I recently revisited deploying IPv6 on my home network, having previously been frustrated by my ISP only giving me a single /64 prefix. That remains the case, but I was determined to find some creative ways of dealing with the situation. The solution turned out to involve an Amazon Web Services VPC and a pull-request to the OPNsense project.
Enabling SecureBoot on ARM EC2 instances in AWS
Easy enough to do, even if it's not the default
SecureBoot is a way to ensure the integrity of a system by configuring it to only boot if the images (programs) being loaded are signed by an authorized source. This is true of physical machines, but also of virtual machines, and by extension, cloud instances. However, I recently discovered that in AWS, an AMI of the popular Ubuntu operating system, when running on arm64 instance types such as t4g.nano, didn’t have SecureBoot enabled. So I sought to fix that, and discovered that while it is quite simple to do, it’s not very obvious. Here’s a tutorial and some explanation that will probably be useful for x64_64 and arm64 systems alike, but was written purely based on my own use case, so adapt and test as necessary and report back what you find!