Release ghaf-25.11.1
This is monthly Ghaf release which has been fully tested on Nvidia Orin NX, Nvidia Orin AGX, Lenovo X1 Carbon Gen11 and System76 Darter Pro platforms
Release Tag
Section titled “Release Tag”https://github.com/tiiuae/ghaf/releases/tag/ghaf-25.11.1
Supported Hardware
Section titled “Supported Hardware”The following target hardware is supported by this release:
- NVIDIA Jetson Orin AGX
- NVIDIA Jetson Orin NX
- Lenovo ThinkPad X1 Carbon Gen 10/11/12/13, Gen9 2-in-1
- Lenovo T14 AMD
- Dell Latitude 7230, 7330
- Alienware M18
- System76 Darter Pro
- NXP i.MX 8M Plus
What’s Changed
Section titled “What’s Changed”- version: bump for new patches by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1490
- lenovo-x1/gen12: drop Intel MEI communication controller by @vunnyso in https://github.com/tiiuae/ghaf/pull/1489
- changing ping limitation config by @enesoztrk in https://github.com/tiiuae/ghaf/pull/1488
- Restore default shortcut for lock screen by @gngram in https://github.com/tiiuae/ghaf/pull/1485
- docs: Update CICD_general.drawio.png by @ktusawrk in https://github.com/tiiuae/ghaf/pull/1491
- bump: use the latest ghafpkgs by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1492
- audit: fix some zizmor audit findings by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1494
- darter-pro: New SKU network pci path by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1496
- doc: wireguard-gui by @enesoztrk in https://github.com/tiiuae/ghaf/pull/1497
- add 25.10.1 release note by @clayhill66 in https://github.com/tiiuae/ghaf/pull/1500
- docs: add current SLSA status by @ktusawrk in https://github.com/tiiuae/ghaf/pull/1495
- Various desktop bug fixes by @kajusnau in https://github.com/tiiuae/ghaf/pull/1499
- Update ghafpkgs and support packages by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1503
- lib: fix the propogation to ensure correct lib by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1504
- Updated docs by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1505
- More docs by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1506
- Enable ghaf usb applet by @gngram in https://github.com/tiiuae/ghaf/pull/1466
- build(deps): bump astro from 5.14.7 to 5.15.1 in /docs by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1509
- Fix mismatched variable name by @avnik in https://github.com/tiiuae/ghaf/pull/1507
- refactor: enable keep-sorted for large lists by @kajusnau in https://github.com/tiiuae/ghaf/pull/1514
- Disable alerts on dangerous trigger by @henrirosten in https://github.com/tiiuae/ghaf/pull/1515
- logging: implement journald-based local log retention by @juliuskoskela in https://github.com/tiiuae/ghaf/pull/1511
- Enable nixf diagnose by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1516
- chrome-extensions: update session buddy by @kajusnau in https://github.com/tiiuae/ghaf/pull/1517
- End oct bump by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1510
- cosmic-config: refactor cosmic config, add ghaf dark and light themes by @kajusnau in https://github.com/tiiuae/ghaf/pull/1513
- Fix/xdg url handler by @enesoztrk in https://github.com/tiiuae/ghaf/pull/1519
- systemd: restore user-runtime-dir service hardening by @gngram in https://github.com/tiiuae/ghaf/pull/1520
- build(deps): bump astro from 5.15.1 to 5.15.3 in /docs by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1527
- build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1526
- build(deps): bump github/codeql-action from 4.30.9 to 4.31.2 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1525
- build(deps): bump cachix/install-nix-action from 31.8.1 to 31.8.2 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1524
- build(deps): bump astral-sh/setup-uv from 7.1.1 to 7.1.2 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1523
- Bump november by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1522
- chrome-extensions: fetch pinned versions by default by @kajusnau in https://github.com/tiiuae/ghaf/pull/1529
- version: bump for the next release cycle by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1534
- system: deprecated system paramater update by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1533
- system76: Enable all by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1535
- The lsp made me do it by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1540
- cosmic: fix active hint overlapping secctx indicator by @kajusnau in https://github.com/tiiuae/ghaf/pull/1541
- Remove OpenSSF Scorecard by @henrirosten in https://github.com/tiiuae/ghaf/pull/1518
- Storage fixes by @mbssrc in https://github.com/tiiuae/ghaf/pull/1538
- build(deps): bump step-security/harden-runner from 2.13.1 to 2.13.2 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1544
- docs: bump by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1551
- Checks on push by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1550
- build(deps): bump cachix/install-nix-action from 31.8.2 to 31.8.3 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1554
- build(deps): bump starlight-blog from 0.24.3 to 0.25.0 in /docs by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1546
- build(deps): bump astral-sh/setup-uv from 7.1.2 to 7.1.3 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1553
- ci-tests: fix by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1555
- Prevent running authorized actions in empty environment by @henrirosten in https://github.com/tiiuae/ghaf/pull/1556
- bump: Cosmic beta5 by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1543
- Add nixos-rebuild audit rule by @everton-dematos in https://github.com/tiiuae/ghaf/pull/1508
- Fix audit rules service on Zathura VM by @everton-dematos in https://github.com/tiiuae/ghaf/pull/1557
- installer: use the latest kernel in installer by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1558
- flatpak-vm: Add a vm to allow installing flatpaks using cosmic store by @vunnyso in https://github.com/tiiuae/ghaf/pull/1502
- refactor(homes): persist appvm homes by default by @mbssrc in https://github.com/tiiuae/ghaf/pull/1560
- Lenovo t14 amd by @Mic92 in https://github.com/tiiuae/ghaf/pull/908
- generate-shutdown-ramfs.service failure by @gngram in https://github.com/tiiuae/ghaf/pull/1563
- fix(xdg-handlers): manage appuser mimeapps.list via systemd tmpfiles by @enesoztrk in https://github.com/tiiuae/ghaf/pull/1559
- Add dynamic hostname generation for hardware-based device identification by @vadika in https://github.com/tiiuae/ghaf/pull/1512
- net-vm,gui-vm: Enhance xdg-dbus-proxy with system bus D-Bus proxy by @jkuro-tii in https://github.com/tiiuae/ghaf/pull/1432
- Fix printf octal interpretation error in hostname generation by @vadika in https://github.com/tiiuae/ghaf/pull/1566
- Add memory wipe on allocation/deallocation by @vadika in https://github.com/tiiuae/ghaf/pull/1530
- build(deps): bump github/codeql-action from 4.31.2 to 4.31.3 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1570
- build(deps): bump actions/checkout from 5.0.0 to 5.0.1 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1569
- build(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1568
- build(deps): bump cachix/install-nix-action from 31.8.3 to 31.8.4 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1567
- build(deps): bump astro from 5.15.5 to 5.15.6 in /docs by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1571
Full Changelog: https://github.com/tiiuae/ghaf/compare/ghaf-25.10.1…ghaf-25.11.1
Bug fixes
Section titled “Bug fixes”Fixed bugs that were present in the previous release
- Selecting full screen for video freezes the laptop
Known Issues and Limitations
Section titled “Known Issues and Limitations”| Issue | Status | Comments |
|---|---|---|
| x86 | ||
| (System76) Suspension has been disabled | In Progress | |
| (System76) All devices have the same device-id | In Progress | Will be for next release |
| Downloading large file (10G) crashes the browser | In progress | Issue is under investigation |
| Unlock with fingerprint doesn’t work | In Progress | Issue is under investigation |
| Selecting full screen for video freezes laptop | In Progress | Workaround: Disable ‘Variable Refresh Rate’ from display settings and reboot |
| NVIDIA Jetson AGX Orin / Orin NX | ||
| If suspended, device doesn’t wake-up | In Progress | Issue is under investigation |
| Locking the device from power menu doesn’t work | In Progress | Issue is under investigation |
| Unlocking from lock screen does not work | In Progress | Issue is under investigation |
| If display is connected only after boot, login screen is not launched | In Progress | Workaround: Boot with display connected or launch login screen manually by ctrl+C |
Installation Instructions
Section titled “Installation Instructions”Released images are available at https://archive.vedenemo.dev/ghaf-25.11.1/
Download the required image and use the following instructions: Build and Run.