26 (edited by zapper 2024-02-02 04:32:49)

Re: Install Full disk encryption (including /boot ) Luks1 T440P Libreboot

throgh wrote:

Reminder: Please write guides as you like but not speaking on behalf of a whole community when you don't have asked the community, jim. You have made your point and demand clear. But you have send now several different points in different threads out, not being fully clear. Like this one: https://forums.hyperbola.info/viewtopic … 7577#p7577

If you want to offer a guidance with the software Hyperbola has? Fine. But just to make that clear: We won't add unapproved patches, also not rebuilding and updating packages just because someone said it "may work". Please do not use Hyperbola as your own platform for only your interests. Offer your tipps, your guide for sure. But not on behalf of Hyperbola like "we" as a whole community now ask for help. You ask for support and help. There is a clear difference! smile

Please orient on the roadmap Hyperbola has: https://wiki.hyperbola.info/doku.php?id … sd_roadmap
There is no Aargon2id and LUKS2. And before you bring in that we "need to include that": LUKS2 is also Linux-only. Simple answer: Sorry, but we do not focus on that. If you want to focus? Cool. Are there possible good working fixes without breaking the system? Okay, let's see. But as said: Roadmap is set for different parts. Hyperbola is community-oriented system, but exactly driven with system-development. That also means: You want something integrated in your installation? You need to find a way forward or test it on your own. You do not need to repeat the argumentation about "users" and your personal awaitings. That is all understood. But Hyperbola has a concrete roadmap and our goals are now:

- Version 0.4.5, reduction of number packages and the sizing of the ISO (striping)
- HyperbolaBSD

And this thread is even referenced on places for other systems and projects, keeping us busy for sure when people have questions and get in contact. When this debate is going further in that direction I have no other choice but to close this thread with underlining the reminder to create a new thread for "Aargon2id and LUKS2". The essential question stays here: Is full disk encryption possible or not? It was not the question: Is it possible with whatever newest Linux-only part people recommend. That was NOT the question and NOT part of this thread. If this is not possible to understand: It is not our task and also not mine to unravel mixed up topics like "What does Libreboot support" or "How is Canoeboot working" ... but those questions are now on the table elsewhere and mixing also within all of this. Keep it please clear and straight, not like asking everybody about whatever, this is causing only more work and binds time.

You also forgot to mention its likely that OpenBSD has a better way to do full disk encryption. IE, more secure, possibly more lightweight?

This is probably an important point for why not to put luks2 in the wiki. It rams home the fact that you likely have a better way.

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

27

Re: Install Full disk encryption (including /boot ) Luks1 T440P Libreboot

We should stop using that "OpenBSD is more secure" ...
That was and is not the full motivation for Hyperbola using that as base for a fork. Yes OpenBSD has many good implementations, and no: We should look realistic on them. OpenBSD has right less sources so kernel and userspace can be reviewed and modified also more easy. That's the point.

As said: This is going off-topic. Please focus on that elementary questions and parts about this thread was created for.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

28

Re: Install Full disk encryption (including /boot ) Luks1 T440P Libreboot

Throgh please tell me, have you tried installing a fully encrypted disk yourself?

29

Re: Install Full disk encryption (including /boot ) Luks1 T440P Libreboot

throgh wrote:

We should stop using that "OpenBSD is more secure" ...
That was and is not the full motivation for Hyperbola using that as base for a fork. Yes OpenBSD has many good implementations, and no: We should look realistic on them. OpenBSD has right less sources so kernel and userspace can be reviewed and modified also more easy. That's the point.

As said: This is going off-topic. Please focus on that elementary questions and parts about this thread was created for.

They are more minmalistic which is good for security usually. I don't understand your line of thinking.

Although, I suppose it still depends on the user ultimately. IF you reckless, you could be screwed. If you not reckless, its up in the air.

Although the 2nd part is less true for most operating systems

I was ultimately told differently by emulatorman as to why he picked OpenBSD as a fork. Unless my memory is foggy.

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

30 (edited by jim 2024-02-07 12:13:02)

Re: Install Full disk encryption (including /boot ) Luks1 T440P Libreboot

Hello Zapper.

I wanted to tell you, maybe you didn’t understand me, if I can load Hyperbola (kernel init, etc.) using Grub Libreboot, this means that everything works!
The problem at this stage is to correctly configure grub.cfg so as not to receive errors when loading.

You can also look for the answer to this question and offer your own options, don’t wait until I find it!

31 (edited by jim 2024-02-07 12:20:36)

Re: Install Full disk encryption (including /boot ) Luks1 T440P Libreboot

Unfortunately Throgh did not answer my question about Grub Hyperbola, I don’t know if this patch https://aur.archlinux.org/cgit/aur.git/ … 9fa4c2f50d is used to support Luks2+argon2id

Libreboot’s argon2 patches are based on this AUR repository which patched GRUB 2.06, and the patches were rebased for use with GRUB 2.12 which Libreboot uses; the rebase was performed by Nicholas Johnson. Nicholas emailed me to tell me that this had been done, and I then merged Nicholas’s work into Libreboot. Thank you, Nicholas! Thanks also go to Axel who is the author of the original work that Nicholas imported from Archlinux AUR.

https://libreboot.org/news/argon2.html#introduction


These patches import the PHC argon2 implementation into Libreboot’s version of GRUB:

    https://browse.libreboot.org/lbmk.git/c … dec95e1fd1
    https://browse.libreboot.org/lbmk.git/c … fb4eb2b3a0
    https://browse.libreboot.org/lbmk.git/c … 69e5b4b095

32 (edited by zapper 2024-02-11 01:37:40)

Re: Install Full disk encryption (including /boot ) Luks1 T440P Libreboot

jim wrote:

Hello Zapper.

I wanted to tell you, maybe you didn’t understand me, if I can load Hyperbola (kernel init, etc.) using Grub Libreboot, this means that everything works!
The problem at this stage is to correctly configure grub.cfg so as not to receive errors when loading.

You can also look for the answer to this question and offer your own options, don’t wait until I find it!

Oh... then that's good enough for me! smile

Did you modify your guide so that if anyone wants to install it that way they can?

IE, I didn't know if your guide currently is modified to work.

Unless you meant it does work and can work, but it runs into errors. wink

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!