HalogenOS/image-builder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Page: System Requirements
Pages
A/B Updates and Provisioning Full Verified Boot Home Installing Software System Requirements
7 System Requirements
River edited this page 2025-04-18 15:10:06 -04:00
Table of Contents

HalogenOS System Hardware Requirements

Basic Requirements

No matter what, your system MUST have:

  • Fully UEFI compliant firmware
  • A 64-bit CPU
  • A network adapter
  • An internet connection
  • A display adapter
  • At least 8 gigabytes of RAM
  • A bootable device with at least 64 gigabytes of space

Recommended requirements

The system requirements will differ, depending on if you're building your own image. If you are using a pre-built image, you will need:

  • A display with an in-tree driver
  • A network adapter with an in-tree driver
  • Standard CPU extensions (SIMD, SSE)

It is also recommended that your system have:

  • At least 16 gigabytes of RAM
  • At least 128 gigabytes of space

Security Features

HalogenOS leverages modern hardware security features to protect the system against tampering, intrusion, exfiltration, and corruption. These features, unfortunately, are not often found on consumer devices, leaving system hardware and firmware vulnerable to attack. This requirement policy is based on the Linux Firmware Vendor Service's Host Security Identifier (HSI) Specification, which outlines what elements determine a system's resistance to different levels of attack sophistication.

Note

Installing HalogenOS on devices that do not meet the minimum security compliance requirements is possible, but unsupported, as zero guarantees can be made about the integrity of the data stored on the system.

Due to scarcity of sufficiently compliant hardware, HalogenOS targets HSI 2 or greater for its baseline, instead of HSI 3, 4, or 5. Devices compliant with HSI 2 require at least:

  • TPM 2.0
  • UEFI Secure Boot
  • Lock-able BIOS firmware
  • Write/read protected firmware
  • I/O Memory Management Unit
  • Debug systems and interfaces disabled

Important

This list is NON EXHAUSTIVE. You can read more about the HSI Specification here. To check your device's compliance, you can:

  • Look for your device on LVFS's list
  • Download and install fwupdmgr from its GitHub repository or via a package manager, and run fwupdmgr security

At runtime, fwupdmgr performs the necessary checks to determine the installation's HSI status. On first boot, this baseline is saved, and any changes to the baseline can be detected, and forwarded to the user for review. The user will also be notified if the device fails to meet HSI 2 on its first boot.