• Home Page, Headlines
 • DW Weekly, Comments
 • Packages, Package Management
 • Glossary, FAQ, Mobile Site 		 • Search, Sitemap
 • Major Distributions
 • Submit Distribution
 • Upcoming Releases
  • About DistroWatch
 • Beginner's Guide
 • Torrents, Page Hit Ranking
 • Advertise

DistroWatch.com: secureblue

secureblue


Last Update: 2026-02-08 01:17 UTC

secureblue is an immutable, security-focused desktop and server Linux operating system based on Fedora Atomic Desktop's base images - Silverblue, Kinoite and Sway Atomic. The project's goal is to build a maximally secure Linux operating system by proactively increasing defenses against the exploitation of both known and unknown vulnerabilities, while avoiding sacrificing usability for most use cases. Some of the security hardening features include a global hardened memory allocator developed by GrapheneOS, a security-focused Chromium-based browser called Trivalent, and Linux kernel hardening via sysctl and kernel arguments.

Popularity (hits per day): 12 months: 328 (37), 6 months: 285 (56), 3 months: 295 (51), 4 weeks: 267 (52), 1 week: 215 (51)

Average visitor rating: 10.0/10 from 2 review(s).

secureblue Summary
Distribution secureblue
Home Page https://secureblue.dev/
Mailing Lists --
User Forums --
Alternative User Forums Discord
Documentation https://secureblue.dev/faq
Screenshots DistroWatch Gallery
Screencasts
Download Mirrors https://secureblue.dev/install
Bug Tracker https://github.com/secureblue/secureblue/issues
Related Websites GitHub
Reviews  
Where To Donate, Buy or Try https://secureblue.dev/donate

Table Notes and Explanations

(Please refer to the table below.)
  • To compare the software in this project to the software available in other distributions, please see our Compare Packages page.
  • Notes: In case where multiple versions of a package are shipped with a distribution, only the default version appears in the table. For indication about the GNOME version, please check the "nautilus" and "gnome-shell" packages. The Apache web server is listed as "httpd" and the Linux kernel is listed as "linux". The KDE desktop is represented by the "plasma-desktop" package and the Xfce desktop by the "xfdesktop" package.
  • Colour scheme: green text = latest stable version, red text = development or beta version. The function determining beta versions is not 100% reliable due to a wide variety of versioning schemes.
TUXEDO
TUXEDO Computers

TUXEDO Computers - Linux Hardware in a tailor made suite
Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!

Learn more about our full service package and all benefits from buying at TUXEDO.

Star Labs

Star Labs Systems | Laptops designed for Linux

Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.


Feature 20250626
Release Date 2025-06-26
End Of Life  
Price (US$) Free
Image Size (MB) 4600-6400
Free Download ISO
Installation Anaconda
Default Desktop GNOME, KDE Plasma, Sway
Default Browser  
Package Format rpm, flatpak
Package Management  
Release Model Fixed
Office Suite --
Processor Architecture x86_64
Init Software systemd
Journaled File Systems Btrfs, ext4, JFS, XFS
Multilingual Yes
Full Package List 20250626
Package 20250626
alsa-lib (1.2.15.3) 1.2.14
amdgpu (25.0.0) --
apparmor (4.1.7) --
apt (3.1.16) --
bash (5.3) 5.2.37
bind (9.20.20) --
chromium (146.0.7680.164) --
cinnamon (6.6.7) --
cups (2.4.16) 2.4.12
e2fsprogs (1.47.4) 1.47.2
ffmpeg (8.1) 7.1.1
firefox (149.0) --
flatpak (1.16.3) 1.16.1
freetype (2.14.3) 2.13.3
gcc (15.2.0) 15.1.1
gimp (3.2.0) --
git (2.53.0) 2.49.0
glibc (2.43) 2.41
gnome-shell (50.0) 48.2
grub (2.14) 2.12
gtk (4.22.1) 4.18.5
httpd (2.4.66) --
inkscape (1.4.3) --
kmod (34.2) 33
krita (6.0.0) --
LibreOffice (26.2.1) --
Package 20250626
libselinux (3.10) 3.8
linux (6.19.9) 6.15.3
mariadb (12.2.2) 10.11.11
mate-desktop (1.28.2) --
mesa (26.0.3) 25.1.4
mysql (9.6.0) --
nautilus (50.0) 48.2
NVIDIA (595.58.03) --
openjdk (26) --
openssh (10.2p1) 9.9p1
openssl (3.6.1) 3.2.4
perl (5.42.1) 5.40.2
php (8.5.4) --
plasma-desktop (6.6.3) 6.4.0
postfix (3.11.1) --
postgresql (18.3) --
Python (3.14.3) 3.13.3
qt (6.11.0) 6.9.1
samba (4.24.0) 4.22.2
systemd (260.1) 257.6
thunderbird (149.0) --
vim (9.2) 9.1
vlc (3.0.23) --
wayland (1.25.0) 1.23.1
xfdesktop (4.20.1) --
xorg-server (21.1.21) --

Reader Ratings
Reader supplied reviews for secureblue

Average rating
10
from 2 review(s)


Version: 20250626
Rating: 10
Date: 2026-03-14
Country: United States
Votes: 0


 I'm not a distro-hopper. I have been a dedicated user of Arch Linux for close to 20 years. It is a fantastic distro and was always rock-solid for me. But, as I started to take a more serious approach to system security, I began the task of robustly hardening my existing installation. However, I soon became frustrated by the difficulty involved, especially the application of some implementation of Mandatory Access Control (SELinux, AppArmor, etc)). While Arch does support this, it is not default (obviously) and not trivial to comprehensively implement. I was also looking for reliable application sandboxing, hardened kernel and malloc implementations, unprivileged user namespaces and SUID binaries avoided where possible, and so on. Again, Arch does support this, but generating and maintaining a working implementation is not trivial.

In my search for alternatives, I stumbled across secureblue. Initially, I had reservations. I had never used an "atomic" OS before, and the use of Flatpak for applications was NOT something that I was accustomed to. As an experienced user however, I found the adjustment painless. The documentation is good, and the developer and community is very responsive and engaged.

I installed the Fedora "Kinoite" spin and quickly had a functional KDE Plasma desktop. I really appreciated the fact that several "toggles" are available to enable/disable some of the security features based on your specific threat model or use case. I would highly recommend reading through the documentation and FAQ to get a sense for what to expect from the default settings before you dive in and install. There is valuable information there that will help you assess if this is the right O/S for you.

I have been happily using secureblue for about 9 months now, and am quite impressed. I've got everything that I was looking for from a security standpoint (and more) in an easy-to-maintain, reliable system. It's a great project and well worth an in-depth look if you are searching for a security-focused Linux O/S.


Version: 20250626
Rating: 10
Date: 2025-08-21
Votes: 43


 I was looking for a GrapheneOS "alternative" for desktop and I found this project on privacyguides, it was the only non-debian project (which is a must for me) that was aimed at hardening your security. I was a Fedora KDE user, gave this project a try, without ever using rpm-ostree and with little knowledge about atomic distros.

I have to say I was surprised and amazed by all the tools you can use to make your distro work just like a normal one. The distro is pretty much foolproof with rpm-ostree and with it's ujust menu that can install vpn, steam(flatpak or distrobox) and help you harden/customize your security features and much more.

I was able download apps via flatpak, packages via homebrew and use distrobox when I wouldn't want a flatpak for an app (examples would be: signal, which is non-verified on flatpak and I made a debian distrobox and installed from there and it's pretty much seamless, I know it still uses electron but it's still better ig; spyder, which is non-verified on flatpak so I got it directly on a fedora box and mpv+mpv-mpris which are also unverified and they work seamless on a fedora box even with kde-connect control, which I layered on the image).

Gaming for me had no performance loss, but using steam flatpak (which is not verified) was the only way I could make it work, distrobox wouldn't let me use the nvidia gpu, so installing steam on a box would result in using igpu (secureblue comes with nvidia container toolkit by default but I couldn't make it work for me, it's just nvidia shenanigans probably).

Security wise, there are many features, which I won't get to, cause I'm not that technical. You lose access to sudo (you can layer sudo-rs) but you can still have an admin user with run0 and I had no issues without sudo. Secureblue comes with Trivalent, which I didn't use much yet, I'm a librewolf user and I'm not sure how "ungoogled" the browser is, as that is necessary for me, so I'll trade a little security for now, until I find out more. You can use hardened_malloc from GOS, but you have to see which apps work with it, for me librewolf and steam won't work with it so it seems that most of the apps just work with it.

Overall, I enjoyed fedora atomic more than the classic, and with the "flavour" of secureblue, security wise, with no performance loss and everything working just as intended, I can say that I found MY distro :)









Copyright © 2001 - 2026 Atea Ataroa Limited. All rights reserved. All trademarks are the property of their respective owners. Privacy policy. Change privacy settings.
DistroWatch.com is hosted at Copenhagen.

Contact, corrections and suggestions: Jesse Smith

Tips: bc1qxes3k2wq3uqzr074tkwwjmwfe63z70gwzfu4lx
lnurl1dp68gurn8ghj7ampd3kx2ar0veekzar0wd5xjtnrdakj7tnhv4kxctttdehhwm30d3h82unvwqhhxarpw3jkc7tzw4ex6cfexyfua2nr
86fA3qPTeQtNb2k1vLwEQaAp3XxkvvvXt69gSG5LGunXXikK9koPWZaRQgfFPBPWhMgXjPjccy9LA9xRFchPWQAnPvxh5Le
PayPal.me/distrowPatreon.com/distrowatch