Trisquel 8 codename "Flidas" Release Candidate is ready for testing
- Login o registrati per inviare commenti
Hm? But this is what you said:
"With the exception of Secure Boot, which requires Microsoft to sign stuff for the project so it can be trusted."
Since when does Secure Boot require Microsoft's approval? That sounds like a version of Restricted Boot.
"Since when does Secure Boot require Microsoft's approval? That sounds like a version of Restricted Boot."
This is too simplistic of a view. Allow me to explain then. I'll copy various things from Matthew Garrett's blog at https://mjg59.dreamwidth.org here.
Starting from scratch...
"Secure Boot means different things to different people. I think the FSF's definition is a useful one - Secure Boot is any boot validation scheme in which ultimate control is in the hands of the owner of the device, while Restricted Boot is any boot validation scheme in which ultimate control is in the hands of a third party. What Microsoft require for x86 Windows 8 devices falls into the category of Secure Boot - assuming that OEMs conform to Microsoft's requirements, the user must be able to both disable Secure Boot entirely and also leave Secure Boot enabled, but with their own choice of trusted keys and binaries. If the FSF set up a signing service to sign operating systems that met all of their criteria for freeness, Microsoft's requirements would permit an end user to configure their system such that it refused to run non-free software. My system is configured to trust things shipped by Fedora or built locally by me, a decision that I can make because Microsoft require that OEMs support it. Any system that meets Microsoft's requirements is a system that respects the freedom of the computer owner to choose how restrictive their computer's boot policy is.
This isn't to say that it's ideal. The lack of any common UI or key format between hardware vendors makes it difficult for OS vendors to document the steps users must take to assert this freedom."
So keep in mind that, even with Secure Boot where people can tell their computer what keys are to be trusted, there is no common UI or key format between hardware vendors. So even though people ***can*** revoke keys and use their own trusted keys the lack of standardization in how it's done creates problems with making documentation. Sure: The Trisquel Project might create a key on their own and then tell people to go and revoke the keys that came with their computer and enroll the Trisquel key. But the lack of standardization means we can't tell people exactly *how* to go do that. They'll need to check the documentation that came with the computer. Or maybe with whoever made the computer. Anyway, if Trisquel made a key it needs to get into the computer somehow. Having people revoke the keys that came with the computer and enroll new keys adds an extra layer during the install process which might turn people off. Making free software seem "hard", especially with no standard process from one computer to another. Making it harder for people to move to free software doesn't seem good. This is problem #1. But a lack of a standard process between computers doesn't make it Restricted Boot because people still *can* do it. They just have to follow their docs.
More from Matthew...
"Most hardware you'll be able to buy towards the end of the year will be Windows 8 certified. That means that it'll be carrying a set of secure boot keys, and if it comes with Windows 8 pre-installed then secure boot will be enabled by default. This set of keys isn't absolutely fixed and will probably vary between manufacturers, but anything with a Windows logo will carry the Microsoft key. We explored the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it, but turned it down for a couple of reasons. First, while we had a surprisingly positive response from the vendors, there was no realistic chance that we could get all of them to carry it. That would mean going back to the bad old days of scouring compatibility lists before buying hardware, and that's fundamentally user-hostile."
So we're back to talking to making things easy to use. Okay; so you've got a process where people can enroll and remove keys that are to be trusted (even though there's no standard process for how to do that; so people will need to figure out how to do that on their own... go back to problem #1.) But; most of these computers will come with Microsoft's key pre-installed already. So hmmm... Maybe there's a way to use that to make Secure Boot easier for people. Since the computer comes with Microsoft's key already loaded (even if it can be removed) you can pay $99 to get YOUR stuff signed too. Then, since the chain of key signing trust goes from the Microsoft key to all the way to yours, then *POOF* the distro's stuff is automatically trusted out of the box and people don't have to go do whatever process their computer uses to enroll Trisquel's key first.
So perhaps when I said "requires" was too strong a word. Perhaps I should have said "to do it in an easy and user-friendly way" would have been better.
But it's still Secure Boot because the computer ***can*** still be configured with what keys to trust, even if there's no standard way for how that's done from vendor to vendor.
Hopefully this explains how Microsoft can still be involved in Secure Boot. It's a way to make Secure Boot work in an easy and user-friendly way since their key will probably be ubiquitous. Meaning people can just insert the CD/DVD/USB/whatever and boot and have it be trusted by the computer out of the box and not have to deal with first going and enrolling the Trisquel key (and maybe even removing Microsoft's if they wanted.)
Is self-signed key now a thing? Linux Foundation is a member of UEFI.org but I was under the impression all approved distributions used Microsoft's key. I may be wrong as I haven't been following the debate lately.
Yeah, in the Secure Boot world someone could make their own key and enroll it to be trusted in the computer. But yeah, I imagine that most distros that support Secure Boot probably take the time (and spend the $99) to get signed by Microsoft's key so that they can be trusted and "run out of the box" since their key will probably be everywhere, and since easy-to-use seems to be what non-technical people like for how their computers to work. ("Trisquel is so easy!") This avoids them having to write up documentation for lots of different machines talking about how to enroll the distro's key since there's no standard process.
2018-04-16T03:09:41+0200 name at domain wrote:
> "now is booting as a... UEFI OS?"
>
> Yup. Trisquel 8 should be fully UEFI compatible. Yay! With the
> exception of Secure Boot, which requires Microsoft to sign stuff for
> the project so it can be trusted. Our fearless leader said on IRC that
> that's not gonna happen. No kowtowing to Microsoft.
I think he means Restricted Boot. Because in compliant Secure Boot
implementations, the end-user would be able to specify/set the trust for
an official Trisquel key used for self-signed releases.
--
- Formas de contato: https://libreplanet.org/wiki/User:Adfeno#vCard
- Ativista do /software/ livre (não confundir com gratuito). Avaliador
da liberdade de /software/ e de /sites/.
- Membro do LibrePlanet Brasil:
https://libreplanet.org/wiki/Group:LibrePlanet_Brasil
- Comunicações sociais federadas padronizadas, onde o "social"
permanece independente do fornecedor.
- #DeleteWhatsApp. Use o pai dele, #XMPP, federado e com padrão
internacional: https://libreplanet.org/wiki/XMPP.pt
- #DeleteFacebook #DeleteInstagram #DeleteTwitter #DeleteYouTube. Use
redes sociais federadas que suportam #ActivityPub, padrão
internacional, como a rede Mastodon: https://joinmastodon.org/
- #DeleteNetflix #CancelNetflix. Evite #DRM:
https://www.defectivebydesign.org/
- Quer enviar arquivos para mim? Veja:
https://libreplanet.org/wiki/User:Adfeno#Arquivos
- Quer doar para mim, ou me contratar? Veja:
https://libreplanet.org/wiki/User:Adfeno#Suporte
- Minhas contribuições:
https://libreplanet.org/wiki/User:Adfeno#Contributions
So it's Monday 16. Should I be uncorking a grape juice and rolling up in preparation to celebrate the release of Flidas? Or has it been decided enough things need fixing that the release needs to wait a little longer?
The do-release-upgrade command says that there's no new version, maybe it answers to your question.
I tried http://jenkins.trisquel.info/makeiso/iso/trisquel_8.0_amd64.iso (released last Saturday).
For some reason, Trisquel 7's Startup Disk Creator could not install it (with permanent storage, I have not tried without) on a USB key: it aborts in the middle with an error about insufficient permissions to access a file in the directory it creates in /tmp. 'sudo dd if=~/Downloads/trisquel_8.0_amd64.iso of=/dev/sdc bs=8M' worked.
But something worries me more: the internal Wifi card of my previous laptop works. Unless the situation has recently changed, its chipset requires proprietary firmware:
$ lspci | grep Network
01:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8188EE Wireless Network Adapter (rev 01)
Is there any possibility the bootloader might have loaded the wireless card's firmware (perhaps newly so because it's using UEFI)?
Where would be that firmware? Would it be part of the UEFI? I thought the firmware was, in that case, a binary that Linux (not Linux-libre) sends to the Wifi card for execution.
Check your logs. What do they say? Linux-libre had some deblobbing changes with 4.16 - see http://www.fsfla.org/pipermail/linux-libre/2018-April/003284.html
The most notable one here is changing from EINVAL ("Invalid argument") to ENOENT ("No such file or directory") which, in some cases, has allowed things like an rtl8821ae card to work without its firmware. I wonder if Trisquel has incorporated this change. Anyway, check your logs. What do they say?
I now remember that you wrote that some weeks ago. The logs say that "direct firmware load failed with error -2":
$ grep rtl /var/log/kern.log | cut -d [ -f 2-
(... previous boots: same messsages ...)
11.705433] rtl8188ee: rtl8188ee: Power Save off (module option)
11.705437] rtl8188ee: rtl8188ee: FW Power Save off (module option)
11.705443] rtl8188ee: Requesting firmware
11.735403] ieee80211 phy0: Selected rate control algorithm 'rtl_rc'
11.735616] rtlwifi: rtlwifi: wireless switch is on
11.742946] rtl8188ee 0000:01:00.0: Direct firmware load failed with error -2
11.742950] rtlwifi: Firmware not available
12.193543] rtl8188ee 0000:01:00.0 wlp1s0: renamed from wlan0
885]: [1523964027.8407] rfkill0: found WiFi radio killswitch (at /sys/devices/pci0000:00/0000:00:1c.0/0000:01:00.0/ieee80211/phy0/rfkill0) (driver rtl8188ee)
Is -2 the return code for ENOENT ("No such file or directory")?
The whole /var/log/kern.log is attached.
| Allegato | Dimensione |
|---|---|
| kern.log | 368.44 KB |
Yes, 2 is no such file or directory. So it seems this is another device that magically starts working with this change. There might also be other, currently unknown, devices. This is why I'd love to see people re-test things.
I installed this version and i have some problems to install the plasma desktop because there are missing dependancies:
audiocd-kio
foomatic-db-compressed-ppds
kde-window-manager
kde-workspace
klipper
libxp6
plasma-netbook
And akonadi doesn't work at all. I installed it manually so i could use Korganizer, but the server crashes every time.
Hi all!
I have been lurking for a while now, following the development of Trisquel 8.
Does flidas come with bluetooth support out of the box? I have a Qualcomm Atheros AR9462 card and it has me a little bit confused, supposedly this card should have functional WiFi and Bluetooth without anything special, however Debian still requires the non-free firmware to get bluetooth from it, while the live session of Trisquel 7 detects there is bluetooth, however I am not able to test it because of a bug that disables my touchpad (I don't have a wired mouse to test) and I couldn't find a way to do it via keyboard, I tried the live session of Trisquel 8 and it didn't pick up anything related with bluetooth, I superficially looked around I didn't found anything related to bluetooth installed, is blueman installed? does MATE have its own bluetooth setup tool? has anybody tested AR9462 in recent releases of Linux-libre?
ThinkPenguin has the following note:
"Almost all recently released distributions are compatible. The bluetooth may not work however on some versions of Parabola GNU/Linux-Libre. A bug was introduced with some kernel(s) that effectively disabled the driver rather than just the loading of non-free firmware for which is not needed for this particular card"
Cheers.
Blueman package is not installed but bluez the bluetooth stack is.
Install blueman ’sudo apt install blueman’.
Blueman is not installed. You can install it. Even in the live system. Even without permanent storage (but, then, it will not survive a reboot). That said, the live CD already has "gnome-bluetooth". You will find a button to interact with it if you click on the network icon in the systray (or whatever it is called nowadays). At least, that is what I remember: I use GNOME Shell.
The installed system will support your hardware as well as the live system does. Using https://jxself.org/linux-libre/ may bring you some performance improvements (e.g., for GPU) but it will not get your Bluetooth working if it depends on proprietary firmware.
- Login o registrati per inviare commenti