BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Ordered a New Laptop
- Subject: [Discuss] Ordered a New Laptop
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- Date: Wed, 21 Aug 2024 12:37:53 -0400
- In-reply-to: <20240821120837.016b104f.Richard.Pieri@gmail.com>
- References: <98b74ce1-59b9-4491-8f16-88eb6b503653@borg.org> <ZsUfMM1nGVF8mRNE@randomstring.org> <20240820215129.38f3374c.Richard.Pieri@gmail.com> <8fefb1ad-7dde-485c-843b-b39d2063eda1@borg.org> <20240821120837.016b104f.Richard.Pieri@gmail.com>
> On Wed, 21 Aug 2024 08:58:21 -0700 > Kent Borg <kentborg at borg.org> wrote: > >> The things I am worried about are: >> >> - Hardware compatibility. If Debian works (I'm thinking it does), how >> likely is Devuan? > > Should be the same. >From the kernel perspective, that's true. I don't know any off the top of my head, but if there is a user-space app/daemon that controls hardware it may not have a sysinit counterpart. > >> - Navigating the installer. Putting btrfs on top of encrypted LVM >> doesn't seem to involve who will be PID 0, right? > > Correct. This is all GRUB and cryptsetup. Actually, this is managed by the initramfs file. This file contains a whole boot environment in a two part file. At the beginning is an uncompressed CPIO archive that contain various firmwares, after then end of the first part is a compressed CPIO archive that is the boot ramdisk. The initramfs has all the necessary software, drivers, and configuration. It is typically built using dracut, but it can be done by hand if you are curious enough to try. It loads the drivers, has the crypttab and associated "key files" and enough programs and date to bootstrap the system. Once all the devices and file systems are loaded and after some init scripts are run, the "init" process executes a "pivot_root" to the "root" file system and continues start-up. I recommend you take a look at the contents of the file. Google "extract the contents of initramfs" there are a couple good step by step examples. > >> - Suspend and hibernating to encrypted swap, and will it ever come >> back to life? > > This is not advised since it bypasses secure boot protections. Of > course, if you're disabling secure boot anyway then it doesn't matter. It shouldn't bypass secure boot. UEFI BIOS loads linux loader, which is signed by Microsoft. The linux kernel is signed and that validation key is loaded into the TPM or shim (on a VM). The kernel is then loaded after it is validated. The kernel then loads its modules and checks the signature on the modules against an internal key put in the binary at build-time. Then "init" is called, on systemd systems this is a symlink to systemd. The secure boot happens before file system decryption ever happens. > > -- > \m/ (--) \m/ > _______________________________________________ > Discuss mailing list > Discuss at lists.blu.org > https://lists.blu.org/mailman/listinfo/discuss >
- References:
- [Discuss] Ordered a New Laptop
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Ordered a New Laptop
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] Ordered a New Laptop
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Ordered a New Laptop
- From: kentborg at borg.org (Kent Borg)
- [Discuss] Ordered a New Laptop
- From: richard.pieri at gmail.com (Rich Pieri)
- [Discuss] Ordered a New Laptop
- Prev by Date: [Discuss] Ordered a New Laptop
- Next by Date: [Discuss] Ordered a New Laptop
- Previous by thread: [Discuss] Ordered a New Laptop
- Next by thread: [Discuss] Ordered a New Laptop
- Index(es):