| fsmithred | rrq I was using the desktop-live today | 00:16 |
|---|---|---|
| fsmithred | then switched over to refracta-10.2 (November 2020) | 00:16 |
| fsmithred | I need to do it again because the last install didn't format the partition | 00:16 |
| fsmithred | so I got refracta+desktop live | 00:17 |
| fsmithred | pretty weird | 00:17 |
| fsmithred | earlier today I tried booting the netinstall iso and it did not work with secure-boot | 00:17 |
| rrq | right. do you know if there's a qemu test option for that? | 00:18 |
| fsmithred | I don't know | 00:19 |
| rrq | I suppose it'll need some variant qemu bios ... and then we'll need someone with secure-boot blessing skills | 00:23 |
| rrq | hmm 2012 article... https://lwn.net/Articles/503820/ .. seems still relevant | 00:31 |
| rrq | hmm the ovmf and ovmf-ia32 packages seem useful here | 00:44 |
| fsmithred | that'll give you uefi | 00:46 |
| fsmithred | do they also emulate secure boot? | 00:46 |
| rrq | not sure .. I just started at https://wiki.debian.org/SecureBoot/VirtualMachine | 00:56 |
| fsmithred | the list of files in ovmf suggests that it does something with secure boot | 00:58 |
| fsmithred | ovmf: /usr/share/OVMF/OVMF_CODE_4M.secboot.fd | 00:59 |
| fsmithred | there's also one without the 4M | 00:59 |
| fsmithred | but not all the files listed by apt-file are installed with ovmf. wtf? | 01:01 |
| fsmithred | those files must be in a later version. Maybe the one in backports | 01:02 |
| fsmithred | I'm getting better results when I use a different usb stick. Refracta install worked. That means the live installer is working. | 01:07 |
| rrq | .. but how do we make installer-isos acceptable for secure-boot h/w ? maybe all those people here interested in that could form a team and make this happen? | 01:23 |
| fsmithred | I thought including the signed grub would be enough | 01:28 |
| rrq | I would have thought it needs both a scrambled code file to execute and a key to first unscramble that code file ... is that what "signed grub" provides? | 01:45 |
| fsmithred | it provides additional files that go in /boot/efi/EFI/<name> | 01:47 |
| fsmithred | name is determined by the distro | 01:47 |
| fsmithred | I just installed again from desktop-live | 01:48 |
| fsmithred | installer works, grub appears to work (no error) but doesn't boot | 01:48 |
| fsmithred | I was able to boot from grub command line. Change to ID=debian in /etc/os-release and then grub-install and update-grub, reboot and it works. | 01:49 |
| fsmithred | so I need to get rid of the grub-signed package in the desktop-live | 01:49 |
| fsmithred | then it'll work like Refracta does | 01:49 |
| fsmithred | I can try a uefi netinstall tomorrow | 01:50 |
| rrq | ok... I guess the isos should have their EFI partition look the same way as the installed EFI partition | 02:03 |
| fsmithred | I think the isos use a special name | 02:06 |
| fsmithred | for removable media bootx64.efi | 02:06 |
| rrq | yes that's what there is currently "/efi/boot/bootx64.efi" as the only thing on the EFI partition | 02:09 |
| fsmithred | the laptop has it as Boot/bootx64.efi | 02:11 |
| fsmithred | that's some kind of failsafe bootloader that all uefi should recognize | 02:12 |
| rrq | right; and I think the spec is not case sensitive; probably suggests all uppercase | 02:14 |
| fsmithred | pretty sure I've seen all upper | 02:14 |
| rrq | well, it's a fat file system | 02:15 |
| fsmithred | ok, too cold to sit still here. I'm gonna visit the wood stove. | 02:15 |
| fsmithred | -12 C outside | 02:15 |
| fsmithred | I'm not checking inside | 02:15 |
| rrq | :) | 02:16 |
| * onefang sends a few degrees to fsmithred. | 02:18 | |
| onefang | rrq could probably spare a few as well. | 02:18 |
| bb|hcb | fsmithred: -12 out is fine, -12 inside would be bad | 02:22 |
| golinux | Even I could spare a few today . . . | 02:24 |
| * Xenguy offers fsmithred the 3rd degree | 02:24 | |
| bb|hcb | i only know the legacy boot process, no experience with efi and secure boot :( but can burn a usb and test on some laptop? | 02:27 |
| rrq | hmm uefi spec is 2557 pages ... | 02:27 |
| rrq | but "secure boot" section is just 33 pages | 02:36 |
| fsmithred | I'll play with the netinstall on uefi hardware tomorrow and see what it does | 02:38 |
| fsmithred | bb|hcb, having more people test is always a good thing | 02:41 |
| fsmithred | This is probably better than the 2557 pages: https://www.rodsbooks.com/efi-bootloaders/index.html | 02:42 |
| fsmithred | the specs only work if the manufacturers stick to them | 02:43 |
| bb|hcb | fsmithred: sure, drop me a note when it runs ok in lab, i have couple of machines within hand reach... | 02:46 |
| rrq | (mmm spec pages 1723-1729 seem to be the critical bit) | 02:47 |
| mason | Rod's Books is a fantastic resource. | 04:06 |
| rrq | yeah.. had lunch and lost interest :) | 04:08 |
| fsmithred | emdete, no, the bug in change-username regarding config files with spaces in the names is not known. Or wasn't known until just now when I saw your post. | 15:37 |
| fsmithred | I didn't know there were config files with spaces in the names. | 15:38 |
| fsmithred | is $i just picking up the first word? If so, I'll have to figure out how to get quotes around the whole file name. Oh, maybe this is because the shell handles spaces in filenames differently. | 15:40 |
| fsmithred | If you have more info about what's happening or suggestions to fix it, please ping me. Thanks. | 15:41 |
| emdete | fsmithred: as far as i remember chromium had those (spaces in filenames) | 21:59 |
| emdete | fsmithred: will check that again - the passwd geckoes code was something to improve as well | 21:59 |
| fsmithred | what is geckoes? | 22:00 |
| mason | GECOS? | 22:01 |
| fsmithred | I'm picturing lizards | 22:01 |
| fsmithred | and expecting that to be wrong | 22:01 |
| mason | I like to picture lizards. I'll join you. | 22:01 |
| mason | But once we're done, https://en.wikipedia.org/wiki/Gecos_field | 22:02 |
| mason | But not... just... yet: https://duckduckgo.com/?t=ffab&q=iguana&atb=v237-1&iax=images&ia=images | 22:03 |
| mason | (No offense, but iguanas have more dignity and gravitas.) | 22:04 |
| fsmithred | ok, chfn noted | 22:04 |
| onefang | The local water dragons might disagree. | 22:05 |
| * onefang wanders off. | 22:05 | |
| fsmithred | emdete, yeah in .config/chromium there are files and directories with spaces in their names. | 22:08 |
| fsmithred | and I figured out how to deal with the spaces | 22:19 |
| fsmithred | maybe. Haven't tested in situ yet. | 22:22 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!