Skip to content

zungur/GyrOS

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
config
config
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
INTERNALS.md
INTERNALS.md
 
 
README.md
README.md
 
 
build.sh
build.sh
 
 
qemu-screenshot.png
qemu-screenshot.png
 
 

Repository files navigation

GyrOS

Secure, RAM-only Ubuntu live image with automatic memory erasure.

Boot from USB, work entirely in RAM, and walk away knowing memory is wiped on shutdown. No persistence, no swap, no disk writes.

Download: Latest Release

GyrOS Desktop

Key Features

  • RAM-only operation: the entire system loads into RAM at boot. Remove the USB and keep working.
  • Automatic memory wipe: the kernel's init_on_free=1 zeroes memory as it's freed during shutdown. Same proven approach as Tails OS.
  • UEFI Secure Boot: boots with Microsoft-signed shim and Canonical-signed GRUB. No BIOS changes needed.
  • Hardened kernel: boot parameters, sysctl tuning, and module blacklists lock down the attack surface.
  • CPU vulnerability mitigations: Meltdown, Spectre, MDS, and L1TF mitigations enabled by default.
  • AppArmor enforced: mandatory access control from first boot.
  • Suspend/hibernate blocked: three independent layers prevent memory state from leaking to disk.
  • 28 unnecessary services masked: minimal attack surface out of the box.
  • LXQt desktop: lightweight, fast, and functional. LibreWolf browser included.

Quick Start

# Build the ISO (requires root on an Ubuntu host)
sudo ./build.sh

# Write to USB
sudo dd if=build/gyros-*.iso of=/dev/sdX bs=4M status=progress oflag=sync && sync

Build Modes

sudo ./build.sh           # Default: incremental build, zstd compression
sudo ./build.sh --fast    # Debug: cached chroot, lz4 compression
sudo ./build.sh --release # Release: full rebuild, xz max compression

Customization

RELEASE=noble sudo ./build.sh                          # Target a specific Ubuntu release
MIRROR=http://mirror.example.com/ubuntu sudo ./build.sh # Use a different mirror
IMAGE_NAME=myos sudo ./build.sh                        # Custom image name

Edit config/package-lists/*.list.chroot to add or remove packages.

Verify the Live Image

From inside the running GyrOS:

~/verify-gyros.sh

Documentation

See INTERNALS.md for the full technical reference: build pipeline, boot architecture, security layers, QEMU testing, file structure, and design rationale.

Prerequisites

  • Ubuntu host (same version or newer than target release)
  • Root access (debootstrap/chroot/mount require it)
  • Healthy APT trust (sudo apt update should succeed)
  • Build dependencies are installed automatically

About

Secure, RAM-only Ubuntu live image with automatic memory erasure

Topics

linux security ubuntu iso operating-system linux-distribution secure-boot live-usb live-build image-builder ram-only

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 Latest
Feb 19, 2026

Packages

 
 
 

Contributors

Languages