Difference between revisions of "User:Mrfaber/X1C6 Arch Guide"

From ArchWiki
Jump to navigation Jump to search
m (formatting)
(→‎Topics TODO: Add TPM & secure boot stuff to TODO)
 
Line 23: Line 23:
 
* Keeping the system with all its components updated
 
* Keeping the system with all its components updated
 
* Keeping configuration files in sync
 
* Keeping configuration files in sync
* Backups
+
* System housekeeping (pacman hooks, cleaning caches, trash)
 +
* Automation (benjaminoakes/maid, ansible)
 +
* Backups (borg, important key files, LUKS headers)
 +
 
 +
== Extra ==
 +
 
 +
'''TPM'''
 +
* [https://archive.fosdem.org/2018/schedule/event/tpm/ Using TPM 2.0 As a Secure Keystore on your Laptop - It's not as difficult as you think!]
 +
* [https://github.com/shpedoikal/tpm-luks tpm-luks] LUKS support for storing keys in TPM NVRAM
 +
* [https://aur.archlinux.org/packages/mkinitcpio-tpm-encrypt/ mkinitcpio-tpm-encrypt] mkinitcpio hook that decrypts a TPM-sealed LUKS keyfile
 +
* IBM [https://sourceforge.net/projects/ibmswtpm2/ Software TPM 2.0], [https://sourceforge.net/projects/ibmtpm20tss/ Software TSS]
 +
* [https://github.com/mutantmonkey/mkinitcpio-antievilmaid mkinitcpio-antievilmaid] This mkinitcpio hook allows for Anti Evil Maid support for devices with a TPM on Arch Linux[...] (Uses trousers/TPM 1.2)
 +
'''Secure boot'''
 +
* [https://github.com/xdbob/sbtools sbtools] Helpers for generating signed Arch Linux kernels for Secure Boot. And pacman hook for auto-generation.

Latest revision as of 01:43, 2 October 2018

Topics TODO

  • Full disk encryption with LUKS and systemd-askpass
  • Custom initramfs(needed modules/hooks, pros and cons for a minimal initrd, speed measurements)
  • Power management, graphics performance, TLP
  • Touchpad, trackpoint config, including udev hwdb, smooth scrolling for apps(Firefox)
  • Controlling LEDs
  • NetworkManager privacy functions, choosing DNS resolver, configuring systemd-resolved, DNS over TLS
  • Pacman hooks for kernel updates
  • Secure Boot, Keytool, sbsign
  • Boot performance tweaks
  • Optimal UEFI configuration
  • Custom UEFI logo at boot, preparing and flashing UEFI updates to USB flash disks
  • Setting up fwupd/LVFS
  • Using EFISTUB, setting efivars via efibootmgr, creating a systemd-boot fallback
  • Setting early splash screen via fbv instead of plymouth
  • thinkpad_acpi and Thinkpad-specific tweaks, charge thresholds
  • Setting up sudo
  • Configuring systemd, journald, logind autologin
  • Configuring ssd optimizations, issuing fstrim regularly
  • Setting up gnome-shell, gdm3, gnome-shell extensions
  • Setting gnome/gtk options in dconf, gnome-tweak-tool
  • Keeping the system with all its components updated
  • Keeping configuration files in sync
  • System housekeeping (pacman hooks, cleaning caches, trash)
  • Automation (benjaminoakes/maid, ansible)
  • Backups (borg, important key files, LUKS headers)

Extra

TPM

Secure boot

  • sbtools Helpers for generating signed Arch Linux kernels for Secure Boot. And pacman hook for auto-generation.