Follow

Our first step towards full System Transparency is here with diskless infrastructure. Try it out as a beta on a pair of WireGuard servers in Sweden.

This marks the start of our long running public facing journey into the System Transparency project.

Read more about it on our blog: mullvad.net/blog/2022/1/12/dis

@mullvadnet

NIce, so basically a custom live-cd?
Or how does it work on the server itself?

@selea The OS runs in ram much like a live ISO would yes but there is much more to this than diskless infrastructure. The idea is to use TPM for remote attestation of the boot chain, reproducible builds (to link source code to artifacts) and a transparency log for historical records, and more (https://www system-transparency.org). This is step 1, a custom boot loader that fetches and validates the signed OS package before accepting it.

@vistor

ah that's very cool! Would love to see it in action someday, maybe I'll pay Mullvad HQ a visit when the pandemic is over :P

@mullvadnet Short feedback: So far everything works flawlessly and fast!
Thanks for your work!

@mullvadnet I'll tell you, wireguard was so much easier to setup on the commandline than openVPN. And it is blazing fast in comparison. I'm using the Sweden servers, so maybe it is those diskless servers that are so dang fast.

Sign in to participate in the conversation
Mastodon

A newer server operated by the Mastodon gGmbH non-profit