Lector de Feeds

‎No X

← Older revision Revision as of 15:50, 11 November 2024 (One intermediate revision by the same user not shown)Line 2,696: Line 2,696:  mv -f /etc/inittab1 /etc/inittab mv -f /etc/inittab1 /etc/inittab  "</nowiki>}} "</nowiki>}}  +  +If you really want a minimal install without any Xorg related packaged installed, you'll have to use the following trick (works with mageia 9 and an updated grub2 package):  +{{pre|<nowiki>  'rpmsrate_flags_chosen' => {  + CAT_X => 0,  + },  +</nowiki>}}     ==== Default X ==== ==== Default X ==== Bcornec

‎No X

← Older revision Revision as of 15:50, 11 November 2024 (3 intermediate revisions by the same user not shown)Line 2,453: Line 2,453:  * [[#default_packages|default_packages]] * [[#default_packages|default_packages]]  * [[#nomouseprobe|nomouseprobe]] * [[#nomouseprobe|nomouseprobe]]  +  +=== skipped_packages ===  +  +The <b>skipped_packages</b> option is used to prevent the installation of the packages listed in this array in a regular expression form.  +  +==== Syntax ====  +  +* The <b>skipped_packages</b> option has the following general syntax:  +{{pre|<nowiki>    'skipped_packages' => [  +        '/^package1-/',  +        '/^package2-/,  +    ]</nowiki>}}  +  +==== Descriptions ====  +  +* <b>package#</b> is the name of the package you DON'T want to install.  +  +==== Examples  ====  +  +* Simple example  +{{pre|<nowiki>    'skipped_packages' => [  +        '/^kernel-desktop-/',  +    ]</nowiki>}}  +  +This will avoid the installation of the desktop kernels (typically on a server install).  +  +==== Related Options ====  +* [[#default_packages|default_packages]] option     === superuser === === superuser === Line 2,659: Line 2,687:  ==== No X ==== ==== No X ====    −For those of you who are not installing or do not want X, you can one of those solutions:+For those of you who are not installing or do not want X, you can choose one of those solutions:  * make sure that the 'X' => {...}, is not present in the {{file|auto_inst.cfg}} file. And also, make sure that you do not install any packages which have {{prog|xorg*}} as a dependancy.   * make sure that the 'X' => {...}, is not present in the {{file|auto_inst.cfg}} file. And also, make sure that you do not install any packages which have {{prog|xorg*}} as a dependancy.    * you can use the following and not worry about which packages are installed: {{pre|<nowiki>  'X' => { 'disabled' => 1 },</nowiki>}} Please note, that even though you may have installed the {{prog|xorg*}} packages, window manager packages, and /or X based applications, X will not be configured correctly. So don't forget and type startx at the command prompt ! * you can use the following and not worry about which packages are installed: {{pre|<nowiki>  'X' => { 'disabled' => 1 },</nowiki>}} Please note, that even though you may have installed the {{prog|xorg*}} packages, window manager packages, and /or X based applications, X will not be configured correctly. So don't forget and type startx at the command prompt ! Line 2,668: Line 2,696:  mv -f /etc/inittab1 /etc/inittab mv -f /etc/inittab1 /etc/inittab  "</nowiki>}} "</nowiki>}}  +  +If you really want a minimal install without any Xorg related packaged installed, you'll have to use the following trick (works with mageia 9 and an updated grub2 package):  +{{pre|<nowiki>  'rpmsrate_flags_chosen' => {  + CAT_X => 0,  + },  +</nowiki>}}     ==== Default X ==== ==== Default X ==== Bcornec

← Older revision Revision as of 01:40, 11 November 2024 (One intermediate revision by the same user not shown)Line 2,453: Line 2,453:  * [[#default_packages|default_packages]] * [[#default_packages|default_packages]]  * [[#nomouseprobe|nomouseprobe]] * [[#nomouseprobe|nomouseprobe]]  +  +=== skipped_packages ===  +  +The <b>skipped_packages</b> option is used to prevent the installation of the packages listed in this array in a regular expression form.  +  +==== Syntax ====  +  +* The <b>skipped_packages</b> option has the following general syntax:  +{{pre|<nowiki>    'skipped_packages' => [  +        '/^package1-/',  +        '/^package2-/,  +    ]</nowiki>}}  +  +==== Descriptions ====  +  +* <b>package#</b> is the name of the package you DON'T want to install.  +  +==== Examples  ====  +  +* Simple example  +{{pre|<nowiki>    'skipped_packages' => [  +        '/^kernel-desktop-/',  +    ]</nowiki>}}  +  +This will avoid the installation of the desktop kernels (typically on a server install).  +  +==== Related Options ====  +* [[#default_packages|default_packages]] option     === superuser === === superuser === Line 2,659: Line 2,687:  ==== No X ==== ==== No X ====    −For those of you who are not installing or do not want X, you can one of those solutions:+For those of you who are not installing or do not want X, you can choose one of those solutions:  * make sure that the 'X' => {...}, is not present in the {{file|auto_inst.cfg}} file. And also, make sure that you do not install any packages which have {{prog|xorg*}} as a dependancy.   * make sure that the 'X' => {...}, is not present in the {{file|auto_inst.cfg}} file. And also, make sure that you do not install any packages which have {{prog|xorg*}} as a dependancy.    * you can use the following and not worry about which packages are installed: {{pre|<nowiki>  'X' => { 'disabled' => 1 },</nowiki>}} Please note, that even though you may have installed the {{prog|xorg*}} packages, window manager packages, and /or X based applications, X will not be configured correctly. So don't forget and type startx at the command prompt ! * you can use the following and not worry about which packages are installed: {{pre|<nowiki>  'X' => { 'disabled' => 1 },</nowiki>}} Please note, that even though you may have installed the {{prog|xorg*}} packages, window manager packages, and /or X based applications, X will not be configured correctly. So don't forget and type startx at the command prompt ! Bcornec

‎Software aus externen Quellen (Nicht in Mageia enthalten)

← Older revision Revision as of 10:56, 10 November 2024 Line 1,072: Line 1,072:  | [[File:Heroic.png|25px|center]] | [[File:Heroic.png|25px|center]]  | '''[https://heroicgameslauncher.com/ Heroic Game Launcher]''' | '''[https://heroicgameslauncher.com/ Heroic Game Launcher]''' −| Heroic Game launcher Client (Siehe '''[Möglichkeiten_um_Anwendungen_zu_installieren-de#Heroic_Game_Launcher Möglichkeiten um Anwendungen zu installieren]''')+| Heroic Game launcher Client (Siehe '''[[Möglichkeiten_um_Anwendungen_zu_installieren-de#Heroic_Game_Launcher|Möglichkeiten um Anwendungen zu installieren]]''')  |- |-  | [[File:App-accessories.png|25px|center]] | [[File:App-accessories.png|25px|center]] Psyca

‎Software from external sources (Not included in Mageia): change external to internal link

← Older revision Revision as of 10:55, 10 November 2024 Line 1,066: Line 1,066:  | [[File:Heroic.png|25px|center]] | [[File:Heroic.png|25px|center]]  | '''[https://heroicgameslauncher.com/ Heroic Game Launcher]''' | '''[https://heroicgameslauncher.com/ Heroic Game Launcher]''' −| Heroic Game launcher Client (See '''[https://wiki.mageia.org/en/Ways_to_install_programs#Heroic_Game_Launcher Ways to install programs]''')+| Heroic Game launcher Client (See '''[[Ways_to_install_programs#Heroic_Game_Launcher|Ways to install programs]]''')  |- |-  | [[File:App-accessories.png|25px|center]] | [[File:App-accessories.png|25px|center]] Psyca

← Older revision Revision as of 10:54, 10 November 2024 Line 1: Line 1:  [[Category:Dokumentation]] [[Category:Dokumentation]] −{{Multi_language_banner-de|[[Liste_von_Anwendungen-de|Deutsch]] ; [[List of applications|English]] ; [[Liste_des_applications-fr|Français]] ; [[List of applications pt Br|Português do Brasil]] ;}}+{{Multi_language_banner-de|[[Liste_von_Anwendungen-de|Deutsch]] ; [[List of applications|English]] ; [[Liste_des_applications-fr|Français]] ; [[List of applications pt Br|Português do Brasil]] ; [[Lista de aplicaciones|Español]]}}     {{Introduction-de|Der Zweck dieser Seite ist die Sammlung von nützlichen Anwendungen für Desktop Nutzer. Diese kann von jedem bearbeitet werden der daran mitarbeiten möchte.}}   {{Introduction-de|Der Zweck dieser Seite ist die Sammlung von nützlichen Anwendungen für Desktop Nutzer. Diese kann von jedem bearbeitet werden der daran mitarbeiten möchte.}}   Line 6: Line 6:  = Einleitung = = Einleitung =    −Diese Liste enthält nur einen Auszug, '''sie listet nicht die gesamte Software auf, die in den offiziellen Mageia Repositorys vorhanden ist'''.+Diese Liste enthält nur einen Auszug, '''sie listet nicht die gesamte Software auf, die in den offiziellen Mageia Repositorien vorhanden sind'''.    −:* Um alle verfügbaren Pakete in den '''offiziellen Mageia Repositorys''' anzuzeigen, besuche die [https://mageia.madb.org/ Mageia App Db], die online Anwendungs- und Paketdatenbank (siehe [[SIG|Special Interest Group-SIG]] [[File:Flag-united-kingdom02.png|21px|link=]]).+:* Um alle verfügbaren Pakete in den '''offiziellen Mageia Repositorys''' anzuzeigen, besuche die [https://madb.mageia.org/ Mageia App Db], die online Anwendungs- und Paketdatenbank (siehe [[SIG|Special Interest Group-SIG]] [[File:Flag-united-kingdom02.png|21px|link=]]).     :* Du kannst auch den Mageia Paketmanager verwenden, siehe [[Installieren_und_entfernen_von_Software_für_Anfänger-de#Anwendungen_in_MCCs_Softwareverwaltung_suchen|Anwendungen in MCCs Softwareverwaltung suchen]]. :* Du kannst auch den Mageia Paketmanager verwenden, siehe [[Installieren_und_entfernen_von_Software_für_Anfänger-de#Anwendungen_in_MCCs_Softwareverwaltung_suchen|Anwendungen in MCCs Softwareverwaltung suchen]]. Line 1,069: Line 1,069:  | '''[https://earth.google.com/ Google Earth]''' | '''[https://earth.google.com/ Google Earth]'''  | Globe (See'''[https://wiki.mageia.org/en/Google_Earth Mageia Wiki Google Earth]''') | Globe (See'''[https://wiki.mageia.org/en/Google_Earth Mageia Wiki Google Earth]''')  +|-  +| [[File:Heroic.png|25px|center]]  +| '''[https://heroicgameslauncher.com/ Heroic Game Launcher]'''  +| Heroic Game launcher Client (Siehe '''[Möglichkeiten_um_Anwendungen_zu_installieren-de#Heroic_Game_Launcher Möglichkeiten um Anwendungen zu installieren]''')  |- |-  | [[File:App-accessories.png|25px|center]] | [[File:App-accessories.png|25px|center]] Psyca

← Older revision Revision as of 10:45, 10 November 2024 Line 82: Line 82:     Falls Sie ein x86_64 System verwenden und Sie auch die 32-Bit Paketquellen aktivieren wollen, führen Sie folgenden Befehl aus: Falls Sie ein x86_64 System verwenden und Sie auch die 32-Bit Paketquellen aktivieren wollen, führen Sie folgenden Befehl aus: −{{command-de|dnf config-manager --set-enabled cauldron-i686|prompt=#}}+{{command-de|dnf config-manager --set-enabled cauldron-i586|prompt=#}}     Falls Sie die nonfree und tainted Quellen einbinden möchten (Ersetzen Sie "{arch}" mit Ihrer gewünschten Architektur "x86_64" oder "i586" und "{section}" mit "nonfree" oder "tainted"): Falls Sie die nonfree und tainted Quellen einbinden möchten (Ersetzen Sie "{arch}" mit Ihrer gewünschten Architektur "x86_64" oder "i586" und "{section}" mit "nonfree" oder "tainted"): Psyca

Working on improving content making it easier to understand. Make sections more clear.

← Older revision Revision as of 20:42, 9 November 2024 Line 6: Line 6:  === Overview === === Overview ===    −Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot upgrade, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of invalid signatures.  +Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot implementation, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature stops the OS from booting upon detection of invalid signatures.       === Who this applies to === === Who this applies to ===    −This document does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your personal computer (PC). Personal computers with TPM chip version 1.0 started to appear in 2009. This chip was soon upgraded to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below.+This wiki does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your computer. Computers with a TPM chip version 1.0 started to appear in 2009. This chip was soon updated to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below.     Reference links:<br> Reference links:<br> Line 18: Line 18:  === Why the secure boot mode option was created === === Why the secure boot mode option was created ===    −There has been several root vulnerabilities found in PC BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. UEFI decided to implement the secure boot mode in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers.+Extensible Firmware Interface (EFI) was developed in the mid 1990's. In 2004, Intel released the first open source Unified Extensible Firmware Interface (UEFI) implementation. Then EFI was transitioned to Unified Extensible Firmware Interface (UEFI) in 2005. There has been several root vulnerabilities found in the computer BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. Then "Trusted Platform Module (TPM)  was developed. This was not enough and TPM was updated to make secure boot mode possible. Secure boot was implemented in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers. This affected the Linux community because the time secure boot came out limited documentation was available at the time. This is why we have so many issues with secure boot. The Linux community has been working hard on this for years now to learn and implement secure boot on the OS.       === The secure mode operation design === === The secure mode operation design ===    −Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate two areas and watch one area of the OS. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS but is necessary to maintain OS security.+Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate three areas while booting the OS. Authentication is performed by checking the bootloader, kernel, and kernel drivers on booting. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid and stops booting. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS, but is required to maintain OS security.     === The secure mode operation while booting === === The secure mode operation while booting === Line 47: Line 47:  The requirements to successfully enable secure boot mode on an OS are: The requirements to successfully enable secure boot mode on an OS are:    −# Extended validation certificate from a signed Certificate Authority (CA) certificate signing request (CSR), private key, and public key. You would generate this and submit to your choice of secure certificate provider. This would be meant for code signing. The EV cert must come from the domain or organization that requests it to be verified.+# Extended validation certificate from a signed Certificate Authority (CA) certificate signing request (CSR), private key, and public key. You would generate this and submit to your choice of secure certificate provider the required CSR and key. This would be meant for code signing. The EV cert must come from the domain or organization that requests it to be verified.  # Tools developed to be used in order to use the signed certificate returned by SSL provider. Remember that you should have both the valid signed certificate, a private key (must have a strong password and be kept secure), and a public key. # Tools developed to be used in order to use the signed certificate returned by SSL provider. Remember that you should have both the valid signed certificate, a private key (must have a strong password and be kept secure), and a public key.  # The OS must be able to install the certificate and public key on computer. # The OS must be able to install the certificate and public key on computer. Line 59: Line 59:  Uefi Information - https://uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf Uefi Information - https://uefi.org/sites/default/files/resources/UEFI_Secure_Boot_in_Modern_Computer_Security_Solutions_2013.pdf    −Microsoft KEK expiring because the certificate is expiring on 10/19/2026. This means there will be another secure boot upgrade coming for current and new computers.+Microsoft KEK expiring because the certificate is expiring on 10/19/2026. This means there will be another secure boot update coming for current and new computers.  Here is the link to the PDF document: Here is the link to the PDF document:    Line 76: Line 76:  === Common issues with TPM === === Common issues with TPM ===    −Dual- or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the PC, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer.+Dual or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the computer, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer. −       === Clarification conclusion === === Clarification conclusion ===    −Again, this article will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this document when I am finished.+Again, this article will hopefully bring some clarity to the confusion caused by the secure boot updates and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this wiki when I am finished. Zeldas7777

You need to follow the wiki creation guidelines

← Older revision Revision as of 09:55, 9 November 2024 Line 1: Line 1:     {{Multi language banner|[[User:Zeldas7777|english]] ;}} {{Multi language banner|[[User:Zeldas7777|english]] ;}} −</noinclude><includeonly>{|style="margin-bottom: 1em; border-radius:0.2em; background-color: #2397D410; border: 0.25em solid #2397D4FF; width: auto; min-width: 32%; min-height: auto"  −|-  −|style="width: 50px;"|[[Image:{{{img|Drakconf_multiflag.png}}}|center|46px]]  −|style="solid #2397D4FF; text-align:left; vertical-align:top;"|<span style="color: #262F45; font-weight:bold;">{{{title|Secure boot clarification}}}</span><br /><span style="color: green; white-space:pre-line; line-height: 100%;"><span style="color: green; text-transform: capitalize">{{{1|{{{msg}}}}}}</span>  −|}</includeonly>  −<h2 style="font-size:xx-large">'''Secure boot clarification'''</h2>     −<h3>Overview</h3>+= Secure boot clarification =  +   +=== Overview ===    −<p style="text-indent:15px">   Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot upgrade, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of invalid signatures.   Secure boot was created to ensure the protection of the operating system (OS). The Linux community did not like the secure boot upgrade. The end user would have to disable secure boot then install Linux. The reason was because the computers did not have the TPM Linux distribution signatures installed in the computer before manufacturing the computers. The Linux distribution developers would have to sign the bootloader, kernel, and drivers. This also created the need for more documentation for computers without Linux distribution signatures to successfully install Linux distribution. This wiki entry will hopefully bring some clarity from users in the Linux community on the secure boot upgrade, and it's impact on Linux. The purpose of enabling secure boot is to ensure the OS is secure from rootkits, keyloggers, and malware. The secure boot is for protecting the end user from any threats to security and/or privacy. The secure boot feature disables the OS immediately upon detection of invalid signatures.   −</p>     −<h3>Who this applies to</h3>+=== Who this applies to ===    −<p style="text-indent:15px">   This document does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your personal computer (PC). Personal computers with TPM chip version 1.0 started to appear in 2009. This chip was soon upgraded to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below. This document does not apply to your computer if it was manufactured before 2009. If your computer was manufactured in 2009 or later, You may have a Trusted Platform Module (TPM) chip. This wiki can apply to your personal computer (PC). Personal computers with TPM chip version 1.0 started to appear in 2009. This chip was soon upgraded to TPM version 1.1 in 2011. The next major update to TPM chips was version 2.0, which came out in 2014. This has been considered the new standard since 2016. The TPM chip does ensure the boot processes of your PC cannot be modified without your knowledge. If you would like to learn more about TPM, please check out the reference links below. −</p>      Reference links:<br> Reference links:<br> Line 24: Line 16:  Wikipedia - https://en.wikipedia.org/wiki/Trusted_Platform_Module<br> Wikipedia - https://en.wikipedia.org/wiki/Trusted_Platform_Module<br>    −<h3>Why the secure boot mode option was created</h3>+=== Why the secure boot mode option was created ===    −<p style="text-indent:15px">+There has been several root vulnerabilities found in PC BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. UEFI decided to implement the secure boot mode in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers. − There has been several root vulnerabilities found in PC BIOS that were exposed that allowed the booting OS to be compromised. This left the OS kernel and hardware drivers exposed. Eventually, even more vulnerabilities to the system were discovered making it hard to keep OS secure and protected from exploits. It was clear that the time had come to improve upon the Unified Extensible Firmware Interface (UEFI) with emphasis on making the process even more secure. UEFI decided to implement the secure boot mode in the BIOS using the TPM chip. This would allow authentication of the OS from signed bootloader, kernel, and drivers.  −</p>     −<h3>The secure mode operation design</h3>+=== The secure mode operation design ===    −<p style="text-indent:15px">   Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate two areas and watch one area of the OS. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS but is necessary to maintain OS security. Secure boot mode is designed to authenticate the OS from a list of authorized operating systems in the TPM chip. By default, if a signature is in the "blocked" list, The computer will stop booting indicating that an invalid signature has been detected. Secure boot mode operation is meant to validate two areas and watch one area of the OS. If any of these areas fails authentication, the system will stop booting. This design creates a secure boot environment. If the bootloader, kernel, or its drivers are modified the signature is marked invalid. The Invalid signatures are also installed when firmware updates the UEFI firmware. Any OS without a valid signature is also blocked. This presents a challenge during the development of an OS but is necessary to maintain OS security. −</p>     −<h3>The secure mode operation while booting</h3>+=== The secure mode operation while booting ===     Secure mode authenticates the system from the installed signatures. Here is how the process works. Secure mode authenticates the system from the installed signatures. Here is how the process works. Line 45: Line 33:  If everything is successful, the OS will boot as expected. If everything is successful, the OS will boot as expected.    −<h3>CPU board manufacturer requirements</h3>+=== CPU board manufacturer requirements ===    −<p style="text-indent:15px">   CPU board manufacturers are required to follow fair trade laws This means that no company can be biased and that all OS vendors share equal rights. All manufactures have a standard to follow that is strictly monitored. We have a few types of CPU boards on the market that must comply with personal data security. Here are the following types of CPU boards that allow secure boot to be disabled, those that do not allow it, or made optional for custom manufactured computers. CPU board manufacturers are required to follow fair trade laws This means that no company can be biased and that all OS vendors share equal rights. All manufactures have a standard to follow that is strictly monitored. We have a few types of CPU boards on the market that must comply with personal data security. Here are the following types of CPU boards that allow secure boot to be disabled, those that do not allow it, or made optional for custom manufactured computers.    Line 53: Line 40:  # Business to Government computers: in order to maintain data security, these cannot have secure boot mode disabled. # Business to Government computers: in order to maintain data security, these cannot have secure boot mode disabled.  # Custom manufactured computers specifically made for a company: these allow the option to "disable secure boot options" at the request of the business customer. # Custom manufactured computers specifically made for a company: these allow the option to "disable secure boot options" at the request of the business customer. −</p>     −<p style="text-indent:15px">   The documentation for the UEFI firmware is required to be made available to all OS vendors. This documentation shall have all commands required for UEFI firmware updates. The currently installed OS owns the updating of the firmware. If you have a dual-boot or multi-boot system, then each OS shares ownership rights. The documentation for the UEFI firmware is required to be made available to all OS vendors. This documentation shall have all commands required for UEFI firmware updates. The currently installed OS owns the updating of the firmware. If you have a dual-boot or multi-boot system, then each OS shares ownership rights. −</p>     −<h3>The requirement to enable secure boot</h3>+=== The requirement to enable secure boot ===    −<p style="text-indent:15px">   The requirements to successfully enable secure boot mode on an OS are: The requirements to successfully enable secure boot mode on an OS are:    Line 69: Line 52:  # The boot image, kernel, and drivers must be signed using the certificate. # The boot image, kernel, and drivers must be signed using the certificate.  # Must have a TPM chip.   # Must have a TPM chip.   −</p>     −<h3>References and documents</h3>+=== References and documents ===     Uefi.org documents in PDF file format Uefi.org documents in PDF file format Line 86: Line 68:  https://www.uefi.org https://www.uefi.org    −<h3>Support history from the secure boot upgrade</h3>+=== Support history from the secure boot upgrade ===     Visit this link to see recent issues related to secure boot. Visit this link to see recent issues related to secure boot. Line 92: Line 74:  https://forums.mageia.org/en/search.php?keywords=secure+boot&fid%5B0%5D=7 https://forums.mageia.org/en/search.php?keywords=secure+boot&fid%5B0%5D=7    −<h3>Common issues with TPM</h3>+=== Common issues with TPM === −<p style="text-indent:15px">+   Dual- or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the PC, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer. Dual- or multi-boot is harder to work with when you want to boot Windows and Linux. This can be even harder for Windows, Linux, and another OS. If the Linux distro does not support secure boot enabled and you have the TPM on the PC, you would need to enable legacy mode and disable secure boot. This is the only way to dual or multi boot with Windows. This will slow down the boot process and disable all BIOS protection. This will also disable any hardware improved features until the OS has booted. Remember that, if you need this kind of environment, you will need to reinstall Windows and any other operating systems you wish to dual or multi boot. This method is not recommended as it will open a security risk of having malware infecting or modifying your computer. −</p>  −  −<h3>Clarification conclusion</h3>     −Again, this article will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this document when I am finished.       +=== Clarification conclusion ===    −</p>+Again, this article will hopefully bring some clarity to the confusion caused by the secure boot upgrade and its impact on Linux. I hope you learned the importance of the secure boot and why we need it. We need to maintain stable and secure Linux distributions for all users. I will be creating a "How to" and linking it to this document when I am finished. Sturmvogel

Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-9143 Description Invalid low-level GF(2^m) parameters can lead to an OOB memory access. (CVE-2024-9143) References

• https://bugs.mageia.org/show_bug.cgi?id=33736
• https://openssl-library.org/news/secadv/20241016.txt
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9143

SRPMS 9/core

• quictls-3.0.15-1.1.mga9

Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-45508 , CVE-2024-46478 Description HTMLDOC before 1.9.19 has an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node. (CVE-2024-45508) HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681. (CVE-2024-46478) References

• https://bugs.mageia.org/show_bug.cgi?id=33737
• https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/RNU4P4P7ZCF5TYOAPMGGBX2KSE6IHZFT/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45508
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-46478

SRPMS 9/core

• htmldoc-1.9.15-3.1.mga9

Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-41311 Description In Libheif, insufficient checks in ImageOverlay::parse() while decoding a HEIF file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. (CVE-2024-41311) References

• https://bugs.mageia.org/show_bug.cgi?id=33662
• https://ubuntu.com/security/notices/USN-7082-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41311

SRPMS 9/tainted

• libheif-1.16.2-1.2.mga9.tainted

9/core

• libheif-1.16.2-1.2.mga9

Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-49767 Description Werkzeug is a Web Server Gateway Interface web application library. Applications using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug prior to 3.0.6 to parsing `multipart/form-data` requests (e.g. all flask applications) are vulnerable to a relatively simple but effective resource exhaustion (denial of service) attack. A specifically crafted form submission request can cause the parser to allocate and block 3 to 8 times the upload size in main memory. There is no upper limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds. Werkzeug version 3.0.6 fixes this issue. References

• https://bugs.mageia.org/show_bug.cgi?id=33732
• https://ubuntu.com/security/notices/USN-7093-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49767

SRPMS 9/core

• python-werkzeug-3.0.6-1.mga9

Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10458 , CVE-2024-10459 , CVE-2024-10460 , CVE-2024-10461 , CVE-2024-10462 , CVE-2024-10463 , CVE-2024-10464 , CVE-2024-10465 , CVE-2024-10466 , CVE-2024-10467 Description Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response. (CVE-2024-10461) Origin of permission prompt could be spoofed by long URL. (CVE-2024-10462) Cross origin video frame leak. (CVE-2024-10463) History interface could have been used to cause a Denial of Service condition in the browser. (CVE-2024-10464) Clipboard "paste" button persisted across tabs. (CVE-2024-10465) DOM push subscription message could hang Firefox. (CVE-2024-10466) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. (CVE-2024-10467) References

• https://bugs.mageia.org/show_bug.cgi?id=33714
• https://www.thunderbird.net/en-US/thunderbird/128.3.3esr/releasenotes/
• https://www.thunderbird.net/en-US/thunderbird/128.4.0esr/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-58/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10458
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10459
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10460
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10461
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10462
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10463
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10464
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10465
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10466
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10467

SRPMS 9/core

• thunderbird-128.4.0-1.mga9
• thunderbird-l10n-128.4.0-1.mga9

Publication date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-10458 , CVE-2024-10459 , CVE-2024-10460 , CVE-2024-10461 , CVE-2024-10462 , CVE-2024-10463 , CVE-2024-10464 , CVE-2024-10465 , CVE-2024-10466 , CVE-2024-10467 Description Permission leak via embed or object elements. (CVE-2024-10458) Use-after-free in layout with accessibility. (CVE-2024-10459) Confusing display of origin for external protocol handler prompt. (CVE-2024-10460) XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response. (CVE-2024-10461) Origin of permission prompt could be spoofed by long URL. (CVE-2024-10462) Cross origin video frame leak. (CVE-2024-10463) History interface could have been used to cause a Denial of Service condition in the browser. (CVE-2024-10464) Clipboard "paste" button persisted across tabs. (CVE-2024-10465) DOM push subscription message could hang Firefox. (CVE-2024-10466) Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4. (CVE-2024-10467) References

• https://bugs.mageia.org/show_bug.cgi?id=33713
• https://www.mozilla.org/en-US/firefox/128.4.0/releasenotes/
• https://www.mozilla.org/en-US/security/advisories/mfsa2024-56/
• https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_106.html#mozilla-projects-nss-nss-3-106-release-notes
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10458
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10459
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10460
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10461
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10462
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10463
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10464
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10465
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10466
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10467

SRPMS 9/core

• nspr-4.36-1.mga9
• nss-3.106.0-1.mga9
• firefox-128.4.0-1.mga9
• firefox-l10n-128.4.0-1.mga9
• rust-1.76.0-3.mga9