Superbacked logo
Become an operatorGuides

When the stakes are high, every detail matters

Superbacked OS is a hardened Ubuntu Desktop distribution that runs offline and persists nothing to disk.

Your computer remembers everything

Even after you close app, traces of your secrets can persist on disk — in CUPS print spool files and swap files.

Compromised machines

Malware, keyloggers and clipboard monitors can capture secrets before encryption. If your everyday computer is compromised, your secrets are exposed.

Network exfiltration

Internet-connected computers can silently transmit data to an attacker. Air-gapping eliminates this vector entirely.

Printing writes to disk

CUPS (the printing system on macOS and Linux) writes a complete copy of printed documents to disk. Even after the print job finishes, the data can be recovered with forensic tools.

Wireless exposure

Wi-Fi and Bluetooth create attack surfaces even when not in use. Disabling radios in software is not enough.

An operating system built for secrets

Superbacked OS eliminates every vector — no network, no persistence, no wireless and verifiable proof that nothing was written to disk.

No network access

Firewall drops all traffic except localhost. No DNS, no HTTP, no outbound connections of any kind. Your secrets cannot leave device.

Read-only filesystem

Boot and root filesystems are mounted read-only. All writes — including CUPS print spool files — go to a temporary in-memory layer that is lost on shutdown.

Locked down by default

Bluetooth and Wi-Fi are disabled at device tree level on Raspberry Pi — not just in software. USB automount is disabled on all platforms. User account is removed from sudo group after setup.

Verifiable integrity

Disk partitions always yield same SHA256 checksum. Verify before and after use — if checksums match, nothing was written to disk.

See verification guide →

Runs on hardware you already have

Intel or AMD

Compatible with any 64-bit desktop or laptop. Boot from USB drive or flash image to internal drive.

Raspberry Pi

Compatible with Raspberry Pi 4 or 5 with 4GB RAM or more. Flash image to SD card or USB drive.

Printing

Works out of box with printers such as the Brother HL-L2460DW — no driver installation required.

More than meets the eye

trezorctl

Command-line tool for managing Trezor hardware wallets. Initialize, recover and manage wallets on air-gapped hardware. Smart card readers are supported via pcscd.

See trezorctl on GitHub →

yubikey-manager

Official YubiKey management tool for configuring FIDO2, OTP and PIV applications on YubiKey hardware security devices.

See yubikey-manager on GitHub →

yubikey-prov

Utility for managing PGP secret keys and YubiKeys on air-gapped hardware. Generate master keys, provision subkeys to YubiKey — all on dedicated hardware.

See yubikey-prov on GitHub →

For high-stakes secrets, use Superbacked OS — a hardened operating system that runs offline and persists nothing to disk.

Download Superbacked

Copyright (c) Superbacked, Inc.

Get in touch