𞋴𝛂𝛋𝛆

The UEFI boot system is tricky and you need to get along with Secure Boot to do this. Secure Boot is outside of the Linux kernel. Both Fedora and Ubuntu have systems for this. Fedora uses the Anaconda system and I believe they do it best. I have had a W11 partition for 2 years and never used it once. It can’t even get on the internet with my firewall setup, but it is there and never had any issues the 3 times I logged into it.

I think all of the Fedora systems support the shim key and secure boot but I know Workstation does. For Ubuntu I think it is just the regular vanilla Ubuntu desktop that the shim supports. This may be somewhat sketchy with Nvidia or maybe not. Nvidia “”““open sourced””“” their kernel code but the actual nvcc compiler required to build the binaries is still proprietary crap.

I have a 3080Ti gaming laptop. It isn’t half bad with 16 GB of video RAM from all the way back in 2021. Nvidia is artificially holding back the vram because of monopoly nonsense. The new stuff has very little real consumer value as a result, at least with AI stuff I run. The hardware is a little faster, but more vram is absolutely critical and new stuff that is the same or worse than what I have from 3 generations and nearly 5 years ago is ridiculous.

The battery life blows and the GPU likely won’t even work on battery. It will get donkey balls hot with AI workloads, especially any kind of image gen. This results in lots of thermal throttling. All AI packages run as servers on your network. If you are thinking along these lines if running your own models, get a tower and run the thing remotely.

I manage, and need the ergonomics for physical disability reasons, but I still would prefer to have a separate tower to run models from.

Anyways, you can sign your own UEFI keys to use any distro, but this can be daunting for some people. The US defense department has a good PDF guide on setting your own keys. The UEFI bootloader for the machine may not have all key signing features implemented. There is a way to boot into UEFI directly and set the keys manually but this is not easy to find great guides on how to do it step by step. Gentoo has a tutorial on this, but it assumes a high level of competency.

Other than signing your own keys, the shim keys mentioned are special keys signed by Microsoft for the principal maintainer of the distro. These slide under the Microsoft key to keep secure boot enabled.

If you boot any secure boot enabled OS, the bootloader is required to delete any bootable unsigned code it finds. It does not matter if it is a shimmed Fedora or W11. If you have any other OS present in the boot list, it should be deleted. W11 is SB only, and this is where the real issues arise.

It is not really that simple, under the surface the hardware is proprietary and different. It would be impossible to verify how this is being manipulated in testing unless the full hardware documentation was made available. That would reveal all the stollen IP and illegal nonsense happening on all mobile devices and bankrupt these criminal organizations making hardware. Plus we would fully own what we pay for and be able to support it indefinitely in the mainline Linux kernel, taking away the power to steal from everyone in the world by manipulative proprietary orphan kernels.

If anyone in the EU had sense, they would require all hardware sold to be publicly transparent and fully documented. That is the only way to save democracy in the biggest of pictures. There is no room for bowdlerization of information in democracy albeit from a source bottleneck, or middle person filtering or holding the potential to filter. Trust is for ideologues and fools. Citizens are required to be skeptical and fully informed for democracy to work. No one has a right to mask and obfuscate communication and the flow of information but that is what proprietary hardware creates. The level of exploitation is irrelevant to the nominalized potential.

Stuff like WiFi hardware and the configuration of how 2.4 GHz switches to 5.8 GHz along with how the carrier is configured to use WiFi and your firewall all play a major part in battery life.

Graphene has been messing with the 2.4 to 5.8 transition a lot recently in updates. I haven’t looked at the actual source but just noticing how well my network connects and stays connected, along with how that changes with each webview/vanadium update points at this being the case. My battery life varies a lot as a result. I’m probably an odd edge case as I live in a super dense area for WiFi and just use 5.8 GHz only as it is less of an issue. When the signal strength is not ideal, there is some code that blocks the 5.8 band periodically, probably assuming that there must be a 2.4 GHz band available. The frequency that this drop and block happens has changed and my phone goes from a solid 2 day battery life with rather poor connectivity across the house to 1 day of battery life (into the red) but great connectivity. I have almost no apps and nothing that has background internet permissions. I have nothing from Google. Almost everything I do is done in Vanadium, I restart regularly, and sit behind a whitelist DNS filter on a separate device. So I have about the best real world test case possible for what is actually draining the battery.

Are you insane? Debian is a base distro like any other and runs more hardware than any other. It has all of the bootstrapping tools to get hardware working.

Canonical is a server company and Ubuntu server is literally the product.

Arch is absolute garbage for most users unless you have a CS degree or you have entirely too much time on your hands and don’t mind an OS as your life project. Arch abhors tutorial content in all documentation and therefore dumps users into a rabbit hole regularly. Pacman is the worst package manager as it will actively break a system and present the user with the dumbest of choices at random because the maintainers are ultimately sadistic and lackadaisical. Arch is nearly identical to Gentoo with Arch binaries often based on Gentoo builds, yet Gentoo provides relevant instruction and documentation with any changes that require user intervention and does so at a responsible and ethical level that shows kindness, respect, and consideration completely absent from Arch. Arch is a troll by trolls for trolls. I’m more than capable of running it now, but I would never bother with such inconsiderate behavior.

deleted by creator

Fedora’s Anaconda system makes UEFI secure boot easy and ships with SELinux integrated but set to permissive by default. Their built in network filtering tools are pretty easy but I still just use OpenWRT on a separate device. Silverblue was nice for a few years but I switched to Workstation for a machine with Nvidia hw.

Been saying all along. Climate change is only a population problem from the perspective of the super rich exploiters. When the gov gives up on climate change due to the rich investing in politics, you can count on them having a plan and solution that does not involve the rest of us.

Isn’t there a universal interface for photon on any instance? I tried using them at some point but neither is compatible with my networking practices. In only use Alexandrite.