You are not logged in.
- Topics: Active | Unanswered
#51 Re: Hardware & System Configuration » Secure Boot » 2019-05-17 14:55:16
Thanks HoS. Was aware of the CONFIG_EFI_STUB in Devuan/Debian kernels. Should have mentioned that this kernel is attempting to be small, specific, and without the need for an initramfs (again for 'fun', haha).
Secure boot Custom keys have been enabled on the firmware. That's what causes the machine to go into the flashing red light of death. It won't do that until I put the custom keys onto the system and enable secure boot in firmware.
Been looking into it more today and have been wondering if the kernel's modules aren't being signed during the build process? I am new to that whole process though. Have been reading about CONFIG_MODULE_SIG_* parameters today but I'm confusing myself I think.
Can I pass my db priv key and db crt to the kernel build process to have the kernel automatically sign itself and associated modules during the make process? The kernel docs seems to suggest so: https://www.kernel.org/doc/html/v4.19/a … gning.html but I'm not sure where to put the pem/crt files that I've already generated so the kernel build process uses them.
I suppose the other option is to just manually sign all of the modules after the kernel build process with the proper kmodsign command?
Sorry for all the questions but I do appreciate your help!
#52 Hardware & System Configuration » Secure Boot » 2019-05-17 01:24:37
- aut0exec
- Replies: 19
Greetings! I've been spending a decent amount of time looking into EFI-Stub loading and Secure boot. I'm hoping to find someone who may be able to help at this point as I'm not sure where to proceed. Full disclosure this whole project is currently just an academic endeavor! If I can get this working, I plan to document the process as much of the current documentation seems to assume everyone wants to use Shim and leave the MS certs on their box (seems like this would defeat the whole purpose of custom keys though, correct?).
I've managed to compile a kernel with EFI-Stub and get it to boot without Grub (quite awesome functionality, imo). Now I'm wanting to setup my own Secure Boot keys so that my system will only boot my signed kernel. This seemed like a pretty easy feat until starting down the road... At the moment, I'm able to generate and sign my own PK, KEK, and db. sbsign signs my kernel and sbverify states that it has a valid signature matching my db cert. I can then use KeyTool to 'install' the keys (db, KEK, PK - in that order) on the system without errors. Upon enabling secure boot in EFI, the system reboots to a blank screen and then ultimately errors out with 6 red LED flashes of the power light (according to HP this means no graphics).
The hardware is an HP Z420 workstation on the newest UEFI release with a Quadro K2000 GPU. I'm thinking it has something to do with OROMs but I'm not entirely sure. Was hoping that if I exported the original HP certs and concatenated/signed them with my custom ones I'd be good to go but apparently that's not the case.
The system will boot with the factory certs enabled and Shim available though. So it seems like something in the boot process might require MS' cert and it wouldn't surprise me if the nVidia card was the culprit. Long story short, has anyone been able to successfully purge MS certs and boot entirely from their own self signed certs?
If the commands run are needed, please let me know but I've been using the following resources primarily (obviously not following the gentoo/arch and shim/grub specific parts):
https://wiki.gentoo.org/wiki/Sakaki%27s … ecure_Boot
https://www.rodsbooks.com/efi-bootloade … ng-sb.html
https://wiki.archlinux.org/index.php/Secure_Boot
#53 Re: Off-topic » Something is wrong with my Devuan setup because my containers work » 2019-05-04 00:12:08
@aut0exec: This is what I put in /etc/rc.local to make the systemd-containers happy (maybe also more, I don't remember anymore):
mkdir -p /sys/fs/cgroup/systemd mount -t cgroup -o none,name=systemd systemd /sys/fs/cgroup/systemd
Thanks. I'm not opposed to just purging systemd out of Debian either, haha. I'm also assuming those commands where done on the host right?
#54 Re: Installation » Beowulf netinstall no more finds kernel modules » 2019-05-03 11:48:24
aut0exec wrote:I believe the first link is the newest netinstall for beowulf: https://pkgmaster.devuan.org/devuan/dis … s/netboot/
However, I'm still getting the same issue with it as well.
Look at the date of this iso. It is from April 2018, outdated. Fooled me too...
Rolf
Holy crap! It is 2019! Sorry about that, I retract my previous statement....
#55 Re: Installation » UEFI Installation Woes » 2019-05-03 11:34:33
Red, I saw your post in another thread and SWEAR I did just that and still had the same issue but this morning it worked and the installer is displaying properly... So thank you again!
#56 Installation » UEFI Installation Woes » 2019-05-03 03:12:20
- aut0exec
- Replies: 2
Went to reinstall Devuan on another HD in a Toshiba C-50 using UEFI and keep running into an issue where the installer displays only on the top third of the screen. I remember having this issue before but I don't recall what I did to solve it. Switching to CSM works but I need UEFI enabled to work with secure boot (I believe).
I thought that it was solved with a kernel parameter at boot (something with efifb maybe) but nothing has worked yet. I've tried efifb=off, vga=efifb:off, and the every popular nomodeset but nothing has worked. Any one have any thoughts or know how to solve this? It occurs on Devuan ascii and beowulf (4/14) net installs as well as Debian buster net install.
#57 Re: Installation » Beowulf netinstall no more finds kernel modules » 2019-05-03 03:02:58
I believe the first link is the newest netinstall for beowulf: https://pkgmaster.devuan.org/devuan/dis … s/netboot/
However, I'm still getting the same issue with it as well. 
#58 Re: Off-topic » Something is wrong with my Devuan setup because my containers work » 2019-05-01 23:55:56
Haven't heard this argument before. Now I am wondering what is wrong in my Devuan setup since the lxc containers seem to work in Devuan even with sysvinit although UNIX is dead.
Interesting! I'm messing around with containers on Devuan at the moment as well. It's been very seamless so far. Only real issue was the Devuan template (off github) was a little outdated and bloated but some easy modifications and voila! Out of curiosity, what distros are you running in containers? I've been meaning to try to build a Debian/Ubuntu container but was wonder how it would handle any systemd dependencies so I've not done it yet...
#59 Re: Devuan » What happened at devuan.org? » 2019-04-05 11:29:13
There are a few notable issues with this: Just because it's April 1st, doesn't mean a website which appears to have been cracked on that date hasn't actually been cracked and that simply because it appears to be an April 1st hoax, doesn't mean that it automatically is one, simply by virtue of it being April 1st.
Social engineering, i.e. lulling victims into a false sense of security or simply playing to their greed, arrogance / self importance are all more important in stealing data than the actual exploits / tools used.
I don't see the main problem as being with the prank page, but in how the whole prank was perpetuated on the project's mailing lists, at the expense of many of those around the world who may not see the significance of April 1st.
I'm over the whole situation at this point but this post is where my head was. It wasn't actually April 1st when I tried to visit the website. It was around 1900 on March 31st. Sort of assumed it was a joke but still took precautions just in case (after the Linux Mint fiasco a few years ago, I didn't want to risk it.)
End of the day, Thanks Devuan Devs, still loving the distro and started converting my Pi's over to Devuan as well!
#60 Re: Devuan » What happened at devuan.org? » 2019-04-02 12:13:00
After reading those dyne messages i didnt realise how serious some members took this. From my point of view i knew instantly it was a joke but if people have their fingers on kill switches then that would be a rather serious security concern. Maybe something a little less concerning for next years april fools. I like what void linux did, its no longer available to see but they made their homepage look like arch linux with the A for Arch upside down so it looked like a V for Void linux!
Not particularly serious but I put off package updates and disabled repo's on ~20'ish systems as a precautionary step. I 'thought' it was a joke as well but the inability to still continue on to the homepage or anything else on the site definitely had me worried. I think ChuangTzu had the idea of an announcement about "Systemd is inevitable and Devuan 3 would run it." Would've been a much better April Fool's prank! Still love the Devuan project and will still run the distro!
#61 Re: Forum Feedback » Forum has been hacked??? » 2019-04-01 21:16:37
Ogis wrote:
That's right. It's a joke.Making your own website look like it was hacked is not a joke. I wonder how many people it made wonder if their system or browser was compromised after visiting this "joke"? Not funny and may cost Devuan current and future users.
Was definitely worried. Have several important things running Devuan. Felt a little better when there were messages stating repo's weren't effected but still an 'oh crap' moment....
#62 Re: Installation » mini.iso 16-2-2019 BUG does not install on M2 disks » 2019-03-26 00:30:35
Would be interesting which kind of M2 device the OP has in his PC.
I have installed ASCII on a M2 nvme device without issues. I used a gparted live CD to pre-partition the disk. But also the installer should be able to do the job in manual mode.
Good luck, Rolf
With the exception of the 'devuan' vs 'debian' efi boot paths, Beowulf installed just fine on the nvme in my lenovo as well.
#63 Re: Installation » UEFI and NVME help » 2019-03-23 02:23:36
The nvme SSD does not matter. ASCII also installs easily on nvme.
The issue is grub and efi with Beowulf, refer to https://dev1galaxy.org/viewtopic.php?id=2676.
Needs to be fixed in the installer.
Rolf
Ahh.. My search terms were wrong.... That thread already answered the question! Thank you both for the information and helping to get the situation fixed.
#64 Re: Installation » UEFI and NVME help » 2019-03-22 12:29:56
Either install one of the unsigned kernels (e.g. linux-image-4.19.0-2-amd64-unsigned) or change the name of the bootloader directory from EFI/devuan to EFI/debian.
Good sir.... If our paths ever cross, I owe you a beverage of your choosing!
I changed devuan to debian and I should've tried to reboot first but I went ahead and re-ran 'grub-install /dev/nvme0n1p1' and 'update-grub' but upon a reboot after that, I saw the wonderful grub menu!
#65 Installation » UEFI and NVME help » 2019-03-22 03:15:38
- aut0exec
- Replies: 5
Greetings everyone. I've been working on this for a few days now and getting nowhere so hoping you can assist,
Performed a net install of beowulf using UEFI. Created my ESP (/dev/nvme0n1p1) and other partitions. The installer went off without any issues. Upon reboot I'm greeted with the grub CLI. I can manually tell grub where everything exists with the following:
set root=(hd0,gpt2)
linux /boot/vmlinuz-4.19.0-2-amd64 root=/dev/nvme0n1p2
initrd /boot/initrd.img-4.19.0-2-amd64
bootDevuan boots right up and I get a working install. So I've tried to fix grub using the following commands:
grub-install /dev/nvme0n1
update-grubI can confirm that the efi variables have been written and are set to the 0000 spot with:
efibootmgr --verbose | grep devuanUpon reboot I'm still greeted by the Grub CLI. I've updated my bios to the latest provided by Lenovo for this T570. Has anyone had any luck getting UEFI to to work? I recall this laptop having issues in the past with Linux Mint but I don't recall what I did beyond the above steps. Thanks in advance for any suggestions!
****EDIT*****
Fixed grammar/spelling errors
#66 Re: Hardware & System Configuration » Devuan on SSD » 2019-02-27 03:59:09
Do the manual partitioning and simply don't create a swap partition? It'll complain but should let you continue regardless.
#67 Re: Other Issues » Beowulf - Policykit » 2019-02-11 04:04:49
Well news from Cinnamon. USB mount/umount from Nemo works however battery stats do not appear to be updating... Cinnamon icon in the bottom still stays stuck at whatever percentage the system starts up at regardless of charge changes (can watch changes occurring with upower from the CLI though).
Any thoughts on how to troubleshoot?
#68 Re: Other Issues » Beowulf - Policykit » 2019-02-09 01:21:58
everything's working fine here with newer policykit (no ascii repos anymore).
just saw your post about upower, and will be trying that also soon.
Noticed this on the laptops the other day when my hardware warning light started flashing even though the icon said 98%!
Thanks for posting the notice, I'll remove pinnings this weekend and see what happens in Cinnamon!
#69 Re: News & Announcements » First Devuan Conference -- Amsterdam, 5th-7th April 2019 » 2019-01-25 14:08:05
aut0exec wrote:Man... Wish I could go! Any thoughts or plans to have one on the other side of the world in the future?
Sure, if there are responsible people willing to organize and promote it. That takes a LOT of planning that has to be done on the ground wherever it would take place and $$$ to pay for venue etc. up front and be willing to take a possible loss.
Aware of the amount of work... 
I'd be happy to assist in an endeavor like this on this side of the world. There's not much where I'm at so it might be a little more difficult to find a venue near me but it's easy to contribute financially and logistically from anywhere these days!
#70 Re: News & Announcements » First Devuan Conference -- Amsterdam, 5th-7th April 2019 » 2019-01-20 19:01:14
Man... Wish I could go! Any thoughts or plans to have one on the other side of the world in the future?
#71 Documentation » Displaying NEF (RAW) files in Devuan » 2018-12-26 03:22:37
- aut0exec
- Replies: 0
Been switching systems over to Devuan and had a need to view thumbnails of Nikon RAW images (NEF). Some quick research turned up a solution. Wanted to document it just in case anyone else runs into the issue.
System: Devuan Beowulf running Cinnamon using nemo as the file explorer
First install ufraw and libraw19 ( Not completely sure if this is needed but it is also used by shotwell and gimp so it's likely already installed )
# apt install ufraw ufraw-batch libraw19Then create the thumbnailer file /usr/share/thumbnailers/ufraw.thumbnailer and place the following into the file (place other file types in the MimeType as needed):
[Thumbnailer Entry]
Exec=/usr/bin/ufraw-batch --silent --noexif --embedded-image --out-type=png --size=%s %u --overwrite --output=%o
MimeType=image/x-nef;image/x-nikon-nef;Nemo should start showing the thumbnails for the RAW images now! Depending on the size of the RAW images the initial thumbnail creation may take some time.
#72 Re: Documentation » Tips for successfully migrating Ascii DE to Beowulf as of 11-08-2018 » 2018-12-21 02:55:52
Thanks everyone for posting their experiences with this! Had been trying to do this with Cinnamon and your experiences helped me to get Cinnamon 3.8.8 working from Ceres as well!
The only issue experienced was an issue with minissdpd. It kept failing but I don't need/use it anyways so it was removed!
Here is the /etc/apt/preferences.d/beowulf file I used
Package: policykit-1
Pin: version 0.105-18*
Pin-Priority: 1001
Package: libpolkit-agent-1-0
Pin: version 0.105-18*
Pin-Priority: 1001
Package: libpolkit-backend-1-0
Pin: version 0.105-18*
Pin-Priority: 1001
Package: libpolkit-backend-elogind-1-0
Pin: version 0.105-18*
Pin-Priority: 1001
Package: libpolkit-gobject-1-0
Pin: version 0.105-18*
Pin-Priority: 1001
Package: libpolkit-gobject-elogind-1-0
Pin: version 0.105-18*
Pin-Priority: 1001#73 Re: Off-topic » At first I thought it was insane, but then I saw who was behind it. » 2018-12-14 22:57:25
It's a pretty simple manager. To be fair, I wish I just better understood rc scripts and took the time to manage them better.
That's how I feel with systemd.... Init scripts just make so much more sense personally.
#74 Re: Desktop and Multimedia » What games do you play on Devuan?? » 2018-12-14 01:18:39
Haven't tried installing it yet but will be attempting to install world of warships eventually!
#75 Re: Hardware & System Configuration » Cisco Packet Tracer on Devuan Ascii » 2018-12-05 21:14:40
fhascii, It's all up and running just fine. I was posting the instructions for anyone else who might need them.
I used ldd on the packetracer binary to get an idea of what the system needed but it doesn't cover everything. Further inspection with strace revealed more items the binary was looking for and that's where the installation of libqt5x11extras5 came from!
Also gns3 and packet tracer is kind of different.
Oh yea... Very different. Wasn't trying to compare the two of them.
Board footer
