From e8b2a30756471d6fac44527a46b7c3fe9a76bf4d Mon Sep 17 00:00:00 2001
From: Aminda Suomalainen <suomalainen@aminda.eu>
Date: Sun, 4 May 2025 21:16:22 +0300
Subject: [PATCH] n/essentialsoftware.md: note osnoise being blocked by
 lockdown

---
 n/essentialsoftware.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/n/essentialsoftware.md b/n/essentialsoftware.md
index 7aab0da..9162526 100644
--- a/n/essentialsoftware.md
+++ b/n/essentialsoftware.md
@@ -162,10 +162,11 @@ bit...
 ```bash
 # Layer packages I need on top of the base image.
 sudo rpm-ostree install android-tools btop clang darkman duperemove gamescope git-lfs gnome-console htop inxi mosh mpv neovim pipx pre-commit sshguard steam-devices symlinks syncthing terminus-fonts-console tmux tor unbound zsh
-# Disable bootscreen, ensure CPU vulnerability mitigation, enable lockdown
-# mode. REMEMBER! lockdown is incompatible with unsigned additional
-# kernel modules
-sudo rpm-ostree kargs --delete=rhgb --delete=quiet --append=mitigations=auto,nosmt --append=lockdown=confidentiality
+# Disable bootscreen, ensure CPU vulnerability mitigation.
+sudo rpm-ostree kargs --delete=rhgb --delete=quiet --append=mitigations=auto,nosmt
+# I would additionally use lockdown=confidentiality (or lockdown=integrity if
+# less privacy and security was required, but that prevents shipped osnoise
+# module from working.
 ```
 
 Consider also adding