Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

InterGenOS in One Page

The fast path. Read the 30-second version to know what InterGenOS is; read the 5-minute version to know whether it is for you. Everything else on this site is detail underneath these two.

The 30-second version

InterGenOS is a built-from-source Linux distribution with one organizing principle: security is not first — it is only. Every default is hardened, the entire boot chain is signed and checkable by you, and it ships a local AI assistant that never sends your data anywhere unless you explicitly opt in. The goal is a machine you understand, can modify, and can trust — where you never have to take a security claim on faith, because you can verify it yourself.

The 5-minute version

What it is. A security-only desktop Linux, assembled from source (Linux From Scratch lineage), shipping GNOME 49 on Wayland. It is not a general-purpose distribution with security added on — security is the lens every decision passes through.

The four pillars:

  • Security as the only lens. Hardened kernel (integrity lockdown, enforced module signing), a default-deny firewall, mandatory access control, and a signed boot chain. Features that cannot be made safe are not shipped.
  • You control the machine. Built from source and fully transparent: nothing about how it works is hidden. The package manager records a hash of every file it installs, so you can re-verify the whole system at any time.
  • Verify, don’t trust. Every security claim is something you run a command and confirm — see Verify It Yourself. A claim you cannot check is just marketing.
  • AI that stays local. InterGen is an offline-first assistant with zero telemetry. It is useful out of the box; cloud providers are opt-in and explicit, never on by default.

What ships today, honestly. InterGenOS is at the v1.0-dev stage. The wiki is careful to separate enforced today from built and coming — for example, the boot chain is fully signed, Secure Boot has been validated end to end, and native Secure-Boot-from-the-installer arrives with an upcoming build. You will never find a reassuring headline here that the shipped configuration does not back up.

How to try it. The lowest-risk way to look is in a virtual machine — see Installing in a Virtual Machine. When you are ready for hardware, the FORGE installer walks you from the live environment to a verified install, and nothing is written to disk until you confirm.

Where to go from here: