(OLD) (ARCHIVED) Puppy Linux Discussion Forum Forum Index (OLD) (ARCHIVED) Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info

This forum can also be accessed as http://oldforum.puppylinux.com
It is now read-only and serves only as archives.

Please register over the NEW forum
https://forum.puppylinux.com
and continue your work there. Thank you.

 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups    
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 04 Dec 2020, 01:33
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Suggestions
Secure Boot in UEFI
Moderators: Flash, Ian, JohnMurga
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies. View previous topic :: View next topic
Page 1 of 1 [9 Posts]  
Author Message
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Sun 09 Feb 2020, 19:39    Post subject:  Secure Boot in UEFI  

In general post in a forum start by seeking solution of a problem. Once solution has been found thread is closed. But in this forum many threads are open just to point out a deficiency. A deficiency witch solution may require change on forum policies. So the threads are open, partial solutions may be offered and the thread may stay without closure. You may find responses like; Sooner or later some one will have to address this issue.

I have a few buddies that loves conspiracy theory. For the most part I laugh at their occurrences. But latest post in forum makes me wonder. This started with a simple expression that the forum was been taking over. Well this I belie, I seen post here where one or more users offer to open a new and improved forum. This part I have no issue, as anyone is free to open the type of forum or blog they like. But it is not that, in fact they want to take over and close this one. That I hope will never happen as I hate HTPS used without valid reason, captchas, java script, adds, popups, …… You know what I mean.

The simple of conspiracy was that some will like to separate NONE REAL Puppys, like Debian, Slackware, etc.

But lately we have a few post that start as asking for help on systems that can not boot. As before this post never get close. But in the last days they seems to suggest that Puppy have to adopt grub2 as its savior. And even more reveling that Puppy have to move to UEFI compliant. This part is what surprise us. One thing is suggesting grub2 as the solution for a particular machine. Another is adopting grub2 as a pretension that grub2 or similar will make Puppy UEFI compliant. I am no expert on UEFI but one thing I do know UEFI is NOT the friend of Puppy. They can come up with 1001 stories of how UEFI is better and we should use it. But ALL is only behind of UEFI 2.3.1 Errata C specification or what is called Secure boot. The final objective of the industry is to lock our bootloaders. This prevent anything to run except the original OS it was sold. Yes in a few years they hope Puppy & similar Linux will not reuse the old devices. Making old devices like bricks that you have to throw away. This lock bootloader thing is what happened with the Android devices.

So how can be Puppy users be promoting the adoption of UEFI by Puppy? If we where to be smart we should be saying: Buy ONLY NONE UEFI or Compatibility Support Module (CSM) devices. Anything else is garbage. Well that previous statement will be hard some people. That is why I do try to help no matter what. Just focus in what Secure boot really means. You are only giving MS control of our device.
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 3475
Location: The Blue Marble

PostPosted: Mon 10 Feb 2020, 02:20    Post subject:  

Quote:
If we where to be smart we should be saying: Buy ONLY NONE UEFI or Compatibility Support Module (CSM) devices
You can't get any laptops with legacy BIOS anymore, unless you buy used.

Puppy supporting UEFI is no way endorsing what UEFI is or does. It just adapts to the reality that more and more machines out are UEFI-only and won't boot Puppy unless Puppy can deal with it.

_________________
Fatdog64 forum links: Latest version | Contributed packages | ISO builder
Back to top
View user's profile Send private message 
Smithy


Joined: 12 Dec 2011
Posts: 1157

PostPosted: Mon 10 Feb 2020, 06:26    Post subject:  

It would be good if rcrsn51 could make a new HOWTO based on this one:
http://www.murga-linux.com/puppy/viewtopic.php?t=54566

It has always worked flawlessly and independent of any other partitions one might have.
And syslinux from v6 supports UEFI.
I am yet to see an instruction set to equal that one in accuracy and simplicity.

The simple method is not going to be for everyone, but I occasionally like to crack open an iso, drag the usual
sfs, init.gz, vmlinuz suspects over and boot it up to see if it is any good.

So if some sort of simple UEFI (64 bit and 32 bit) root bootfolder can be put on the stick that would be great.
Then we can get on with it until they throw something else at the computer punter to mess with their life/time.

Now I know why anything newer than artful has been screwing with the bios! Fortunately it has legacy support also in the boot order.

Enrique, I get what you are saying, but like jamesbond says, there is a need to get the newer puppys and dogs to boot properly.

I would like to keep this uefi entity confined to the usb stick, as I have a windows boot that doesn't need UEFI. (Ironic).
It is just the new puppys that need this...thing.

If you are around Bill, could you use your genius to possibly make a new syslinux howto if you get the chance?

http://www.rodsbooks.com/efi-bootloaders/syslinux.html
Syslinux boot.png
 Description   
 Filesize   44.03 KB
 Viewed   421 Time(s)

Syslinux boot.png

Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 13129
Location: Stratford, Ontario

PostPosted: Mon 10 Feb 2020, 09:26    Post subject:  

That manual syslinux procedure was basically what apps like Unetbootin were doing. I abandoned it long ago when I developed ISObooter, thanks to the improved tools in Grub4Dos.

Unfortunately, much discussion in the forum these days has devolved into "I hate Windows. I hate Secure boot. I hate GRUB2. I hate UEFI. I hate GPT."

The forum already has well-tested tools and instructions to handle these issues. But most members are unwilling to leave their "I only use Puppy" cocoon to look at them.
Back to top
View user's profile Send private message 
Smithy


Joined: 12 Dec 2011
Posts: 1157

PostPosted: Mon 10 Feb 2020, 11:38    Post subject:  

Well Osmo says Waning Gibbous Moon, maybe that has something to do with it.
Just marking your ISOBOOTER thread, so I can find it again, thankyou.
http://www.murga-linux.com/puppy/viewtopic.php?t=67235
Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Mon 10 Feb 2020, 11:58    Post subject:  

I sorry if I have recently confuse you with my constant "hate"word.

But a fact can not be ignored. UEFI is here just for Windows "Secure Boot". Puppy is been using a loop hole. Using the uefi files signed by Ubuntu. How long would you think that trick will last. MS is smarter than that. I bet you in less than a year or two you will not be able to hack Ubuntu's files.

Now who of you can tell me: How many of our Great Master Builders would you think will pass Windows application for their own Keys? HEHEHE I bet you close to 0%.

Lets see what a honest developer ask on the issue:
Quote:
1. Prior to submitting the application I seem to have to sign a legal agreement. This legal agreement grants Microsoft almost as many rights (clause #3) to our software application as we, the owner, have. Why is this required, is it negotiable?

2. I am unsure of the costs associated with signing the UEFI application. Again the legal agreement (clause #6) states that we will make quarterly payments to Microsoft. For how much and for how long?

3. I am aware that UEFI submissions are considered twice weekly and I can expect a turn around in 5 days. What testing does Microsoft perform on a UEFI application? Do you simply sign the submitted files?

4. I have read that we should ensure our submission doesn't include any 'untrusted code'. What is actually meant by this?


One more time Secure Boot means a developer is require to sign his work with his own key, NOT use Ubuntus files. As I said how long will you think this last.

Hope this thread serves to make you guys aware of the road ahead. Not to fight with or against my post. I ONLY posted because I seen that my crazy friends are not far from reality. And realize that those post I been trying to help may not be a real ask for help, but a propaganda to confuse and make you think you need to move in wrong direction.

God bless our OS, Long live Puppy.
Back to top
View user's profile Send private message 
rcrsn51


Joined: 05 Sep 2006
Posts: 13129
Location: Stratford, Ontario

PostPosted: Mon 10 Feb 2020, 12:10    Post subject:  

Virtually all UEFI firmware setups have the option to turn Secure Boot OFF. I have seen machines with a Windows install where it was already OFF.

Read here for more info. See the comments about rootkit attacks.

My instructions for the stretch-live-frugal-installer explain how to disable Secure Boot. Have you read them yet?

It is not the problem that some community members make it out to be.
Back to top
View user's profile Send private message 
enrique

Joined: 09 Nov 2019
Posts: 601
Location: Planet Earth

PostPosted: Tue 11 Feb 2020, 12:38    Post subject:  

Usually there is an US against Them. Them is kind of obscure I can not find easily who they are. Except for the obvious monopoly of Microsoft.

Point is finding: Why do we have UEFI/Secure Boot in your new PC? What is their ultimate goal?

You can look and see how Successfully THEM has provided a secure boot in Android model. In android was easy as 90%+ of all Android are Arm CPU base using for the most part same MMC specialized devices.

But some of them witch to implement Android model in PC world. Originally they try and failed. Only one giant make it some what work. It only happens because in our time, corporations have legalize BLACKMAIL. See the world used to have a Contract system, where 2 parties will reach a happy medium of rules and agree legally on the terms. But today's monopoly have change this. Lets say you try to buy a high value thing. You can not ask change on terms. Instead they give you a partially filled paper and tell you: “Sing Here, Here and Here. Most you can do is move to a competitor if available. But in the PC sell business Microsoft have manage to convince the manufacturing world that they can ONLY be successful selling their equipment if they sold it with a partial Windows 10 included.

Here is the Blackmail in order to be able to include W10 they have to certify them self and their hardware. Is in this certification process, where MS balckmail the developer as it is a take it or leave it. So Microsoft try initially to implement Secure Boot. As in Android model where secure means ONLY their signed kernel. So I guess for obvious reasons THEM implemented UEFI as standard and placing Microsoft Secure Boot as a separate section. And until now in PC world Secure Boot and even CSM has been some what optional. BUTTT yes there is a but As I understand most PC build with Arm processors kept their Secure Boot “Locked” as in Android.

So how long until low cost W10 tablets and laptops be block? How about Google Cromebooks?
At the moment we can turn off Secure Boot. And any of us can then modify Windows 10 OS and even UEFI files. So how long until someone create a world class hack forcing the industry to believe Secure Boot is in fact needed? How long until current working Ubuntu’s UEFI files has it signature expire. Do you think MS controlled signature system will allow us to keep stilling Ubuntu’s UEFI files. As a Note, I am not totally sure about the origin of your UEFI files. I was told Ubuntu. But they can come from other main OS like Fedora. Where they come from will not mater. Expect kernels to be fully UEFI implemented and be required to be signed by the developers. I guess at most we will be able to used their kernels as is. And could then modify implementations on the rest of the OS. But this may mean systemd and all of stuff you do not like to be force on us.

Clearly I understand that Microsoft monopoly means that more and more PC will include UEFI. Hopefully the Server market will always be there. And we will be force to move to those MS free hardware.

Enough with the past, present or what the future may bring.

This post is place to make you aware (Suggestion) that UEFI compliant by Puppy is not what Puppy users should be wanting. Instead you should be fighting against.

Final Note: I know it was long. Do not worry i will not post any extra stuff. I am sure that I have at least make think some of you on the issue. Hopefully I convince a few. Good luck my friends.
Back to top
View user's profile Send private message 
bigpup


Joined: 11 Oct 2009
Posts: 13981
Location: S.C. USA

PostPosted: Tue 11 Feb 2020, 20:14    Post subject:  

If you want to get deep into the guts of UEFI.
This is the place that controls the specs for UEFI.
https://uefi.org/


Quote:
Can all systems disable UEFI Secure Boot?

While it is designed to protect the system by only allowing authenticated binaries in the boot process, UEFI Secure Boot is an optional feature for most general-purpose systems. By default, UEFI Secure Boot can be disabled on the majority of general-purpose machines. It is up to the system vendors to decide which system policies are implemented on a given machine. However, there are a few cases—such as with kiosks, ATM or subsidized device deployments—in which, for security reasons, the owner of that system doesn’t want the system changed.

So far, computer manufactures give you the option to enable or disable secure boot.
But it is really up to them to offer the option.

_________________
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected Shocked
YaPI(any iso installer)
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [9 Posts]  
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies. View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Suggestions
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 2.6706s ][ Queries: 13 (2.5700s) ][ GZIP on ]