Here’s how to start Microsoft’s own Linux distribution: CBL-Mariner

It’s been a few years since Microsoft unveiled the second version of its Windows Subsystem for Linux (AKA WSL 2), and the runtime is now mature enough to run Linux applications with graphical interfaces. The next stop on the journey is none other than the Windows Subsystem for Android, which will let you run Android apps on Windows 11. Microsoft’s love for Linux doesn’t end there, as the company also has maintained a full-fledged Linux. distribution for a while. Known as CBL-Mariner (where CBL stands for VSommon Base THEinux), the distro was created by Microsoft’s Linux System group – the same team that created the Linux kernel used for WSL 2.

“CBL-Mariner is an internal Linux distribution for Microsoft’s cloud infrastructure and edge products and services. CBL-Mariner is designed to provide a consistent platform for these devices and services and will improve Microsoft’s ability to stay current on Linux updates.

-Microsoft

Notably, CBL-Mariner is not a traditional user-centric Linux distribution with a sophisticated graphical interface. Rather, it only has the basic packages needed to support and run the containers. The package management system is based on RPM, which uses both dnf and tdnf (Small DNF). The distribution also supports an image-based update mechanism for atomic maintenance and rollback using RPM-OSTree. When it comes to security, CBL-Mariner comes with a hardened kernel, signed updates, ASLR, compiler-based hardening, and tamper-proof logs, among many other features.

How to start CBL-Mariner using the official ISO

Although Microsoft released the operating system in 2020, the company initially did not offer precompiled ISOs. The source code is available on GitHub and users must create the ISO themselves. This situation has changed recently, as Microsoft now hosts the official ISO versions of CBL-Mariner on its server.

While power users can still create a bootable VHDX (or VHD) image from precompiled RPMs in the CBL-Mariner package repository, one can also grab the installation disk image in ISO format and easily install the system. operating on a virtualization platform or a real PC.

Step 1 – Obtain the ISO

ISO CBL-Mariner is UEFI compliant and can be started on any modern x86-64 PC. The latest version of the ISO can be downloaded from the link below:

Download CBL-Mariner ISO

If you want to create the ISO yourself, follow these steps:

1. Clone the CBL-Mariner GitHub repository using git:

   git clone https://github.com/microsoft/CBL-Mariner.git

2. Switch to the Toolbox folder:

   cd toolkit

3. Run the ISO build command:

   sudo make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json

4. The resulting ISO can be found in ../out/images/full.

Step 2 – Prepare the target platform

As mentioned earlier, CBL-Mariner is not meant to be a daily driver operating system for your PC. It would be better to install it on a hypervisor platform. On Windows, you can use Microsoft’s own Hyper-V. Oracle VM VirtualBox is another cross-platform solution that can be used on Windows, Linux, as well as macOS. Depending on the host operating system, you can also choose an appropriate VMware or Parallels virtualization product.

In this tutorial, we will be using Hyper-V for convenience.

1. Since Hyper-V is built into Windows as an optional feature, we need to enable it first. The Home SKU and Home Single Language SKUs do not officially support Hyper-V, but it is possible to enable the feature on these editions using this tutorial.
2. Open the Hyper-V Manager application and select Action-> New-> Virtual machine. Give your VM a name and press Next>.
   
3. To select Generation 1 (VHD) or Generation 2 (VHDX), then press Next>.
4. Change the memory size if you want, then press Next>.
5. Select a virtual switch, and then press Next>.
6. To select Create a virtual hard disk, choose a location for your VHD (X) and set the desired disk size. Then press Next>.
   
7. To select Install an operating system from a bootable image file and access your CBL-Mariner ISO.
8. hurry To finish.

If you created a Generation 2 VM, you need to configure a few additional settings:

1. Right click on your virtual machine from Hyper-V Manager.
2. Select the Settings… option.
3. To select Security and under Model: select Microsoft UEFI Certification Authority.
   
4. To select Firmware and adjust the boot order so that DVD is first and HDD is second.
   
5. To select To apply to apply all changes.

Step 3 – Install the operating system

Now that we have prepared the platform, we are ready to install CBL-Mariner on the virtual machine.

1. Right click on your VM and select it Connect… option to start booting.
2. To select Start.
3. The installation application will give the possibility to proceed in text or graphic mode. In this tutorial, we will choose the latter.
   
4. There are two types of installations: Core and Full.
   
5. After choosing the flavor you want, it will ask you for typical settings like username, partitioning, etc.
   
6. When the installation is complete, select restart to restart the machine. The installation ISO will be automatically ejected.

Step 4 – Starting the operating system

As soon as the installation phase ends, the VM restarts and then starts booting the newly installed operating system from the virtual hard disk. When prompted, log into your CBL-Mariner instance using the username and password provided through the installer application.

That’s it! You can now add additional packages like an SSH server and customize the VM instance as needed. To learn more about its security features, see CBL-Mariner’s GitHub Security Features List.