- 117 labs across 13 categories — pre-bundled, unlock by progression
- Faction wars: Crimson Spire · Neon Collective · The Warden
- Cert paths: eJPT · OSCP · OSEP · GIAC · CEH
- ALFRED GameMode · sandboxed · optional AI-research unlock late-game
Three ISOs
Three images.
One fire.
One Rust-for-Linux kernel, one Rust userspace, one GRIMOIRE engine — split into distinct images by a build-time Curtain and a runtime capability ceiling. Pick the way in that fits you.
Choose your image ↓Choose your image
// same codebase — the Curtain. keeps each image in its lane; the free tiers can never escalate to the licensed one.
- Full ALFRED v6.0 · full AI cortex + dispatch
- Full ARCANUM mesh · the complete 245-crate stack
- Dedicated Research Division — Jupyter, local models, ML lab
- No operational offensive tooling — simply not included
- Everything in GoodLife, at organizational scale
- Multi-tenant ARCANUM federation + fleet management
- FedRAMP Moderate · CMMC L2 · SOC2 posture with evidence packs
- Priority support & SLAs · by customer agreement
A community edition forged with the Church of Malware. Verified members boot green-on-black into the CoM faction — a baked-in loadout, an XP head-start, and member-exclusive labs the public build never sees. This is the soft-launch door for public beta.
- 1Join the Church of Malware Discord via
churchofmalware.org - 2Get verified — your role is audited to confirm membership
- 3Run
/claimin Discord → receive a single-use claim code - 4Redeem with
synos-claim <code>and boot your token-gated beta
Every image is signed.
Reproducible from source across independent build oracles, cosign-signed, and logged to a public transparency record. Trust the fire, verify the ash.
# confirm the ISO is the one we built $ cosign verify-blob \ --certificate synos-grimoire-v111.iso.cert \ --signature synos-grimoire-v111.iso.sig \ synos-grimoire-v111.iso Verified OK — logged in Sigstore Rekor $ sha256sum -c synos-grimoire-v111.iso.sha256 synos-grimoire-v111.iso: OK
System requirements
Section titled “System requirements”| Component | Minimum | Recommended |
|---|---|---|
| CPU | x86_64 (Haswell+), 2 cores | 4+ cores, AVX2 |
| RAM | 4 GB | 8+ GB (16 GB for AI workloads) |
| Storage | 32 GB | 64 GB SSD |
| Firmware | UEFI w/ SecureBoot optional | UEFI + TPM 2.0 (for Curtain v4 attest) |
| GPU | Optional (Vulkan for Bevy) | Discrete GPU for local LLM inference |
| Network | Optional | Tailscale-capable (ARCANUM mesh) |
Verification (when ISOs publish)
Section titled “Verification (when ISOs publish)”All public ISOs are signed and reproducible:
- Cosign + Sigstore Rekor transparency log entries (v48 Forge)
- SLSA-3 provenance generated by
slsa-github-generatorinrelease-publish.yml - SOURCE_DATE_EPOCH propagation, deterministic squashfs, sorted tar/mksquashfs, pacman snapshot pin — bit-for-bit reproducible across oracle nodes
- SHA-256 checksums + CycloneDX SBOM published alongside each ISO
- GPG-signed release manifest
The cross-oracle verifier (synos-rebuild-verify.sh) lets you rebuild any release ISO on independent hardware and confirm the digest matches.
Stay updated
Section titled “Stay updated”Star the GitHub repository to be notified when public ISOs cut. Join the Discord for build-day announcements.