hardwarerelated:mac

Linux on Apple silicon
First things after installation
Fedora remix harddisk encryption
Virt/Emulation performance
Installing Fedora as KVM guest
Installing Fedora as emulated x86_64 guest
Emulating x86 systems, plain qemu
Hints / Issues to research
Linux@apple silicon, my conclusion for now

Linux on Apple silicon

My system here: Macbook pro 2023 M2
Asahi feature support page
Installer: https://fedora-asahi-remix.org/
What works/what I use:
- Fedora Asahi remix, minimal install for Fedora 39, then sway installation
- Screen brightness setting via package (and command line utility) 'light' works, rj45 ethernet via USB-C connected docking station
- webcam, tested with https://webcamtests.com/
- Wlan, Bluetooth, Fcitx5 for Japanese input
- disk encryption: Not offered by installer, one has to boot from a usb-stick and then encrypt
- KVM virtualization, I use this to replicate customer issues. Also x86 RHEL guests can be emulated, ~7 times slower than virtualized guests, but still usable.
- 3.5mm sound jack
- HDMI output was implemented December 2023, for no without audio over HDMI. Before that, I investigated this workaround which uses ffmpeg for encoding/decoding and then shows the picture on a monitor connected to a different Linux system, i.e. a Thinkpad or Raspi
- Skype via https://web.skype.com : complains that it's not running in browser “edge”. Did run on Firefox, with a bit of lag - not sure if due to bad codec choice, or wlan throughput issue. I did not notice wlan issues otherwise.
- buildin speaker: support added in December 2023, status page
What works not yet:
- monitor output via USB-C (but HDMI-output works)
- builtin microphone (but I use the Sony bluetooth headset anyway)

First things after installation

sway installation

systemctl enable --now sshd
dnf update
dnf install -y vim
echo 'export EDITOR=vi' >>~/.bashrc

dnf -y install sway sddm
systemctl set-default graphical.target
systemctl start sddm
# If sddm starts and you can not login, reboot and 
# use kernel option systemd.unit=multi-user.target

# further fonts
dnf install google-noto-fonts-common google-noto-sans-vf-fonts \
  google-noto-sans-mono-vf-fonts google-noto-serif-vf-fonts \
  google-noto-emoji-color-fonts google-noto-naskh-arabic-vf-fonts \
  google-noto-sans-gurmukhi-fonts google-noto-sans-gurmukhi-vf-fonts \
  google-noto-sans-lisu-fonts google-noto-sans-mandaic-fonts \
  google-noto-sans-math-fonts google-noto-sans-meetei-mayek-fonts \
  google-noto-sans-sinhala-vf-fonts google-noto-serif-cjk-vf-fonts \
  google-noto-sans-mono-cjk-vf-fonts google-noto-sans-cjk-vf-fonts
  
# add your user to video/audio groups.
# Required so chromium can access camera, etc.
usermod -G audio,video chris

# Lightup keyboard leds
echo 5 >/sys/class/leds/kbd_backlight/brightness
# Turn off keyboard leds
echo 0 >/sys/class/leds/kbd_backlight/brightness

Touchpad config you might want to apply: https://github.com/jaime10a/SwayM1
There is no build of Google Chrome for aarch64. So far I had the habit of using Google Chrome for company related video chat etc, had only the company google user there. Chrome also seemed to work more smoothly with google meet, which I have to use for the company. Using Chromium now instead, works nicely so far.

Fedora remix harddisk encryption

For company use, one needs hardware encryption. I used this howto. This guides to create usb boot media, initially this failed for me with Fedora 39 on the Macbook, and trying to install Fedora39 on a usb stick. Tried also usb media creation from the x86 Fedora 38 Thinkpad, that failed also. I got further using the latest mkosi, so checking out “python3 -m pip install –user git+https://github.com/systemd/mkosi.git”.

Eventually, installation to a USB3 connected enclosure with a NVMe worked. Pressing ESC when u-boot was running, a prompt gets accessible. I needed to experiment with various usb commands, and issue commands like 'usb reset' before 'env set boot_efi_bootmgr' and 'run usb_boot' worked. uboot usb boot commands.

After booting via usb, I could mount the installed btrfs subvolumes, and encrypt them.

When the encryption is done, you reboot, and then on normal reboots you have to enter the passphrase.

Then you should activate TRIM:

vi /etc/crypttab
# add 'discard', like for example:
cat /etc/crypttab
fedora-root UUID=8faa8bde-522d-4c59-9827-958afa662374 none discard

# then rebuild initrd (maybe not required)
dracut -f

# then reboot
reboot

With that, you can execute 'fstrim /'.

Virt/Emulation performance

aarch64 virtualization: rhel9 is running
emulation x86 via qemu-system-x86_64: rhel6/7/8 can be installed
https://github.com/FEX-Emu/FEX - FEX should be able to run x86 systems. FEX seems not packaged on Fedora, would need building, haven't tried it yet.
https://github.com/ptitSeb/box86 - Box64 is not packaged on Fedora, would allow to run x86 binaries, focused on running 32bit games?
Memory is a topic. I'm hitting 14GB when running firefox/chromium and a 2GB memory guest.
Performance comparison RHEL installation, all guests configured with 4 cpu cores/4GB RAM:
- emulation amd64: rhel6.10, source loopback mounted local iso: 916sec
- emulation amd64: rhel7.7, source loopback mounted local iso: 1207sec, Ansible preparation: 73sec
- emulation amd64: rhel8.6, source loopback mounted local iso: 1452sec
- emulation amd64: rhel8.9, source via network: 2781sec, Ansible preparation: 93sec
- emulation amd64: rhel8.2, source loopback mounted local iso: 1477sec, Ansible preparation: 109sec
- virtualization aarch64: rhel9.3, source loopback mounted local iso: 157sec, Ansible preparation: 44sec
Performance comparison RHEL installation, all RHEL8.2 emulation amd64, source loopback mounted iso, 4GB RAM
- 1 cores: 904sec, Ansible playbook: 94sec
- 2 cores: 1084sec, Ansible playbook: 97sec
- 4 cores: 1477sec, Ansible playbook: 109sec
- 8 cores: 1591sec, Ansible playbook: 109sec
Performance comparison RHEL installation, all RHEL8.2 emulation amd64, source loopback mounted iso, 1 core
- 2GB RAM: 1045sec, Ansible playbook: 96sec
- 4GB RAM: 904sec, Ansible playbook: 94sec (900sec/94sec)
- 8GB RAM: 889sec, Ansible playbook: 96sec

Installing Fedora as KVM guest

This is for aarch64 rhel9 guests, where virtualization can be used.

# as root
dnf install libvirt-daemon virt-install libvirt-daemon-kvm

cat virt-net.xml
<network>
  <name>default-internal-net</name>
  <uuid>530f11c4-617b-447c-bdba-704f34374277</uuid>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='42:13:37:23:21:87'/>
  <ip address='192.168.4.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.4.200' end='192.168.4.220'/>
    </dhcp>
  </ip>
</network>

virsh net-define virt-net-example.xml
virsh net-start default-internal-net

# as user
virsh destroy   fed39          2>/dev/null
virsh undefine  fed39 --nvram  2>/dev/null
qemu-img create -f qcow2 /tmp/tvm_fed36.qcow2 72G
virt-install -n fed39 -r 4096 --vcpus 4 \
    --disk path=/tmp/tvm_fed36.qcow2,format=qcow2,bus=virtio,cache=unsafe \
    --location http://ftp.iij.ad.jp/pub/linux/Fedora/fedora/linux/releases/39/Everything/aarch64/os/ \
    --graphics vnc --os-variant fedora38 \
    --network bridge=virbr0,model=virtio \
    --extra-args "ip=192.168.122.5::192.168.122.1:255.255.255.0:fed39:enp1s0:none nameserver=8.8.8.8"

Installing Fedora as emulated x86_64 guest

This is for x86_64 guests, where virtualization can not be used. Memory is an issue on 16GB macbook. RHEL8.6 needs 3 or 4GB of RAM to install.

virt-install -n $HOSTNAMESHORT -r 4096 --vcpus 4 --arch x86_64 \
    --disk path=$BASEDIR/images/tvm_$HOSTNAMESHORT.qcow2,format=qcow2,bus=virtio,cache=unsafe \
    --location /mnt/store/isos/$DISTRO \
    --graphics none \
    --console pty \
        --noreboot \
        --network bridge=virbr0,model=virtio \
        --os-variant rhel8.6 \
        --extra-args "ip=$IPADDR::192.168.4.1:255.255.255.0:::off inst.ks=http://192.168.4.1/ks/$HOSTNAMESHORT nameserver=8.8.8.8 inst.repo=http://192.168.4.1/repos/$DISTRO/ net.ifnames=0 console=tty0 console=ttyS0,115200n8"

Emulating x86 systems, plain qemu

I need this to replicate customer issues. With the following, I can boot rhel8.6 x86 install media:

/usr/bin/qemu-system-x86_64 \
        -machine pc-q35-2.12,acpi=on \
        -name guest=rhel9u3a \
        -smp 4 \
        -m 2048 \
        -overcommit mem-lock=off \
        -uuid 1874d8d1-c8ab-49ec-91e8-8b66617ac15d \
        -rtc base=utc -no-shutdown -boot d \
        -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
        -msg timestamp=on \
        -chardev pty,id=charserial0 -serial chardev:charserial0 \
        -drive media=cdrom,file=/mnt/store/isos/RHEL-8.6.0-20220420.3-x86_64-dvd1.iso \
        -drive media=disk,file=fedora.qcow2,cache=unsafe \
        -net nic -net user

Hints / Issues to research

research cut'n'paste, normally with 3rd mouse button pasting
- seems like paste with ctrl+shift+v works
- clicking with 3 fingers acts like mouse-middle-button-click, so pastes the clipboard
I used crtl+pageup and ctrl+pagedown on other keyboards to switch through browser tabs, these keys do not exist - need to find replacements

Linux@apple silicon, my conclusion for now

All the important pieces at least for my work are together for use at work: encrypted disk, openvpn access, wlan/ethernet, access to mail, video conferences.

The Macbook hardware is quite nice, the screen has nice colours, compared to my Thinkpad T590. Performance Co-Pilot compiles in under 6min. For replicating customer issues, only rhel9 (or Fedora) can be run with virtualization, for older rhel8/rhel7 one needs emulation. Battery life time is great. The keyboard + touchpad need to get used to.. external keyboard + mouse is an option.

There is an ANE driver for Neural Network Engine on Asahi, getting that wider supporter would also be nice for running local models.

Table of Contents