Schlagwort-Archive: Linux

Pop!_OS (nvidia) on the InfinityBook Pro 14 Gen6 by tuxedo

Summary of what I did.

Added the kernel parameter i915.enable_psr=0 using sudo kernelstub -a i915.enable_psr=0 to resolve the screen flicker issue.
Installed:

  • tuxedo-control-center
  • tuxedo-keyboard
  • tuxedo-pinfix-tgl-dkms (not sure if required)

For power tuning, I installed tlp and mostly adjusted

/etc/tlp.conf L0319: RUNTIME_PM_DRIVER_BLACKLIST="amdgpu mei_me nouveau pcieport radeon" so that runtime_pm is enabled for the nvidia card (it sometimes turned on [maybe after sleep]).

As the touchpad sometimes stops to work (mostly on login), I created a simple script that fixes the issue.

 #!/bin/bash
sudo rmmod i2c_hid_acpi
sudo modprobe i2c_hid_acpi

Accelerated video playback. https://wiki.archlinux.org/title/Hardware_video_acceleration

I failed to get va-api working with firefox (seems to be a known bug), but chrome is working fine following the arch wiki or https://www.linuxuprising.com/2021/01/how-to-enable-hardware-accelerated.html

I also installed https://pipewire-debian.github.io/pipewire-debian/ with wireplumber.

WARNING: OPAL boot currently doesn’t work, as the SSD is power cycled on reboot.

How to setup zero overhead full disk encryption with S3 sleep support

Background

Modern (NVMe) SSDs encrypt all data by default. Also called self-encrypting drive (SED). They just don’t require a password to access the data. Instead of adding an additional layer of encryption e.g. using LUKS (additional power usage), I opted to use the capabilities of the device to secure access to the stored data.

Disclaimer:
I use this setup for my installation of Pop! OS 21.04 – This guide is mostly for my own memory.

More information:

I use a fork of sedutil as that supports newer systems and for S3 sleep support
https://github.com/ChubbyAnt/sedutil, https://github.com/ratcashdev/sedutil/tree/badicsalex-s3-sleep-support
WARNING:
This fork of sedutil is not compatible with the original one, as it uses a different hashing algorithm

Very high level overview of the boot process

Cold boot:
The self encrypting device (SED) presents a (strangely) named read only ShadowMBR.
Those 128MB of memory contain the pre-boot authentication image (PBA) with tools to unlock the drive and after that chain-boot (or restart) to boot your real system. It is currently based on syslinux, but can hopefully be replaced by systemd-boot sometime in the future https://github.com/systemd/systemd/issues/16089.

S3 sleep:
Switching into S3 sleep shuts down the drive, locking it.
A systemd service is setup to store the unlock key in the kernel and unlock the drive on resume.

Preparations

Backup all your data!

Download the rescue image from https://github.com/ChubbyAnt/sedutil/releases/tag/1.15-5ad84d8

(For S3 sleep support) Checkout and build sedutil-cli from https://github.com/ratcashdev/sedutil/tree/badicsalex-s3-sleep-support, or use my self-compiled version

Setup full disk encryption

Follow: https://github.com/ChubbyAnt/sedutil#encrypting-your-drive

EFI Setup

Create and rearrange the following boot entries (I did this from within my EFI settings)

  1. The EFI boot file in the ShadowMBR
  2. Your normal EFI boot entry

Setup S3 Sleep Support

Based on https://github.com/ladar/sedutil/issues/4

Install sedutil-cli with S3 sleep support (see preparations).

Get your hashed password

sedutil-cli --printPasswordHash <password> /dev/nvme?

Create the systemd service file /etc/systemd/system/seds3sleep.service

(adjust the password hash and /dev/nvme0n1)

NOTE: The additional n1 is no error

[Service]
Type=oneshot
ExecStart=/opt/sedutil-1.15.1-87/sedutil-cli -n -x --prepareForS3Sleep 0 <Admin1 password hash> /dev/nvme0n1

[Install]
WantedBy=multi-user.target
Enable this service. # systemctl enable seds3sleep.service && systemctl start seds3sleep.service