Skip to content

Instantly share code, notes, and snippets.

@PatrickLang

PatrickLang/KDE-Plasma_in_Hyper-V.md

Last active July 4, 2024 20:49
Show Gist options
  • Save PatrickLang/ada2dd877ffd4c6891c386e9742943b1 to your computer and use it in GitHub Desktop.
Save PatrickLang/ada2dd877ffd4c6891c386e9742943b1 to your computer and use it in GitHub Desktop.
Download ZIP
Fedora Plasma Mobile experiments worklog
Raw
KDE-Plasma_in_Hyper-V.md

2024-06-25 Trying Plasma Mobile

I came across this and wanted to give it a try. I have some convertible laptops (Lenovo Yoga, Surface Go 2) and would be interested in a touch-first interface for music and creative work. https://fedoraproject.org/wiki/Changes/Fedora_KDE_Plasma_Mobile

Steps to set up are roughly documented at https://fedoraproject.org/wiki/SIGs/KDE/Mobile and also not quite at: https://discussion.fedoraproject.org/t/can-i-install-plasma-mobile-on-fedora-kinoite-39/104578

work-in-progress:

rpm-ostree install plasma-mobile

2024-06-18 Login hangs on black screen

I originally filed https://bugzilla.redhat.com/show_bug.cgi?id=2292853, then on more searching based on the stacks found https://bugzilla.redhat.com/show_bug.cgi?id=2284141 . The fix worked, so I resolved my bug as a duplicate.

To work around, either

  1. pull an older image (40.20240527.0 or older) - sudo ostree pull --commit-metadata-only --depth 20 fedora fedora/40/x86_64/kinoite (or depth > 20 if that does not find 40.20240527.0. Reboot and watch for grub menu, choose that image.
  2. apply the scratch build, using VT2 or SSH instead of logging in with SDDM.

Download the scratch build from the bug, then rpm-ostree override replace ./xorg....rpm

2024-06-26 Testing fix https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd81b79a0b

Once the fix https://bodhi.fedoraproject.org/updates/FEDORA-2024-bd81b79a0b was moved to testing repo, I rebased with rpm-ostree reset ; rpm-ostree rebase fedora/40/x86_64/testing/kinoite to get the fix (along with others). It worked, commented and gave karma on build

helpful doc: https://fedoraproject.org/wiki/QA:Updates_Testing#Using_it_with_Fedora_Silverblue_(Kinoite,_Sericea...)

Merged to stable

Rebasing back to fedora/40/x86_64/kinoite worked after the fix was merged to stable. Success!

Raw
Surface-go-2.md

Setup notes

Installation was pretty much flawless, including with secure boot. I followed the usual encryption flow during the install, then used cryptsetup to auto unlock it with TPM2.

Auto unlock with TPM2

This isn't totally secure against an attacker with Linux knowledge that could replace some files not measured by the TPM in a malicious way to run untrusted code after I have logged in... but it's enough to prevent someone from easily copying data off if I lose the device.

https://fedoramagazine.org/use-systemd-cryptenroll-with-fido-u2f-or-tpm2-to-decrypt-your-disk/

systemd-cryptenroll –tpm2-device=auto –tpm2-pcrs=7 /dev/nvme0n1p3
rpm-ostree kargs –append=rd.luks.options=tpm2-device=auto
rpm-ostree initramfs –enable –arg=-a –arg=systemd-pcrphase

Encrypting a SD card

I'm planning to leave a SD card in for additional storage. The same process almost worked, but didn't seem to update /etc/cryptsetup.

Here are the full steps that worked. The GPT, partition table, and btrfs volume were initially created with KDE Partition Manager. Nothing out of the ordinary.

To enable unlocking - first ran systemd-cryptenroll –tpm2-device=auto –tpm2-pcrs=7 /dev/mmcblk0p1

That didn't update /etc/crypttab as needed, so I fixed it. This line needed to be added, using the partition (not btrfs volume) UUID:

luks-<partition UUID> UUID=<partition UUID> none discard

Reboot to test, and it was unlocked and mounted automatically.

Tablet improvements

Adding some mobile-first shell and Android app support

sudo rpm-ostree install plasma-mobile waydroid

Register with GPlay - https://docs.waydro.id/faq/google-play-certification

PIN unlock - unsolved

My hope is to log in with full password, then use a shorter password or PIN to unlock after a brief resume. Some people point to a PAM module that can accept encrypted passwords from a fixed file instead of the typical shadow db.

https://www.reddit.com/r/kde/comments/1826cvy/comment/kajxbih/

To make this work, I think I'd have to add a rule to /etc/pam.d/kde or create and modify a new one for kscreenlocker. Since the initial logins use /etc/pam.d/sshd and sddm I think this would reach the goal of not allowing PIN login from a cold boot.

This PAM module is not in upstream Fedora :/

Waydroid experiments

Issues

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment