I needed to disable SB to boot the installer, but your mileage may vary
Works ootb
You can add yours in the fingerprint submenu.
Howdy is needed for it to work.
Install with the copr repo
sudo dnf copr enable principis/howdy
sudo dnf --refresh install howdyExtra steps:
- Edit howdy config with
sudo howdy config - Set
device_pathto/dev/video2. - Add this line to
/etc/pam.d/sudoso sudo will use your IR camera to authenticate sudo
auth sufficient pam_python.so /lib64/security/howdy/pam.py
- To enable IR for GDM (lockscreen) Ensure these lines are in `/etc/pam.d/gdm-password
auth [success=done ignore=ignore default=bad] pam_selinux_permit.so
auth sufficient pam_python.so /lib64/security/howdy/pam.py
auth substack password-auth
After make this file executable
chmod o+x /lib64/security/howdy/dlib-data
- Fix SELinux permissions
Create a file
howdy.te
module howdy 1.0;
require {
type lib_t;
type xdm_t;
type v4l_device_t;
type sysctl_vm_t;
class chr_file map;
class file { create getattr open read write };
class dir add_name;
}
#============= xdm_t ==============
allow xdm_t lib_t:dir add_name;
allow xdm_t lib_t:file { create write };
allow xdm_t sysctl_vm_t:file { getattr open read };
allow xdm_t v4l_device_t:chr_file map;
Compile and insert the module
checkmodule -M -m -o howdy.mod howdy.te
semodule_package -o howdy.pp -m howdy.mod
semodule -i howdy.pp
- Enable the IR blaster
sudo dnf copr enable emixampp/linux-enable-ir-emitter
sudo dnf --refresh install linux-enable-ir-emitter
# Follow the instructions from https://github.com/EmixamPP/linux-enable-ir-emitter
sudo linux-enable-ir-emitter configure
- Add your beautyful face
sudo howdy add
This is not specifically model related, but I just wanted to get this out Install dependencies
sudo dnf install clevis clevis-luks clevis-dracut clevis-udisks2 clevis-systemd
Read this section from the ArchWiki article. Select these carefully.
After that store the unlock key in the TPM chip.
sudo clevis luks bind -d /dev/nvme0n1p3 tpm2 '{"pcr_ids":"1,7,8,9"}'
Edit plymouth ask password
sudo systemctl edit systemd-ask-password-plymouth.service
and add
[Service]
ExecStartPre=/bin/sleep 10
After that create this dracut file
sudoedit /etc/dracut.conf.d/systemd-ask-password-plymouth.conf
With the contents:
install_items+=" /etc/systemd/system/systemd-ask-password-plymouth.service.d/override.conf "
Rebuild initrd for the initrd to contain the changes
sudo dracut -f
The T14 Gen2 is offered with many modems. I only tested the Qtelcel EM120-GL. eSIM is currently unsupported. If the following doesn't work go check out Lenovo forums As of June 2022 my EU model works but it is really fragile due to a firmware bug. It is being worked on and I will update this gist as it is sqashed.
Due to regulatory reasons the radios have to be disabled. You can check it with:
sudo mbimcli -p -d /dev/wwan0mbim0 --quectel-query-radio-state
You should see something like this:
[/dev/wwan0mbim0] Radio state retrieved: 'fcc-locked'
For the EM120-GL we just have to enable the unlocking from ModemManager
sudo mkdir -p /etc/ModemManager/fcc-unlock.d
sudo ln -sft /etc/ModemManager/fcc-unlock.d /usr/share/ModemManager/fcc-unlock.available.d/1eac:1001
For other modems look at the ModemManager documentation.
Restart ModemManager with
sudo systemctl restart ModemManager
After that check again the state of the modem. It should be something like this:
[/dev/wwan0mbim0] Radio state retrieved: 'on'
First enable RPMFusion. Then run this command
sudo dnf install libva libva-utils libva-intel-driver intel-media-driver ffmpeg
I created a list with some Fedora tips if you'd like to see what you might want to do you can check it out. Feodra tips