systemctl enable --now sshd dnf update dnf install -y vim echo 'export EDITOR=vi' >>~/.bashrc dnf -y install sway sddm systemctl set-default graphical.target systemctl start sddm # If sddm starts and you can not login, reboot and # use kernel option systemd.unit=multi-user.target # further fonts dnf install google-noto-fonts-common google-noto-sans-vf-fonts \ google-noto-sans-mono-vf-fonts google-noto-serif-vf-fonts \ google-noto-emoji-color-fonts google-noto-naskh-arabic-vf-fonts \ google-noto-sans-gurmukhi-fonts google-noto-sans-gurmukhi-vf-fonts \ google-noto-sans-lisu-fonts google-noto-sans-mandaic-fonts \ google-noto-sans-math-fonts google-noto-sans-meetei-mayek-fonts \ google-noto-sans-sinhala-vf-fonts google-noto-serif-cjk-vf-fonts \ google-noto-sans-mono-cjk-vf-fonts google-noto-sans-cjk-vf-fonts # add your user to video/audio groups. # Required so chromium can access camera, etc. usermod -G audio,video chris # Lightup keyboard leds echo 5 >/sys/class/leds/kbd_backlight/brightness # Turn off keyboard leds echo 0 >/sys/class/leds/kbd_backlight/brightness
For company use, one needs hardware encryption. I used this howto. This guides to create usb boot media, initially this failed for me with Fedora 39 on the Macbook, and trying to install Fedora39 on a usb stick. Tried also usb media creation from the x86 Fedora 38 Thinkpad, that failed also. I got further using the latest mkosi, so checking out “python3 -m pip install –user git+https://github.com/systemd/mkosi.git”.
Eventually, installation to a USB3 connected enclosure with a NVMe worked. Pressing ESC when u-boot was running, a prompt gets accessible. I needed to experiment with various usb commands, and issue commands like 'usb reset' before 'env set boot_efi_bootmgr' and 'run usb_boot' worked. uboot usb boot commands.
After booting via usb, I could mount the installed btrfs subvolumes, and encrypt them.
When the encryption is done, you reboot, and then on normal reboots you have to enter the passphrase.
Then you should activate TRIM:
vi /etc/crypttab # add 'discard', like for example: cat /etc/crypttab fedora-root UUID=8faa8bde-522d-4c59-9827-958afa662374 none discard # then rebuild initrd (maybe not required) dracut -f # then reboot reboot
With that, you can execute 'fstrim /'.
This is for aarch64 rhel9 guests, where virtualization can be used.
# as root dnf install libvirt-daemon virt-install libvirt-daemon-kvm cat virt-net.xml <network> <name>default-internal-net</name> <uuid>530f11c4-617b-447c-bdba-704f34374277</uuid> <bridge name='virbr0' stp='on' delay='0'/> <mac address='42:13:37:23:21:87'/> <ip address='192.168.4.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.4.200' end='192.168.4.220'/> </dhcp> </ip> </network> virsh net-define virt-net-example.xml virsh net-start default-internal-net # as user virsh destroy fed39 2>/dev/null virsh undefine fed39 --nvram 2>/dev/null qemu-img create -f qcow2 /tmp/tvm_fed36.qcow2 72G virt-install -n fed39 -r 4096 --vcpus 4 \ --disk path=/tmp/tvm_fed36.qcow2,format=qcow2,bus=virtio,cache=unsafe \ --location http://ftp.iij.ad.jp/pub/linux/Fedora/fedora/linux/releases/39/Everything/aarch64/os/ \ --graphics vnc --os-variant fedora38 \ --network bridge=virbr0,model=virtio \ --extra-args "ip=192.168.122.5::192.168.122.1:255.255.255.0:fed39:enp1s0:none nameserver=8.8.8.8"
This is for x86_64 guests, where virtualization can not be used. Memory is an issue on 16GB macbook. RHEL8.6 needs 3 or 4GB of RAM to install.
virt-install -n $HOSTNAMESHORT -r 4096 --vcpus 4 --arch x86_64 \ --disk path=$BASEDIR/images/tvm_$HOSTNAMESHORT.qcow2,format=qcow2,bus=virtio,cache=unsafe \ --location /mnt/store/isos/$DISTRO \ --graphics none \ --console pty \ --noreboot \ --network bridge=virbr0,model=virtio \ --os-variant rhel8.6 \ --extra-args "ip=$IPADDR::192.168.4.1:255.255.255.0:::off inst.ks=http://192.168.4.1/ks/$HOSTNAMESHORT nameserver=8.8.8.8 inst.repo=http://192.168.4.1/repos/$DISTRO/ net.ifnames=0 console=tty0 console=ttyS0,115200n8"
I need this to replicate customer issues. With the following, I can boot rhel8.6 x86 install media:
/usr/bin/qemu-system-x86_64 \ -machine pc-q35-2.12,acpi=on \ -name guest=rhel9u3a \ -smp 4 \ -m 2048 \ -overcommit mem-lock=off \ -uuid 1874d8d1-c8ab-49ec-91e8-8b66617ac15d \ -rtc base=utc -no-shutdown -boot d \ -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ -msg timestamp=on \ -chardev pty,id=charserial0 -serial chardev:charserial0 \ -drive media=cdrom,file=/mnt/store/isos/RHEL-8.6.0-20220420.3-x86_64-dvd1.iso \ -drive media=disk,file=fedora.qcow2,cache=unsafe \ -net nic -net user
All the important pieces at least for my work are together for use at work: encrypted disk, openvpn access, wlan/ethernet, access to mail, video conferences.
The Macbook hardware is quite nice, the screen has nice colours, compared to my Thinkpad T590. Performance Co-Pilot compiles in under 6min. For replicating customer issues, only rhel9 (or Fedora) can be run with virtualization, for older rhel8/rhel7 one needs emulation. Battery life time is great. The keyboard + touchpad need to get used to.. external keyboard + mouse is an option.
There is an ANE driver for Neural Network Engine on Asahi, getting that wider supporter would also be nice for running local models.