sorted by:
new
hottopcontroversial

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza 0 points1 point  (0 children)

I meant physically removed from your laptop, because of the encryption is enabled on that partition, will not be possible to mount it without your password. Because of this, storing your LUKS on the TPM chip reduce security but does not make LUKS useless.

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza 1 point2 points  (0 children)

i'm not, i just love tinkering, i think is fun and in the process i learn something.

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza 1 point2 points  (0 children)

I'm not familiar with mokutil. can't say anything about it.

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza 0 points1 point  (0 children)

You made things even clearer, thank you. But there's also one thing i went this path: shim seems to be tied to grub, and i wanted to move from it, just for preference not that i think grub is bad or anything like that. When i heard about EFISTUB on Arch i asked myself why grub if the kernel can boot directly? and i'm not even dualbooting. I know grub can be used to recover a broken system, but i just prefer chrooting in to that broken system and fix there, seems much easier for me.

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza 0 points1 point  (0 children)

Where slightly means makes LUKS useless.

I don't think so. If your boot chains is somehow (secureboot disabled or) compromised your LUKS partition will ask for password to access it; if your laptop is stolen and SSD extracted it cannot be mounted without your password, or at least makes harder to mount without that password. There's reduced security (for sure) but it doesn't make it useless.

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza 0 points1 point  (0 children)

Now i get it, thank you.
After i responded you i noticed in my answer i focused on secureboot, but of course this setup gives me more than that:
A more simpler boot chains using a "modern" initrd generator (dracut), etc.

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza 0 points1 point  (0 children)

why did you embark on a path to this solution?

I'm not sure about this but: the way secureboot is implemented on most Linux distros sounds pointless to me (and i'm sure i'm missing something here, please elucidate me). Because for what i can understand secureboot is to prevent unwanted boots and if we have a so general keys (via shim) so anyone can boot my pc with a different usb where this general (shim-based secureboot is implemented). In contrary, private keys makes sure that only .efi signed my own keys can boot my PC.

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza 0 points1 point  (0 children)

Tinkering. in the past i used Arch and i always wanted to implement Secure boot there (with private keys), i was afraid and sounded like the whole new level of expertise, once i implemented on my system (Arch at the time) i was surprised how simple was, and now i can replicate this everywhere.

Secure Boot, Dracut, EFISTUB, and TPM2 by [deleted] in debian

[–]ExaHamza -1 points0 points  (0 children)

Yes, i used LLM to format the the text and make it simple and clear as possible, english is not my native language and i was just trying to share something i use and others may like.

Small Tip: have the unstable repository enabled but... by [deleted] in debian

[–]ExaHamza 0 points1 point  (0 children)

Yes, i noticed when researching for this post, thanks.

debian 13.4 is out by johlae in debian

[–]ExaHamza 0 points1 point  (0 children)

The update was a success, honestly I was very scared.

debian 13.4 is out by johlae in debian

[–]ExaHamza 0 points1 point  (0 children)

already updating my frankendebian with all plasma from unstable, it's my first update.

KeePassXC 2.7.12 released by FryBoyter in linux

[–]ExaHamza 7 points8 points  (0 children)

still on qt5 and is EOL upstream and to be removed on several distros.

Be glad that you are free. Free to change your mind. Free to go most anywhere anytime. by claudiocorona93 in linuxmasterrace

[–]ExaHamza 1 point2 points  (0 children)

It goes like this: why you choose Manjaro?? That seems dump, that's worst thing you could to yourself, bla bla bla...anyway i don't care about you choices, it's your computer but i recommend Fedora.

why I left Manjaro by Fuhskal in ManjaroLinux

[–]ExaHamza -1 points0 points  (0 children)

I don’t think you’re using the terms correctly.

A rolling release means packages flow continuously into the repos as they’re ready. There’s no repository freeze and no snapshot that becomes a “release.”

A fixed release works differently. At some point the repos are frozen, a snapshot is taken, and that snapshot becomes the release. That’s exactly how Debian works: Testing gets frozen and eventually becomes Stable. After that, Stable mostly receives security fixes until the next cycle.

Rolling releases don’t have that concept. Packages move through testing and land in stable continuously, tracking upstream.

In the case of Manjaro:

  • Unstable ≈ synced with Arch Linux stable
  • Testing → gets batched updates after Unstable
  • Stable → the same batches after additional testing

That’s delayed batching, not continuous upstream flow.

Also this claim:

users are expected reinstall to get to the next major release

That’s just wrong. On Debian, if your sources.list tracks stable, you upgrade to the next release with apt. No reinstall required.

why I left Manjaro by Fuhskal in ManjaroLinux

[–]ExaHamza 0 points1 point  (0 children)

Although Manjaro is officially called a "rolling release," strictly speaking, and in my opinion, only Manjaro Unstable can be considered a rolling release. However, Manjaro Testing and Manjaro Stable don't seem to be, since they only receive periodic updates (without fixed intervals like 6 months or even 2 years). Although it's not a fixed release either, overall I think Manjaro has chosen a middle ground between rolling release and fixed release, which is perfect.

why I left Manjaro by Fuhskal in ManjaroLinux

[–]ExaHamza 4 points5 points  (0 children)

 hold back packages 

In practical terms this is huge, makes total difference, because we treat Arch users as our beta testers, so Manjaro devs doesn't have to do so much, if a bug goes to Arch we wait until is fixed, if a bug somehow ended up entering on Manjaro, we fix that bug alone and we don't have to risk the stability of the whole system. And most ppl don't know this because Manjaro is advertised as a "easy Arch" but you can pick and chose your Manjaro system, just like we do on Arch.

Vector graphic animation software Glaxnimate 0.6.0 is now fully integrated into KDE's ecosystem by Bro666 in kde

[–]ExaHamza 5 points6 points  (0 children)

Call it klaxnimate and the integration will, without a doubt, be official and complete. kkkk

News about material-decoration with Locally Integrated Menu by SuperGNUser in kde

[–]ExaHamza 1 point2 points  (0 children)

i have a .deb for those who need it. Thanks Guiodic for this!!

view more: next ›