Once there's an upload we'll give it a thorough testing. 
Works out of the box on ubuntu 18.04
Ubuntu is installed without UEFI so Elive alongside should be no problem.
The Live system should correctly boot with Secure Boot (some few computers has it forced), so its a good thing to enable it in the bios to test the correct boot of Elive with 
, also it should have an UEFI structure to boot (also important to test, so no legacy boot, just UEFI)
What is not yet implemented is the UEFI boot structure for the installed system, but should be not hard to implement (in the installer), Secure Boot too, but I assume that secure boot should directly work by default since the dependencies includes it and the kernel is signed too
1 Like
I must say, secure is the most crappy thing ever made! (after windows), and of course who invented it? windows...
As we know, its a strategical step by microsoft to monopolice (even more??), allowing to boot only systems that they decided to boot (or that you pay for them to authorize / sign your system to boot), this is purely nonsense shit with beautiful marketing words, because yeah, you can boot a signed bootloader and a signed kernel, then you are in the OS where you can have any application that can run as root, are all these applications signed? no, but they have full root access, so: nonsense crap
Why this is bad? because it makes the life much difficult, to integrate this is very much difficult, after so many years it is not yet so well supported and the tools (like live systems creation) are not yet well integrated
Even worse: we cannot have a customized kernel, Elive cannot make a kernel with special options and not including the reiser4 support too, nor aufs too which supports multilayers, because they are modules not signed by the kernel
So we want secure boot in order to be able to boot in computers that has strictly this option set (some few ones, this option cannot be disabled if im not wrong), while we will lack extra possibilities
Another problem: with Secure boot you cannot use virtualbox, because it needs to build a kernel module, here's a ticket link
Same problem with nvidia drivers and any other module built in your machine
So: secure boot is EVIL ! We would like to have it but... we really want? (losing those features?)
Personally I don't care about secure boot. Those times I used it, it only caused problems (tho never with Oracle Vbox) and if I can circumvent it so can any attacker that has physical access to my gear. Essentially I'm all for keeping our freedom and kicking secure boot....we need that customized kernel.
If I understand the link correctly, one will get bitten due to different keys when adding 3rd party changes/modules. That's much [security] ado about nothing IMHO but I suspect there are -Windows_dual_boot- users who will demand secure boot, whether they need it or not.
Like corporate EULAs and DRM: This isn't security it's user harassment, to make it quite clear that users aren't really worthy of the product, let alone to own or modify it. 
1 Like
I must confess that that i have very small knowledget about secureboot, but I just vomited this brainstorming stuff, I think that you may enjoy reading it @triantares SecureBoot, and the paradox of the biggest rotten shit by Microsoft
Don't mean to be distracting but this is kind of an interesting read:
https[colon]//libreboot[dot]org/faq[dot]html#intel
Search for the part titled: "Why is the latest Intel hardware unsupported in libreboot?"
If support was maintained for using an open source bios that could make things easier.
I'm not very familiar with it either, but just thinking about it...
You could try finding someone to reverse some of the binary blobs & maybe strip out, replace, or attempt a man-in-the-middle attack (maybe try and force expire the cert or see if there's any way to take over ownership from a local/exploit/dumping perspective?).
You would just have to do what Microsoft does & make it a closed source proprietary system to Elive, where if they wanted to take you to court, they have to prove that you used their code & the only way to prove it is "reverse it" which is illegal; shouldn't hold up.
Much of this is said with not 100% seriousness, the hope is that it could spark an idea, or assist with confirmation of a decision.
The other thing to think about is limiting support to specific hardware types.
My experience installing 3.7.3 on my Lenovo X1 carbon with Ubuntu and Elive 3.7.1 previously installed in legacy mode (dos partition table). I Installed using options offered by the the installer like any newcomer would.
-
installer asks update 3.7.1 --- No
2)partition disk? ---- No, already partitioned
3)select partition for / ---- OK, choose previous btrfs for 3.7.1 -
You need gpt boot partition > 200mb ---- F*ck !
Hit cancel and restart Install to create some space. Actually we need a "Back" button IMHO.
.......
-
Same as before
-
partioner? --- OK, open gparted.
-
create /boot (ext4) 280Mb
4)select / --- OK
5)select /boot --- OK
6)select /home --- OK
7)You need 200Mb EFI partition ------ gaaaaaahhhh !!
--- I subsequently hit Cancel again, to start over again.
But: Installer simply continues without EFI partition. WTF?? 
8) GRUB reports problem due to BIOS type partition but all moves on.
9) Congrats, Elive is installed
After which a reboot has Elive grub and boots just fine... Next time I'll hit OK at point 7 to see what that gives.
Other than some shutdown problems (watchdog after shitty suspend) most gripes are Desktop gripes and IMO for a separate thread.
we can't, the installer is procedural in progressing "steps"
so it asks for the needed partitions but if you don't have all the needed ones, you must repartition, yeah
im confused, it should ask for GPT BIOS partition OR for an EFI partition, not both
the first one is needed for setups like "legacy boot + gpt disk", the second one is needed for "efi boot"
this means that you booted on legacy mode, not efi... it should not asks you for an efi partition at all 
if is really the case, sometihng in the installer must be fixed.. but try that with 3.7.4 first, so there have been many changes on the installer too
It really asked again, I'm sure.
Will do, this weekend. 
You are right about gpt (secure boot was disabled) it will not start "enabled" due to missing verification key.
if still happens on 3.7.4 tell me your details so i can do a test in vbox and fix it:
- booted on efi or legacy?
- disk is in gpt or msdos?
- version of elive?
- which type of installation ? (manual partitioning ?)
1 Like
Reiser4 doesn't seems to be a so end-user's option, except for the compression (which btrfs also has, but btrfs is dangerous)
Do we shall sacrifice reiser4 support in order to have secure-boot enabled ?
Note: you can still use reiser4 partitions as long you have the elive *-unsigned kernel installed
Frankly, due to the upgrading stuff I have ext4 all over the place so actually do not miss reiser4.
On top: Most newcomers from elsewhere simply expect secure-boot to work and most dual booters with Win will feel unsecure, turning it off.
Let's just wait and see what reiser4 develops into and let the hardcore users install the unsigned kernel.
Hello!
I used to use ext4, but will use reiser4 at least for Elive / ...
For me, so said secure boot is quite a blob, and now, if for a weird reason, I have to use something enslaved by bilou loosedows, it will be via Wine, ReactOS, or an image with VirtualBox (or ReactOS on VBox)...
A little side subject, security wise: I'm not right at this point immediately, but what about using a free bios, as Coreboot, Libreboot, or so? I imagine that it can't be a problem for Elive to deal with that? The easiest way here is to fit a "grub bios", so it should be trait forward, if I'm not wrong? I didn't learn that all for now but thinking about it... One of the distrib' most in this way for now seems to be Trisquel (for exemple)...
Salutations!
Not all hardware is supported by those. The last time I looked, only my lenovo old X60 (currently my webserver) was an option.
Hi!
@triantares: Yes, I know! Perhaps your X1? Some good laptop ones are Thinkpad's X2xx series.... 
But even if open bios are still not a 100% solution, it comes as a good secure step...
Salutations!
AFAIK, is that Linux doesn't even require that much BIOS. In fact not much more than an eprom booting up and handing over to the OS.
You're a Ch'ti? 
1 Like
@triantares: 1. Yep! 2. Not exactly! "bilou" is not "Biloute" , and is the nick name, at least in French, of "bill for the gates to hell of windown$" thief & slave driver slave... One can be very nice where the other worth Inferno!!!
2 Likes
How instal elvin when bios is infekted rotkit or malware ?
Lenovo x220
How secure after infected ?
Not sure what you mean there but ...... if you don't trust your BIOS just flash a new one on the x220. Great opportunity to upgrade to the latest and greatest available from Lenovo. 
The latest is version 1.46 ... take a look here:
https://support.lenovo.com/nl/en/downloads/ds018805