GUIDE · PREVIEW
EDIT ON GITHUB →
GUIDE / HME.00
source: docs/guide/Home.md
Home
Flagship reading
CHAPTERS / 03 Trust and Identity
Hardware-rooted auth and K-of-N multisig
The chapter where compliance reviewers stop and take notes.
Open →
CHAPTERS / 07 Overlay Networking
WireGuard mesh with gossip-coordinated peers
Why no Tailscale coordinator, no etcd, no external trust anchor.
Open →
CHAPTERS / 08 Cluster Formation
Gossip + CRDTs instead of consensus quorum
The split-tolerance claim, walked through step by step.
Open →
CONCEPTS / Deployment Profiles
Profile settings for homelab / family / business / gov / intel
How one OS composes into six radically different postures.
Open →

FortrOS Guide

This guide walks through how a self-organizing operating system works, from the moment you press the power button to a running cluster that sustains itself through upgrades, failures, and configuration changes.

Each chapter covers one stage of the process: what problem it solves, how existing projects handle it, what tradeoffs exist, and what FortrOS chose. Hardware and concept pages provide deep dives on specific topics referenced by the chapters.

How to Read This Guide

Follow the chapters in order. Each chapter builds on the previous one. The boot process is sequential -- firmware runs before the OS, the OS runs before networking, networking runs before clustering. The guide mirrors this.

Dip into reference pages as needed. When a chapter mentions TPM or kexec, follow the link if you want depth. Come back to the chapter when you're ready.

This is not FortrOS-specific. The concepts and tradeoffs apply to any OS project. FortrOS's choices are one path through the decision tree. If you disagree with a choice, that's a fork point -- change the prescriptive doc, implement your alternative, and update the descriptive doc.

Chapters

  1. 01 Power and Firmware -- What happens when you press the power button
  2. 02 Finding the OS -- How firmware finds and loads an operating system
  3. 03 Trust and Identity -- How a machine proves it belongs to a cluster
  4. 04 Disk Encryption -- Encryption as authorization, not just confidentiality
  5. 05 Loading the Real OS -- Replacing the boot kernel with the real one
  6. 06 Init and Services -- Starting and supervising system services
  7. 07 Overlay Networking -- Building a virtual network on top of the physical one
  8. 08 Cluster Formation -- Discovering peers and agreeing on shared state
  9. 09 Running Workloads -- Containers, VMs, and declarative management
  10. 10 Sustaining the Org -- Rolling upgrades, config changes, self-healing

Reference Pages

Hardware: TPM | UEFI | Intel ME | AMD PSP | KVM | YubiKey | Smart Cards and CAC | Hardware Watchdogs | BIOS Settings

Core Concepts: kexec | LUKS | WireGuard | CRDTs | Gossip Protocols | Init Systems Compared | Namespaces and Cgroups | Merkle Trees | UKI | Erasure Coding | dm-crypt | TLS and Certificates | Key Derivation | Secure Boot | PXE

Architecture: Content-Addressed Storage | Service Architecture | Org Bootstrap | Client Profiles and Roaming | App Streaming | Topology Map | Kiosk Devices

Operations: Out-of-Band Management | Serial Console | Monitoring and Self-Observation | Managed Infrastructure | Tor and Anonymity Networks | Device Obfuscation