You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
pull an older image (40.20240527.0 or older) - sudo ostree pull --commit-metadata-only --depth 20 fedora fedora/40/x86_64/kinoite (or depth > 20 if that does not find 40.20240527.0. Reboot and watch for grub menu, choose that image.
apply the scratch build, using VT2 or SSH instead of logging in with SDDM.
Download the scratch build from the bug, then rpm-ostree override replace ./xorg....rpm
Once the fix https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd81b79a0b was moved to testing repo, I rebased with rpm-ostree reset ; rpm-ostree rebase fedora/40/x86_64/testing/kinoite to get the fix (along with others). It worked, commented and gave karma on build
Installation was pretty much flawless, including with secure boot. I followed the usual encryption flow
during the install, then used cryptsetup to auto unlock it with TPM2.
Auto unlock with TPM2
This isn't totally secure against an attacker with Linux knowledge that could replace some files not measured by the TPM
in a malicious way to run untrusted code after I have logged in... but it's enough to prevent someone from easily copying
data off if I lose the device.
After updating certain packages (example - the uefi dbx), the TPM measurement will fail, and fall back to requiring a password unlock.
Running the same systemd-cryptenroll command will redo the measurement and restore auto unlock.
Encrypting a SD card
I'm planning to leave a SD card in for additional storage. The same process almost worked, but didn't seem to update /etc/cryptsetup.
Here are the full steps that worked. The GPT, partition table, and btrfs volume were initially created with KDE Partition Manager. Nothing out of the ordinary.
To enable unlocking - first ran systemd-cryptenroll –tpm2-device=auto –tpm2-pcrs=7 /dev/mmcblk0p1
That didn't update /etc/crypttab as needed, so I fixed it. This line needed to be added, using the partition (not btrfs volume) UUID:
My hope is to log in with full password, then use a shorter password or PIN to unlock after a brief resume. Some people point to a PAM
module that can accept encrypted passwords from a fixed file instead of the typical shadow db.
To make this work, I think I'd have to add a rule to /etc/pam.d/kde or create and modify a new one for kscreenlocker. Since the initial logins use /etc/pam.d/sshd and sddm I think this would reach the goal of not allowing PIN login from a cold boot.
Investigating frequency states & governor 2024-07-23
When running Bitwig studio, playback glitches happen occasionally. When watching the CPU frequency - it seems like there are occasional drops in frequency which correspond with the glitches.
I was not running all cores to 100%, so I suspect that the CPU scheduler was boosting a bit too much then throttling. My hope is that capping the boost frequency could help since Bitwig uses all cores roughly evenly.
Setting cpu: 0
Error setting new values. Common errors:
- Do you have proper administration rights? (super-user?)
- Is the governor you requested available and modprobed?
- Trying to set an invalid policy?
- Trying to set a specific frequency, but userspace governor is not available,
for example because of hardware which cannot be set to a specific frequency
or because the userspace governor isn't loaded?
⬢[patrick@toolbox ~]$ sudo cpupower frequency-set --max 1.1Ghz -g powersave
Setting cpu: 0
Error setting new values. Common errors:
- Do you have proper administration rights? (super-user?)
- Is the governor you requested available and modprobed?
- Trying to set an invalid policy?
- Trying to set a specific frequency, but userspace governor is not available,
for example because of hardware which cannot be set to a specific frequency
or because the userspace governor isn't loaded?
⬢[patrick@toolbox ~]$ sudo cpupower frequency-set --max 1.1Ghz
Setting cpu: 0
Error setting new values. Common errors:
- Do you have proper administration rights? (super-user?)
- Is the governor you requested available and modprobed?
- Trying to set an invalid policy?
- Trying to set a specific frequency, but userspace governor is not available,
for example because of hardware which cannot be set to a specific frequency
or because the userspace governor isn't loaded?
$ sudo cpupower frequency-info
analyzing CPU 3:
driver: intel_pstate
CPUs which run at the same hardware frequency: 3
CPUs which need to have their frequency coordinated by software: 3
maximum transition latency: Cannot determine or is not supported.
hardware limits: 400 MHz - 3.40 GHz
available cpufreq governors: performance powersave
current policy: frequency should be within 400 MHz and 3.40 GHz.
The governor "powersave" may decide which speed to use
within this range.
current CPU frequency: Unable to call hardware
current CPU frequency: 2.20 GHz (asserted by call to kernel)
boost state support:
Supported: yes
Active: yes
Documentation on this is sparse at best, but my best guess is that since this was installed in toolbox, there may still be an issue with permissions/policies on the host that may be corrected if kernel-tools is installed in the ostree instead.
Fixed - installed in root
After installing rpm-ostree install kernel-tools, things are working:
$ sudo cpupower frequency-info
[sudo] password for patrick:
analyzing CPU 0:
driver: intel_pstate
CPUs which run at the same hardware frequency: 0
CPUs which need to have their frequency coordinated by software: 0
maximum transition latency: Cannot determine or is not supported.
hardware limits: 400 MHz - 3.40 GHz
available cpufreq governors: performance powersave
current policy: frequency should be within 400 MHz and 3.40 GHz.
The governor "powersave" may decide which speed to use
within this range.
current CPU frequency: Unable to call hardware
current CPU frequency: 600 MHz (asserted by call to kernel)
boost state support:
Supported: yes
Active: yes
patrick@ViviennpleWatch:/var/home/patrick$ sudo cpupower frequency-set --max 1.6Ghz
Setting cpu: 0
Setting cpu: 1
Setting cpu: 2
Setting cpu: 3
patrick@ViviennpleWatch:/var/home/patrick$ sudo cpupower frequency-info
analyzing CPU 3:
driver: intel_pstate
CPUs which run at the same hardware frequency: 3
CPUs which need to have their frequency coordinated by software: 3
maximum transition latency: Cannot determine or is not supported.
hardware limits: 400 MHz - 3.40 GHz
available cpufreq governors: performance powersave
current policy: frequency should be within 400 MHz and 1.60 GHz.
The governor "powersave" may decide which speed to use
within this range.
current CPU frequency: Unable to call hardware
current CPU frequency: 700 MHz (asserted by call to kernel)
boost state support:
Supported: yes
Active: yes
Which has some higher-level power profiles available. Is it possible to create a custom one that includes CPU governor settings, or is this limited to what the (ACPI) platform has defined?
As a first step - maybe this would be a good addition to plasma-mobile's quicksettings. Some other KDE settings are already using powerdevil so this is probably achievable with a tiny bit of QML code.
