I just saw this article in google news today.

https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/

I'm not up on my acronyms, but I've seen uefi mentioned here at times.

I'm assuming since this runs first, Linux is therefore not immune to this
malware.

Would a workaround be enabling legacy boot and running an older distro
until...well, I'll wait for any comments from you smarter guys out there.

pH in Aptos

pH <wNOSPAMp@gmail.org> writes:
> I just saw this article in google news today.
>
> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>
> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>
> I'm assuming since this runs first, Linux is therefore not immune to this
> malware.

Yes and no. Once the bootkit is installed, any OS on that computer is
vulnerable. But installing the bootkit in the first place depends on a
vulnerability in one of the Windows boot components. So I think a system
that had never had Windows installed on it should not be at risk (at
least, until someone finds a comparable bug in Linux’s UEFI boot chain).

> Would a workaround be enabling legacy boot and running an older distro
> until...well, I'll wait for any comments from you smarter guys out
> there.

That would be like addressing a weak lock by taking the whole door off,
since legacy boot does not include secure boot.

--
https://www.greenend.org.uk/rjk/

Am 06.03.2023 um 18:13:14 Uhr schrieb pH:

> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>
> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>
> I'm assuming since this runs first, Linux is therefore not immune to
> this malware.
>
> Would a workaround be enabling legacy boot and running an older distro
> until...well, I'll wait for any comments from you smarter guys out
> there.

No, classic BIOS boot (called CSM/legacy when UEFI firmware is being
used) doesn't contain SecureBoot at all. If a software can change the
boot loader, it can infect every system.

Also attacks on the firmware directly are still possible, just like a
normal BIOS/UEFI firmware update.

On 2023-03-06, Marco Moock <mo01@posteo.de> wrote:
> Am 06.03.2023 um 18:13:14 Uhr schrieb pH:
>
>> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>>
>> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>>
>> I'm assuming since this runs first, Linux is therefore not immune to
>> this malware.
>>
>> Would a workaround be enabling legacy boot and running an older distro
>> until...well, I'll wait for any comments from you smarter guys out
>> there.
>
> No, classic BIOS boot (called CSM/legacy when UEFI firmware is being
> used) doesn't contain SecureBoot at all. If a software can change the
> boot loader, it can infect every system.
>
> Also attacks on the firmware directly are still possible, just like a
> normal BIOS/UEFI firmware update.
>

OKay, thanks for the comments.

I'm gathering that secure boot is actually a *good* thing and not just some
microsoft introduction.

Since I install so seldom I'm really not up on these things.

pH

On 3/6/23 7:36 PM, pH wrote:
> On 2023-03-06, Marco Moock <mo01@posteo.de> wrote:
>> Am 06.03.2023 um 18:13:14 Uhr schrieb pH:
>>
>>> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>>>
>>> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>>>
>>> I'm assuming since this runs first, Linux is therefore not immune to
>>> this malware.
>>>
>>> Would a workaround be enabling legacy boot and running an older distro
>>> until...well, I'll wait for any comments from you smarter guys out
>>> there.
>>
>> No, classic BIOS boot (called CSM/legacy when UEFI firmware is being
>> used) doesn't contain SecureBoot at all. If a software can change the
>> boot loader, it can infect every system.
>>
>> Also attacks on the firmware directly are still possible, just like a
>> normal BIOS/UEFI firmware update.
>>
>
> OKay, thanks for the comments.
>
> I'm gathering that secure boot is actually a *good* thing and not just some
> microsoft introduction.
>
> Since I install so seldom I'm really not up on these things.

The message is that THERE'S NO PERFECT THING.
So DO check for viruses periodically and there's
software that can find Linux rootkits too.

Ok, maybe an immutable un-updatable BIOS-ish
booty thingie ...... (for some embedded uses
that'd be just fine. You don't need a BIOS
to make a, say, Arduino run) .....

On 3/6/23 16:36, pH wrote:
> On 2023-03-06, Marco Moock <mo01@posteo.de> wrote:
>> Am 06.03.2023 um 18:13:14 Uhr schrieb pH:
>>
>>> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>>>
>>> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>>>
>>> I'm assuming since this runs first, Linux is therefore not immune to
>>> this malware.
>>>
>>> Would a workaround be enabling legacy boot and running an older distro
>>> until...well, I'll wait for any comments from you smarter guys out
>>> there.
>>
>> No, classic BIOS boot (called CSM/legacy when UEFI firmware is being
>> used) doesn't contain SecureBoot at all. If a software can change the
>> boot loader, it can infect every system.
>>
>> Also attacks on the firmware directly are still possible, just like a
>> normal BIOS/UEFI firmware update.
>>
>
> OKay, thanks for the comments.
>
> I'm gathering that secure boot is actually a *good* thing and not just some
> microsoft introduction.
>
> Since I install so seldom I'm really not up on these things.
>
> pH
Secure Boot is not a good thing but a Microsoft attempt to satisfy it's
corporate customers and to lock out the possibility of
using Linux on a Windows machine. There are further attempts to
foreclose the possibility of using a secure OS on machines installed
with Windows. In corporate circumstances it locks down the systems
against unauthorized intrusions by any but the assigned IP technicians.
Just to point out than many corporate users will learn enough to turn
it off but it does provide a little security.

When installing Linux to a machine with the Secure Boot enabled
most of us disable it. Some few Linux systems have paid the toll to
Microsoft and gotten a key which will satisfy the Secure Boot system.
When using Windows and any Linux system on the same hardware you must
be aware that Windows without warnings sends new kernels to the system
and when that happens the previous boot setting are over-written messing
up the Linux boot as well. You will need a Live Linux Distribution to
fix the broken boot syste.
Those Linux systems paying the toll are trying for the same market as
MS. They are called Enterprise systems; like Red Hat,
Canonical(Ubuntu), and a few others. They are trying for the corporate
market and Government markets. I hope they displace Windows.
bliss - on the ever-faithful Dell Latitude E7450, PCLinuxOS 2022
KDE Plasma 5.27.2 Kernel Version: 6.1.15-pclos1 (64-bit)
KDE Frameworks 5.103.0 - Qt Version: 5.15.6
Graphics : X11 - Mesa Intel® HD Graphics 5500
15.5 GiB of RAM CPU 4 × Intel® Core™ i7-5600U CPU @ 2.60GHz
Actually 2 real cores and 2 virtual cores.
--
bliss dash SF 4 ever at dslextreme dot com

On 3/6/23 8:11 PM, Bobbie Sellers wrote:
> On 3/6/23 16:36, pH wrote:
>> On 2023-03-06, Marco Moock <mo01@posteo.de> wrote:
>>> Am 06.03.2023 um 18:13:14 Uhr schrieb pH:
>>>
>>>> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>>>>
>>>>
>>>> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>>>>
>>>> I'm assuming since this runs first, Linux is therefore not immune to
>>>> this malware.
>>>>
>>>> Would a workaround be enabling legacy boot and running an older distro
>>>> until...well, I'll wait for any comments from you smarter guys out
>>>> there.
>>>
>>> No, classic BIOS boot (called CSM/legacy when UEFI firmware is being
>>> used) doesn't contain SecureBoot at all. If a software can change the
>>> boot loader, it can infect every system.
>>>
>>> Also attacks on the firmware directly are still possible, just like a
>>> normal BIOS/UEFI firmware update.
>>>
>>
>> OKay, thanks for the comments.
>>
>> I'm gathering that secure boot is actually a *good* thing and not just
>> some
>> microsoft introduction.
>>
>> Since I install so seldom I'm really not up on these things.
>>
>> pH
>     Secure Boot is not a good thing but a Microsoft attempt to satisfy
> it's corporate customers and to lock out the possibility of
> using Linux on a Windows machine.  There are further attempts to
> foreclose the possibility of using a secure OS on machines installed
> with Windows.  In corporate circumstances it locks down the systems
> against unauthorized intrusions by any but the assigned IP technicians.
> Just to point out than many corporate users will learn enough to turn
> it off but it does provide a little security.

JUST a little ... and then mostly just for Winders.

M$ is always picking around the edges to try and shut
out any alternatives. They can't be TOO overt, but they
keep at it. They have enough clout to make motherboard/
BIOS-makers tweak their products to HELP them in this
endeavour. It'll always be framed as a 'security
enhancement' of some kind - because it makes the M$
profits more secure.

I see people making excuses for them - but really they
are just another evil megacorporate empire at this point.

So, what to do ? Well, perhaps pay for maybe a S.Korean
motherboard factory that can turn out a decent functional
clone of a few of the best MBs ... kinda like Compaq did,
same thing but by novel, non-copywrit means.

What, don't want to pay ? Well then .... enjoy Win 12/13/14 ...
because that and Apple are gonna be all there is forever.

Am 07.03.2023 schrieb pH <wNOSPAMp@gmail.org>:

> I'm gathering that secure boot is actually a *good* thing and not
> just some microsoft introduction.

If it is implemented properly and can be disabled if the user wishes it,
it is a good thing. Sadly, some motherboard don't have a proper
implementation and make the installation of other operating systems
difficult.

Am 06.03.2023 schrieb Bobbie Sellers <bliss@mouse-potato.com>:

> When installing Linux to a machine with the Secure Boot
> enabled most of us disable it. Some few Linux systems have paid the
> toll to Microsoft and gotten a key which will satisfy the Secure Boot
> system. When using Windows and any Linux system on the same hardware
> you must be aware that Windows without warnings sends new kernels to
> the system and when that happens the previous boot setting are
> over-written messing up the Linux boot as well. You will need a Live
> Linux Distribution to fix the broken boot syste.

This only applies for BIOS boot. With UEFI boot, only the boot order
changes, so it is possible to change it easily in the UEFI settings.

On 2023-03-07 02:11, Bobbie Sellers wrote:
> On 3/6/23 16:36, pH wrote:
>> On 2023-03-06, Marco Moock <mo01@posteo.de> wrote:
>>> Am 06.03.2023 um 18:13:14 Uhr schrieb pH:
>>>
>>>> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>>>>
>>>> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>>>>
>>>> I'm assuming since this runs first, Linux is therefore not immune to
>>>> this malware.
>>>>
>>>> Would a workaround be enabling legacy boot and running an older distro
>>>> until...well, I'll wait for any comments from you smarter guys out
>>>> there.
>>>
>>> No, classic BIOS boot (called CSM/legacy when UEFI firmware is being
>>> used) doesn't contain SecureBoot at all. If a software can change the
>>> boot loader, it can infect every system.
>>>
>>> Also attacks on the firmware directly are still possible, just like a
>>> normal BIOS/UEFI firmware update.
>>>
>>
>> OKay, thanks for the comments.
>>
>> I'm gathering that secure boot is actually a *good* thing and not just
>> some
>> microsoft introduction.
>>
>> Since I install so seldom I'm really not up on these things.
>>
>> pH
>     Secure Boot is not a good thing but a Microsoft attempt to satisfy
> it's corporate customers and to lock out the possibility of
> using Linux on a Windows machine.  There are further attempts to
> foreclose the possibility of using a secure OS on machines installed
> with Windows.  In corporate circumstances it locks down the systems
> against unauthorized intrusions by any but the assigned IP technicians.
> Just to point out than many corporate users will learn enough to turn
> it off but it does provide a little security.
>
>     When installing Linux to a machine with the Secure Boot enabled
> most of us disable it.  Some few Linux systems have paid the toll to
> Microsoft and gotten a key which will satisfy the Secure Boot system.
> When using Windows and any Linux system on the same hardware you must
> be aware that Windows without warnings sends new kernels to the system
> and when that happens the previous boot setting are over-written messing
> up the Linux boot as well.  You will need a Live Linux Distribution to
> fix the broken boot syste.

Hasn't ever happened to me.

I only heard some histories, long ago, of some vendors, not Microsoft,
selling machines with incorrect firmware that would not allow different
installs.

Same as there are (were?) motherboards that are designed incompatible
with Linux.

This is just paranoia.

--
Cheers, Carlos.

pH wrote:
> I just saw this article in google news today.
>
> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>
> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>
> I'm assuming since this runs first, Linux is therefore not immune to this
> malware.
>
> Would a workaround be enabling legacy boot and running an older distro
> until...well, I'll wait for any comments from you smarter guys out there.
>
> pH in Aptos

TCG TPM2.0 implementations vulnerable to memory corruption

Vulnerability Note VU#782720
Original Release Date: 2023-02-28 | Last Revised: 2023-03-06

https://kb.cert.org/vuls/id/782720

Trusted Platform Module - Wikipedia
https://en.wikipedia.org/wiki/Trusted_Platform_Module

On 3/6/23 23:42, Marco Moock wrote:
> Am 06.03.2023 schrieb Bobbie Sellers <bliss@mouse-potato.com>:
>
>> When installing Linux to a machine with the Secure Boot
>> enabled most of us disable it. Some few Linux systems have paid the
>> toll to Microsoft and gotten a key which will satisfy the Secure Boot
>> system. When using Windows and any Linux system on the same hardware
>> you must be aware that Windows without warnings sends new kernels to
>> the system and when that happens the previous boot setting are
>> over-written messing up the Linux boot as well. You will need a Live
>> Linux Distribution to fix the broken boot syste.
>
> This only applies for BIOS boot. With UEFI boot, only the boot order
> changes, so it is possible to change it easily in the UEFI settings.
>
No it overwrites the Linux EFI information.
Having Windows on a Linux machine is equivalent to a Trojan
or worse. Now-a-days (Oh you moderns) you can run Linux from
a Flash Drive with a persistent partition for your work so
there is no need for an installation.

bliss-“Nearly any fool can use a GNU/Linux computer. Many do"
After all here I am...Again...

--
bliss dash SF 4 ever at dslextreme dot com

On 07/03/2023 16:01, Bobbie Sellers wrote:
> On 3/6/23 23:42, Marco Moock wrote:
>> Am 06.03.2023 schrieb Bobbie Sellers <bliss@mouse-potato.com>:
>>
>>> When installing Linux to a machine with the Secure Boot
>>> enabled most of us disable it.  Some few Linux systems have paid the
>>> toll to Microsoft and gotten a key which will satisfy the Secure Boot
>>> system. When using Windows and any Linux system on the same hardware
>>> you must be aware that Windows without warnings sends new kernels to
>>> the system and when that happens the previous boot setting are
>>> over-written messing up the Linux boot as well.  You will need a Live
>>> Linux Distribution to fix the broken boot syste.
>>
>> This only applies for BIOS boot. With UEFI boot, only the boot order
>> changes, so it is possible to change it easily in the UEFI settings.
>>
>     No it overwrites the Linux EFI information.
>  Having Windows on a Linux machine is equivalent to a Trojan
> or worse.  Now-a-days (Oh you moderns) you can run Linux from
> a Flash Drive with a persistent partition for your work so
> there is no need for an installation.
>
> bliss-“Nearly any fool can use a GNU/Linux computer. Many do"
> After all here I am...Again...
>
Seriously unless you are short on hardware and need windows to run
real-time games, It is always better to run Linux natively and have
windows in a VM.
If you have 8GB RAM anyway.

--
To ban Christmas, simply give turkeys the vote.

On Tue, 07 Mar 2023 03:07:59 -0500, Carlos E.R. <robin_listas@es.invalid> wrote:
> I only heard some histories, long ago, of some vendors, not Microsoft,
> selling machines with incorrect firmware that would not allow different
> installs.
> Same as there are (were?) motherboards that are designed incompatible
> with Linux.

https://arstechnica.com/information-technology/2012/01/microsoft-mandating-secure-boot-on-arm-making-linux-installs-difficult/

Also on x86 systems, having the ability to turn off secure boot is up to the
uefi firmware developers, so may or may not work on a given system.

Configuration screens for uefi vary widely among and even with versions of
different vendor's firmware in terms of organization and terminology.

M$ can't ban other operating systems, but they do as much as they think they can
get away with to make it more difficult.

Having a mini-os that you don't control that has full control of the hardware
drastically increases the attack surface for adversaries. It makes it easier
for them to make intrusions persistent, and harder to detect.

Regards, Dave Hodgins

Am 07.03.2023 um 08:01:57 Uhr schrieb Bobbie Sellers:

> On 3/6/23 23:42, Marco Moock wrote:
> > Am 06.03.2023 schrieb Bobbie Sellers <bliss@mouse-potato.com>:
> >
> >> When installing Linux to a machine with the Secure Boot
> >> enabled most of us disable it. Some few Linux systems have paid
> >> the toll to Microsoft and gotten a key which will satisfy the
> >> Secure Boot system. When using Windows and any Linux system on the
> >> same hardware you must be aware that Windows without warnings
> >> sends new kernels to the system and when that happens the previous
> >> boot setting are over-written messing up the Linux boot as well.
> >> You will need a Live Linux Distribution to fix the broken boot
> >> syste.
> >
> > This only applies for BIOS boot. With UEFI boot, only the boot order
> > changes, so it is possible to change it easily in the UEFI settings.
> >
> No it overwrites the Linux EFI information.

I haven't experienced that yet.

> Having Windows on a Linux machine is equivalent to a Trojan
> or worse. Now-a-days (Oh you moderns) you can run Linux from
> a Flash Drive with a persistent partition for your work so
> there is no need for an installation.

I prefer Linux installed and windows locked in in Virtualbox. :-)

Am 07.03.2023 um 09:07:59 Uhr schrieb Carlos E.R.:

> I only heard some histories, long ago, of some vendors, not
> Microsoft, selling machines with incorrect firmware that would not
> allow different installs.
>
> Same as there are (were?) motherboards that are designed incompatible
> with Linux.

Acer and Medion were candidates where GNU/Linux installation with
LILO/GRUB was difficult, but still possible.

Am 07.03.2023 um 13:00:02 Uhr schrieb David W. Hodgins:

> Having a mini-os that you don't control that has full control of the
> hardware drastically increases the attack surface for adversaries. It
> makes it easier for them to make intrusions persistent, and harder to
> detect.

True - but that already existed in the BIOS times with Intels
Management Engine (ME).

On Tue, 07 Mar 2023 13:09:54 -0500, Marco Moock <mo01@posteo.de> wrote:

> Am 07.03.2023 um 13:00:02 Uhr schrieb David W. Hodgins:
>
>> Having a mini-os that you don't control that has full control of the
>> hardware drastically increases the attack surface for adversaries. It
>> makes it easier for them to make intrusions persistent, and harder to
>> detect.
>
> True - but that already existed in the BIOS times with Intels
> Management Engine (ME).

That's true, but was easier to avoid or fully disable. With uefi, it can't be
fully disabled. The uefi firmware always has full control before the os loads.
The legacy boot options only emulate the bios firmware interface. They don't
stop uefi from being in control of the hardware.

Regards, Dave Hodgins

On 2023-03-07, Andrei Z. <no-email@invalid.invalid> wrote:
> pH wrote:
>> I just saw this article in google news today.
>>
>> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>>
>> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>>
>> I'm assuming since this runs first, Linux is therefore not immune to this
>> malware.
>>
>> Would a workaround be enabling legacy boot and running an older distro
>> until...well, I'll wait for any comments from you smarter guys out there.
>>
>> pH in Aptos
>
> TCG TPM2.0 implementations vulnerable to memory corruption
>
> Vulnerability Note VU#782720
> Original Release Date: 2023-02-28 | Last Revised: 2023-03-06
>
> https://kb.cert.org/vuls/id/782720
>
> Trusted Platform Module - Wikipedia
> https://en.wikipedia.org/wiki/Trusted_Platform_Module
>

So, what two or three steps might one want to do before installing, say,
Mint 20.3 or anything recent...

In my case, I just got into the bios and had it boot from DVD/CD first.
I remember turning something "off" on that same page, but don't recall what
it was now. This was a cheap Lenovo (IBM) laptop. Works fine so far.

o turn off "secure boot"
anything else?

pH

On Tue, 07 Mar 2023 15:44:59 -0500, pH <wNOSPAMp@gmail.org> wrote:
> So, what two or three steps might one want to do before installing, say,
> Mint 20.3 or anything recent...
>
> In my case, I just got into the bios and had it boot from DVD/CD first.
> I remember turning something "off" on that same page, but don't recall what
> it was now. This was a cheap Lenovo (IBM) laptop. Works fine so far.
>
> o turn off "secure boot"
> anything else?

I haven't looked at Lenovo specificall. In general ...
Disable secure boot
Use Achi mode for sata controller(s).
Disable RST (Intel Rapid Storage Technology) if present.

If dual booting with windows
Disable Fast Startup (aka Fastboot) in windows, or the windows partition(s)
will not be mountable or shrinkable.
For some systems, the uefi firmware will still boot windows ignoring the
linux boot loader. For those, in windows it will be necessary to use bcedit
to alter the boot selection order. See https://wiki.mageia.org/en/Mageia_in_dual_boot_with_Windows8_and_over#Windows_starts_directly

Regards, Dave Hodgins

On 07/03/2023 20:44, pH wrote:
> On 2023-03-07, Andrei Z. <no-email@invalid.invalid> wrote:
>> pH wrote:
>>> I just saw this article in google news today.
>>>
>>> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>>>
>>> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>>>
>>> I'm assuming since this runs first, Linux is therefore not immune to this
>>> malware.
>>>
>>> Would a workaround be enabling legacy boot and running an older distro
>>> until...well, I'll wait for any comments from you smarter guys out there.
>>>
>>> pH in Aptos
>>
>> TCG TPM2.0 implementations vulnerable to memory corruption
>>
>> Vulnerability Note VU#782720
>> Original Release Date: 2023-02-28 | Last Revised: 2023-03-06
>>
>> https://kb.cert.org/vuls/id/782720
>>
>> Trusted Platform Module - Wikipedia
>> https://en.wikipedia.org/wiki/Trusted_Platform_Module
>>
>
> So, what two or three steps might one want to do before installing, say,
> Mint 20.3 or anything recent...
>
> In my case, I just got into the bios and had it boot from DVD/CD first.
> I remember turning something "off" on that same page, but don't recall what
> it was now. This was a cheap Lenovo (IBM) laptop. Works fine so far.
>
> o turn off "secure boot"
> anything else?
>
> pH

Last machine I got had Winders on it. I just plugged a stick in and used
the bios to boot from it - latest Mint. Mint seemed to doiUEFI shit
without me having to wipe its bottom, so I guess it's potty trained by now.

--
"I guess a rattlesnake ain't risponsible fer bein' a rattlesnake, but ah
puts mah heel on um jess the same if'n I catches him around mah chillun".

On 3/7/23 1:09 PM, Marco Moock wrote:
> Am 07.03.2023 um 09:07:59 Uhr schrieb Carlos E.R.:
>
>> I only heard some histories, long ago, of some vendors, not
>> Microsoft, selling machines with incorrect firmware that would not
>> allow different installs.
>>
>> Same as there are (were?) motherboards that are designed incompatible
>> with Linux.
>
> Acer and Medion were candidates where GNU/Linux installation with
> LILO/GRUB was difficult, but still possible.

Note that if it's difficult ENOUGH then Linux/UNIX gets
relegated to a crusty few - of no interest to anyone
else, not used by anyone else either. It becomes a
"hobby" OS only, no relevance in the world. Development
pretty much ends. This is the M$/Apple DREAM - total
uncontested world dominance, all profits for THEM only.

Then they'll boost the OS cost to a few kilobucks up
front, and you can't even buy it, just "lease" it.
Every update, every hour, more $$$ too. Pay-per-View,
kinda back to the old terminals/server model. TELL
me the giant push for Online-Only primary apps isn't
exactly that.

M$ owns enough Apple stock, and vice-versa, so it barely
even matters which you buy, they both make money.

Yea, yea, IBM will have it's own Linux/UNIX-ish OS for
their big hardware - but YOU ain't gonna be buying those
mainframes.

On Tue, 07 Mar 2023 21:39:38 -0500, 28B.I874 <28B.I874@noabzba.net> wrote:
> Note that if it's difficult ENOUGH then Linux/UNIX gets
> relegated to a crusty few - of no interest to anyone
> else, not used by anyone else either. It becomes a
> "hobby" OS only, no relevance in the world. Development
> pretty much ends. This is the M$/Apple DREAM - total
> uncontested world dominance, all profits for THEM only.

Community based linux distributions don't need to satisfy anyone that doesn't
contribute in one way or another to it's creation and maintenance, and the
friends and/or family members they want it for. By contribute, I'm including
both those who donate their time, and those who donate money to pay for the
infrastructure. While those distributions do welcome additional users, they don't
need them for the distribution to survive.

Market share doesn't matter for the non-commercial distributions. For the
commercial distributions they only need enough companies or people willing to
pay for their support services to keep their shareholders satisfied and the
bills/staff paid. Anything beyond that is just extra money for the shareholders,
or employees who's pay depends on revenue.

Regards, Dave Hodgins

On 3/7/23 10:08, Marco Moock wrote:
> Am 07.03.2023 um 08:01:57 Uhr schrieb Bobbie Sellers:
>
>> On 3/6/23 23:42, Marco Moock wrote:
>>> Am 06.03.2023 schrieb Bobbie Sellers <bliss@mouse-potato.com>:
>>>
>>>> When installing Linux to a machine with the Secure Boot
>>>> enabled most of us disable it. Some few Linux systems have paid
>>>> the toll to Microsoft and gotten a key which will satisfy the
>>>> Secure Boot system. When using Windows and any Linux system on the
>>>> same hardware you must be aware that Windows without warnings
>>>> sends new kernels to the system and when that happens the previous
>>>> boot setting are over-written messing up the Linux boot as well.
>>>> You will need a Live Linux Distribution to fix the broken boot
>>>> syste.
>>>
>>> This only applies for BIOS boot. With UEFI boot, only the boot order
>>> changes, so it is possible to change it easily in the UEFI settings.
>>>
>> No it overwrites the Linux EFI information.
>
> I haven't experienced that yet.
>
>> Having Windows on a Linux machine is equivalent to a Trojan
>> or worse. Now-a-days (Oh you moderns) you can run Linux from
>> a Flash Drive with a persistent partition for your work so
>> there is no need for an installation.
>
> I prefer Linux installed and windows locked in in Virtualbox. :-)

Sounds good to me.

bliss - old and tired tonight.

--
bliss dash SF 4 ever at dslextreme dot com

On 3/7/23 12:44, pH wrote:
> On 2023-03-07, Andrei Z. <no-email@invalid.invalid> wrote:
>> pH wrote:
>>> I just saw this article in google news today.
>>>
>>> https://arstechnica.com/information-technology/2023/03/unkillable-uefi-malware-bypassing-secure-boot-enabled-by-unpatchable-windows-flaw/
>>>
>>> I'm not up on my acronyms, but I've seen uefi mentioned here at times.
>>>
>>> I'm assuming since this runs first, Linux is therefore not immune to this
>>> malware.
>>>
>>> Would a workaround be enabling legacy boot and running an older distro
>>> until...well, I'll wait for any comments from you smarter guys out there.
>>>
>>> pH in Aptos
>>
>> TCG TPM2.0 implementations vulnerable to memory corruption
>>
>> Vulnerability Note VU#782720
>> Original Release Date: 2023-02-28 | Last Revised: 2023-03-06
>>
>> https://kb.cert.org/vuls/id/782720
>>
>> Trusted Platform Module - Wikipedia
>> https://en.wikipedia.org/wiki/Trusted_Platform_Module
>>
>
> So, what two or three steps might one want to do before installing, say,
> Mint 20.3 or anything recent...
>
> In my case, I just got into the bios and had it boot from DVD/CD first.
> I remember turning something "off" on that same page, but don't recall what
> it was now. This was a cheap Lenovo (IBM) laptop. Works fine so far.
>
> o turn off "secure boot"
> anything else?
>
> pH

If you have Windows on the machine make sure Fast Boot is turned off
and that Windows completely shuts down when you leave it. No
Hibernation or Suspend for Windows.
If it is not shut down it may retain hooks that will make it difficult
for Linux.

bliss- still old and tired.
--
bliss dash SF 4 ever at dslextreme dot com