During rpm-ostree operations, it's normal. Outside of that:
- Make sure you followed the nvidia steps in the readme if you're using nvidia.
- Make sure you're using an
asusimage if you're using asus.
No, use bubblejail if there's no flatpak available for an app.
Override LD_PRELOAD for that app. For flatpaks, this is as simple as removing the environment variable via Flatseal.
mitigations=auto,nosmt is set on secureblue. This means that if your CPU is vulnerable to attacks that utilize Simultaneous Multithreading, SMT will be disabled.
- Check if it's already installed using
rpm -qa | grep x - Check if there's a flatpak available at https://flathub.org
- Consider using distrobox or nix to install it
- Layer it using
rpm-ostree install, as a last option
First check if the README already has an equivalent or better feature. If it doesn't, open a new github issue.
Add an additional chromium policy file and set the sites that need JIT in JavaScriptJitAllowedForSites. Here is the policy reference.
To use steam you can either:
- Install the flatpak
- Layer the rpm with
rpm-ostree install steam
Bluetooth has a long and consistent history of security issues. However, if you still need it, run ujust toggle-bluetooth-modules
This is an issue with rpm-ostree image-based systems generally, and not specific to secureblue. Ideally upgrades would come in the form of a zstd-compressed container diff, but it's not there yet. Check out this upstream issue for more information.
The functionality that provides this, called GHNS, is disabled by default due to the risk posed by the installation of potentially damaging or malicious scripts. This has caused real damage.
If you still want to enable this functionality, run ujust toggle-ghns
If your system time is off by an excessive amount due to rare conditions like a CMOS reset, your network will not connect. A one-time manual reset will fix this. This should never be required except under very rare circumstances.
For more technical detail, see #268