• 110 Posts
  • 108 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle






  • For Secure Boot, the kernel is “signed” with a key. During boot up, Secure Boot checks to make sure that key is valid. Most kernels are signed with Microsoft’s key that is preloaded on basically every system. However, not all kernels can be signed with Microsoft’s key; if you install a proprietary driver (which you likely selected to during the setup), to continue using secure boot you need to sign the kernel using your own key.

    That’s what MOK management is for. You are adding your own key to your system to use for Secure Boot.

    Personally, I just disable Secure Boot. While it does have some security benefits, it’s not worth the headache IMO.































  • I have a bash script I use to script my Silverblue install. Something like this should work.

    # space-separated list of packages to install
    S_RPM_PACKAGES_TO_INSTALL="pkg1 pkg2 pkg3"
    
    # function to install the packages
    dnf_install () {
    	sudo dnf install -y $1
    }
    
    # call to function, passing the list
    dnf_install "$S_RPM_PACKAGES_TO_INSTALL"
    

    I have it set up this way so that I just have a bunch of bash variables describing the stuff I want to install all at the top of the file, but the function definitions and calls lower down since I don’t need to see them.

    It also does other things like removes packages from the system, removes some preinstalled flatpaks, installs flatpaks from Fedora Flatpaks / Flathub / gnome-nightly, and sets up gnome through a list gsettings commands.

    As I use my system, I add new apps to the list I want next time I install and remove apps I don’t use.