’s a bit painful distributing the system but can be done.
You can prevent ordinary users messing with the immutable setting as well if that is a concern.
Just dd any ISOHybrid to an internal disk.
Something like LPS/TENS would fit your needs exactly, but it stopped being supported in 2021. It was essentially Tails but was built to be run from a wide verity of sources (we used to network boot onto PCs that had no hard drives at all, but had local network share access).
You probably want someone with some knowledge and experience as this sounds like something that could easy be screwed up. You don’t want to just install some run of the mill distro and call it a day for many reasons. What industry is this and what are the requirements?
I would ask on !sysadmin@lemmy.world since the people here may or may not have much business experience. The Linux community is notorious for good intentioned but ultimately poor recommendations.
That’s not what immutable distros are
oh awesome! I had no idea there were so many. I’ll have the team start assessing some of these