Hi, Cindy-Sue Causey wrote: > Only thing my poor brain can come up with is integrity of the > downloaded ISO file.
That would be quite a peculiar transport damage. On the other hand, malicious alteration would probably avoid such obvious deviations from usual behavior. Greg Wooledge wrote: > The installer can be booted in either Legacy or UEFI mode. Perhaps > the menus work differently between those two? This is more plausible. After all the i386 and amd64 ISOs have two different bootloaders with own menu configuration files each. (ISOLINUX on Legacy BIOS, GRUB2 on EFI in non-Legacy mode.) But i guess that the ISOs got tested with both firmwares at least when Debian 9 was new. So progress will probably only be made if some fearless person tries to replay the situation. (Fearless, because software can smell if you are out of courage or patience.) https://lists.debian.org/debian-user/2018/05/msg00137.html says: "Thinkpad x40", "wifi", "Intel ipw2200 hardware" Implicitely i read "amd64" as architecture of the netinst ISO. -------------------------------------------------------------------------- More for the archive than for this thread: > https://www.debian.org/CD/verify This should be accompanied by https://www.debian.org/CD/faq/#verify and some glue text. I recently wrote an example at https://wiki.debian.org/JigdoOnLive#Verify_the_Debian_Live_download > https://linuxconfig.org/how-to-verify-an-authenticity-of-downloaded-debian-i so-images This should put more emphasis on comparing the "Primary key fingerprint" with those listed on https://www.debian.org/CD/verify A while ago i read about successful spoofing by keys which claimed to be from trusted programmers. Cryptography was not involved. Only human credulity. > https://unix.stackexchange.com/questions/138603/how-to-verify-debian-iso-integrity This is better in the aspect of fingerprints. (I think the "web of trust" proposal is not possible with the Debian CD keys. But i can be wrong easily.) Have a nice day :) Thomas
