Wiki Mageia

Feed
Track the most recent changes to the wiki in this feed. MediaWiki 1.31.16
Updated: hace 17 horas 49 minutos

Secure boot clarification

15 Noviembre, 2024 - 23:10

‎References and documents: try to enhance the lay out of the links and add a link to the Debian wiki

← Older revision Revision as of 22:10, 15 November 2024 (2 intermediate revisions by the same user not shown)Line 1: Line 1:    −{{Multi language banner|[[User:Zeldas7777|english]] ;}}+{{Multi language banner|[[Secure boot clarification|english]] ;}}     {{Draft}} {{Draft}}    −= Secure boot clarification =     −=== Overview ===+   += Overview =     Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot implementation, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature stops the OS from booting upon detection of invalid signatures.   Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot implementation, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature stops the OS from booting upon detection of invalid signatures.      −=== Who this applies to ===+= Who this applies to =     This wiki does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your computer. Computers with a TPM chip version 1.0 started to appear in 2009. This chip was soon updated to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below. This wiki does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your computer. Computers with a TPM chip version 1.0 started to appear in 2009. This chip was soon updated to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below. Line 18: Line 18:  Wikipedia - https://en.wikipedia.org/wiki/Trusted_Platform_Module<br> Wikipedia - https://en.wikipedia.org/wiki/Trusted_Platform_Module<br>    −=== Why the secure boot mode option was created ===+= Why the secure boot mode option was created =     Extensible Firmware Interface (EFI) was developed in the mid 1990's. In 2004, Intel released the first open source Unified Extensible Firmware Interface (UEFI) implementation. Then EFI was transitioned to Unified Extensible Firmware Interface (UEFI) in 2005. There has been several root vulnerabilities found in the computer BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. Then "Trusted Platform Module (TPM)  was developed. This was not enough and TPM was updated to make secure boot mode possible. Secure boot was implemented in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers. This affected the Linux community because the time secure boot came out limited documentation was available at the time. This is why we have so many issues with secure boot. The Linux community has been working hard on this for years now to learn and implement secure boot on the OS.   Extensible Firmware Interface (EFI) was developed in the mid 1990's. In 2004, Intel released the first open source Unified Extensible Firmware Interface (UEFI) implementation. Then EFI was transitioned to Unified Extensible Firmware Interface (UEFI) in 2005. There has been several root vulnerabilities found in the computer BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. Then "Trusted Platform Module (TPM)  was developed. This was not enough and TPM was updated to make secure boot mode possible. Secure boot was implemented in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers. This affected the Linux community because the time secure boot came out limited documentation was available at the time. This is why we have so many issues with secure boot. The Linux community has been working hard on this for years now to learn and implement secure boot on the OS.      −=== The secure mode operation design ===+= The secure mode operation design =     Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate three areas while booting the OS. Authentication is performed by checking the bootloader, kernel, and kernel drivers on booting. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid and stops booting. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS, but is required to maintain OS security. Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate three areas while booting the OS. Authentication is performed by checking the bootloader, kernel, and kernel drivers on booting. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid and stops booting. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS, but is required to maintain OS security.    −=== The secure mode operation while booting ===+= The secure mode operation while booting =     Secure mode authenticates the system from the installed signatures. Here is how the process works. Secure mode authenticates the system from the installed signatures. Here is how the process works. Line 35: Line 35:  If everything is successful, the OS will boot as expected. If everything is successful, the OS will boot as expected.    −=== CPU board manufacturer requirements ===+= CPU board manufacturer requirements =     CPU board manufacturers are required to follow fair trade laws This means that no company can be biased and that all OS vendors share equal rights. All manufactures have a standard to follow that is strictly monitored. We have a few types of CPU boards on the market that must comply with personal data security. Here are the following types of CPU boards that allow secure boot to be disabled, those that do not allow it, or made optional for custom manufactured computers. CPU board manufacturers are required to follow fair trade laws This means that no company can be biased and that all OS vendors share equal rights. All manufactures have a standard to follow that is strictly monitored. We have a few types of CPU boards on the market that must comply with personal data security. Here are the following types of CPU boards that allow secure boot to be disabled, those that do not allow it, or made optional for custom manufactured computers. Line 45: Line 45:  The documentation for the UEFI firmware is required to be made available to all OS vendors. This documentation shall have all commands required for UEFI firmware updates. The currently installed OS owns the updating of the firmware. If you have a dual-boot or multi-boot system, then each OS shares ownership rights. The documentation for the UEFI firmware is required to be made available to all OS vendors. This documentation shall have all commands required for UEFI firmware updates. The currently installed OS owns the updating of the firmware. If you have a dual-boot or multi-boot system, then each OS shares ownership rights.    −=== The requirement to enable secure boot ===+= The requirement to enable secure boot =     The requirements to successfully enable secure boot mode on an OS are: The requirements to successfully enable secure boot mode on an OS are: Line 55: Line 55:  # Must have a TPM chip.   # Must have a TPM chip.      −=== References and documents ===+= References and documents =    −Uefi.org documents in PDF file format+==Uefi.org documents in PDF file format==    −Uefi Information - https://uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf+Uefi Information - [https://uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf UEFI Secure Boot in Modern Computer Security Solutions 2013.pdf]     Microsoft KEK expiring because the certificate is expiring on 10/19/2026. This means there will be another secure boot update coming for current and new computers. Microsoft KEK expiring because the certificate is expiring on 10/19/2026. This means there will be another secure boot update coming for current and new computers.  Here is the link to the PDF document: Here is the link to the PDF document:  +[https://uefi.org/sites/default/files/resources/Evolving%20the%20Secure%20Boot%20Ecosystem_Flick%20and%20Sutherland.pdf Evolving the Secure Boot Ecosystem 9/12/2023]    −Evolving the Secure Boot Ecosystem 9/12/2023 - https://uefi.org/sites/default/files/resources/Evolving%20the%20Secure%20Boot%20Ecosystem_Flick%20and%20Sutherland.pdf+==Other links==    −To learn more about the UEFI and secure boot visit uefi.org website.+To learn more about the UEFI and secure boot visit [https://www.uefi.org the uefi.org website.]    −https://www.uefi.org+[https://wiki.debian.org/SecureBoot Secure Boot in the Debian wiki]    −=== Support history from the secure boot upgrade ===+= Support history from the secure boot upgrade =     Visit this link to see recent issues related to secure boot. Visit this link to see recent issues related to secure boot. Line 76: Line 77:  https://forums.mageia.org/en/search.php?keywords=secure+boot&fid%5B0%5D=7 https://forums.mageia.org/en/search.php?keywords=secure+boot&fid%5B0%5D=7    −=== Common issues with TPM ===+= Common issues with TPM =     Dual or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the computer, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer. Dual or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the computer, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer.    −=== Clarification conclusion ===+= Clarification conclusion =     Again, this article will hopefully bring some clarity to the confusion caused by the secure boot updates and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this wiki when I am finished. Again, this article will hopefully bring some clarity to the confusion caused by the secure boot updates and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this wiki when I am finished. Marja
Categorías: Wiki de Mageia

Mageia wiki:Secure boot clarification

15 Noviembre, 2024 - 22:37

Marja deleted page Mageia wiki:Secure boot clarification wrong location

Marja
Categorías: Wiki de Mageia

User:Zeldas7777

15 Noviembre, 2024 - 22:35

Correct the redirect

← Older revision Revision as of 21:35, 15 November 2024 Line 1: Line 1: −#REDIRECT [[Mageia wiki:Secure boot clarification]]+#REDIRECT [[Secure boot clarification]] Marja
Categorías: Wiki de Mageia

User:Zeldas7777

15 Noviembre, 2024 - 22:33

Marja moved page User:Zeldas7777 to Mageia wiki:Secure boot clarification This page needs to be more visible, so more people will provide feedback or improvements

← Older revision Revision as of 21:33, 15 November 2024 (One intermediate revision by the same user not shown)Line 1: Line 1:     {{Multi language banner|[[User:Zeldas7777|english]] ;}} {{Multi language banner|[[User:Zeldas7777|english]] ;}}  +  +{{Draft}}     = Secure boot clarification = = Secure boot clarification = Marja
Categorías: Wiki de Mageia

Template:Meertalige banner-nl

15 Noviembre, 2024 - 22:23

Marja deleted page Template:Meertalige banner-nl wrong page name

Marja
Categorías: Wiki de Mageia

Talk:Becoming a Mageia Packager

13 Noviembre, 2024 - 23:37

← Older revision Revision as of 22:37, 13 November 2024 Line 10: Line 10:  One rejected suggestion was the apprentices be allowed to package backports, and as until the padawan level requires supervision of the mentor could be a good idea to keep motivated to the candidates. One rejected suggestion was the apprentices be allowed to package backports, and as until the padawan level requires supervision of the mentor could be a good idea to keep motivated to the candidates.  --[[User:Katnatek|katnatek]] ([[User talk:Katnatek|talk]]) 18:25, 10 October 2024 (UTC) --[[User:Katnatek|katnatek]] ([[User talk:Katnatek|talk]]) 18:25, 10 October 2024 (UTC)  +  +* Also we need a path to follow when mentor quit or let in limbo to their apprentice(s) by whatever motive  +  +--[[User:Katnatek|katnatek]] ([[User talk:Katnatek|talk]]) 22:37, 13 November 2024 (UTC) Katnatek
Categorías: Wiki de Mageia

SOP Freeing disk space

13 Noviembre, 2024 - 19:54

‎Freeing disk space on servers: Add log section

← Older revision Revision as of 18:54, 13 November 2024 Line 11: Line 11:  == distrib == == distrib ==  This holds all RPMs and metadata for all supported releases. When this fills, nobody can build any more packages. One strategy to free space is to hard link identical RPMs between bootstrap and mirror for cauldron. Another is to remove obsolete and unsupported releases, although you must first ensure the files are available elsewhere in case we need to fulfill any obligations under the GPL (and other licenses) to provide source code (this responsibility may not actually apply, but you need to be sure about that before deleting). This holds all RPMs and metadata for all supported releases. When this fills, nobody can build any more packages. One strategy to free space is to hard link identical RPMs between bootstrap and mirror for cauldron. Another is to remove obsolete and unsupported releases, although you must first ensure the files are available elsewhere in case we need to fulfill any obligations under the GPL (and other licenses) to provide source code (this responsibility may not actually apply, but you need to be sure about that before deleting).  +  +== log ==  +If the log partition (/var/log/) is filling up, there are a few things that can be done to make space. Running '''journalctl --vacuum-size=500M''' (with an appropriate size) will make some room immediately by deleting enough older logs so the remainder fit in the given space. Permanently reducing journal log sizes can be done by changing /etc/systemd/journald.conf for the host in puppet.  +  +If other logs which are rotated by logrotate are getting too large, the logrorate settings may need to be tweaked. Logs are normally rotated monthly, so changing that to weekly will compress the log files much more often leaving more free space. This can be done by changing the logrotate settings for a service in puppet, possibly using a <% if @hostname == 'HOST' %> conditional. When changing the log rotation period, make sure to also change the number of logs to keep around (the ''rotate'' value); e.g. if changing from monthly to weekly, the maximum number will need to be increased by a factor of 4 to keep around the same log history available.     == Expanding partitions == == Expanding partitions == Danf
Categorías: Wiki de Mageia

Pushing updates

12 Noviembre, 2024 - 21:34

Add Errors section

← Older revision Revision as of 20:34, 12 November 2024 Line 99: Line 99:     ''NOTE'': This process was developed in 2024 to ensure that users can stay abreast of backports changes. It may change in the future if ''mga-move-pkg'' is updated to automatically mail notifications to backports-announce by itself. ''NOTE'': This process was developed in 2024 to ensure that users can stay abreast of backports changes. It may change in the future if ''mga-move-pkg'' is updated to automatically mail notifications to backports-announce by itself.  +  +== Errors ==  +  +If a problem occurs during the mga-move-pkg stage, then the program may abort without performing all its steps (including package move, update bug, send e-mail, etc.). If the problem was temporary, try just running the command again. If there is still an issue (you may need to read the e-mail sent to qa-reports@ml to see details) then you may need to manually update the advisory status files to continue.  +  +For example, if an error occurred during the package move stage, then the package(s) may have been moved but the status might not have been updated to reflect that. Subsequent invocations will then try to move a package that no longer exists in the updates_testing media where it's expected, causing an error every time. In this case, you will need to edit the appropriate file in /var/lib/mga-advisories/status/ to add a move line to indicate that the move has, indeed, taken place.     [[Category:Sysadmin]] [[Category:Sysadmin]]  [[Category:QA]] [[Category:QA]] Danf
Categorías: Wiki de Mageia

Auto inst

11 Noviembre, 2024 - 16:50

‎No X

← Older revision Revision as of 15:50, 11 November 2024 (One intermediate revision by the same user not shown)Line 2,696: Line 2,696:  mv -f /etc/inittab1 /etc/inittab mv -f /etc/inittab1 /etc/inittab  "</nowiki>}} "</nowiki>}}  +  +If you really want a minimal install without any Xorg related packaged installed, you'll have to use the following trick (works with mageia 9 and an updated grub2 package):  +{{pre|<nowiki>  'rpmsrate_flags_chosen' => {  + CAT_X => 0,  + },  +</nowiki>}}     ==== Default X ==== ==== Default X ==== Bcornec
Categorías: Wiki de Mageia

Auto inst

11 Noviembre, 2024 - 16:50

‎No X

← Older revision Revision as of 15:50, 11 November 2024 (3 intermediate revisions by the same user not shown)Line 2,453: Line 2,453:  * [[#default_packages|default_packages]] * [[#default_packages|default_packages]]  * [[#nomouseprobe|nomouseprobe]] * [[#nomouseprobe|nomouseprobe]]  +  +=== skipped_packages ===  +  +The <b>skipped_packages</b> option is used to prevent the installation of the packages listed in this array in a regular expression form.  +  +==== Syntax ====  +  +* The <b>skipped_packages</b> option has the following general syntax:  +{{pre|<nowiki>    'skipped_packages' => [  +        '/^package1-/',  +        '/^package2-/,  +    ]</nowiki>}}  +  +==== Descriptions ====  +  +* <b>package#</b> is the name of the package you DON'T want to install.  +  +==== Examples  ====  +  +* Simple example  +{{pre|<nowiki>    'skipped_packages' => [  +        '/^kernel-desktop-/',  +    ]</nowiki>}}  +  +This will avoid the installation of the desktop kernels (typically on a server install).  +  +==== Related Options ====  +* [[#default_packages|default_packages]] option     === superuser === === superuser === Line 2,659: Line 2,687:  ==== No X ==== ==== No X ====    −For those of you who are not installing or do not want X, you can one of those solutions:+For those of you who are not installing or do not want X, you can choose one of those solutions:  * make sure that the 'X' => {...}, is not present in the {{file|auto_inst.cfg}} file. And also, make sure that you do not install any packages which have {{prog|xorg*}} as a dependancy.   * make sure that the 'X' => {...}, is not present in the {{file|auto_inst.cfg}} file. And also, make sure that you do not install any packages which have {{prog|xorg*}} as a dependancy.    * you can use the following and not worry about which packages are installed: {{pre|<nowiki>  'X' => { 'disabled' => 1 },</nowiki>}} Please note, that even though you may have installed the {{prog|xorg*}} packages, window manager packages, and /or X based applications, X will not be configured correctly. So don't forget and type startx at the command prompt ! * you can use the following and not worry about which packages are installed: {{pre|<nowiki>  'X' => { 'disabled' => 1 },</nowiki>}} Please note, that even though you may have installed the {{prog|xorg*}} packages, window manager packages, and /or X based applications, X will not be configured correctly. So don't forget and type startx at the command prompt ! Line 2,668: Line 2,696:  mv -f /etc/inittab1 /etc/inittab mv -f /etc/inittab1 /etc/inittab  "</nowiki>}} "</nowiki>}}  +  +If you really want a minimal install without any Xorg related packaged installed, you'll have to use the following trick (works with mageia 9 and an updated grub2 package):  +{{pre|<nowiki>  'rpmsrate_flags_chosen' => {  + CAT_X => 0,  + },  +</nowiki>}}     ==== Default X ==== ==== Default X ==== Bcornec
Categorías: Wiki de Mageia

Auto inst

11 Noviembre, 2024 - 02:40

← Older revision Revision as of 01:40, 11 November 2024 (One intermediate revision by the same user not shown)Line 2,453: Line 2,453:  * [[#default_packages|default_packages]] * [[#default_packages|default_packages]]  * [[#nomouseprobe|nomouseprobe]] * [[#nomouseprobe|nomouseprobe]]  +  +=== skipped_packages ===  +  +The <b>skipped_packages</b> option is used to prevent the installation of the packages listed in this array in a regular expression form.  +  +==== Syntax ====  +  +* The <b>skipped_packages</b> option has the following general syntax:  +{{pre|<nowiki>    'skipped_packages' => [  +        '/^package1-/',  +        '/^package2-/,  +    ]</nowiki>}}  +  +==== Descriptions ====  +  +* <b>package#</b> is the name of the package you DON'T want to install.  +  +==== Examples  ====  +  +* Simple example  +{{pre|<nowiki>    'skipped_packages' => [  +        '/^kernel-desktop-/',  +    ]</nowiki>}}  +  +This will avoid the installation of the desktop kernels (typically on a server install).  +  +==== Related Options ====  +* [[#default_packages|default_packages]] option     === superuser === === superuser === Line 2,659: Line 2,687:  ==== No X ==== ==== No X ====    −For those of you who are not installing or do not want X, you can one of those solutions:+For those of you who are not installing or do not want X, you can choose one of those solutions:  * make sure that the 'X' => {...}, is not present in the {{file|auto_inst.cfg}} file. And also, make sure that you do not install any packages which have {{prog|xorg*}} as a dependancy.   * make sure that the 'X' => {...}, is not present in the {{file|auto_inst.cfg}} file. And also, make sure that you do not install any packages which have {{prog|xorg*}} as a dependancy.    * you can use the following and not worry about which packages are installed: {{pre|<nowiki>  'X' => { 'disabled' => 1 },</nowiki>}} Please note, that even though you may have installed the {{prog|xorg*}} packages, window manager packages, and /or X based applications, X will not be configured correctly. So don't forget and type startx at the command prompt ! * you can use the following and not worry about which packages are installed: {{pre|<nowiki>  'X' => { 'disabled' => 1 },</nowiki>}} Please note, that even though you may have installed the {{prog|xorg*}} packages, window manager packages, and /or X based applications, X will not be configured correctly. So don't forget and type startx at the command prompt ! Bcornec
Categorías: Wiki de Mageia

Liste von Anwendungen-de

10 Noviembre, 2024 - 11:56

‎Software aus externen Quellen (Nicht in Mageia enthalten)

← Older revision Revision as of 10:56, 10 November 2024 Line 1,072: Line 1,072:  | [[File:Heroic.png|25px|center]] | [[File:Heroic.png|25px|center]]  | '''[https://heroicgameslauncher.com/ Heroic Game Launcher]''' | '''[https://heroicgameslauncher.com/ Heroic Game Launcher]''' −| Heroic Game launcher Client (Siehe '''[Möglichkeiten_um_Anwendungen_zu_installieren-de#Heroic_Game_Launcher Möglichkeiten um Anwendungen zu installieren]''')+| Heroic Game launcher Client (Siehe '''[[Möglichkeiten_um_Anwendungen_zu_installieren-de#Heroic_Game_Launcher|Möglichkeiten um Anwendungen zu installieren]]''')  |- |-  | [[File:App-accessories.png|25px|center]] | [[File:App-accessories.png|25px|center]] Psyca
Categorías: Wiki de Mageia

List of applications

10 Noviembre, 2024 - 11:55

‎Software from external sources (Not included in Mageia): change external to internal link

← Older revision Revision as of 10:55, 10 November 2024 Line 1,066: Line 1,066:  | [[File:Heroic.png|25px|center]] | [[File:Heroic.png|25px|center]]  | '''[https://heroicgameslauncher.com/ Heroic Game Launcher]''' | '''[https://heroicgameslauncher.com/ Heroic Game Launcher]''' −| Heroic Game launcher Client (See '''[https://wiki.mageia.org/en/Ways_to_install_programs#Heroic_Game_Launcher Ways to install programs]''')+| Heroic Game launcher Client (See '''[[Ways_to_install_programs#Heroic_Game_Launcher|Ways to install programs]]''')  |- |-  | [[File:App-accessories.png|25px|center]] | [[File:App-accessories.png|25px|center]] Psyca
Categorías: Wiki de Mageia

Liste von Anwendungen-de

10 Noviembre, 2024 - 11:54

← Older revision Revision as of 10:54, 10 November 2024 Line 1: Line 1:  [[Category:Dokumentation]] [[Category:Dokumentation]] −{{Multi_language_banner-de|[[Liste_von_Anwendungen-de|Deutsch]] ; [[List of applications|English]] ; [[Liste_des_applications-fr|Français]] ; [[List of applications pt Br|Português do Brasil]] ;}}+{{Multi_language_banner-de|[[Liste_von_Anwendungen-de|Deutsch]] ; [[List of applications|English]] ; [[Liste_des_applications-fr|Français]] ; [[List of applications pt Br|Português do Brasil]] ; [[Lista de aplicaciones|Español]]}}     {{Introduction-de|Der Zweck dieser Seite ist die Sammlung von nützlichen Anwendungen für Desktop Nutzer. Diese kann von jedem bearbeitet werden der daran mitarbeiten möchte.}}   {{Introduction-de|Der Zweck dieser Seite ist die Sammlung von nützlichen Anwendungen für Desktop Nutzer. Diese kann von jedem bearbeitet werden der daran mitarbeiten möchte.}}   Line 6: Line 6:  = Einleitung = = Einleitung =    −Diese Liste enthält nur einen Auszug, '''sie listet nicht die gesamte Software auf, die in den offiziellen Mageia Repositorys vorhanden ist'''.+Diese Liste enthält nur einen Auszug, '''sie listet nicht die gesamte Software auf, die in den offiziellen Mageia Repositorien vorhanden sind'''.    −:* Um alle verfügbaren Pakete in den '''offiziellen Mageia Repositorys''' anzuzeigen, besuche die [https://mageia.madb.org/ Mageia App Db], die online Anwendungs- und Paketdatenbank (siehe [[SIG|Special Interest Group-SIG]] [[File:Flag-united-kingdom02.png|21px|link=]]).+:* Um alle verfügbaren Pakete in den '''offiziellen Mageia Repositorys''' anzuzeigen, besuche die [https://madb.mageia.org/ Mageia App Db], die online Anwendungs- und Paketdatenbank (siehe [[SIG|Special Interest Group-SIG]] [[File:Flag-united-kingdom02.png|21px|link=]]).     :* Du kannst auch den Mageia Paketmanager verwenden, siehe [[Installieren_und_entfernen_von_Software_für_Anfänger-de#Anwendungen_in_MCCs_Softwareverwaltung_suchen|Anwendungen in MCCs Softwareverwaltung suchen]]. :* Du kannst auch den Mageia Paketmanager verwenden, siehe [[Installieren_und_entfernen_von_Software_für_Anfänger-de#Anwendungen_in_MCCs_Softwareverwaltung_suchen|Anwendungen in MCCs Softwareverwaltung suchen]]. Line 1,069: Line 1,069:  | '''[https://earth.google.com/ Google Earth]''' | '''[https://earth.google.com/ Google Earth]'''  | Globe (See'''[https://wiki.mageia.org/en/Google_Earth Mageia Wiki Google Earth]''') | Globe (See'''[https://wiki.mageia.org/en/Google_Earth Mageia Wiki Google Earth]''')  +|-  +| [[File:Heroic.png|25px|center]]  +| '''[https://heroicgameslauncher.com/ Heroic Game Launcher]'''  +| Heroic Game launcher Client (Siehe '''[Möglichkeiten_um_Anwendungen_zu_installieren-de#Heroic_Game_Launcher Möglichkeiten um Anwendungen zu installieren]''')  |- |-  | [[File:App-accessories.png|25px|center]] | [[File:App-accessories.png|25px|center]] Psyca
Categorías: Wiki de Mageia

Cauldron-de

10 Noviembre, 2024 - 11:45

← Older revision Revision as of 10:45, 10 November 2024 Line 82: Line 82:     Falls Sie ein x86_64 System verwenden und Sie auch die 32-Bit Paketquellen aktivieren wollen, führen Sie folgenden Befehl aus: Falls Sie ein x86_64 System verwenden und Sie auch die 32-Bit Paketquellen aktivieren wollen, führen Sie folgenden Befehl aus: −{{command-de|dnf config-manager --set-enabled cauldron-i686|prompt=#}}+{{command-de|dnf config-manager --set-enabled cauldron-i586|prompt=#}}     Falls Sie die nonfree und tainted Quellen einbinden möchten (Ersetzen Sie "{arch}" mit Ihrer gewünschten Architektur "x86_64" oder "i586" und "{section}" mit "nonfree" oder "tainted"): Falls Sie die nonfree und tainted Quellen einbinden möchten (Ersetzen Sie "{arch}" mit Ihrer gewünschten Architektur "x86_64" oder "i586" und "{section}" mit "nonfree" oder "tainted"): Psyca
Categorías: Wiki de Mageia

User:Zeldas7777

9 Noviembre, 2024 - 21:42

Working on improving content making it easier to understand. Make sections more clear.

← Older revision Revision as of 20:42, 9 November 2024 Line 6: Line 6:  === Overview === === Overview ===    −Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot upgrade, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of invalid signatures.  +Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot implementation, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature stops the OS from booting upon detection of invalid signatures.       === Who this applies to === === Who this applies to ===    −This document does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your personal computer (PC). Personal computers with TPM chip version 1.0 started to appear in 2009. This chip was soon upgraded to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below.+This wiki does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your computer. Computers with a TPM chip version 1.0 started to appear in 2009. This chip was soon updated to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below.     Reference links:<br> Reference links:<br> Line 18: Line 18:  === Why the secure boot mode option was created === === Why the secure boot mode option was created ===    −There has been several root vulnerabilities found in PC BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. UEFI decided to implement the secure boot mode in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers.+Extensible Firmware Interface (EFI) was developed in the mid 1990's. In 2004, Intel released the first open source Unified Extensible Firmware Interface (UEFI) implementation. Then EFI was transitioned to Unified Extensible Firmware Interface (UEFI) in 2005. There has been several root vulnerabilities found in the computer BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. Then "Trusted Platform Module (TPM)  was developed. This was not enough and TPM was updated to make secure boot mode possible. Secure boot was implemented in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers. This affected the Linux community because the time secure boot came out limited documentation was available at the time. This is why we have so many issues with secure boot. The Linux community has been working hard on this for years now to learn and implement secure boot on the OS.       === The secure mode operation design === === The secure mode operation design ===    −Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate two areas and watch one area of the OS. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS but is necessary to maintain OS security.+Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate three areas while booting the OS. Authentication is performed by checking the bootloader, kernel, and kernel drivers on booting. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid and stops booting. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS, but is required to maintain OS security.     === The secure mode operation while booting === === The secure mode operation while booting === Line 47: Line 47:  The requirements to successfully enable secure boot mode on an OS are: The requirements to successfully enable secure boot mode on an OS are:    −# Extended validation certificate from a signed Certificate Authority (CA) certificate signing request (CSR), private key, and public key. You would generate this and submit to your choice of secure certificate provider. This would be meant for code signing. The EV cert must come from the domain or organization that requests it to be verified.+# Extended validation certificate from a signed Certificate Authority (CA) certificate signing request (CSR), private key, and public key. You would generate this and submit to your choice of secure certificate provider the required CSR and key. This would be meant for code signing. The EV cert must come from the domain or organization that requests it to be verified.  # Tools developed to be used in order to use the signed certificate returned by SSL provider. Remember that you should have both the valid signed certificate, a private key (must have a strong password and be kept secure), and a public key. # Tools developed to be used in order to use the signed certificate returned by SSL provider. Remember that you should have both the valid signed certificate, a private key (must have a strong password and be kept secure), and a public key.  # The OS must be able to install the certificate and public key on computer. # The OS must be able to install the certificate and public key on computer. Line 59: Line 59:  Uefi Information - https://uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf Uefi Information - https://uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf    −Microsoft KEK expiring because the certificate is expiring on 10/19/2026. This means there will be another secure boot upgrade coming for current and new computers.+Microsoft KEK expiring because the certificate is expiring on 10/19/2026. This means there will be another secure boot update coming for current and new computers.  Here is the link to the PDF document: Here is the link to the PDF document:    Line 76: Line 76:  === Common issues with TPM === === Common issues with TPM ===    −Dual- or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the PC, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer.+Dual or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the computer, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer. −       === Clarification conclusion === === Clarification conclusion ===    −Again, this article will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this document when I am finished.+Again, this article will hopefully bring some clarity to the confusion caused by the secure boot updates and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this wiki when I am finished. Zeldas7777
Categorías: Wiki de Mageia

User:Zeldas7777

9 Noviembre, 2024 - 10:55

You need to follow the wiki creation guidelines

← Older revision Revision as of 09:55, 9 November 2024 Line 1: Line 1:     {{Multi language banner|[[User:Zeldas7777|english]] ;}} {{Multi language banner|[[User:Zeldas7777|english]] ;}} −</noinclude><includeonly>{|style="margin-bottom: 1em; border-radius:0.2em; background-color: #2397D410; border: 0.25em solid #2397D4FF; width: auto; min-width: 32%; min-height: auto"  −|-  −|style="width: 50px;"|[[Image:{{{img|Drakconf_multiflag.png}}}|center|46px]]  −|style="solid #2397D4FF; text-align:left; vertical-align:top;"|<span style="color: #262F45; font-weight:bold;">{{{title|Secure boot clarification}}}</span><br /><span style="color: green; white-space:pre-line; line-height: 100%;"><span style="color: green; text-transform: capitalize">{{{1|{{{msg}}}}}}</span>  −|}</includeonly>  −<h2 style="font-size:xx-large">'''Secure boot clarification'''</h2>     −<h3>Overview</h3>+= Secure boot clarification =  +   +=== Overview ===    −<p style="text-indent:15px">   Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot upgrade, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of invalid signatures.   Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot upgrade, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of invalid signatures.   −</p>     −<h3>Who this applies to</h3>+=== Who this applies to ===    −<p style="text-indent:15px">   This document does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your personal computer (PC). Personal computers with TPM chip version 1.0 started to appear in 2009. This chip was soon upgraded to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below. This document does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your personal computer (PC). Personal computers with TPM chip version 1.0 started to appear in 2009. This chip was soon upgraded to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below. −</p>      Reference links:<br> Reference links:<br> Line 24: Line 16:  Wikipedia - https://en.wikipedia.org/wiki/Trusted_Platform_Module<br> Wikipedia - https://en.wikipedia.org/wiki/Trusted_Platform_Module<br>    −<h3>Why the secure boot mode option was created</h3>+=== Why the secure boot mode option was created ===    −<p style="text-indent:15px">+There has been several root vulnerabilities found in PC BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. UEFI decided to implement the secure boot mode in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers. − There has been several root vulnerabilities found in PC BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. UEFI decided to implement the secure boot mode in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers.  −</p>     −<h3>The secure mode operation design</h3>+=== The secure mode operation design ===    −<p style="text-indent:15px">   Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate two areas and watch one area of the OS. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS but is necessary to maintain OS security. Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate two areas and watch one area of the OS. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS but is necessary to maintain OS security. −</p>     −<h3>The secure mode operation while booting</h3>+=== The secure mode operation while booting ===     Secure mode authenticates the system from the installed signatures. Here is how the process works. Secure mode authenticates the system from the installed signatures. Here is how the process works. Line 45: Line 33:  If everything is successful, the OS will boot as expected. If everything is successful, the OS will boot as expected.    −<h3>CPU board manufacturer requirements</h3>+=== CPU board manufacturer requirements ===    −<p style="text-indent:15px">   CPU board manufacturers are required to follow fair trade laws This means that no company can be biased and that all OS vendors share equal rights. All manufactures have a standard to follow that is strictly monitored. We have a few types of CPU boards on the market that must comply with personal data security. Here are the following types of CPU boards that allow secure boot to be disabled, those that do not allow it, or made optional for custom manufactured computers. CPU board manufacturers are required to follow fair trade laws This means that no company can be biased and that all OS vendors share equal rights. All manufactures have a standard to follow that is strictly monitored. We have a few types of CPU boards on the market that must comply with personal data security. Here are the following types of CPU boards that allow secure boot to be disabled, those that do not allow it, or made optional for custom manufactured computers.    Line 53: Line 40:  # Business to Government computers: in order to maintain data security, these cannot have secure boot mode disabled. # Business to Government computers: in order to maintain data security, these cannot have secure boot mode disabled.  # Custom manufactured computers specifically made for a company: these allow the option to "disable secure boot options" at the request of the business customer. # Custom manufactured computers specifically made for a company: these allow the option to "disable secure boot options" at the request of the business customer. −</p>     −<p style="text-indent:15px">   The documentation for the UEFI firmware is required to be made available to all OS vendors. This documentation shall have all commands required for UEFI firmware updates. The currently installed OS owns the updating of the firmware. If you have a dual-boot or multi-boot system, then each OS shares ownership rights. The documentation for the UEFI firmware is required to be made available to all OS vendors. This documentation shall have all commands required for UEFI firmware updates. The currently installed OS owns the updating of the firmware. If you have a dual-boot or multi-boot system, then each OS shares ownership rights. −</p>     −<h3>The requirement to enable secure boot</h3>+=== The requirement to enable secure boot ===    −<p style="text-indent:15px">   The requirements to successfully enable secure boot mode on an OS are: The requirements to successfully enable secure boot mode on an OS are:    Line 69: Line 52:  # The boot image, kernel, and drivers must be signed using the certificate. # The boot image, kernel, and drivers must be signed using the certificate.  # Must have a TPM chip.   # Must have a TPM chip.   −</p>     −<h3>References and documents</h3>+=== References and documents ===     Uefi.org documents in PDF file format Uefi.org documents in PDF file format Line 86: Line 68:  https://www.uefi.org https://www.uefi.org    −<h3>Support history from the secure boot upgrade</h3>+=== Support history from the secure boot upgrade ===     Visit this link to see recent issues related to secure boot. Visit this link to see recent issues related to secure boot. Line 92: Line 74:  https://forums.mageia.org/en/search.php?keywords=secure+boot&fid%5B0%5D=7 https://forums.mageia.org/en/search.php?keywords=secure+boot&fid%5B0%5D=7    −<h3>Common issues with TPM</h3>+=== Common issues with TPM === −<p style="text-indent:15px">+   Dual- or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the PC, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer. Dual- or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the PC, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer. −</p>  −  −<h3>Clarification conclusion</h3>     −Again, this article will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this document when I am finished.       +=== Clarification conclusion ===    −</p>+Again, this article will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this document when I am finished. Sturmvogel
Categorías: Wiki de Mageia

User:Zeldas7777

9 Noviembre, 2024 - 04:41

← Older revision Revision as of 03:41, 9 November 2024 Line 1: Line 1:  +  +{{Multi language banner|[[User:Zeldas7777|english]] ;}}  +</noinclude><includeonly>{|style="margin-bottom: 1em; border-radius:0.2em; background-color: #2397D410; border: 0.25em solid #2397D4FF; width: auto; min-width: 32%; min-height: auto"  +|-  +|style="width: 50px;"|[[Image:{{{img|Drakconf_multiflag.png}}}|center|46px]]  +|style="solid #2397D4FF; text-align:left; vertical-align:top;"|<span style="color: #262F45; font-weight:bold;">{{{title|Secure boot clarification}}}</span><br /><span style="color: green; white-space:pre-line; line-height: 100%;"><span style="color: green; text-transform: capitalize">{{{1|{{{msg}}}}}}</span>  +|}</includeonly>  <h2 style="font-size:xx-large">'''Secure boot clarification'''</h2> <h2 style="font-size:xx-large">'''Secure boot clarification'''</h2>    Line 4: Line 11:     <p style="text-indent:15px"> <p style="text-indent:15px"> −Secure boot was created to ensure the protection of the operating system (OS). The Linux community went into panic mode when secure boot was recently upgraded. This wiki entry will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. The process of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. In general, the idea behind secure boot is to protect the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of a threat.  +Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot upgrade, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of invalid signatures.    </p> </p>    Line 10: Line 17:     <p style="text-indent:15px"> <p style="text-indent:15px"> −This document does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, it may have a Trusted Platform Module (TPM) chip, which means this document could apply to your personal computer (PC). Personal computers with TPM chip version 1.0 started to appear in 2009. This chip was soon upgraded to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM helps ensure the boot processes of your PC cannot be corrupted. If you would like to learn more about TPM, please check out the reference links below.+This document does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your personal computer (PC). Personal computers with TPM chip version 1.0 started to appear in 2009. This chip was soon upgraded to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below.  </p> </p>    Line 20: Line 27:     <p style="text-indent:15px"> <p style="text-indent:15px"> −Years ago, several root vulnerabilities in PC BIOS were exposed that allowed the booting OS to be compromised. Initially, only the bootloader was protected. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that he time had come to improve secure boot with an emphasis on making the process even more secure. This led to the need for more space to enable the storing of information for the upgraded secure boot in PC BIOS. This new requirement created the need  to allow communication between the OS, secure boot, and system BIOS. The solution was to implement Unified Extensible Firmware Interface (UEFI). This would allow the OS to receive information and update the firmware as needed. The introduction of UEFI also provided the option to enable secure boot, which verifies the security of the of the booting operating system at the same time.+ There has been several root vulnerabilities found in PC BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. UEFI decided to implement the secure boot mode in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers.  </p> </p>    Line 26: Line 33:     <p style="text-indent:15px"> <p style="text-indent:15px"> −Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in TPM module 2.0 where space has been made to include more key signatures. By default, if a key is in the "blocked" list, it will halt the computer instantly indicating that an invalid key has been detected. Secure boot mode operation is meant to validate two areas and watch one area of the OS. If any of these areas fails authentication, the system will halt instantly. This design creates a strict lockdown in the event that the bootloader, kernel, or its drivers are compromised with invalid signatures. Invalid signatures are either corrupt or missing. This presents a challenge during the development of an OS but is necessary to maintain OS security.+Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate two areas and watch one area of the OS. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS but is necessary to maintain OS security.  </p> </p>     <h3>The secure mode operation while booting</h3> <h3>The secure mode operation while booting</h3>    −Secure mode has a secure 0 tolerance with absolutely no in-between scenarios: the system is either secure or compromised. Here is how the process works.+Secure mode authenticates the system from the installed signatures. Here is how the process works.  # Validate bootloader and proceed if validated. # Validate bootloader and proceed if validated.  # Validate kernel and proceed if validated. # Validate kernel and proceed if validated. −# Validate every hardware driver while booting and halt if a signature is missing or invalid. Otherwise proceed.+# Validate every hardware driver while booting and stop if a signature is missing or invalid. Otherwise proceed.     If everything is successful, the OS will boot as expected. If everything is successful, the OS will boot as expected. Line 41: Line 48:     <p style="text-indent:15px"> <p style="text-indent:15px"> −CPU board manufacturers are required to follow government laws. This means that no company can be biased and that all OS vendors share equal rights. All manufactures have a standard to follow that is strictly monitored. We have a few types of CPU boards on the market that must comply with personal data security. Here are the following types of CPU boards that allow secure boot to be disabled and those that do not allow it.+CPU board manufacturers are required to follow fair trade laws This means that no company can be biased and that all OS vendors share equal rights. All manufactures have a standard to follow that is strictly monitored. We have a few types of CPU boards on the market that must comply with personal data security. Here are the following types of CPU boards that allow secure boot to be disabled, those that do not allow it, or made optional for custom manufactured computers.     # Personal end user home computers: these can have secure boot disabled. # Personal end user home computers: these can have secure boot disabled. −# Business to Government computers: in order to enable data security, these cannot have secure boot mode disabled.+# Business to Government computers: in order to maintain data security, these cannot have secure boot mode disabled. −# Custom manufactured computers specifically made for a company: these allow the option to "disable secure boot" at the request of the business customer.+# Custom manufactured computers specifically made for a company: these allow the option to "disable secure boot options" at the request of the business customer.  </p> </p>     <p style="text-indent:15px"> <p style="text-indent:15px"> −The documentation for the UEFI firmware is required to be made available to all OS vendors. This documentation shall have all commands required for UEFI firmware updates. The currently installed OS enables the updating of the firmware. If you have a dual-boot or multi-boot system, then each OS shares ownership rights.+The documentation for the UEFI firmware is required to be made available to all OS vendors. This documentation shall have all commands required for UEFI firmware updates. The currently installed OS owns the updating of the firmware. If you have a dual-boot or multi-boot system, then each OS shares ownership rights.  </p> </p>    Line 57: Line 64:  The requirements to successfully enable secure boot mode on an OS are: The requirements to successfully enable secure boot mode on an OS are:    −# Extended validation certificate from a signed Certificate Authority (CA) certificate signing request (CSR) and private key. You would generate this and submit to your choice of secure certificate provider. This would be meant for code signing. The EV cert must come from the domain or organization that requests it to be verified.+# Extended validation certificate from a signed Certificate Authority (CA) certificate signing request (CSR), private key, and public key. You would generate this and submit to your choice of secure certificate provider. This would be meant for code signing. The EV cert must come from the domain or organization that requests it to be verified. −# Tools developed to be used in order to sign the returned certificate. Remember that you should have all three items: a certificate, a private key (must have a strong password and be kept secure), and a public key.+# Tools developed to be used in order to use the signed certificate returned by SSL provider. Remember that you should have both the valid signed certificate, a private key (must have a strong password and be kept secure), and a public key. −# The tool must be able to install the cert and public key on computer.+# The OS must be able to install the certificate and public key on computer.  # The boot image, kernel, and drivers must be signed using the certificate. # The boot image, kernel, and drivers must be signed using the certificate. −# Must have a TPM 1.0 or later chip.+# Must have a TPM chip.    </p> </p>    Zeldas7777
Categorías: Wiki de Mageia

Grafischen Server aufsetzen-de

8 Noviembre, 2024 - 21:30

← Older revision Revision as of 20:30, 8 November 2024 Line 171: Line 171:  '''Bei Intel''' '''Bei Intel'''    export VK_ICD_FILENAMES=/usr/share/vulkan/icd.d/intel_icd.x86_64.json   export VK_ICD_FILENAMES=/usr/share/vulkan/icd.d/intel_icd.x86_64.json  +  +== Gamemode ==  +Durch Installation des Pakets {{cmd|gamemode}} können Spiele und ähnliche Anwendungen mit verschiedenen Geschwindigkeitsoptimierungen, gestartet werden.  +Manchmal erhält man nur einen kleinen Geschwindigkeitsvorteil (vor allem bei Intel und Nvidia), manchmal einen großen (zum Beispiel bei Radeon 780M) und manchmal auch negatives (zum Beispiel wenn das System im Batteriemodus betrieben wird)  +  +Verwendung: {{cmd|gamemoderun <anwendung>}}  +  +Siehe: [https://github.com/FeralInteractive/gamemode Github]     == Hybride Grafikkarten == == Hybride Grafikkarten == Psyca
Categorías: Wiki de Mageia

User:Zeldas7777

8 Noviembre, 2024 - 19:20

Mageia does not support secure boot. Check the documentation, forum and mailing lists...

← Older revision Revision as of 18:20, 8 November 2024 Line 4: Line 4:     <p style="text-indent:15px"> <p style="text-indent:15px"> −Secure boot was created to ensure the protection of the operating system (OS). We have allowed the installation and use of Mageia with secure boot enabled for years. The Linux community went into panic mode when secure boot was recently upgraded. This wiki entry will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. The process of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. In general, the idea behind secure boot is to protect the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of a threat.  +Secure boot was created to ensure the protection of the operating system (OS). The Linux community went into panic mode when secure boot was recently upgraded. This wiki entry will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. The process of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. In general, the idea behind secure boot is to protect the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of a threat.    </p> </p>    Sturmvogel
Categorías: Wiki de Mageia