CyviZen: Immutable & Ephemeral by Default

CyviZen is functionally different to other operating systems, a primary distinction being that on shut-down there is no more Operating System.

Its not a locked, or hidden approach, CyviZens approach is deeper in that all the files necessary for function of an Operating System focused around the Linux Kernel are missing. And when they are present, they are only ephemerally present.

CyviZen literally builds the entire Operating System on every boot of the machine (typically within 30 seconds), leveraing NIX binary cache where appropriate, fusing together CyviZen Core OS functionality & your personal customisations to ensure a consistent experience no matter what physical machine you use.

CyviZen uses a partition layout similar to that on the right:

  • GPT & EFI are boot partitions, required by international standard to be unencrypted
  • Replay Denied uses BCacheFS, CyviZen is the first Operating System to use BCacheFS in production. A Key point with BCacheFS is that it is virtually impossible to perform a replay attack on the FileSystem
  • SWAP is Encrypted Ephemerally on every Boot, a new key is created as part of the boot process & the old key is not persisted anywhere. No Cold Boot Attacks with CyviZen
  • CO, CYN & Envoy are LUKS / CryptSetup managed and are part of CyviZens proprietary CYN: Your Digital Self technology
NOTE

There tends to be some confusion around the phrasing secure boot, we encourge people to read May Durst Blog: The Endless Conundrum of creating a secure PinePhone for some clarity on this matter. For an immutable system, Secure Boot is a nice to have, and might provide some indication that specific areas of hardware might have been compromised. However, modern hardware viruses that affect firmware are also designed to bypass secure boot safeguards.

NOTE

CyviZen as part of the Jubu series has l33t, where CyviZen operates entirely from our own SSD. Due to the nature of SSD CyviZen has been specifically designed to handle:

  • Accidental loss/theft, a casual observer will be unable to open your l33t without significant cost. (see CryptSetup FAQ for estimated costs to breach
  • Curious administrator, root on Linux Kernel based Operating Systems provides extreeme capabilities, CyviZen can protect your data from yourself. Even if you know the passphrase and force open l33t on another Linux Based Operating System you will be unable to access data stored in shell or any other vault.
  • Disk Cloning or virtualisation, due to the hardware fingerprint, and CyviZens unique boot & assembly of Operating System approach, CyviZen detects when l33t has been copied to another SSD (even if it is another ODM from CyviZen) or virtualisation is attempted.

Phase 1: The BIOS uses the EFI partition to load an initfs image with the minimum pre-installed functionality to mount & unlock BCacheFS. SystemD is used as the process manager.

Optionally, for additional security, OnlyKey &/or Apricon devices can be used. CyviZen goes to great lengths to ensure that it is able to be used by Enthusiasts, however, CyviZen is fully capable of meeting the needs of Investigative Reporters, or Diplomats

Phase 2: After successful passphrase entry, /nix/store/ is unlocked as the NIX Binary Cache, and a ephemeral key is generated and assigned to the SWAP partition. Secrets such as the passphrase to unlock the machine on idle are unknown to CyviZen, they are encrypted against a hardware fingerprint

Phase 3: CyviZen uses the hardware fingerprint to unlock the shell vault (local to the device) and both CYN & CO partitions are also mounted and unlocked. At this point, CyviZen is totally Ephemeral, and all saved or changed files will be lost on reboot (see CyviZens Jubu Series: dl33t). Rules for persistence to shell vault or another vault must be provided

NOTE

Every CyviZen is Unique. In fact within the Jubu Series, CyviZen is the Original Device Manufacturer of l33t. We did this because CyviZen creates a proprietary hardware fingerprint of the system it is installed on. CyviZen as the ODM for l33t ensures that each l33t is genuinely unique on manufacture. It is this hardware fingerprint that protects shell based secrets unique to that specific device CyviZen is installed on.

CyviZen is Ephemeral by Default, any file not tagged to be persisted will be lost on reboot. This includes system / and home ~/ files per FreeDesktop design specifications

CyviZen initially only offers persistence to shell vault, secured by the hardware fingerprint of the device itself.

CyviZens tagline Responsibility is Power implies the more you are willing to accept responsibility, the more power CyviZen can grant you. This is true for data persistence!

CyviCloud, an add-on to CyviZen offers Quantum Resilliant Storage via gocryptfs or cryfs depending on your specific needs. Every single folder, including nested folders within other folders can be stored to different physical locations per the Data Sovereignty Legislation that applies to your situation. Alternatively, P2P storage is also available. (CyviCloud does require an OnlyKey for use)