EU OS

Appearance

Proof of Concept (PoC) Overview

The EU OS project's Proof of Concept (PoC) phase is dedicated to demonstrating the feasibility and core functionalities of a Linux-based operating system tailored for the European public sector. This section provides insights into the key technical areas explored and developed during this crucial initial stage. Our aim is to showcase a manageable, secure, and deployable desktop environment that addresses the specific needs of public administrations.

Use Cases and Technical Specifications

This page outlines the primary goals, target audiences, and core technical principles guiding the EU OS PoC. It details the rationale behind choosing Fedora Kinoite as the base, KDE Plasma as the desktop environment, Wayland as the display server, and an immutable OSTree-based architecture. The report also covers the application strategy, focusing on a minimal base image with Flatpak for application delivery, and addresses key concerns and out-of-scope considerations for this initial phase.

Disk Encryption

Security is paramount for public sector data. This page details how EU OS implements full-disk encryption (FDE) using LUKS2. It explains the setup process via Kickstart configuration and discusses methods for unlocking LUKS2 volumes, including passphrases and the integration of hardware security tokens like FIDO2 devices for enhanced security and user convenience. Instructions for enrolling a FIDO2 device are also provided.

Fleet Management

Managing a large number of desktops efficiently is a key challenge for public administrations. This section documents the exploration of fleet management solutions, with a focus on setting up and configuring Foreman with Katello. It includes details on repository setup, installation steps, and initial configuration for managing OS content and client registration, specifically highlighting the enablement of OSTree support and considerations for puppet integration.

WARNING

This area is under active development and represents initial PoC efforts.

User Management

Integrating with existing identity management systems is crucial for seamless adoption in public sector environments. This page will cover the strategies and progress related to user authentication and management within EU OS, including planned integration with solutions like FreeIPA using LDAP and Kerberos.

WARNING

This page is a work in progress and outlines planned explorations. Related issue: #42

Running Legacy Applications

While the primary focus of EU OS is on a native Linux environment, the need to access certain legacy Windows applications is a reality for some public sector workflows. This section will discuss potential approaches and considerations for supporting these applications, acknowledging that comprehensive Windows application support is out of scope for the base PoC.

WARNING

This page is a work in progress and outlines areas for future consideration. Related issue: #44