As you may notice, this is almost a part 2 of my Secure your boot process: UEFI + Secureboot + EFISTUB + Luks2 + lvm + ArchLinux. Except that here i’ll not talk about all the secureboot stuff that i’ve already ran into on my last blogpost. This one is specifically focused on how to achieve the same setup using Fedora.
This blogpost compiles my personal opinions around using bootloaders on EFI environments so, the classic “opinions expressed here are solely my own and do not express the views or opinions of my employer” applies.
PRIME is a technology used to manage hybrid graphics. It was meant to be a resource saver since you can configure it to use only the Integrated GPU, and render offload to the dedicated GPU whenever is needed. But that is not what happened in my real life situation.
This tutorial isn’t a basic setup how-to in a way you will learn how to install Arch Linux, neither is intended to replace the Installation Guide, This is a guide for those who want a laptop with data-at-rest encryption and a verified boot process using SecureBoot.
I’ll not be arrogant saying that this setup is “tampering-proof” since this also depends on your firmware manufacturer, but I believe that this is a notebook setup with good enough security.
There comes a time in life where you enable a high-level protection in your firewall, but you somehow forget the basics and that is where the problem lives..
These are some of the commands I use most, or, zimbra commands that were relevant to a very specific goal and i had to document them to avoid losing them :)