935 views
# Apple MacBook Asahi and Debian :warning: :warning: This is only a draft. There is no warranty that your system is alive after doing this. It is for those who know what I am writing! ## Get it running with debian and crypto file system This is based on the [quickstart.txt](https://git.zerfleddert.de/cgi-bin/gitweb.cgi/m1-debian/blob_plain/HEAD:/files/quickstart.txt) by Thomas Glanzmann and the [asahi linux documentation](https://alx.sh/w). It is devided in three tasks: * Build a live stick * Install uBoot only with efi support * Start the debian live distribution and bootstrap the system from there. ### Build a live stick Documentation can be found [here](https://git.zerfleddert.de/cgi-bin/gitweb.cgi/m1-debian/) - see *Livesystem* ### Install uBoot only with efi support This is done with the official way. On a macOS 12.3 just start ```bash= curl https://alx.sh | sh ``` and follow the instructions. Use option *UEFI environment only (m1n1 + U-Boot + ESP)* :warning: most problems occur at this point with the MacOS time machine. If you used MacOS for a longer time or upgraded it (!) time machine creates snapshots. If the partition shrinking step does not work the usage of `tmutil` may help. Or turn of the time machine! I for myself had a fresh machine, first shrinked and then upgraded to 12.3. So there were no problems with the time machine. ### Start debian live and bootstrap Plug the stick in and boot and press any key when in u-boot. Then enter: ```bash env set boot_efi_bootmgr run bootcmd_usb0 ``` If the stick does not start try other hdx-devices in your stick's `efi/debian/grub.cfg`, for me it is `hd3`. After the start you can find the `quickstart.txt` in the `root` home directory aka `pwd`. We will follow the part *Use the live system to install debian* but with some enhancements. You need to * do all partitioning * bootstrap debian in the new partitions * make the system's configuration (including the crypto stuff) * install grub * reboot and work with your new system The partitioning in `quickstart.txt` is just with a root partition for the system. For crypto you need to have some more. It will look like this afterwards: ```bash= AME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS zram0 253:0 0 256M 0 disk [SWAP] nvme0n1 259:0 0 931,8G 0 disk ├─nvme0n1p1 259:1 0 500M 0 part ├─nvme0n1p2 259:2 0 186,3G 0 part ├─nvme0n1p3 259:3 0 2,3G 0 part ├─nvme0n1p4 259:4 0 477M 0 /boot/efi ├─nvme0n1p5 259:5 0 10G 0 part /boot ├─nvme0n1p6 259:6 0 727,3G 0 part │ └─nvme0n1p6-crypt 254:0 0 727,3G 0 crypt │ ├─hostname-swap 254:1 0 32G 0 lvm [SWAP] │ └─hostname-root 254:2 0 695,3G 0 lvm / └─nvme0n1p7 259:7 0 5G 0 part nvme0n2 259:8 0 3M 0 disk nvme0n3 259:9 0 128M 0 disk ``` The debian installer prepares a lvm volume group in the crypted part and prepares different logical volumes for swap, root, home. With this trick it is possible to only crypt the volume group and have all partitions crypted once. `hostname` can be any name for your machine! You first need two partitions: * the `/boot` partition. This can be about 200M but if you have more than one kernel installed later I suggest 500M to 1G * the crypted partition this is the rest of the free space I used `gdisk` to create the partitions, Thomas Glanzmann uses `parted` in `quickstart.txt` - it is up to your choice. According to the partitioning faq (cannot find it anymore...) the partitions must be in the right order to have them working well in MacOS you can reorder it with `fdisk /dev/nvme0n1`, select `x`pert mode and then fix partition order `f`, `r`eturn, and `w`rite the partition. Be warned: here it is `fdisk` - not `gdisk`. `f` in `gdisk` makes something totally different and blows your partition table!!! For the crypto stuff we need to install cyptsetup and lvm2 in the live system: ```bash= apt install -y cryptsetup lvm2 ``` I use BTRFS for my root partition so I install ``` apt install -y btrfs-progs ``` too, but which fs you like is up to you. Prepare the `/boot` partition. For me it is `nvme0n1p5` (10G - as told 500M should do - I need a bigger partition for playing around!) but you can orientate yourself via `lsblk` ```bash= mkfs.ext3 /dev/nvme0n1p5 tune2fs -O extents,uninit_bg,dir_index -m 0 -c 0 -i 0 /dev/nvme0n1p5 ``` Prepare the crypt partition for me it is `nvme0n1p6` ```bash= cryptsetup luksFormat /dev/nvme0n1p6 cryptsetup luksOpen /dev/nvme0n1p6 nvme0n1p6-crypt ``` you will be asked for the crypt passphrase when formatting and open it. `hostname` is your hostname. You now should have a device `/dev/mapper/hostname-crypt`. Create a lvm volume group in this device. This example creates then a `swap` partition and the `root` partition. Because I use BTRFS all other "partitioning" is then done via subvolumes. But feel free to build logical volumes for `/home`, `/opt`, `/var`, and so on. According to [Thomas Krenn](https://www.thomas-krenn.com/de/wiki/Swap_Gr%C3%B6%C3%9Fe_unter_Linux) 8G swap should do (0.5 of RAM - here 16G). If you want to hibernate in future time you need MemSize minimum. In the lsblk above I used 32G for a 16G Machine. ```bash= vgcreate hostname /dev/mapper/hostname-crypt lvcreate -L 8G -n swap hostname lvcreate -l 100%FREE -n root hostname ``` You then should have `hostname-swap` and `hostname-root` in `/dev/mapper`. Prepare the partitions ```bash= mkswap /dev/mapper/hostname-swap mkfs.btrfs -s 4k /dev/mapper/hostname-root ``` Now mount all stuff at the right positions ```bash= mount /dev/mapper/hostname-root /mnt mkdir /mnt/boot mount /dev/nvme0n1p5 /mnt/boot ``` and now you could follow the `quickstart.txt`: ```bash= apt-get -y install debootstrap debootstrap --arch=arm64 testing /mnt http://deb.debian.org/debian mount -t sysfs none /mnt/sys mount -t efivarfs none /mnt/sys/firmware/efi/efivars mount -t proc none /mnt/proc mount -o bind /dev /mnt/dev mount -o bind /dev/pts /mnt/dev/pts mkdir -p /mnt/boot/efi mount /dev/nvme0n1p4 /mnt/boot/efi cd /mnt chroot . bin/bash cat <<EOF > /etc/fstab /dev/nvme0n1p5 /boot ext4 defaults 0 0 /dev/mapper/hostname-root / btrfs noatime,compress=zstd 0 0 /dev/nvme0n1p4 /boot/efi vfat defaults 0 0 tmpfs /tmp tmpfs noatime,nosuid 0 0 /dev/mapper/hostname-swap none swap sw 0 0 EOF apt update apt-get -y install initramfs-tools pciutils wpasupplicant tcpdump \ vim tmux vlan ntpdate parted curl wget grub-efi-arm64 mtr-tiny dbus \ ca-certificates sudo openssh-client mtools gdisk cryptsetup lvm2 cryptsetup-initramfs ``` In addition to `quickstart.txt` we install cryptsetup lvm2 and cryptsetup-initramfs here! At this point (before running the grub stuff) you need to prepare the crypt configuration. ```bash= eval $(blkid|grep "/dev/nvme0n1p6"| cut -d " " -f2) cat <<EOF >>/etc/crypttab nvme01n1p6-crypt UUID=$UUID none luks,discard EOF ``` follow `quickstart.txt` further: ```bash= apt-get install -y grub-efi-arm64-signed- # <-- do not forget the last "-"! echo 'grub-efi-arm64 grub2/update_nvram boolean false' | debconf-set-selections echo 'grub-efi-arm64 grub2/force_efi_extra_removable boolean true' | debconf-set-selections dpkg-reconfigure -fnoninteractive grub-efi-arm64 update-grub grub-install --removable /boot/efi ``` If you like you can install some tasks (like in the debian installer) ```bash= apt install -y tasksel tasksel ``` `resolv.conf`, hostname and firmware... ```bash= echo 'nameserver 8.8.8.8' > /etc/resolv.conf export HOSTNAME=hostname echo $HOSTNAME > /etc/hostname cat <<EOF > /etc/hosts 127.0.0.1 localhost $HOSTNAME EOF tar -C /lib/firmware/ -xf /boot/efi/vendorfw/firmware.tar ``` If you e.g. installed the Gnome desktop via tasksel the following network configuration is not needed because it can be set from Gnome after reboot via NetworkManager... ```bash= cat <<EOF > /etc/wpa_supplicant/wpa_supplicant.conf network={ ssid="ssid" scan_ssid=1 key_mgmt=WPA-PSK psk="password" } EOF cat <<EOF > /etc/network/interfaces # interfaces(5) file used by ifup(8) and ifdown(8) # Include files from /etc/network/interfaces.d: source /etc/network/interfaces.d/* allow-hotplug enp3s0 iface enp3s0 inet dhcp # allow-hotplug wlp1s0f0 iface wlp1s0f0 inet dhcp wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf EOF ``` Now the kernel is installed. This can be done by the quickstart.txt: ```bash= curl -sLo /tmp/k.deb tg.st/u/k.deb curl -sLo /boot/efi/m1n1/boot.bin tg.st/u/u-boot.bin dpkg -i /tmp/k.deb ``` Or you want to install the GPU kernel [which is described a little further below - Aand GPU](https://g3la.de/hedgedoc/buDIXGBuRzKMwUnYOpStuw#Aand-GPU) Do not forget to create a `root` password and your user! ```bash= passwd apt -y install adduser adduser username ``` And now the rest: go out of the chroot, umount and - reboot ```bash= exit cd / umount /mnt/boot/efi umount /mnt/boot umount /mnt/sys umount /mnt/proc umount /mnt/dev/pts umount /mnt/dev umount /mnt reboot ``` ## Use your live stick for rescueing ```bash= apt install cryptsetup lvm2 cryptsetup luksOpen /dev/nvme0n1p6 hostname-crypt mount /dev/mapper/hostname-root /mnt mkdir -p /mnt/boot mount /dev/nvme0n1p5 /mnt/boot mount -t sysfs none /mnt/sys mount -t efivarfs none /mnt/sys/firmware/efi/efivars mount -t proc none /mnt/proc mount -o bind /dev /mnt/dev mount -o bind /dev/pts /mnt/dev/pts mkdir -p /mnt/boot/efi mount /dev/nvme0n1p4 /mnt/boot/efi cd /mnt chroot . bin/bash ``` ## Some Tweaks Some tweaks to get it better running ### German keyboard: `<>` and `^°` are swapped [issue 2](https://github.com/AsahiLinux/xkeyboard-config/issues/2) in `/etc/rc.local` ``` #!/bin/bash echo 1 >/sys/module/hid_apple/parameters/iso_layout ``` ### Fn Lock in `/etc/rc.local` ``` echo 2 > /sys/module/hid_apple/parameters/fnmode ``` `0` Fn unlock ### Right Strg/Control key (Gnome) Via Tweak Tool -> keyboard and mouse -> Additional settings -> position of strg/control key -> swap right win and strg/control key ### Debian and SSDs https://wiki.debian.org/SSDOptimization is helpful for sparing your nvme hard disk. There is not much to be done but fstrim, zram, and overriding your browser config dirs is helpful. ### Sizing of HiDPI-Display Using [arch wiki documentation](https://wiki.archlinux.org/title/HiDPI) #### gdm create `/usr/share/glib-2.0/schemas/99_hidpi.gschema.override` ```ini= [org.gnome.desktop.interface] scaling-factor=2 text-scaling-factor=0.7 ``` And compile the setting ```bash= sudo glib-compile-schemas /usr/share/glib-2.0/schemas ``` #### Gnome Because I do not like these thick window frames I tune up the Gnome desktop itself (otherwise the settings done for gdm will do too - eventually with `text-scaling-factor=0.8`). We are on Wayland. This allows fractional scaling ```bash= gsettings set org.gnome.mutter experimental-features "['scale-monitor-framebuffer']" ``` - Gnome settings -> screens: scale to 125% - Gnome Tweak Tool -> fonts: scale to 1,40 Probably adjust font sizes... #### Firefox about:config - set `layout.css.devPixelsPerPx` to 1.5 can be done on Thunderbird too but it looks like not having any effect. If Firefox or Thunderbird are native running on Wayland (via `MOZ_ENABLE_WAYLAND=1`) and Gnome has HidDpi settings, `layout.css.devPixelsPerPx` should not be set! ### Power tuning accordig to powertop `/etc/rc.local` ```bash= echo '1500' > '/proc/sys/vm/dirty_writeback_centisecs' echo 'auto' > '/sys/bus/pci/devices/0000:02:00.0/power/control' echo 'auto' > '/sys/bus/pci/devices/0000:00:01.0/power/control' echo 'auto' > '/sys/bus/pci/devices/0000:00:00.0/power/control' echo 'auto' > '/sys/bus/pci/devices/0000:01:00.0/power/control' echo 'auto' > '/sys/bus/pci/devices/0000:01:00.1/power/control' # conservative cpu-govern cpupower frequency-set -g schedutil ``` `cpupower` needs package `linux-cpupower` Because s3 does not work well, it is better to disable the power saving stuff by now: ```bash= sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target ``` ### Bluetooth If you have an older debian system and want to use bluetooth you need to have a actual kernel (get it via `curl -sL tg.st/u/ksh | bash`). You also need a working fwupdater. This solution for this fwextract/fwupdater stuff is a bit quick and dirty... > If you have a /boot/efi/asahi/all_firmware.tar.gz lying around you could run https://github.com/AsahiLinux/PKGBUILDs/blob/main/asahi-fwextract/asahi-fwextract.install from Debian in order to get the firmware. (Thomas Glanzmann) This also means: You can only update the firmware on an installed system. It does not work in the Installing/debootstrap session! I prepared asahi-fwextract.install to get it work on Debian: ```bash= mkdir fwupdater cd fwupdater git clone https://github.com/AsahiLinux/asahi-installer.git cd asahi-installer git checkout v0.4.1 cd .. git clone https://github.com/AsahiLinux/asahi-scripts.git cd asahi-scripts sudo sed "s/sh/bash/g" update-vendor-firmware >/usr/bin/update-vendor-firmware chmod 755 /usr/bin/update-vendor-firmware cd .. mkdir asahi-fwextract cd asahi-fwextract ln -s ../asahi-installer/asahi_firmware vi asahi-fwextract.install # see the next code block chmod 755 asahi-fwextract.install ``` The original is a library only. I here call this library. Hey Developers: `/bin/sh` can be a simple shell (e.g. `dash` in debian) and these shells will fail with the code! Please use hash-bang-bin-bash! ```bash= #!/bin/bash post_install() { set -e if [ ! -e /boot/efi/asahi/all_firmware.tar.gz ]; then printf '==> No /boot/efi/asahi/all_firmware.tar.gz, skipping firmware extraction' return 0 fi printf '==> Upgrading vendor firmware package...\n' python3 -m asahi_firmware.update /boot/efi/asahi /boot/efi/vendorfw/firmware.tar.new /boot/efi/vendorfw/manifest.txt.new mv -f /boot/efi/vendorfw/manifest.txt{.new,} mv -f /boot/efi/vendorfw/firmware.tar{.new,} printf ' Firmware upgraded\n' /usr/bin/update-vendor-firmware } post_upgrade() { post_install } post_install ``` Now you can update your firmware with ```bash= ./asahi-fwextract.install ``` after a reboot you should have the bluetooth device. I recommend [using pipewire](https://wiki.debian.org/PipeWire) and to install `blueman` for handling bluetooth devices. Audio is better with pipewire. But you need libraries for bt audio codecs like * libfreeaptx0 * (libopenaptx0) * libaacs0 * libsbc1 * libldacbt-abr2 * libldacbt-enc2 ## Audio ### Alsa ucm2 settings This is needed to get the audio stuff running (proved for 3.5 headphone jack on mbp14) ``` git clone https://github.com/povik/alsa-ucm-conf-asahi.git sudo cp -a alsa-ucm-conf-asahi/ucm2/conf.d/macaudio /usr/share/alsa/ucm2/conf.d ``` And use pipewire instead of pulseaudio! ## Aand: GPU To test the GPU stuff you may use the [Debian packages of Thomas Glanzmann](https://thomas.glanzmann.de/asahi/README.txt). ```bash= # Debian asahi packages cat <<'EOF' | sudo tee /etc/X11/xorg.conf.d/30-modeset.conf Section "OutputClass" Identifier "appledrm" MatchDriver "apple" Driver "modesetting" Option "PrimaryGPU" "true" EndSection EOF echo 'deb https://thomas.glanzmann.de/asahi testing main' | sudo tee /etc/apt/sources.list.d/glanzmann.list sudo curl -sL -o /etc/apt/trusted.gpg.d/thomas-glanzmann.gpg https://tg.st/u/thomas-glanzmann.gpg sudo apt update sudo apt install -y m1n1 linux-image-asahi sudo apt upgrade -y ``` Or (experimental but newer) ```bash= sudo curl https://git.g3la.de/api/packages/repos/debian/repository.key -o /etc/apt/trusted.gpg.d/gitea-repos.asc echo "deb https://git.g3la.de/api/packages/repos/debian testing main" | sudo tee -a /etc/apt/sources.list.d/gitea.list sudo apt update sudo apt install -y m1n1 linux-image-asahi sudo apt upgrade -y ``` (`testing main` will follow after the next more stable kernel) After this every test kernel and mesa stuff is simply installed with every `apt upgrade`. ### Notch With the gpu stuff running you are able to use the full screen including the notch. Grub: add to `/etc/default/grub` in the `GRUB_CMDLINE_LINUX_DEFAULT` line the parameter `apple_dcp.show_notch=1` and `sudo update-grub` Gnome panel: You can set the panel height with the [just perfection](https://extensions.gnome.org/extension/3843/just-perfection/) extension. With this extension it is also possible to set the clock position to right with fine tuning. *Or:* For me the height of the gnome panel is exactly 2 pixels to small, you can see the notch. To correct it you need the *User Themes* Gnome extension active and `gnome-tweak` installed. Create a file `~/.local/share/themes/mytheme/gnome-shell/gnome-shell.css` (mytheme can be any name): ```css= #panel { height: 48px; } ``` In the Gnome Tweak tool you then can select your theme at the `Appearance`-Tab -> Shell. Then the Panel ends at the right position. You may like the [sure clock extension](https://extensions.gnome.org/extension/4977/sur-clock/).