Re: UEFI SL 6x boot
Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh
Re: UEFI SL 6x boot
See: http://www.maketecheasier.com/disable-secure-boot-in-windows-8/2013/02/25 from which: 7. Once the computer starts up, you’ll need to access your BIOS. To do it, you have to press “Delete,” “F1,” or “F2″, depending on your computer, on your keyboard as soon as the computer begins its power-on process again. Try each one and see if it works. Usually, the key is revealed at the startup splash screen in a message that says “Press some key to Enter Setup.” Note: Each BIOS configuration utility is different. You’ll have to intuitively navigate through the interface with my vague directions. Note: You might not even find a secure boot option anywhere. You might not even find an option under “Security.” The below image shows the option as “UEFI Boot” under the “Boot” menu. Keep your eyes peeled for anything containing the words “Secure boot” and “UEFI.” As can be seen, the ability to disable the secure boot is determined by the hardware (mainly the BIOS). While our hardware allowed us to disable the secure boot feature, that doesn’t means your hardware is the same. You will have to play with it and hope that it comes with the ability to unlock the secure boot. End quotes. On 09/24/2013 08:53 AM, Yasha Karant wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh
Re: UEFI SL 6x boot
On Tue, 24 Sep 2013, Yasha Karant wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If the system is Windows 8 logo compatible and is x86_4 then a way to disable secure boot must be provided by the hardware vendor. This is commonly done via a option in the bios. This requirement is part of the microsoft windows 8 logo requirements. Note the method of disabling is not defined by the UEFI spec. So each vendor may do it differently. The only hardware that does not permit secure boot to be disabled is arm based Windows. The Windows logo requirements at at work here. If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. At the moment Fedora, SuSE , Ubuntu all can handle secure boot. It is expected that RHEL 7 will also handle it. It is also possible to sign your own kernel and place your keys in the bios. -connie Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh
Re: UEFI SL 6x boot
This thread started because my colleague is using SuSE and tried Ubuntu -- and both failed to secure boot properly from the generic hardware to which he upgraded. This failure prompted a question about SL (as a no-fee option for a TUV enterprise, commercial, supported, production Linux base). Evidently, the current answer for SL is that it is not UEFI Secure Boot enabled, and SL 6x cannot reliably be installed upon such systems -- depending upon the quirks (or proprietary generosity) of the actual BIOS supplier. Yasha Karant On 09/24/2013 09:04 AM, Connie Sieh wrote: On Tue, 24 Sep 2013, Yasha Karant wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If the system is Windows 8 logo compatible and is x86_4 then a way to disable secure boot must be provided by the hardware vendor. This is commonly done via a option in the bios. This requirement is part of the microsoft windows 8 logo requirements. Note the method of disabling is not defined by the UEFI spec. So each vendor may do it differently. The only hardware that does not permit secure boot to be disabled is arm based Windows. The Windows logo requirements at at work here. If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. At the moment Fedora, SuSE , Ubuntu all can handle secure boot. It is expected that RHEL 7 will also handle it. It is also possible to sign your own kernel and place your keys in the bios. -connie Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh
Re: UEFI SL 6x boot
That is correct, SL and TUV do not support secure boot at this time. This link is a year old, and I am sure more support it by now, but: http://mjg59.dreamwidth.org/20522.html I'm sure a more up to date list can be found with moderate searching. On 09/24/2013 11:46 AM, Yasha Karant wrote: This thread started because my colleague is using SuSE and tried Ubuntu -- and both failed to secure boot properly from the generic hardware to which he upgraded. This failure prompted a question about SL (as a no-fee option for a TUV enterprise, commercial, supported, production Linux base). Evidently, the current answer for SL is that it is not UEFI Secure Boot enabled, and SL 6x cannot reliably be installed upon such systems -- depending upon the quirks (or proprietary generosity) of the actual BIOS supplier. Yasha Karant On 09/24/2013 09:04 AM, Connie Sieh wrote: On Tue, 24 Sep 2013, Yasha Karant wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If the system is Windows 8 logo compatible and is x86_4 then a way to disable secure boot must be provided by the hardware vendor. This is commonly done via a option in the bios. This requirement is part of the microsoft windows 8 logo requirements. Note the method of disabling is not defined by the UEFI spec. So each vendor may do it differently. The only hardware that does not permit secure boot to be disabled is arm based Windows. The Windows logo requirements at at work here. If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. At the moment Fedora, SuSE , Ubuntu all can handle secure boot. It is expected that RHEL 7 will also handle it. It is also possible to sign your own kernel and place your keys in the bios. -connie Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh -- Mr. Mark V. Stodola Senior Control Systems Engineer National Electrostatics Corp. P.O. Box 620310 Middleton, WI 53562-0310 USA Phone: (608) 831-7600 Fax: (608) 831-9591
Re: UEFI SL 6x boot
On Tue, 24 Sep 2013, Yasha Karant wrote: This thread started because my colleague is using SuSE and tried Ubuntu -- and both failed to secure boot properly from the generic hardware to which he upgraded. This failure prompted a question about SL (as a no-fee option for a TUV enterprise, commercial, supported, production Linux base). Evidently, the current answer for SL is that it is not UEFI Secure Boot enabled, and SL 6x cannot reliably be installed upon such systems -- depending upon the quirks (or proprietary generosity) of the actual BIOS supplier. OpenSuSE supports secure boot not SuSE as I stated earlier. I am sure it is only recent versions of OpenSuSE, Fedora and Ubuntu that support 'secure boot. See the following for more info. In particular pages 12 and 17. There are references to youtube videos on page 18 showing Windows 8 dual booting with Ubuntu 12.10 . http://events.linuxfoundation.org/sites/events/files/slides/LinuxConUEFIandLinuxBresniker.pdf It is efi compliant. If the bios vendor does not allow secure boot to be turned off then one should converse with said vendor. -connie sieh Yasha Karant On 09/24/2013 09:04 AM, Connie Sieh wrote: On Tue, 24 Sep 2013, Yasha Karant wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If the system is Windows 8 logo compatible and is x86_4 then a way to disable secure boot must be provided by the hardware vendor. This is commonly done via a option in the bios. This requirement is part of the microsoft windows 8 logo requirements. Note the method of disabling is not defined by the UEFI spec. So each vendor may do it differently. The only hardware that does not permit secure boot to be disabled is arm based Windows. The Windows logo requirements at at work here. If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. At the moment Fedora, SuSE , Ubuntu all can handle secure boot. It is expected that RHEL 7 will also handle it. It is also possible to sign your own kernel and place your keys in the bios. -connie Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh
Re: UEFI SL 6x boot
To be specific, my colleague is using the licensed-for-free binary download of current OpenSuSE that nominally supports UEFI Secure Boot -- and it does not work in fact on the hardware he has. He did experiment with a licensed copy of MS Win 8, and it would install on the same platform without this issue (but absolutely is not what he wants or is willing to use as a primary -- non-Virtual-Box running under -- OS. On 09/24/2013 09:55 AM, Connie Sieh wrote: On Tue, 24 Sep 2013, Yasha Karant wrote: This thread started because my colleague is using SuSE and tried Ubuntu -- and both failed to secure boot properly from the generic hardware to which he upgraded. This failure prompted a question about SL (as a no-fee option for a TUV enterprise, commercial, supported, production Linux base). Evidently, the current answer for SL is that it is not UEFI Secure Boot enabled, and SL 6x cannot reliably be installed upon such systems -- depending upon the quirks (or proprietary generosity) of the actual BIOS supplier. OpenSuSE supports secure boot not SuSE as I stated earlier. I am sure it is only recent versions of OpenSuSE, Fedora and Ubuntu that support 'secure boot. See the following for more info. In particular pages 12 and 17. There are references to youtube videos on page 18 showing Windows 8 dual booting with Ubuntu 12.10 . http://events.linuxfoundation.org/sites/events/files/slides/LinuxConUEFIandLinuxBresniker.pdf It is efi compliant. If the bios vendor does not allow secure boot to be turned off then one should converse with said vendor. -connie sieh Yasha Karant On 09/24/2013 09:04 AM, Connie Sieh wrote: On Tue, 24 Sep 2013, Yasha Karant wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If the system is Windows 8 logo compatible and is x86_4 then a way to disable secure boot must be provided by the hardware vendor. This is commonly done via a option in the bios. This requirement is part of the microsoft windows 8 logo requirements. Note the method of disabling is not defined by the UEFI spec. So each vendor may do it differently. The only hardware that does not permit secure boot to be disabled is arm based Windows. The Windows logo requirements at at work here. If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. At the moment Fedora, SuSE , Ubuntu all can handle secure boot. It is expected that RHEL 7 will also handle it. It is also possible to sign your own kernel and place your keys in the bios. -connie Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh
Re: UEFI SL 6x boot
Down, boy. Scientific Linux is behind the times on available tools, because our favorite upstream vendor has not yet released tools. Tools to work with have been tested, effectively, with Fedora, and I expect our favorite upstream vendor will include tools with release 7.x, which is not yet in alpha or beta release. Check out http://docs.fedoraproject.org/en-US/Fedora/18/html-single/UEFI_Secure_Boot_Guide/index.htmlfor a good breakdown of the issues and trade-offs. UEFI is part of the old Palladium project from Microsoft, relabeled as Trusted Computing. It is aimed squarely at DRM and vendor lock-in, not security, for reasons that I could spend a whole day discussing.In the meantime, yes, you can disalbe it for SL booting if needed, and reasonably expect our favorite upstream vendor to have shims available when version 7 is publishedL they're already working well with recent Fedora releases. I'd also *expect* those shims to be workable for SL 7, but someone may have to plunk down some cash to get some keys signed, and spend some extra effort to maintain the security needed for the relevant shims to work well with SL kernels and environments. On Tue, Sep 24, 2013 at 11:53 AM, Yasha Karant ykar...@csusb.edu wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh
Re: Software Collections 1.0 is available for testing for SL 6
On Tue, 24 Sep 2013, Connie Sieh wrote: The following software collection products are now available for testing for SL 6. Use --enablerepo=sl-testing to enable yum to access these products. More info on these products is available at http://developerblog.redhat.com/2013/09/12/rhscl1-ga/ https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Developer_Guide/chap-RHSCL.html A Redhat webinar about software collections is available tommorow. Info is at http://developerblog.redhat.com/2013/09/13/webinar-technical-intro-to-red-hat-software-collections/ Even more references http://www.redhat.com/developerexchange/DevExchange_bring_order_into_your_packaging_madness_with_software_collections-mmaslano.pdf http://www.redhat.com/developerexchange/DevExchange-from-conventional-rpm-to-software-collections-kabrda.pdf -Connie Sieh mariadb55 mysql55 nodejs010 perl516 php54 postgresql92 python27 python33 ruby193 -Connie Sieh
Re: UEFI SL 6x boot
On Tue, 24 Sep 2013, Nico Kadel-Garcia wrote: --001a11c379ecc5abcb04e7297e9d Content-Type: text/plain; charset=ISO-8859-1 Down, boy. Scientific Linux is behind the times on available tools, because our favorite upstream vendor has not yet released tools. Tools to work with have been tested, effectively, with Fedora, and I expect our favorite upstream vendor will include tools with release 7.x, which is not yet in alpha or beta release. Check out http://docs.fedoraproject.org/en-US/Fedora/18/html-single/UEFI_Secure_Boot_Guide/index.htmlfor a good breakdown of the issues and trade-offs. UEFI is part of the old Palladium project from Microsoft, relabeled as Trusted Computing. It is aimed squarely at DRM and vendor lock-in, not security, for reasons that I could spend a whole day discussing.In the meantime, yes, you can disalbe it for SL booting if needed, and reasonably expect our favorite upstream vendor to have shims available when version 7 is publishedL they're already working well with recent Fedora releases. I'd also *expect* those shims to be workable for SL 7, but someone may have to plunk down some cash to get some keys signed, and spend some extra effort to maintain the security needed for the relevant shims to work well with SL kernels and environments. Last week at LinuxCon North America the shim developers were still developing. I attended the UEFI Plugfest last week as part of Linux Con. Microsoft gave a presentation on UEFI signing. The presentation will be posted to uefi.org website. We are working on this. Fermilab is a member of the UEFI forum . -Connie Sieh On Tue, Sep 24, 2013 at 11:53 AM, Yasha Karant ykar...@csusb.edu wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh --001a11c379ecc5abcb04e7297e9d Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable div dir=3DltrdivdivdivDown, boy.brbr/divScientific Linux is= behind the times on available tools, because our favorite upstream vendor = has not yet released tools. Tools to work with have been tested, effectivel= y, with Fedora, and I expect our favorite upstream vendor will include tool= s with release 7.x, which is not yet in alpha or beta release. Check out a= href=3Dhttp://docs.fedoraproject.org/en-US/Fedora/18/html-single/UEFI_Sec= ure_Boot_Guide/index.htmlhttp://docs.fedoraproject.org/en-US/Fedora/18/ht= ml-single/UEFI_Secure_Boot_Guide/index.html/a for a good breakdown of the= issues and trade-offs.br br/divUEFI is part of the old quot;Palladiumquot; project from Micros= oft, relabeled as quot;Trusted Computingquot;. It is aimed squarely at DR= M and vendor lock-in, not security, for reasons that I could spend a whole = day discussing.In the meantime, yes, you can disalbe it for SL booting if n= eeded, and reasonably expect our favorite upstream vendor to have shims ava= ilable when version 7 is publishedL they#39;re already working well with r= ecent Fedora releases. I#39;d also *expect* those shims to be workable for= SL 7, but someone may have to plunk down some cash to get some keys signed= , and spend some extra effort to maintain the security needed for the relev= ant shims to work well with SL kernels and environments.br /div/divdiv class=3Dgmail_extrabrbrdiv class=3Dgmail_quoteO= n Tue, Sep 24, 2013 at 11:53 AM, Yasha Karant span dir=3Dltrlt;a href= =3Dmailto:ykar...@csusb.edu; target=3D_blankykar...@csusb.edu/agt;/= span wrote:br blockquote class=3Dgmail_quote style=3Dmargin:0 0 0 .8ex;border-left:1p= x #ccc solid;padding-left:1exSecure boot is enabled. =A0Evidently, the on= ly means to disable secure boot requires that a secure boot
Re: UEFI SL 6x boot
Let me see if I understand the current situation. This question was prompted by the question of a colleague attempting to use OpenSuSE (not SL nor TUV) on UEFI Secure Boot who was not able to get a reliably booted running operating environment. The colleague wondered if SL would fare better. Depending upon the particular BIOS or BIOS equivalent, using MS Windows 8, it may be possible to disable Secure Boot and allow for SL to be booted. Secure Boot, and many other technologies put forward by, through, or under the auspices of the monopoly primarily exist to move forward the market share, return on investment, and general economic wealth of the monopoly (not a surprise in oligopolistic non-market economics). SL with Fermilab participation is participating in projects that will allow SL to boot on UEFI Secure Boot hardware without the use of any monopoly operating environment software or applications -- Microsoft not required. Presumably, TUV is participating as well as TUV supported-for-fee environments must be able to reliably boot and run on UEFI Secure Boot platforms without the use of monopoly software to enable the booting process. Apple is not a matter for discussion because Apple provides the entire hardware and software package, and does not allow the use of MacOS on non-Apple hardware platforms. Presumably VirtualBox and other means to allow MS Windows to run as a guest environment has or will have some means to provide UEFI Secure Boot to MS Windows guests requiring such. At present, there is no production Linux that will reliably run on all hardware platforms that use UEFI Secure Boot, but only MS Windows envirnoments will do so on any hardware platform that proclaims compliance with the monopoly (certification). Is the above substantially correct as of this instant? Yasha Karant On 09/24/2013 04:40 PM, Connie Sieh wrote: On Tue, 24 Sep 2013, Nico Kadel-Garcia wrote: --001a11c379ecc5abcb04e7297e9d Content-Type: text/plain; charset=ISO-8859-1 Down, boy. Scientific Linux is behind the times on available tools, because our favorite upstream vendor has not yet released tools. Tools to work with have been tested, effectively, with Fedora, and I expect our favorite upstream vendor will include tools with release 7.x, which is not yet in alpha or beta release. Check out http://docs.fedoraproject.org/en-US/Fedora/18/html-single/UEFI_Secure_Boot_Guide/index.htmlfor a good breakdown of the issues and trade-offs. UEFI is part of the old Palladium project from Microsoft, relabeled as Trusted Computing. It is aimed squarely at DRM and vendor lock-in, not security, for reasons that I could spend a whole day discussing.In the meantime, yes, you can disalbe it for SL booting if needed, and reasonably expect our favorite upstream vendor to have shims available when version 7 is publishedL they're already working well with recent Fedora releases. I'd also *expect* those shims to be workable for SL 7, but someone may have to plunk down some cash to get some keys signed, and spend some extra effort to maintain the security needed for the relevant shims to work well with SL kernels and environments. Last week at LinuxCon North America the shim developers were still developing. I attended the UEFI Plugfest last week as part of Linux Con. Microsoft gave a presentation on UEFI signing. The presentation will be posted to uefi.org website. We are working on this. Fermilab is a member of the UEFI forum . -Connie Sieh On Tue, Sep 24, 2013 at 11:53 AM, Yasha Karant ykar...@csusb.edu wrote: Secure boot is enabled. Evidently, the only means to disable secure boot requires that a secure boot loader/configuration program be running -- e.g., the MS proprietary boot loader (typically, supplied as part of MS Windows 8) must be used to disable secure boat if the UEFI actually permits this to be disabled (I have heard of some UEFI implementations that do not permit secure boot truly to be disabled). If Linux cannot handle this issue, then Linux is finished on all generic (e.g., not Apple that supplies both the hardware and operating environment software under a restrictive proprietary for-profit intellectual property license) X86-64 hardware, as (almost?) all current such hardware is MS 8 (UEFI secure boot) compliant. Yasha Karant On 09/23/2013 10:29 PM, Connie Sieh wrote: On Mon, 23 Sep 2013, Yasha Karant wrote: A colleague who uses SuSE non-enterprise for his professional (enterprise) workstations has now attempted to load the latest SuSE on a machine with a new generic (aftermarket) gamer UEFI X86-64 motherboard. It does not properly boot. I do not have any UEFI motherboards, and thus no experience with SL6x on such motherboards. Is secure boot enabled in the UEFI ? Does anyone? Does SL6x boot correctly (and easily) on a UEFI motherboard? If so, he may switch to SL. Yes as long as secure boot is disabled . Yasha Karant -connie sieh
gnash or lightspark
Both gnash and lightspark claim to be replacements, with Mozilla Firefox compatibility, for the Adobe Flash player/plugin. Does anyone have experience with either of these applications? Does anyone know where to find built SL6x X86-64 and IA-32 RPMs for either of these (preferably reasonably current versions to maintain compatibility with the current Flash data format)? Building these from source require many additional packages (e.g., for lightspark: To compile this software you need to install development packages for llvm (version 2.8, 3.0, 3.1 or 3.2), opengl, curl, zlib, libavcodec, libglew, pcre, librtmp, cairo, libboost-filesystem, libxml++ (version 2.33.1 or newer), gtk-2, libjpeg, libavformat, pango, liblzma If sound is enabled (on by default), you will also need the development package for pulseaudio-libs and/or libsdl. If the browser plugin is enabled (on by default), you will need the development package for xulrunner. Install also gcc (version 4.6.0 or newer), cmake and nasm. ). Thanks for any leads. Yasha Karant
Re: gnash or lightspark
No promises, but searching http;'//rpm.pbone.net leads to SRPM's at ftp://bo.mirror.garr.it/pub/1/mageia/distrib/1/SRPMS/core/release/ for lightspark. And it's helpful when building from SRPM's to use tools like mock, to set up build environment chroot cage for complex build environments and not muck with your active development enviornment. On Tue, Sep 24, 2013 at 8:57 PM, Yasha Karant ykar...@csusb.edu wrote: Both gnash and lightspark claim to be replacements, with Mozilla Firefox compatibility, for the Adobe Flash player/plugin. Does anyone have experience with either of these applications? Does anyone know where to find built SL6x X86-64 and IA-32 RPMs for either of these (preferably reasonably current versions to maintain compatibility with the current Flash data format)? Building these from source require many additional packages (e.g., for lightspark: To compile this software you need to install development packages for llvm (version 2.8, 3.0, 3.1 or 3.2), opengl, curl, zlib, libavcodec, libglew, pcre, librtmp, cairo, libboost-filesystem, libxml++ (version 2.33.1 or newer), gtk-2, libjpeg, libavformat, pango, liblzma If sound is enabled (on by default), you will also need the development package for pulseaudio-libs and/or libsdl. If the browser plugin is enabled (on by default), you will need the development package for xulrunner. Install also gcc (version 4.6.0 or newer), cmake and nasm. ). Thanks for any leads. Yasha Karant