Install
Table of Contents
Pre-install
Note
The cross-platform Fedora Media Writer is the official, tested, and supported method for the creation of bootable media. Instructions are available in the Fedora documentation. Do not use Ventoy.
Before installation, the following checks are recommended:
- Ensure SecureBoot is enabled.
- Ensure your BIOS is up-to-date by checking its manufacturer’s website.
- Disable booting from USB (some manufacturers allow firmware changes from live systems).
- Set a BIOS password to prevent tampering.
Terms of Use
secureblue includes a combination of software packages, each under its own licensing terms. The license of secureblue is the Apache License 2.0. The license of secureblue does not supersede the licenses of upstream code and content contained in secureblue images. By downloading secureblue you agree to the license terms of its use.
Copyright 2024-2025 The Secureblue Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this software except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Installation
To install secureblue, you will use one of the following processes. Consult the table below for the right starting point for your use case. For more details on the available images, have a look at the list of available images before proceeding.
| Image Type | Installation Process | Recommended Use Cases |
|---|---|---|
| Desktop | Direct installation with a secureblue ISO | Desktop/laptop end user |
| Server | Installation using Ignition via Butane. | Cloud, containerized workloads |
Things to remember during installation:
- Select the option to encrypt the drive you’re installing to.
- Use a strong password when prompted.
- Select wheel group membership for your user when prompted.
Secureblue ISO (Desktop)
Note
nvidia-open images are recommended for systems with NVIDIA GPUs Turing or newer (GTX 16XX+, RTX 20XX+). Consult this page if you're not sure what family your GPU belongs to. These include the new open kernel modules from NVIDIA, not Nouveau. nvidia images are recommended for systems with NVIDIA GPUs Pascal or older. These include the closed kernel modules from NVIDIA.
ISO Verification
Verify the secureblue installation media before proceeding: Verification
Ignition (Server)
Follow the Fedora CoreOS docs, Ignition docs, and Butane docs to configure initialization for your CoreOS instance(s).
You can use our example.butane as a starting point.
Post-install
Finish setting up your secureblue installation: Post-install steps