- Current distribution: Fedora 43 Silverblue
- Current hardware: AMD X570 + 5900X + RX580 Desktop, ThinkPad T16 Gen 1 (Intel)
~/.gitconfig~/.var/app/com.valvesoftware.Steam/.local/share/Steam/steamapps/common/~/Documents/~/Pictures/~/Projects//etc/NetworkManager/system-connections/
- Initialize a thumb drive using the Fedora Media Writer using an image from Fedora Silverblue.
- On ThinkPad, enable Microsoft's third-party Secure Boot CA in "BIOS."
- Boot to the Fedora Silverblue install media.
- Reclaim disk space. Disk encryption is good; either use Opal (weaker) or LUKS (stronger).
-
Reboot into the newly installed Fedora, enable additional repositories, and set up the first user.
-
Update Fedora using the GNOME Software Center (and reboot).
-
Add third-party repositories and install system-level tools and CLI utilities, then reboot:
sudo cp google-chrome.repo vscode.repo /etc/yum.repos.d/ rpm-ostree install ansible code dbus-tools gnome-boxes gnome-tweaks google-chrome-stable steam-devices -
Configure newly installed packages and desktop environment settings: cd ~/Projects/desktop-configuration/ ansible-playbook --check -vvv post_install.yml # Optional Very Verbose Dry Run ansible-playbook post_install.yml
-
Disable the GNOME Keyring password (redundant with LUKS on a single-user system): open Passwords and Keys (installed by the playbook), right-click the Login keyring, select Change Password, enter the current password, and leave the new password blank.
-
Configure git (if not restoring
~/.gitconfig):git config --global user.name "David Strauss" git config --global user.email name@example.com git config --global init.defaultBranch main git config --global color.ui auto -
Set battery charging thresholds (on laptop):
echo 10 | sudo tee /sys/class/power_supply/BAT0/charge_start_threshold echo 90 | sudo tee /sys/class/power_supply/BAT0/charge_stop_threshold #Configuring thresholds for the second battery doesn't seem to work yet. #echo 10 | sudo tee /sys/class/power_supply/BAT1/charge_start_threshold #echo 90 | sudo tee /sys/class/power_supply/BAT1/charge_stop_threshold -
To disable Steam scaling:
Steam->Settings->Interface->Scale text and icons to match monitor settings.
After installing with LUKS encryption, enroll the TPM2 chip so the disk can be unlocked with a PIN instead of a full passphrase. The existing passphrase is kept as a fallback.
-
Enroll TPM2 with PIN:
LUKS_DEVICE=$(sudo blkid --match-token TYPE=crypto_LUKS -o device) sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=7 --tpm2-with-pin=yes "$LUKS_DEVICE" -
Add
tpm2-device=autoto the options for the LUKS device in/etc/crypttaband regenerate the initramfs to include the crypttab change:sudo sed -i 's/discard$/discard,tpm2-device=auto/' /etc/crypttab rpm-ostree initramfs-etc --track=/etc/crypttab -
Reboot. The system should now prompt for the TPM2 PIN instead of the full passphrase.
BIOS updates, Secure Boot key changes, or shim updates will change PCR 7 values, causing TPM unlock to fail. The system will fall back to the full LUKS passphrase. To re-enroll:
LUKS_DEVICE=$(sudo blkid --match-token TYPE=crypto_LUKS -o device)
sudo systemd-cryptenroll --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=7 --tpm2-with-pin=yes "$LUKS_DEVICE"
The ThinkPad T16 Gen 1 has an Intel XMM7560 (Fibocom L860-GL) LTE modem using the iosm kernel driver.
-
Verify the modem is detected by ModemManager:
mmcli -L -
If the modem is listed but not connected, check its status:
mmcli -m $(mmcli -L | grep -oP '/Modem/\K\d+') -
Configure the mobile broadband connection in GNOME Settings under Network. The
mobile-broadband-provider-infopackage allows GNOME to auto-detect the carrier APN from the SIM card.
sudo nmcli connection import type wireguard file "$filename"
-
Intel laptop CPUs sometimes need "panel self refresh" or c-states altered to fix glitches:
rpm-ostree kargs --append=i915.enable_psr=0 rpm-ostree kargs --append=intel_idle.max_cstate=2 -
Missing Flatpak icons (untested fix):
sudo gtk-update-icon-cache -f /var/lib/flatpak/exports/share/icons/hicolor/ sudo gtk4-update-icon-cache -f /var/lib/flatpak/exports/share/icons/hicolor/
After a complete wipe of the EFI partition, Windows won't have its required resources to boot.
-
Boot from Windows install media (F8 for the boot menu on Asus boards and F12 on ThinkPad).
-
Use
diskpartto assign a drive letter (likeG) to the EFI partition (which should be labeledSystem). -
Restore boot files:
G:\EFI bootrec /rebuildbcd -
Booting to Windows should now appear as an option from the recovery menus.
-
Use the GUI boot repair tool, or attempt it from the CLI.
-
Review BIOS/firmware settings to restore Fedora Linux as the default.
-
Only if needed: Remove RPM Fusion repositories for current Fedora:
rpm-ostree remove rpmfusion-free-release-$(rpm -E %fedora)-1.noarch -
Rebase on the next release (and resolve issues with any missing packages):
rpm-ostree rebase fedora:fedora/$(expr $(rpm -E %fedora) + 1)/x86_64/silverblue -
Only if needed: Add RPM Fusion repositories for next Fedora:
rpm-ostree install https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(expr $(rpm -E %fedora) + 1).noarch.rpm -
Reboot.
ssh-keygen -t ed25519-sk -O resident -O application=ssh:
ssh-keygen -K
ssh-add -L
-
Install the Flatpak:
flatpak install flathub org.openmw.OpenMW -
Download the "backup" file from GOG.
-
Extract the backup:
mkdir morrowind mv setup_tes_morrowind_goty_2.0.0.7.exe morrowind/ cd morrowind innoextract setup_tes_morrowind_goty_2.0.0.7.exe mv app/Data\ Files/* ~/.var/app/org.openmw.OpenMW/data/openmw/data/