Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2025-05-31 11:57:26 +02:00
Code Issues Projects Releases Wiki Activity

n/essentialsoftware.md: note osnoise being blocked by lockdown

Browse Source
This commit is contained in:
Aminda Suomalainen 2025-05-04 21:16:22 +03:00
parent 385be456cc
commit e8b2a30756
Signed by: Mikaela
GPG Key ID: 99392F62BAE30723
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
n/essentialsoftware.md
View File

@ -162,10 +162,11 @@ bit...
```bash
# Layer packages I need on top of the base image.
sudo rpm-ostree install android-tools btop clang darkman duperemove gamescope git-lfs gnome-console htop inxi mosh mpv neovim pipx pre-commit sshguard steam-devices symlinks syncthing terminus-fonts-console tmux tor unbound zsh
# Disable bootscreen, ensure CPU vulnerability mitigation, enable lockdown
# mode. REMEMBER! lockdown is incompatible with unsigned additional
# kernel modules
sudo rpm-ostree kargs --delete=rhgb --delete=quiet --append=mitigations=auto,nosmt --append=lockdown=confidentiality
# Disable bootscreen, ensure CPU vulnerability mitigation.
sudo rpm-ostree kargs --delete=rhgb --delete=quiet --append=mitigations=auto,nosmt
# I would additionally use lockdown=confidentiality (or lockdown=integrity if
# less privacy and security was required, but that prevents shipped osnoise
# module from working.
```
Consider also adding