hekate/microsoft-systemd-findings-public
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
microsoft-systemd-findings-.../17-uapi-particleos-audit.md
hekate 5850d38f9a Public release, findings
2026-03-23 06:01:08 +00:00

5.9 KiB
Raw Permalink Blame History

UAPI Group Minutes Audit and ParticleOS Investigation

UAPI Group Summit Minutes - Identity/Age Topics

Finding: No Identity or Age Verification Discussion Found - Ever

All three Image-Based Linux Summit minutes (2022, 2023, 2024) and all FOSDEM devroom schedules (2023, 2025) were reviewed. No discussion of identity, age verification, user metadata, compliance, or birth dates appeared in any UAPI Group venue.

Year Topics Discussed Identity/Age?
2022 Image updates, boot security, partitioning, deployment models No
2023 systemd-sysusers, systemd-homed provisioning, SUSE Aeon integration No (homed discussed only re: storage mechanics)
2024 Configuration files, systemd-pcrlock, kernel initrd immutability, IPE LSM No
FOSDEM 2023 UKIs, TPMs, image-based updates, container OS No
FOSDEM 2025 ParticleOS, FDE, boot security, immutable Debian, bootable containers No

Significance

The birthDate field was added to systemd's JSON User Record format entirely outside the UAPI Group process. The same three people who controlled the birthDate merge (Poettering, Boccassi, Brauner) founded the UAPI Group, yet the age verification infrastructure was introduced through systemd's own unilateral process - with even less review than the UAPI Group's already minimal governance would have provided.

JSON User Record Format Is Not a UAPI Specification

The JSON User Record format (where birthDate lives) remains a systemd-internal specification documented at systemd.io/USER_RECORD/. No one has proposed or adopted it as a UAPI Group specification (UAPI.1 through UAPI.15). The UAPI Group specifications cover:

  • Boot (UAPI.1, UAPI.5)
  • Disk/partitions (UAPI.2, UAPI.3, UAPI.4)
  • Configuration (UAPI.6)
  • TPM (UAPI.7)
  • Packaging (UAPI.8)
  • Filesystem hierarchy (UAPI.9)
  • Versioning (UAPI.10)
  • Verification (UAPI.11)

None address user identity or metadata.

Sources:

ParticleOS Audit

What Is ParticleOS?

A "fully customizable immutable distribution implementing the concepts described in 'Fitting Everything Together'" - Poettering's architectural vision for image-based Linux. The systemd GitHub organization hosts it at github.com/systemd/particleos.

Key Technical Features

  • Built with mkosi - users build images and sign with their own keys
  • Supports Fedora, Debian, Arch as base distributions
  • Uses systemd-homed for user management - inherits full JSON user record schema
  • UEFI Secure Boot + dm-verity for verified boot chain
  • Integrates bleeding-edge systemd features from Git main
  • Integrity Policy Enforcement LSM support

Age/Identity Code Audit Result

No code or configuration specific to age, birth, identity verification, or compliance was found in ParticleOS. The user record schema (including birthDate once available in mainline systemd) is inherited from systemd upstream, not from ParticleOS-specific additions.

ParticleOS's "verification" concerns system image integrity (cryptographic proof that OS images are untampered), not user identity verification.

Development Timeline

Date Event
May 2022 Poettering publishes "Fitting Everything Together" (at Microsoft)
Late 2024 / Early 2025 ParticleOS repository created
Feb 2, 2025 First public presentation at FOSDEM 2025 by Daan de Meyer (then at Meta)
Apr 2025 It's FOSS article describes ParticleOS
Sep/Oct 2025 Follow-up talk at All Systems Go! 2025
Jan 28, 2026 Amutable publicly announced
Feb 1, 2026 FOSDEM 2026 talk: "ParticleOS, from Fedora to Feast" by de Meyer (now at Amutable)

ParticleOS predates Amutable's public announcement by ~1 year. de Meyer and Poettering developed it while at Meta and Microsoft respectively. It is the reference implementation for what Amutable now commercializes.

Contributors → Amutable Mapping

Contributor At Time of Contribution Now At
Daan de Meyer Meta Amutable
Lennart Poettering Microsoft Amutable
Luca Boccassi Microsoft Microsoft

The ParticleOS → Amutable Pipeline

Poettering publishes "Fitting Everything Together" (at Microsoft, 2022)
  │
  └─→ ParticleOS implements the vision (in systemd's GitHub org, 2024-2025)
       │  Developed by de Meyer (Meta) and Poettering (Microsoft)
       │  Uses systemd-homed (inherits full user record schema)
       │  Implements verified boot, dm-verity, IPE LSM
       │
       └─→ Amutable commercializes the technology (announced Jan 2026)
            │  "Cryptographically verifiable integrity for Linux workloads"
            │  Same team, same concepts, now for-profit
            │
            └─→ systemd adds birthDate to user records (Mar 2026)
                 │  Creates compliance use case for integrity tooling
                 │  Merged by Boccassi (Microsoft), blocked revert by Poettering (Amutable)
                 │
                 └─→ Enterprises need verified-state Linux for age compliance
                      └─→ Amutable's market

Sources: