Fatdog64-700/701 [April 22 2015] [CLOSED]

A home for all kinds of Puppy related projects
Message
Author
anikin
Posts: 994
Joined: Thu 10 May 2012, 06:16

#881 Post by anikin »

This little command will display your swap info in the most impressive and glamorous fashion:

Code: Select all

grep -i --color swap /proc/meminfo
As jamesbond mentioned, a swap partition enabled by default is a security implication. The same stands true for a swap file. A freshly created swap file by default is world-readable - a huge vulnerability. Therefore, it's recommended to secure it by changing file permissions:

Code: Select all

chown root:root /swapfile1
chmod 0600 /swapfile1
gcmartin

#882 Post by gcmartin »

]amesBond earlier wrote:a) it suits him
b) that's what some other puppies do - but mostly because it suits him
That comment is crap! I have been VERY clear on its benefit to everyone and where in the whole world of Linux distros, it is OOTB provided when found.

Just another example to the original "missed the point!", I raised.

Hope that is clear.
User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#883 Post by rcrsn51 »

gcmartin wrote:I have been VERY clear on its benefit to everyone
You do not have the right or the authority to speak for the whole community.
Jasper

#884 Post by Jasper »

I haven't used a swap facility for some three years (except for brief tests); but with his outstanding numeric skills, gcmartin, would not include me in "everyone" (even if he had enough fingers).

Now, I'm signing off for an extended period ot time.
User avatar
rufwoof
Posts: 3690
Joined: Mon 24 Feb 2014, 17:47

#885 Post by rufwoof »

Please be civil guys and just let the matter drop as a difference of opinions. In the past I've found both parties to be most helpful and value both as part of the wider puppy community.
User avatar
Ted Dog
Posts: 3965
Joined: Wed 14 Sep 2005, 02:35
Location: Heart of Texas

#886 Post by Ted Dog »

Lol, this is like two Hollywood stars going after each other in public sad to see but so fun to watch then there is Jasper lobing one sided juicy red hots. SWAP FUED 2015 thanks to all for the information and entertainment.
User avatar
cat&dog
Posts: 11
Joined: Tue 22 Sep 2015, 09:12
Location: European Union

FatDog64-701 SecureBoot

#887 Post by cat&dog »

Hi there,

I am using FatDog64 701 on USB pendrive (frugal installation).

I can boot from the pendrive, disabing secureboot in UEFI bios and enabling compatibility mode, but now I would like to boot with secureboot, so I followed the guide in
http://distro.ibiblio.org/fatdog/web/fa ... -boot.html

Problem is, there is no /EFI/boot/bootx64.efi on the FatDog64 USB drive, nor could I find it inside efiboot.img

I created my FatDog64 pendrive with Universal-USB-Installer-1.9.6.1 from http://www.pendrivelinux.com and Fatdog64-701.iso from http://distro.ibiblio.org/fatdog/iso/Fatdog64-701.iso

I also tried pendrive installation with Lick and with the FatDog64 built-in tool, to no avail. They all work fine in Compatibility Mode, but don't secure boot.

I found some .efi files in usr share directories (grubx64.efi, hashtool.efi, KeyTool.efi, PreLoader.efi, MokManager.efi, shim.efi), yet not bootx64.efi
Perhaps I should rename any of those?
User avatar
Ted Dog
Posts: 3965
Joined: Wed 14 Sep 2005, 02:35
Location: Heart of Texas

#888 Post by Ted Dog »

There is a zip file I made with Fatdog64 EFI and a thread about setup and addional uses that should be what you are wanting. On cell phone so can't cut paste link. Search for my user name and EFI should come up on first page of results.
User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#889 Post by smokey01 »

cat&dog,

Have you tried the instructions on this page?
http://distro.ibiblio.org/fatdog/web/fa ... drive.html

Lots of good information can be found from here?
http://distro.ibiblio.org/fatdog/web/#docs
User avatar
cat&dog
Posts: 11
Joined: Tue 22 Sep 2015, 09:12
Location: European Union

#890 Post by cat&dog »

Thanks Ted and Smokey,
I am going to read all the documentation you mentioned, but http://distro.ibiblio.org/fatdog/web/fa ... drive.html
has the key information about the correct type of installation for UEFI boot, which is: copy FatDog64 ISO to pendrive with dd.
Simple as that!
EFI/boot/bootx64.efi was finally created on the USB pendrive and I could start the steps in the Secure Boot guide
http://distro.ibiblio.org/fatdog/web/fa ... -boot.html

[If I may, I would suggest that the a link to http://distro.ibiblio.org/fatdog/web/fa ... drive.html
is added to the Secure Boot guide].

So far, so good.

Now I've run into another issue. I followed steps 1 to 7 of the Secure Boot guide to enroll fatdog64.cer. After a reboot, though, Fatdog64 still doesn't boot with Secure Boot. It keeps showing the Shim UEFI Key Management screen as in step 2. Looks like the Fatdog64 key was not accepted.

Image


The Secure Boot guide states that some UEFI bioses "only accept keys that are added through the UEFI setup menu. ... "
I am not sure how adding the FatDog64 key through UEFI should be done, as there are several options in the Security menu.
(see screenshot).
Image
I tried "Add variable to KEK" (as "key certificate blob"), and fatdog64.cer was finally accepted! (I also checked it has actually been added by saving KEK to file and examining its contents. Now the KEK file has a Fatdog64 entry after ASUS, Microsoft and Canonical. Fine!).

But, the pendrive still does not boot with UEFI SecureBoot enabled. I have a UEFI [pendrive-name] entry in my Boot Menu, but it doesn't do nothing now.
I also tried to add a new Boot entry manually as described in the Guide, but that doesn't work either.
User avatar
Ted Dog
Posts: 3965
Joined: Wed 14 Sep 2005, 02:35
Location: Heart of Texas

#891 Post by Ted Dog »

the dd method makes the grub read only that is the reason I made the zip on fat32 normally factory formated flashdrive you can edit and add or delete files. Also dd has additional bootloaders that can confuse some BIOS EFI setups especially Apple products. Try turning off any auto boot priorities and set it to boot EFI only if you are going to stick with the DDed idea. I did not. :wink:
jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#892 Post by jamesbond »

@cat&dog
This is Ted Dog's method: http://murga-linux.com/puppy/viewtopic. ... 727#818727.

When using SecureBoot, you don't need to install any keys into KEK etc. In the first screenshot you gave, choose the second option - "enroll key from disk" and follow the rest of the menu to enroll fatdog64.cer key. The process is view you view the key first, and then enroll it. It is not intuitive - but sorry, we can't improve it unless we want to pay the M$ tax. Once the correct key has been enrolled you will never see this screen again (you will see instead "binary whitelisted").

The standard method to boot Secure Boot/UEFI is:
a) "dd" the iso to flash drive (which you already did, good)
b) Tweak your BIOS to boot from the flash drive (apparently you did that already)
c) Enroll the key as above.
The rest should be automatic.

As for pendrive, I haven't used it for a long time, but from the description you gave it seems that it isn't compatible with UEFI (or at least with Fatdog's way of doing UEFI).

cheers!
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]
jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#893 Post by jamesbond »

gcmartin wrote:James, thanks for your reply. Would like to boot either its ISO outcome or its USB outcome where FATDOG7x is the PXE host for LAN PCs.
You can't. Even if you can, if you create a big ISO with large collection, it will:
a) load very slowly
b) eats too much RAM on your target system
Yes yes, for you size is not a problem since you have 40Gbps work "at home" and you have 32GB machines, but many others don't.

The better way to do it (assuming the original source ISO supports PXE booting) is to create a menu structure at the PXE level and let the user choose the individual ISO to load; so they will only transfer (over the network) the ISO that they want to load.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]
Kai
Posts: 35
Joined: Mon 27 Apr 2015, 08:35

#894 Post by Kai »

Quote jamesbond

(As for pendrive, I haven't used it for a long time)

Why not and what do you use instead ??
gcmartin

#895 Post by gcmartin »

jamesbond wrote:... The better way to do it (assuming the original source ISO supports PXE booting) is to create a menu structure at the PXE level and let the user choose the individual ISO to load; so they will only transfer (over the network) the ISO that they want to load.
Yes! That is similar to a discussion we had, in the past, about differing FATDOG PXE implementations for MultiPUP.

Back then, I thought you may have put together a concept before finalizing on that MultiPUP approach you produced for our use.

I can see value, if your PXE approach does land in FATDOG. The beauty of what you produce is that to boot a PC over the LAN has advantages as we acquire more and more PC-like devices on our LANs. An example is a setup I tested using the latest Intel NUC comeS to mind as I have used PXE feature in the NUC to boot to my TV system from FATDOG. (I ran into problems with Linux drivers, of course, but having a selection boot menu similar to what you did in the past with MultiPUP offers advantages.)

Should you choose this for future, I will revisit to update the PXE Guide for Users made in our past where FATDOG was at the foundation of that guide.
User avatar
cat&dog
Posts: 11
Joined: Tue 22 Sep 2015, 09:12
Location: European Union

#896 Post by cat&dog »

jamesbond wrote:@cat&dog
This is Ted Dog's method: http://murga-linux.com/puppy/viewtopic. ... 727#818727.
Ok, I'm going to look into that too. Thanks jamesbond and ted dog!
When using SecureBoot, you don't need to install any keys into KEK etc. In the first screenshot you gave, choose the second option - "enroll key from disk" and follow the rest of the menu to enroll fatdog64.cer key.
Yes, maybe I wasn't clear, but that's exactly what I did. In the Shim UEFI Key Management screen I chose enroll a key, then I chose fatdog64.cer key, as I followed steps 1 to 7 in the Secure Boot guide, like I said.

But then, after a reboot, I still got the "Shim UEFI key management" screen and no FatDog64 boot, as if the key wasn't enrolled.

The process is view you view the key first, and then enroll it. It is not intuitive - but sorry, we can't improve it unless we want to pay the M$ tax. Once the correct key has been enrolled you will never see this screen again (you will see instead "binary whitelisted").
The process is not hard to understand, but it does not seem to be working on my ASUS notebook and a pendrive.

That's the reason why I tried a different approach too, i.e. adding FatDog64 certificate through the UEFI Security menu in my bios, like iFatdog64 Secure Boot Guide seems to suggest.

http://distro.ibiblio.org/fatdog/web/fa ... -boot.html

"Some only except keys that are added though the UEFI setup menu."


I am not clear if the Guide means adding an entry to KEK, or what, though.

The standard method to boot Secure Boot/UEFI is:
a) "dd" the iso to flash drive (which you already did, good)
Done. :)

(Initially I had trouble to get that because it is not explained in the Secure Boot Guide).


b) Tweak your BIOS to boot from the flash drive (apparently you did that already)
Done.
c) Enroll the key as above.
Apparently done, but not working. Looks like the key was not accepted.
The rest should be automatic.
Unless there is some other tricks I can try, maybe my PC is not compatible with Fatdog64's way of doing UEFI Secureboot?
As for pendrive, I haven't used it for a long time, but from the description you gave it seems that it isn't compatible with UEFI (or at least with Fatdog's way of doing UEFI).

cheers!
I can secureboot other UEFI pendrives though.
jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#897 Post by jamesbond »

cat&dog wrote:Apparently done, but not working. Looks like the key was not accepted.
I may not be able to help you further. There is a complciated interaction between the shim loader and UEFI BIOS to get the other operating systems. You have enrolled the key to shim - then the shim should be able to load the rest; but apparently it doesn't. It could mean that your UEFI BIOS has another locked restriction somewhere and that's as far as I can tell.
Unless there is some other tricks I can try, maybe my PC is not compatible with Fatdog64's way of doing UEFI Secureboot?
Fatdog's key to secure boot is to use shim to kick start the rest of the boot process. If shim can't start the rest, then nothing much can be done. If you follow Ted Dog's method, you can remove shim and make it boot directly from refind (in which you then need to enter Fatdog's certificate to KEK). To do this, you replace overwrite /EFI/boot/bootx64.efi with /EFI/boot/grubx64.efi.
I can secureboot other UEFI pendrives though.
I made a typo there. I never used pendrive linux to make bootable drives before, since I have other methods that work. As Ted Dog says somewhere, there are different ways to get UEFI boot working. Fatdog does it the way it does because it has some constraints that others don't have. Perhaps pendrivelinux is built to support those, but not the Fatdog way.

cheers!
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]
User avatar
cat&dog
Posts: 11
Joined: Tue 22 Sep 2015, 09:12
Location: European Union

#898 Post by cat&dog »

Thanks JamesBond!
Anyway, I have tried Ted's uefi now and it works like a charm! Easy as pie! Just had to edit a bit the grub config file. Thanks a lot Ted!
User avatar
smokey01
Posts: 2813
Joined: Sat 30 Dec 2006, 23:15
Location: South Australia :-(
Contact:

#899 Post by smokey01 »

cat&dog wrote:Thanks JamesBond!
Anyway, I have tried Ted's uefi now and it works like a charm! Easy as pie! Just had to edit a bit the grub config file. Thanks a lot Ted!
cat&dog, how about a nice step by step process so it can benefit others.

Thanks
User avatar
cat&dog
Posts: 11
Joined: Tue 22 Sep 2015, 09:12
Location: European Union

Secure Boot from Pendrive

#900 Post by cat&dog »

smokey01 wrote:
cat&dog wrote:Thanks JamesBond!
Anyway, I have tried Ted's uefi now and it works like a charm! Easy as pie! Just had to edit a bit the grub config file. Thanks a lot Ted!
cat&dog, how about a nice step by step process so it can benefit others.

Thanks
Good idea, Smokey!

Anyway, I just followed TedDog's instructions in http://murga-linux.com/puppy/viewtopic. ... 727#818727

Here is what I did, step by step, on my ASUS notebook with American Megatrend's "Aptio" UEFI bios (Secure Boot: Enabled).

1. Download Fatdog64-701 ISO image from http://distro.ibiblio.org/fatdog/iso/Fatdog64-701.iso

2. Download UEFI.zip from http://www.datafilehost.com/d/dc8bb366

3. Extract all files from UEFI.zip. It contains the following:
drivers [directory with 4 *.efi files]
EFI [dir with bootx64.efi, grubx64.efi and other files]
keys [dir with fatdog64.cer and other files]
grub.cfg
Shellx64.efi

4. I had to edit grub.cfg in order to make it work with my pendrive and FatDog64-701. Therefore, I deleted (hd0,msdos1) in the original menuentry (like TedDog explains in his own thread: "...if the drive does not have a MBR (some do not,) then cut (hd0,msdos1) from grub.cfg...") and changed Fatdog64's version number to current 701.

Original menuentry:

Code: Select all

menuentry "Start Fatdog64-631.iso" {
loopback loop0  (hd0,msdos1)/Fatdog64-631.iso
linux (loop0)/vmlinuz
initrd (loop0)/initrd
}
Edited menuentry:

Code: Select all

menuentry "Start Fatdog64-701.iso" {
loopback loop0  /Fatdog64-701.iso
linux (loop0)/vmlinuz
initrd (loop0)/initrd
}

4-b). As I was working in Windows, I also added the missing line endings before each menuentry line in grub.cfg.

5. Copy Fatdog64-701.iso to the pendrive. Just a normal file copy.

6. Boot from pendrive. Secure Boot enabled in UEFI bios.

7. Fatdog64-701 automatically boots all-right!

8. In the future I might add other compatible ISOs to the pendrive and edit grub.cfg menuentries accordingly.
Post Reply