Re: [gentoo-dev] borked release media

On Mon, Dec 10, 2012 at 8:36 PM, Greg KH wrote: > Matthew's frontend "shim" code is nice and tiny, but the one I am > referring to provides the ability to enroll your own keys in the BIOS, > which shim does not. I just tried shim in OVMF, and it provides an interface to enroll keys / signatures.

Re: [gentoo-dev] borked release media

On Mon, Dec 10, 2012 at 10:31:25AM -0500, Walter Dnes wrote: > On Sun, Dec 09, 2012 at 06:37:56PM -0800, Greg KH wrote > > > Not necessarily, as I'm finding out with real hardware. My only options > > on the box I have is to either zero out all keys, or specifically tell > > the BIOS what binary

Re: [gentoo-dev] borked release media

On Sun, Dec 09, 2012 at 06:37:56PM -0800, Greg KH wrote > Not necessarily, as I'm finding out with real hardware. My only options > on the box I have is to either zero out all keys, or specifically tell > the BIOS what binary to run (doesn't need to be signed, and can not be > changed after telli

Re: [gentoo-dev] borked release media

On Sat, Dec 08, 2012 at 11:57:13PM -0500, Fernando Reyes wrote > iirc the minimal install CD ISO is capable of booting from a USB device or > any removable media by just running the following commands. > > # isohybrid image.ISO > # did if=image.ISO of=/dev/sdb bs=8192k > > sdb being your remova

Re: [gentoo-dev] borked release media

On Mon, Dec 10, 2012 at 2:52 AM, Rich Freeman wrote: > I really would like Gentoo to support a self-signed secure boot > framework (obviously this would be for after the system is installed). https://bugs.gentoo.org/show_bug.cgi?id=444830 You can see how such framework works by booting Liberté L

Re: [gentoo-dev] borked release media

Greg KH schrieb: > On Mon, Dec 10, 2012 at 12:21:29AM +0100, Chí-Thanh Christopher Nguyễn wrote: >> Greg KH schrieb: No, all we need is to enable EFI stub support in the kernel, and integrate the initramfs using CONFIG_INITRAMFS_SOURCE and place it in some location where UEFI looks f

Re: [gentoo-dev] borked release media

On Mon, Dec 10, 2012 at 12:21:29AM +0100, Chí-Thanh Christopher Nguyễn wrote: > Greg KH schrieb: > >> No, all we need is to enable EFI stub support in the kernel, and > >> integrate the initramfs using CONFIG_INITRAMFS_SOURCE and place it in > >> some location where UEFI looks for it (/efi/boot/boo

Re: [gentoo-dev] borked release media

On Sun, Dec 09, 2012 at 08:08:01PM -0500, Rich Freeman wrote: > On Sun, Dec 9, 2012 at 7:57 PM, Diego Elio Pettenò > wrote: > > On 10/12/2012 01:52, Rich Freeman wrote: > >> The shim might work, but I'd hardly call it "secure boot" if every > >> motherboard manufacturer and OEM in the world has t

Re: [gentoo-dev] borked release media

On Sun, Dec 09, 2012 at 07:52:16PM -0500, Rich Freeman wrote: > On Sun, Dec 9, 2012 at 7:24 PM, Diego Elio Pettenò > wrote: > > On 09/12/2012 19:59, Greg KH wrote: > >> The UEFI spec does not allow that mode of operation in secure boot mode, > >> sorry. You will have to disable it in order to boot

Re: [gentoo-dev] borked release media

On Mon, Dec 10, 2012 at 01:24:53AM +0100, Diego Elio Pettenò wrote: > On 09/12/2012 19:59, Greg KH wrote: > > The UEFI spec does not allow that mode of operation in secure boot mode, > > sorry. You will have to disable it in order to boot a Gentoo image, > > which is fine, but there's no reason why

Re: [gentoo-dev] borked release media

On Sun, Dec 9, 2012 at 7:57 PM, Diego Elio Pettenò wrote: > On 10/12/2012 01:52, Rich Freeman wrote: >> The shim might work, but I'd hardly call it "secure boot" if every >> motherboard manufacturer and OEM in the world has the ability to sign >> things, even if MS vouched for them all. Even if

Re: [gentoo-dev] borked release media

Chí-Thanh Christopher Nguyễn wrote: > >> # isohybrid image.ISO > > > > Please send a patch to the gentoo-catalyst@ list which adds this as > > an optional step in the catalyst livecd2 target in a nice way, and > > file a bug with updated ebuilds for catalyst which add the dependency. > > Bug was

Re: [gentoo-dev] borked release media

On 10/12/2012 01:52, Rich Freeman wrote: > The shim might work, but I'd hardly call it "secure boot" if every > motherboard manufacturer and OEM in the world has the ability to sign > things, even if MS vouched for them all. Even if I installed Windows > I'd want the ability to re-sign it with a

Re: [gentoo-dev] borked release media

On Sun, Dec 9, 2012 at 7:24 PM, Diego Elio Pettenò wrote: > On 09/12/2012 19:59, Greg KH wrote: >> The UEFI spec does not allow that mode of operation in secure boot mode, >> sorry. You will have to disable it in order to boot a Gentoo image, >> which is fine, but there's no reason why Gentoo can'

Re: [gentoo-dev] borked release media

On 09/12/2012 19:59, Greg KH wrote: > The UEFI spec does not allow that mode of operation in secure boot mode, > sorry. You will have to disable it in order to boot a Gentoo image, > which is fine, but there's no reason why Gentoo can't use the MS-signed > shim bootloader like all other distros are

Re: [gentoo-dev] borked release media

likewhoa schrieb: > interesting and probably something we can get away with since not all > users actually touch the kernel line but some do so it might not be a > smart option to disable kernel parameters on UEFI only systems. The kernel parameters are not disabled, they just have to be specifie

Re: [gentoo-dev] borked release media

Greg KH schrieb: >> No, all we need is to enable EFI stub support in the kernel, and >> integrate the initramfs using CONFIG_INITRAMFS_SOURCE and place it in >> some location where UEFI looks for it (/efi/boot/bootx64.efi). >> >> This has the disadvantage of not allowing to pass additional kernel >

Re: [gentoo-dev] borked release media

On 12/09/2012 01:46 PM, Chí-Thanh Christopher Nguyễn wrote: > Fernando Reyes schrieb: >> That's what meant since we use isolinux on the release media and until >> syslinux-6 we are forced to use another bootloader and grub seems out of the >> questions because of licensing issues. I will test new

Re: [gentoo-dev] borked release media

On Sun, Dec 09, 2012 at 01:35:57PM -0500, Rich Freeman wrote: > On Sun, Dec 9, 2012 at 1:24 PM, Greg KH wrote: > > > > The FSF has already said that using Grub2 and the GPLv3 is just fine > > with the UEFI method of booting, so there is no problem from that side. > > There's a statement about this

Re: [gentoo-dev] borked release media

On Sun, Dec 09, 2012 at 07:46:59PM +0100, Chí-Thanh Christopher Nguyễn wrote: > Fernando Reyes schrieb: > > That's what meant since we use isolinux on the release media and until > > syslinux-6 we are forced to use another bootloader and grub seems out of > > the questions because of licensing is

Re: [gentoo-dev] borked release media

Then let's get UEFI support on our release media and out the box usb booting so users don't have to go boot other livecds. likewhoa Greg KH wrote: >On Sun, Dec 09, 2012 at 01:13:38PM -0500, Rich Freeman wrote: >> On Sun, Dec 9, 2012 at 1:07 PM, Fernando Reyes >> wrote: >> > I don't know the

Re: [gentoo-dev] borked release media

Fernando Reyes schrieb: > That's what meant since we use isolinux on the release media and until > syslinux-6 we are forced to use another bootloader and grub seems out of the > questions because of licensing issues. I will test new syslinux soon and see > how isohybrid and isolinux plau togethe

Re: [gentoo-dev] borked release media

On Sun, Dec 9, 2012 at 1:24 PM, Greg KH wrote: > > The FSF has already said that using Grub2 and the GPLv3 is just fine > with the UEFI method of booting, so there is no problem from that side. > There's a statement about this somewhere on their site if you are > curious. > > The only one objectin

Re: [gentoo-dev] borked release media

On Sun, Dec 09, 2012 at 01:13:38PM -0500, Rich Freeman wrote: > On Sun, Dec 9, 2012 at 1:07 PM, Fernando Reyes > wrote: > > I don't know the details of the issue but I know that I was prevented from > > using grub on the livedvd. > > Well, if some perceived legal constraint is keeping us from do

Re: [gentoo-dev] borked release media

On Sun, Dec 9, 2012 at 1:07 PM, Fernando Reyes wrote: > I don't know the details of the issue but I know that I was prevented from > using grub on the livedvd. Well, if some perceived legal constraint is keeping us from doing whatever seems to be technically most appropriate we should investigat

Re: [gentoo-dev] borked release media

I don't know the details of the issue but I know that I was prevented from using grub on the livedvd. Rich Freeman wrote: >On Sun, Dec 9, 2012 at 12:23 PM, Fernando Reyes > wrote: >> grub seems out of the questions because of licensing issues. > >What licensing issues? Just distribute the sou

Re: [gentoo-dev] borked release media

On Sun, Dec 9, 2012 at 12:23 PM, Fernando Reyes wrote: > grub seems out of the questions because of licensing issues. What licensing issues? Just distribute the source. If the Gentoo Foundation goes into the hardware business and starts distributing hardware that only boots Gentoo-signed grub b

Re: [gentoo-dev] borked release media

That's what meant since we use isolinux on the release media and until syslinux-6 we are forced to use another bootloader and grub seems out of the questions because of licensing issues. I will test new syslinux soon and see how isohybrid and isolinux plau together on an EFI bios. Chí-Thanh Chr

Re: [gentoo-dev] borked release media

Fernando Reyes schrieb: > The problem with the isohybrid approach is that it doesn't support UEFI > booting and this is why I wouldn't recommended as a feature in catalyst. > However, this should be documented somewhere so that users know its possible > without having to follow the liveusb guide

Re: [gentoo-dev] borked release media

Peter Stuge schrieb: > Fernando Reyes wrote: >> iirc the minimal install CD ISO is capable of booting from a USB device or >> any removable media by just running the following commands. >> >> # isohybrid image.ISO > Please send a patch to the gentoo-catalyst@ list which adds this as > an optional

Re: [gentoo-dev] borked release media

On Sun, Dec 9, 2012 at 11:18 AM, Markos Chandras wrote: > I think it is possible to use the unetbootin utility to make the > minimal iso image boot from a USB flash disk. Just make the real thing… https://github.com/mkdesu/liberte/blob/master/src/root/mkimage -- Maxim Kammerer Liberté Linux: ht

Re: [gentoo-dev] borked release media

On 9 December 2012 05:04, Peter Stuge wrote: > Fernando Reyes wrote: >> iirc the minimal install CD ISO is capable of booting from a USB device or >> any removable media by just running the following commands. >> >> # isohybrid image.ISO > > Please send a patch to the gentoo-catalyst@ list which

Re: [gentoo-dev] borked release media

The problem with the isohybrid approach is that it doesn't support UEFI booting and this is why I wouldn't recommended as a feature in catalyst. However, this should be documented somewhere so that users know its possible without having to follow the liveusb guide which is probably outdated by t

Re: [gentoo-dev] borked release media

Fernando Reyes wrote: > iirc the minimal install CD ISO is capable of booting from a USB device or > any removable media by just running the following commands. > > # isohybrid image.ISO Please send a patch to the gentoo-catalyst@ list which adds this as an optional step in the catalyst livecd2

Re: [gentoo-dev] borked release media

iirc the minimal install CD ISO is capable of booting from a USB device or any removable media by just running the following commands. # isohybrid image.ISO # did if=image.ISO of=/dev/sdb bs=8192k sdb being your removable device. Also keep in mind that any data on sdb will be wiped after runni

Re: [gentoo-dev] borked release media

On Fri, Dec 07, 2012 at 08:55:04PM -0800, "Pawe?? Hajdan, Jr." wrote > The serious problem here is that we need *new* users. A non-working > install CD is a really bad thing here, don't you think? ;-) While we're at it, can we please also make a USB-key "install ISO"? I'm not asking merely beca

Re: [gentoo-dev] borked release media

Matt Turner wrote: > I think we should consider things that break release media serious > regressions. I think we should consider things that break anything serious regressions. Why should release media be more special than anything else? My email and bugzilla sweep a few days ago was during a s

Re: [gentoo-dev] borked release media

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/2012 06:50 AM, Rich Freeman wrote: > On Sat, Dec 8, 2012 at 12:25 AM, Matt Turner wrote: >> I have never once been able to grab a portage snapshot and build a >> stage 1, 2, 3 series from it without encountering at least a couple of >> proble

Re: [gentoo-dev] borked release media

On Sat, Dec 8, 2012 at 12:25 AM, Matt Turner wrote: > I have never once been able to grab a portage snapshot and build a > stage 1, 2, 3 series from it without encountering at least a couple of > problems with the tree. Ditto - the latest issue I've run into is: 443472. Probably won't impact the

Re: [gentoo-dev] borked release media

On Fri, Dec 7, 2012 at 8:55 PM, "Paweł Hajdan, Jr." wrote: > Hey people, what are we going to do with bugs like: > > > > > I'd like to help with things. Is the process of building livecd .isos > and s

[gentoo-dev] borked release media

Hey people, what are we going to do with bugs like: I'd like to help with things. Is the process of building livecd .isos and stages documented somewhere? I'd like to reproduce problems locally, work