Lennart Poettering, Christian Brauner founded a new company

Posted by hornedhob 1/27/2026

Lennart Poettering, Christian Brauner founded a new company(amutable.com)

375 points | 736 commentspage 2

Fischgericht 1/27/2026|

Ah, good old remote attestation. Always works out brilliantly.

I have this fond memory of that Notary in Germany who did a remote attestation of me being with him in the same room, voting on a shareholder resolution.

While I was currently traveling on the other side of the planet.

This great concept that totally will not blow up the planet has been proudly brought to you by Ze Germans.

No matter what your intentions are: It WILL be abused and it WILL blow up. Stop this and do something useful.

[While systemd had been a nightmare for years, these days its actually pretty good, especially if you disable the "oh, and it can ALSO create perfect eggs benedict and make you a virgin again while booting up the system!" part of it. So, no bad feelings here. Also, I am German. Also: Insert list of history books here.]

PunchyHamster 1/28/2026|

no no, let him get distracted by it, the one thing that happened after he got bored with pulseaudio is that pulseaudio started being better.

shit_game 1/27/2026||

What is the endgame here? Obviously "heightened security" in some kind of sense, but to what end and what mechanisms? What is the scope of the work? Is this work meant to secure forges and upstream development processes via more rigid identity verification, or package manager and userspace-level runtime restrictions like code signing? Will there be a push to integrate this work into distributions, organizations, or the kernel itself? Is hardware within the scope of this work, and to what degree?

The website itself is rather vague in its stated goals and mechanisms.

storystarling 1/27/2026||

I suspect the endgame is confidential computing for distributed systems. If you are running high value workloads like LLMs in untrusted environments you need to verify integrity. Right now guaranteeing that the compute context hasn't been tampered with is still very hard to orchestrate.

yencabulator 1/27/2026|||

That endgame has so far been quite unreachable. TEE.fail is the latest in a long sequence of "whoever touches the hardware can still attack you".

https://news.ycombinator.com/item?id=45743756

https://arstechnica.com/security/2025/09/intel-and-amd-trust...

LooseMarmoset 1/28/2026|||

No, the endgame is that a small handful of entities or a consortium will effectively "own" Linux because they'll be the only "trusted" systems. Welcome to locked-down "Linux".

You'll be free to run your own Linux, but don't expect it to work outside of niche uses.

mariusor 1/28/2026||

Personally for me this is interesting because there needs to be a way where a hardware token providing an identity should interact with a device and software combination which would ensure no tampering between the user who owns the identity and the end result of computing is.

A concrete example of that is electronic ballots, which is a topic I often bump heads with the rest of HN about, where a hardware identity token (an electronic ID provided by the state) can be used to participate in official ballots, while both the citizen and the state can have some assurance that there was nothing interceding between them in a malicious way.

Does that make sense?

c0l0 1/28/2026||

No.

mariusor 1/28/2026||

Why not? Being terse does not make one right...

mzajc 1/30/2026|||

Off the top of my head, because

- You're just moving your trust elsewhere, this time to a private corporation (whoever makes the CPU / TPM / other "trusted" component).

- This doesn't guarantee voter anonymity the way paper ballots do. Considering the analog hole and the complexity of computers, I can think of a billion ways a motivated and resourceful Mallory could to connect someone to their ballot.

mariusor 1/30/2026||

> This doesn't guarantee voter anonymity the way paper ballots do.

You're saying that with a lot of assurance, but in my opinion that's still to be debated. We can build something that will keep at least a degree of separation between the identity that points to a specific individual and the identity that casts the ballot.

fragmede 1/28/2026|||

https://xkcd.com/2030/

mariusor 1/28/2026||

Right... we should not even try because memes...

meshugga 7 days ago||

those who don't understand the memes are doomed to be them

mariusor 6 days ago||

I'd prefer to be the butt of someone's memes rather than not try at all.

tliltocatl 1/28/2026||

Entities other than me being able to control what runs on the device I physically posses is absolutely not acceptable in any way. Screw your clients, screw you shareholders and screw you.

heliumtera 1/28/2026|

Assuming you're using systemd, you already gave up control over your system. The road to hell was already paved. Now, you would have to go out of your way to retain control.

In the great scheme of things, this period where systemd was intentionally designed and developed and funded to hurt your autonomy but seemed temporarily innocuous will be a rounding error.

tliltocatl 1/28/2026||

Nah man, yo are FUDing. systemd might have some poor design choices and arrogant maintainers, but at least I can drop it at any time and my bank wouldn't freak out about it. This one… It's a whole another level.

heliumtera 1/28/2026||

I don't think Mr Pottering was brought by accident, maybe his decade of contribution making sure systemd services can be manipulated by a supervisor (in the case of wsl and ms) is a valuable asset. Systemd don't even need to change much to become the devil itself, it just have to upstream merge changes already consolidated in the past 5 years or so... But logically it's safe because for this to become a problem systemd would have to be adopted by the majority of distributions and its maintainers would have to concede to the pressure of big corps and such...oh, wait

direwolf20 1/27/2026||

Do you plan to sell this technology to laptop makers so their laptops will only run the OS they came with?

hedora 1/27/2026||

Or, worse, run any unsupported linux as long as it contains systemd, so no *bsd, etc, and also no manufacturer support?

charcircuit 1/28/2026|||

Laptops already ship secure boot.

trelane 1/28/2026|||

Not all. The ones that ship Linux preinstalled and with support don't.

charcircuit 1/28/2026||

I hope you are mistaken. It's embarrassing how far behind in security the desktop Linux ecosystem is.

jcgl 1/28/2026|||

Agreed in general. But regarding secure boot, it's not like shim actually helps with real security either afaiu, right?

NekkoDroid 1/28/2026||

AFAIU (I haven't looked much into it) shim basically exists so that MS signs the shim once (or only a few times when updated), which has the distro public key embedded, which does further verification of the chain (bootloader/kernel) which gets updated more frequently.

jcgl 1/28/2026||

That's basically my understanding too. But since you can still boot any shim-supported distro, Secure Boot + shim practically gains you nothing. An adversary can simply boot their own own copy of shim with whatever OS they like.

NekkoDroid 1/28/2026||

> An adversary can simply boot their own own copy of shim with whatever OS they like.

They'd need to get MS to sign it first, but otherwise yea. That's why I remove the MS keys on my non-windows systems.

jcgl 1/28/2026||

I don't know all the ins and outs, but because of the Machine Owner Key (MOK) mechanism in shim, it should be possible to boot arbitrary OSes without MS signing anything.

Your step of removing the MS keys works of course :) Although I've heard that can be risky on various systems that need to load MS-signed EEPROMS. Also I think that firmware updates can be problematic?

NekkoDroid 1/28/2026||

> Although I've heard that can be risky on various systems that need to load MS-signed EEPROMS

Yea, I bricked a Gigabyte board and still haven't been able to fix it. I just replaced it with an Asrock board and that has settings for what to do with option-rom when secureboot is enabled (always execute, always deny, allow execute, defer execute, deny execute and query user) and I have no clue what half of them specifically do (like, does "allow execute" only execute if a matching key exists and doesn't execute if it doesn't? and what is the difference between "always deny" and "deny execute"? and defer to when??). But I just set it to always execute and my problem is solved.

egorfine 1/28/2026||||

I believe you are confusing security with freedom and "behind" with "advanced".

trelane 1/28/2026|||

They have a TPM that you can enable and add your own keys if you want to.

egorfine 1/28/2026||

For now.

noisy_boy 1/28/2026|||

I can turn that crap off. For now.

charcircuit 1/28/2026||

Do you really think Laptop makers would buy a whole company to figure out how to remove that option?

quotemstr 1/28/2026||

If they wanted to do that, they already would have. Do you think laptop makers need this technology to limit user freedom this way?

Spivak 1/27/2026||

I think https://0pointer.net/blog/authenticated-boot-and-disk-encryp... is a much better explanation of the motivation behind this straight from the horse's mouth. It does a really good job of motivating the need for this in a way that explains why you as the end user would desire such features.

egorfine 1/28/2026|

The motivation is nice. The idea has merit.

It's the people behind this project who scare me.

egorfine 1/28/2026||

To me this looks bad on so many levels. I hate it immediately.

One good news is that maybe LP will get less involved in systemd.

awithrow 1/28/2026|

If you're going to flame it you might as well point out something concrete you don't like about it.

LooseMarmoset 1/28/2026||

"The OS configuration and state (i.e. /etc/ and /var/) must be encrypted, and authenticated before they are used. The encryption key should be bound to the TPM device; i.e system data should be locked to a security concept belonging to the system, not the user."

See Android; or, where you no longer own your device, and if the company decides, you no longer own your data or access to it.

ahepp 1/28/2026|||

https://0pointer.net/blog/authenticated-boot-and-disk-encryp...

Yes, system data should be locked to the system with a TPM. That way your system can refuse to boot if it's been modified to steal your user secrets.

blueflow 1/28/2026|||

... and it will also refuse to boot if it has been modified by the user.

Preventing this was the reason we had free software in the first place.

ahepp 1/28/2026||

Increasing security for the system owner will necessarily decrease the ability of others to modify the system in ways the owner doesn't like.

blueflow 1/28/2026||

With "owner" not being the legal owner, but Microsoft.

microthief 1/28/2026|||

And if Linux$oft suddenly decides every user's system needs a backdoor or that every system mus automatically phone home with your entire browsing data, then, well, too bad, so sad of course!

Jesus.

ahepp 1/28/2026|||

Unless you're one of the 0.00000000001% of humans using a farm-to-table laptop with coreboot, what's stopping that from happening today?

0dayz 1/28/2026|||

How exactly would this happen.

mariusor 1/28/2026|||

I mentioned it somewhere else in the thread, and btw, I'm not affiliated with the company, this is just my charitable interpretation of their intentions: this is not for requiring _every_ consumer linux device to have attestation, but for specific devices that are needed for niche purposes to have a method to use an open OS stack while being capable of attestation.

VortexLain 1/28/2026||

I really hope this would be geared towards clients being able to verify the server state or just general server related usecases, instead of trying to replicate SafetyNet-style corporate dystopia on the desktop.

s_dev 1/27/2026||

>Amutable is based out of Berlin, Germany.

Probably obvious from the surnames but this is the first time I've seen a EU company pop up on Hacker News that could be mistaken for a Californian company. Nice to see that ambition.

I understand systemd is controversial, that can be debated endlessly but the executive team and engineering team look very competitive. Will be interesting to see where this goes.

NewJazz 1/27/2026||

Hello Chris,

I am glad to see these efforts are now under an independent firm rather than being directed by Microsoft.

What is the ownership structure like? Where/who have you received funding from, and what is the plan for ongoing monetization of your work?

Would you ever sell the company to Microsoft, Google, or Amazon?

Thanks.

direwolf20 1/27/2026||

> Would you ever sell the company to Microsoft, Google, or Amazon?

No matter what the founders say, the answer to this question is always yes.

Phelinofist 1/28/2026||

> Where/who have you received funding from

I don't think you will ever get a response to that

NewJazz 1/28/2026||

It's pretty normal to say who leads your investing rounds is it not?

I'm not asking for a client list, to be clear.

Phelinofist 1/28/2026||

I agree with you - but considering what they want to implement and what it can be used for there are probably investors that might not want to be outed (this early). Kinda paranoid I admit, but history has shown that stuff like this WILL be misused.

weinzierl 1/27/2026|

Lennart will be involved with at least three events at FOSDEM on the coming weekend. The talks seem unrelated at first glance but maybe there will be an opportunity to learn more about his new endeavor.

https://fosdem.org/2026/schedule/speaker/lennart_poettering/

captn3m0 1/27/2026||

Also see http://amutable.com/events which lists a talk at Open Confidential Computing Conference (Berlin, March)

noisy_boy 1/28/2026||

I don't even know why these kind of user-hostile people are given a platform. This kind of shit is against freedom and user control.

More comments...