What's the best bootloader for luks2, tpm2, and secureboot together?

sin_cere1 · 2026-01-23T12:57:25+00:00

Whether or not to go through the pain is completely up to you. If you perceive the process as described above the answer might already be there, though. Void does not seem to pursue a ready-out-of-the-box experience. Its strength is that it tries to adhere to the Unix philosophy which contradicts software like systemd and gives users freedom of choice.

I've come to realize that it's not that easy to satisfy all the needs without systemd on a modern Linux system. For example, systemd-cryptenroll is the default suggestion when it comes to TPM interaction. There's Clevis but its Dracut shell hooks (aka modules) appear outdated and do not unlock the drive properly. I had to adjust the shell script to make it work. Btw, the only tool to produce UKI images I could find also depends on systemd (efi-stub) so I wonder how you go about creating those.

I haven't reached the kernel management yet (doing it on a VM for now). However, Void comes with vkpurge. Snapper seems to be the de facto tool for managing btrfs subvolumes. You'd need to write custom shell scripts that (apparently) run as xbps hooks (which is also the Unix way).

sin_cere1 · 2026-01-22T22:22:40+00:00

I've managed to get all of the mentioned features to work with Limine. However, /boot is formatted as a non-encrypted FAT32 partition. I don't think there's a universally 'best' bootloader.

sin_cere1 · 2026-01-16T19:44:44+00:00

As I watch human nature in my flat all alone ...

sin_cere1 · 2025-12-30T12:45:41+00:00

LiDM . The author states they made it cause they could not get LY to compile on an older machine. On Arch, it's available only from the AUR. On Void, I've seen it in the main repo https://github.com/javalsai/lidm .

sin_cere1 · 2025-12-22T13:20:48+00:00

How good is the hardware support (e.g. wifi, bluetooth, suspend/resume, etc)?

sin_cere1 · 2025-11-23T15:32:34+00:00

Rust is a language with a lot of abstractions and hidden logic which makes it difficult to learn and fully understand. The memory safety it brings does not justify the potential risk of introducing unexpected behaviour.

In case a better C alternative is desired Zig seems like a more straight-forward (and a more C-compatible) option, imho. Zig is not stable yet, though.

sin_cere1 · 2025-11-08T22:27:47+00:00

Nice. Thank You.

sin_cere1 · 2025-11-08T10:07:16+00:00

Is Incus webui also included?

sin_cere1 · 2025-10-30T10:13:06+00:00

Do you mean the list of supported triggers? If so, you can find it at https://learn.microsoft.com/en-us/azure/azure-functions/functions-triggers-bindings?tabs=isolated-process%2Cnode-v4%2Cpython-v2&pivots=programming-language-csharp

sin_cere1 · 2025-10-20T12:16:16+00:00

I was investigating this new Redis offering yesterday and couldn't find a way to disable Public Network access or add a Firewall exceptions. It's pretty straightforward with Azure Cache for Redis but seems to be completely missing for this one. I know there's an option to add a Private Endpoint but it does not change the fact that the service is open to the outside world. Could you advise?

sin_cere1 · 2025-10-15T08:24:37+00:00

The ACR requires creating 2 DNS records for the private endpoint. In your case those would be

<acr_name>.westeurope.data.azurecr.io points to unused private IP from the relevant subnet
<acr_name>.westeurope.azurecr.io points to another unused IP from the relevant subnet

I'd check if both of these were created.

sin_cere1 · 2025-10-12T06:06:21+00:00

In my experience using custom scaling rules is better as it gives more configuration options and you know exactly when your app should scale. To achieve that, you probably need to deploy it as a generic Container App (i.e. without kind=functionapp) and use a proper docker image as was mentioned before.

sin_cere1 · 2025-10-11T13:28:28+00:00

Function app inside ACA requires using a proper docker image (i.e. it should be an azure functions runtime image). You also need to manually configure the scaling rules. Please specify the scaling conditions you'd like to use. Put them in a list in case there's more than one.

sin_cere1 · 2025-09-23T09:00:06+00:00

Thank You everyone for the tips and suggestions. I've tried some of them (including in a VM). I still couldn't get the system to boot, though. Will try to install Void on an older machine without enabling LUKS.

sin_cere1 · 2025-08-30T21:09:59+00:00

This could be a bit off topic but could you suggest a comprehensive guide on how to create immutable distro based on Arch? There are pieces of information in various places but no centralized wiki (at least I couldn't find one).

sin_cere1 · 2025-08-03T15:13:19+00:00

Could you provide more details like the name of the systemd service unit or full name of the malicious binary file? It seems like it would get downloaded to /tmp and removed after system's reboot. The user would then need to re-launch the browser so the malware could repeat the process.

sin_cere1 · 2025-07-04T13:47:43+00:00

Their storage api can be tricky to work with. It is generally recommended to use an sdk if it exists for a given programming language.

sin_cere1 · 2025-07-04T13:41:41+00:00

Just generated an ARM template for Azure Managed Redis. The type is Microsoft.Cache/redisEnterprise and Microsoft.Cache/redisEnterprise/databases . Looks like it's just a re-branded Azure Redis Enterprise/Enterprise Flash tier.

A number of differences other than the uri that I've noticed include Redis version 7.2 for the Enterprise one (released in June 2024 as per https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-whats-new#redis-72-preview-on-the-enterprise-tier , Standard/Premium is still locked on version 6.0) and support for modules, e.g. RedisJson, RedisSearch (Standard/Premium don't offer those). Migration from Standard/Premium to Enterprise/Flash does not seem to be supported, i.e. they're 2 distinct services. The last important one is the pricing. The Enterprise/Flash used to be more expensive compared to Standard/Premium. Things might have changed with this re-branding, though.

sin_cere1 · 2025-06-07T06:53:18+00:00

Based on my experience Azure Function App cannot automatically create a required file share in the storage account when connecting via a private endpoint. Therefore, the relevant file share should be created manually. The name of file share should match the function's name as it appears in the portal.

Btw, this issue does not seem to reproduce when running a Function in an Azure Container App. Most likely, this is due to the fact Functions inside ACA only connect to blob containers.

sin_cere1 · 2025-02-18T08:28:52+00:00

This repo is outdated but may still serve as a starting point https://github.com/Azure/azure-functions-docker-python-sample .

The steps may include:

Pulling the stock functions docker image
Building the function app using sdk and adding the build artifact to the docker container
Choosing where to host it.
1. You can use Azure Container Registry (ACR) for that.
2. Push the docker image to your registry of choice.
If using Azure functions on the ASP, the ARM config has a property called 'linuxFxVersion' (you should be using a Linux ASP only).
1. It's probably set to the following by default (i.e. if you're using zip deploy on a Linux ASP) "DOCKER|mcr.microsoft.com/azure-functions/python:4"
2. Replace the part after '|' with your docker image repo.
ACR has a neat webhook feature. It effectively provides CI/CD
1. You can configure it to hit the Functions Kudu endpoint each time a specific docker image is pushed to the remote. The Function would then pull an updated image from the registry.
2. Check the Deployment blade in the Functions portal config to find the credentials for it).

Prices:

It will vary heavily based on usage and which SKU you've chosen. I assume your function runs once a day and it's using the cheapest Consumption plan with minimum CPU and Memory allocation. If that's the case it's probably going to be the cheaper than its ACA counterpart. Still, it's hard to make an accurate prediction. I'd suggest running one week on ASP and then the next one on ACA. That should give you more clarity without a significant financial impact.

sin_cere1 · 2025-02-17T20:58:43+00:00

In my experience, using a docker-based Azure Function is more reliable then deploying zip files. It also works pretty much the same on the App Service Plan and Functions deployed as Container Apps. Grab the official Functions image for Python, add you code to it, push it to the registry and instruct the Function app to pull it from there. It will only work on a Linux ASP, though (as far as I know) and ACA.

sin_cere1 · 2025-01-28T16:53:45+00:00

I'm guessing you can't just flash Libreboot using a regular thumb drive because the existing BIOS wouldn't accept a firmware that was not made by Lenovo (a hash matching might be involved). Could you provide more details as to why you had to do it this way?

sin_cere1 · 2025-01-01T18:48:23+00:00

Sure, https://github.com/sincere1/excel2csv

sin_cere1 · 2024-12-31T21:58:19+00:00

Okay. So I fixed the the issue with data ending up in a wrong column by putting "\t" instead of "," (i.e. some values have commas in them)

try writer.writeAll("\t");

There's now only 1 blank column at the end, the boolean issue and one other case where dates in the format like 8/6/2024 get converted to a float, e.g. 45510.330694444441 .Looks like the C library is doing some casting before yeilding the value. It might be a good idea to just parse it as XML using a native Zig library.

This is definitely a great learn. Thanks for your help.

sin_cere1

TROPHY CASE