The recommended method to install secureblue is to rebase from an upstream silverblue/kinoite installation. Before rebasing and during the installation, the following checks are recommended.
Tip
The cross-platform Fedora Media Writer is the official, tested and supported method for the creation of bootable media, instructions (alongside a word on alternative methods) are available here.
Caution
The Fedora 41 ISO contains a bugged version of rpm-ostree. As such, after using it to install Fedora Atomic, you must run rpm-ostree upgrade and then restart, before running the secureblue installer.
- Select the option to encrypt the drive you're installing to.
- Use a strong password when prompted.
- Leave the root account disabled.
- Select wheel group membership for your user
- Ensure secureboot is enabled.
- Ensure your BIOS is up to date by checking its manufacturer's website.
- Disable booting from USB (some manufacturers allow firmware changes from live systems).
- Set a BIOS password to prevent tampering.