Real data from real boot tests. What we harden, what we don't have yet, and why radical honesty is our security posture.
Data below comes from two real systems: Alfred Linux RC8 boot-tested in QEMU/KVM on April 6, 2026, and a production Ubuntu 22.04 server running kernel 5.15.0-173. Both systems use AMD/Intel hardware with the same vulnerability surface.
| Vulnerability | Alfred Linux RC8 Kernel 7.0.0-rc7 |
Ubuntu 22.04 LTS Kernel 5.15.0-173 |
|---|---|---|
| Spectre V1 | Mitigation: usercopy/swapgs barriers + __user pointer sanitization | Mitigation: usercopy/swapgs barriers + __user pointer sanitization |
| Spectre V2 | Mitigation: Retpolines + RSB filling on context switch and VMEXIT | Vulnerable: eIBRS with unprivileged eBPF |
| ITS (Indirect Target Selection) | Mitigation: Aligned branch/return thunks Kernel 7 native | Mitigation: Aligned branch/return thunks (backported) |
| MDS (Microarch. Data Sampling) | Vulnerable: Clear CPU buffers attempted, no microcode ¹ | Not affected (CPU-dependent) |
| Speculative Store Bypass | Vulnerable ¹ | Mitigation: disabled via prctl and seccomp |
| Meltdown | Mitigation: PTI (Kernel Page Table Isolation) | Not affected (CPU-dependent) |
| L1TF (L1 Terminal Fault) | Mitigation: PTE Inversion | Not affected (CPU-dependent) |
| Retbleed | Mitigation: Enhanced IBRS | Mitigation: Enhanced IBRS |
| MMIO Stale Data | Mitigation: Clear CPU buffers | Mitigation: Clear CPU buffers; SMT vulnerable |
| TSX Async Abort | Mitigation: TSX disabled | Not affected (CPU-dependent) |
| TSA (Transient Scheduler Attacks) | Mitigation: Clear CPU buffers Kernel 7 native | Not affected (CPU-dependent) |
| VMSCAPE (VM Escape Hardening) | Mitigation: VMCS shadowing restricted Kernel 7 native | Not affected (CPU-dependent) |
| Gather Data Sampling | Mitigation: Microcode | Mitigation: Microcode |
| SRBDS | Mitigation: Microcode | Not affected (CPU-dependent) |
¹ VM test limitation: MDS and Speculative Store Bypass show "Vulnerable" because QEMU/KVM
does not pass through CPU microcode. On real hardware with vendor microcode installed (via intel-microcode
or amd64-microcode packages, both included in the ISO), these would show mitigated status.
Ubuntu's "Not affected" entries reflect the specific CPU model of that production server, not a kernel advantage.
Three vulnerability classes have native mitigation code that was written for kernel 7.0:
What runs on first boot, before the user touches anything. Alfred Linux RC8 ships 32 security modules across 3 hooks — more out-of-box hardening than any mainstream desktop Linux.
| Security Feature | Alfred Linux RC8 | Ubuntu 24.04 LTS |
|---|---|---|
| Firewall (UFW + nftables) | Both enabled, default-deny input ✅ | UFW installed but disabled |
| fail2ban (brute-force protection) | Running, SSH 3-try/24h ban ✅ | Not installed |
| auditd (kernel audit logging) | 30+ rules, CIS-benchmark, immutable ✅ | Not installed |
| Kernel sysctl hardening | 45+ rules, CIS Level 2 ✅ | Minimal defaults |
| Kernel lockdown mode | lockdown=integrity ✅ | Not enabled |
| AppArmor | Enforced + custom IDE/search profiles ✅ | Initialized ✅ |
| Unattended security upgrades | Running on first boot ✅ | Running on first boot ✅ |
| DNS privacy (DNS-over-TLS) | Quad9 + Cloudflare, DNSSEC ✅ | Plaintext DNS by default |
| MAC address randomization | WiFi + Ethernet random by default ✅ | Not configured |
| SSH hardening | Strong ciphers only, no forwarding, 3 tries ✅ | Default permissive config |
| File integrity (AIDE) | Installed + daily cron check ✅ | Not installed |
| Antivirus (ClamAV) | Running + weekly scan ✅ | Not installed |
| Rootkit detection | rkhunter + chkrootkit, daily ✅ | Not installed |
| Full-disk encryption (LUKS) | 1-click in installer ✅ | Available in installer ✅ |
| NTP authentication (NTS) | chrony + NTS (Cloudflare, Netnod) ✅ | systemd-timesyncd, no NTS |
| PAM password hardening | 10-char, 3-class, lockout after 5 ✅ | Minimal defaults |
| Process isolation (hidepid) | hidepid=2 on /proc ✅ | All processes visible |
| Core dumps disabled | Disabled system-wide ✅ | Enabled by default |
| Compiler restriction | gcc/g++/make restricted to dev group ✅ | Accessible to all users |
| Secure mount options | /tmp noexec, /dev/shm nodev/nosuid ✅ | Default mount options |
| Kernel module blacklisting | Firewire, dccp, sctp, rds, cramfs ✅ | All modules loadable |
| USB logging + control | udev logging + toggle tool ✅ | No USB monitoring |
| Cron/at lockdown | Root-only (allow list) ✅ | Any user can add cron jobs |
| Security banners | Legal warning on login + SSH ✅ | No banner |
| Memory init (init_on_alloc) | init_on_alloc=1, init_on_free=1 ✅ | Not set |
| kernel.unprivileged_bpf_disabled | Set via sysctl ✅ | Not set (Spectre v2 vector) |
Security tools included: alfred-security-status (dashboard), alfred-scan (antivirus), alfred-usb-storage (USB toggle), alfred-aide-init (integrity baseline), alfred-network-status (network audit), alfred-encrypt-status (encryption check).
Radical honesty. Even with 32 security modules, Ubuntu has advantages we can't match today.
Ubuntu LTS ships security patches for 5-12 years. We're a release candidate with no long-term commitment yet.
Canonical has a dedicated security team publishing USNs within days. We have a small team and no SLA.
No FIPS 140-2, CIS Benchmarks, or DISA STIGs. Enterprises cannot deploy us until those exist.
Boot-verified in QEMU/KVM only. No bare-metal test matrix across vendor hardware yet.
Every Alfred Linux ISO is built by a single script with numbered, auditable hooks. Nothing is hidden.
scripts/build-unified.sh rc8 --uefi ← one command ├── Hook 0100: branding + UFW + SSH ← visual identity + base firewall ├── Hook 0150: hardware ← drivers, firmware, microcode ├── Hook 0160: security (21 modules) ← sysctl, AppArmor, auditd, ClamAV, AIDE, etc. ├── Hook 0165: network hardening ← nftables, MAC random, SSH ciphers, anti-scan ├── Hook 0170: full-disk encryption ← LUKS/cryptsetup, Calamares FDE ├── Hook 0200: browser ← Alfred Browser (privacy-first) ├── Hook 0300: ide ← Alfred IDE ├── Hook 0400: voice ← Kokoro TTS engine ├── Hook 0500: search ← Meilisearch ├── Hook 0600: installer ← Calamares (graphical disk installer) ├── Hook 0700: welcome ← first-boot experience ├── Hook 0710: update ← OTA update framework ├── Hook 0800: store ← Alfred Store ├── Hook 0900: voice-v2 ← advanced voice engine ├── Hook 9999: boot-fix (chroot) ← generic kernel names for bootloader └── Hook 9999: boot-fix (binary) ← ISOLINUX/GRUB references
SHA-256: 7d49ef3cfb957cb9854bd3f451ef99ec8255afd68069a89ed0cf5a847d5d79bf BLAKE3: e021d2024599aa918972d9e6b9fd9c1d97d226ac69da035913fd7a462dbef47d File: alfred-linux-4.0-rc8-amd64.iso Size: 2.4 GB
Verify yourself: sha256sum alfred-linux-4.0-rc8-amd64.iso · b3sum alfred-linux-4.0-rc8-amd64.iso
The build script, all 16 hooks (including 3 dedicated security hooks totalling 800+ lines), and the kernel config are inspectable. The ISO is built on a dedicated GoSiteMe build server (8 cores, 32 GB RAM) using Debian live-build toolchain on Debian Trixie. The compiled kernel produced 44,028 lines of build output with zero errors.
On April 6, 2026, we booted the RC8 ISO in QEMU/KVM and captured 1,363 lines of kernel and systemd output.
Linux version 7.0.0-rc7-alfred[ 0.256611] mitigations: Enabled attack vectors: user_kernel, user_user, guest_host, guest_guest, SMT mitigations: auto [ 0.260297] Spectre V2 : Mitigation: Retpolines [ 0.261401] ITS: Mitigation: Aligned branch/return thunks [ 0.264740] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 0.266790] Spectre V2 : Spectre v2 / SpectreRSB: Filling RSB on context switch and VMEXIT
systemd 257.9-1 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +IPE +SMACK +SECCOMP +GCRYPT +OPENSSL +ELFUTILS +FIDO2 +TPM2 +ZSTD +BPF_FRAMEWORK)
Alfred Linux isn't just an operating system. It's the foundation layer for a larger vision.
The transparent, auditable operating system. Every build hook visible, every mitigation documented, every gap disclosed.
The builder's tool. Developers create applications, extensions, and AI agents on a foundation they can verify.
A governed digital civilization with 115,000+ AI citizens, courts, passports, democratic governance — where corruption is architecturally impossible.
Governance models proven in MetaDome can be applied to real-world transparency challenges — from climate policy to resource allocation.
The argument is simple: you cannot build corruption-proof digital governance on a black-box operating system. If the foundation isn't transparent, the whole "trust by design" claim is hollow. Alfred Linux proves that even the OS layer — the lowest level — can be open, auditable, and honest about its limitations.
When MetaDome runs governance simulations — AI citizens voting on policy, transparent courts resolving disputes, energy-aware compute — it matters that the OS underneath isn't hiding anything. That's not marketing. That's architecture.
We do not claim Alfred Linux is "more secure than Ubuntu."
Ubuntu has 20 years of battle-testing, a dedicated security team, compliance certifications, and LTS commitments that we cannot yet match. It is the right choice for enterprises that need those guarantees today.
What we do claim:
That's our posture: security through transparency. Not through claims we can't back up.
Download the ISO. Check the SHA-256 and BLAKE3 hashes. Boot it. Run cat /sys/devices/system/cpu/vulnerabilities/* and compare.
Test date: April 6, 2026
Alfred Linux test: RC8 ISO booted in QEMU/KVM on EU build server (8 cores, 32 GB RAM, AMD EPYC). Kernel + initrd extracted from ISO, booted with console=ttyS0,115200. Full 1,363-line boot log captured.
Ubuntu test: Production server running Ubuntu 22.04 LTS, kernel 5.15.0-173-generic (updated March 6, 2026). Vulnerability data read from /sys/devices/system/cpu/vulnerabilities/*.
Important caveat: "Not affected" entries in the Ubuntu column reflect that specific CPU model, not the kernel version. A different CPU would show different results. The comparison is between what each kernel does when a vulnerability applies, not absolute security ratings.
Last updated: April 6, 2026