The officially official Devuan Forum!

You are not logged in.

#26 2020-12-03 02:00:02

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

golinux wrote:

@Ulysses_ . . . no one here is interested in your political rants.  If you want to continue posting here, please leave them at the door.

I wouldn't say that, I find it amusing, but I do think it is a waste of oxygen that could otherwise be used to fuel our brains.


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#27 2020-12-03 02:05:16

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

anticapitalista wrote:
Ulysses_ wrote:

Can't we mix some of MX into devuan?

Why would you want to do that after this post of yours?

MX/AntiX is the work of a state-sponsored political extremist who is openly in the payroll of a state and at the same time pretends to be against the system. Can't be trusted for anything to do with security, privacy, cryptocurrencies, anti-surveillance. Might as well install ubuntu.

https://www.linuxquestions.org/question … ost6188829

Read on for more laughs later in the same thread

Wow, I read that and yeah, he doesn't know what he's talking about.

I wonder how coked up the op is. Sheesh...

That thread has a lot of red meat in it.  Some of which seems foxnews like or far right or  even extremist fringe of the far right ideology.  If the op see's this message, just calm down. this is not helping anyone... people will only laugh at you for this lack of logic and paranoia...

Last edited by zapper (2020-12-03 02:08:39)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#28 2020-12-03 13:02:53

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Ive not used antix or mx, i dont see the need for uefi boot or secure boot as mentioned by the limitations Head on a sticker mentions.

Ive just disabled uefi altogether, my drives are encrypted so good luck to anyone who can get info off them as i use serpent plus blowfish cipher keys. Ive also got a machine that is fully encrypted with openbsd using a separate bootloader on a usb. Much more secure than "secure boot" will ever be. Lock down the bios with a password and you have double the protection.

Offline

#29 2020-12-03 18:40:56

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

dice wrote:

Ive just disabled uefi altogether

No, you haven't. You've enabled CSM ("Legacy" mode), which emulates non-UEFI booting via your machine's UEFI firmware. This means the machine is still open to the many UEFI firmware vulnerabilities.

dice wrote:

my drives are encrypted so good luck to anyone who can get info off them

If you have a rootkit then it can read the contents of the drive once the system is running. Secure Boot would help prevent rootkits from running. It's far from perfect but it is an extra layer of protection.

And before anybody starts bleating about not trusting Microsoft's keys note that it is possible to create your own keys, enrol them in the UEFI firmware and sign the kernel images with them. That's how I have enabled Secure Boot in my Alpine Linux system.


Brianna Ghey — Rest In Power

Offline

#30 2020-12-03 20:00:37

Ulysses_
Member
Registered: 2020-05-07
Posts: 25  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

seems foxnews like or far right or  even extremist fringe of the far right ideology.

I wonder how coked up the op is.

he doesn't know what he's talking about.

These are political remarks and insults to a member who is not allowed by golinux to reply to political remarks and defend their reputation. You are punching an opponent with his hands tied. You have been reported.

Offline

#31 2020-12-03 20:01:43

Ulysses_
Member
Registered: 2020-05-07
Posts: 25  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Ive not used antix or mx, i dont see the need for uefi boot or secure boot as mentioned by the limitations Head on a sticker mentions.

It makes no sense that Microsoft would break what little security Secure Boot offers by allowing it to boot absolutely anything plugged into a usb port as long as it bothers to look live and EFI. Do you have any references for this unbelievable limitation?

Offline

#32 2020-12-03 20:12:51

Ulysses_
Member
Registered: 2020-05-07
Posts: 25  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

fsmithred wrote:

we don't fork any of the packages necessary for secure boot. Make sure grub-efi-amd64-signed is installed. The bootloader directory in /boot/efi/EFI/ will be named 'debian'.

Does anyone know any virtualization option that supports Secure Boot in the guest, so one can try and understand what is going on in a successful Secure Boot?

Offline

#33 2020-12-03 20:43:21

Ulysses_
Member
Registered: 2020-05-07
Posts: 25  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Who are the developers of devuan in this forum?

Offline

#34 2020-12-03 22:46:54

golinux
Administrator
Registered: 2016-11-25
Posts: 3,137  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Ulysses_ wrote:

Alright. How do you feel about this?

Instead of answering the question that you know the answer to better than anyone

Can't really answer your question without context which starts with a citation for who posted it.  Please include that when you quote in the future.

Offline

#35 2020-12-03 22:48:54

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,409  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Ulysses_ wrote:

Who are the developers of devuan in this forum?

I'm one. I make the live isos and maintain a few packages. Why do you ask?

Offline

#36 2020-12-04 06:45:27

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Ulysses_ wrote:

seems foxnews like or far right or  even extremist fringe of the far right ideology.

I wonder how coked up the op is.

he doesn't know what he's talking about.

These are political remarks and insults to a member who is not allowed by golinux to reply to political remarks and defend their reputation. You are punching an opponent with his hands tied. You have been reported.

I didn't know this, I am sorry, no one told me any of this. If I had known, I would have just told you to calm down in a peaceful manner. my apologies.

Please chill man, although I do still think you might be lost, I don't mean this in a harsh way,  but rather that you have been misled.  sad

You would do wise to examine your own reality, I have to do that a lot myself. I am sure anyone who has an open mind has had to do the same.

That being said, I hold no ill will to  you. I was only having fun before. I don't think you really do coke.  Especially in the physical sense.

Peace...

Last edited by zapper (2020-12-04 06:53:18)


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#37 2020-12-04 06:58:13

zapper
Member
Registered: 2017-05-29
Posts: 835  

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Head_on_a_Stick wrote:
dice wrote:

Ive just disabled uefi altogether

No, you haven't. You've enabled CSM ("Legacy" mode), which emulates non-UEFI booting via your machine's UEFI firmware. This means the machine is still open to the many UEFI firmware vulnerabilities.

dice wrote:

my drives are encrypted so good luck to anyone who can get info off them

If you have a rootkit then it can read the contents of the drive once the system is running. Secure Boot would help prevent rootkits from running. It's far from perfect but it is an extra layer of protection.

And before anybody starts bleating about not trusting Microsoft's keys note that it is possible to create your own keys, enrol them in the UEFI firmware and sign the kernel images with them. That's how I have enabled Secure Boot in my Alpine Linux system.

I myself prefer coreboot + intel me cleaner, or something equivalent of security, but good if you found a way around the issues of the stock bios. I just don't trust it myself man...

For that reason you mentioned and others, for example the intel me issue...


Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term  If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!

Offline

#38 2020-12-04 11:02:39

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Head_on_a_Stick wrote:
dice wrote:

Ive just disabled uefi altogether

No, you haven't. You've enabled CSM ("Legacy" mode), which emulates non-UEFI booting via your machine's UEFI firmware. This means the machine is still open to the many UEFI firmware vulnerabilities.

dice wrote:

my drives are encrypted so good luck to anyone who can get info off them

If you have a rootkit then it can read the contents of the drive once the system is running. Secure Boot would help prevent rootkits from running. It's far from perfect but it is an extra layer of protection.

And before anybody starts bleating about not trusting Microsoft's keys note that it is possible to create your own keys, enrol them in the UEFI firmware and sign the kernel images with them. That's how I have enabled Secure Boot in my Alpine Linux system.

Okay  but why does my bios menu have a checkmark saying disable uefi / enable legacy bios, i suppose they are one in the same thing as you mention in regards to CSM? Ive not really delved into bios management before, im pretty sure i would brick the computer.I remember flashing a bios about 20 years ago on a windows 2000 machine, is that how it is still done and you just need the correct coreboot image for the machine?

Do you have you any historical examples of said rootkits?

Offline

#39 2020-12-04 11:05:47

dice
Member
Registered: 2020-11-22
Posts: 559  
Website

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

Ulysses_ wrote:

Ive not used antix or mx, i dont see the need for uefi boot or secure boot as mentioned by the limitations Head on a sticker mentions.

It makes no sense that Microsoft would break what little security Secure Boot offers by allowing it to boot absolutely anything plugged into a usb port as long as it bothers to look live and EFI. Do you have any references for this unbelievable limitation?

Hmm i dont understand your line of questioning. This is microsoft remember, the operating system that is prone to viruses, malware , constant bsod's and an update schedule that will from time to time brick your machine.

Offline

#40 2020-12-04 21:37:33

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: How to make devuan boot with Secure Boot enabled the way antiX does it

dice wrote:

why does my bios menu have a checkmark saying disable uefi / enable legacy bios

The "legacy bios" [sic] is an emulation performed by the UEFI firmware.

dice wrote:

Do you have you any historical examples of said rootkits?

See https://www.blackhat.com/docs/asia-17/m … eality.pdf & https://www.welivesecurity.com/wp-conte … -LoJax.pdf (although Secure Boot doesn't actually offer any protection against LoJax).


Brianna Ghey — Rest In Power

Offline

Board footer