<TheDcoder>
Kind of crazy to think that both my Mac and RPi run on the same CPU arch and packages!
<TheDcoder>
I wonder if Arch Linux will add official ARM support once this goes main-stream?
<TheDcoder>
Wohoo, Plasma is up and running!
<TheDcoder>
Definitely need to adjust scaling because everything is so tiny :)
<TheDcoder>
What's the ideal scale setting for an M1 Air?
systwi has joined #asahi
<jacksonchen666>
i find 150% global scale (in plasma & wayland) ideal (for someone who uses the "more space" option in macOS for the internal display on a 13 inch macbook)
<TheDcoder>
I'm using 175% and it looks good IMO
<TheDcoder>
i.e. stuff is legible
<TheDcoder>
What are the the defaults in Asahi's non-minimal image?
<chadmed>
200% which gives you identical scaling to the macOS default
<TheDcoder>
Got it!
<TheDcoder>
How do I open my Mac without it turning on automatically?
<chadmed>
there used to be an nvram variable for that but it seems to no longer exist
<TheDcoder>
Just want to double check if it's really off
<chadmed>
setting it borks the machine and requires a dfu restore
<TheDcoder>
That sucks :(
<chadmed>
linux shuts the machine down you dont have to worry about that
<TheDcoder>
Wow... I wonder why?
<TheDcoder>
Good to know
<TheDcoder>
kind of off-topic but what browser do you guys use? I want to use the one which uses lesser power, not sure if Firefox is still more light-weight than Chrome in that regard
<chadmed>
chromium didnt even work at all for a while
<chadmed>
firefox is still lighter on resources and lighter to build
<TheDcoder>
Ah, that's a relief because I prefer Firefox in general :)
ah- has joined #asahi
<TheDcoder>
Does U-Boot create an "UEFI environment"?
<TheDcoder>
is that how GRUB works in AS?
<TheDcoder>
I'm asking because I want to try out rEFInd and systemd-boot
<chadmed>
u-boot implements a minimal subset of uefi enough to run a bootloader yes
<TheDcoder>
nice
<chadmed>
but its not a full runtime environment with variable storage or anything
<TheDcoder>
got it...
<chadmed>
as said yesterday refind does not work
<chadmed>
sd-boot does
<ah->
hey, since pretty recently my headphone audio on j316 sounds badly metallic, a few weeks ago it was perfectly fine
<TheDcoder>
so how would I change my bootloader? anything special which needs to be done?
<chadmed>
ah-: yep thats a known issue with the latest kernel :/ its being looked at
<chadmed>
the bootloader lives at /EFI/BOOT/BOOTAA64.efi
<TheDcoder>
chadmed: someone said they could get rEFInd to work but without all the features, so I still wanna try with a basic config
<chadmed>
the rest is an exercise for the reader :)
<TheDcoder>
thanks :)
<ah->
oh thanks chadmed! i was about to go debugging if I had done something weird to my setup
regalramp has quit [Remote host closed the connection]
<TheDcoder>
Can I still use the linux-asahi kernel after installing mesa-asahi-edge?
<chadmed>
yeah but you still wont have gpu lmao
<chadmed>
the -edge config has the gpu kernel driver
<chadmed>
so you need linux-asahi-edge
<TheDcoder>
that's good but I was worried that I might lose software rendering after uninstalling normal `mesa`...
<chadmed>
nah mesa always builds llvmpipe
<TheDcoder>
great! I'm assuming that's the sw renderer
<chadmed>
i know i said i was almost done like 30 hours ago
<chadmed>
but i scrapped it and started again :P
<TheDcoder>
started from scratch?
<chadmed>
everything below the intro and also most of the intro
<chadmed>
it wasnt factually incorrect, just poorly set out
<TheDcoder>
wow, that's awesome!
<TheDcoder>
kudos for working on it for so hard, I could never achieve such productivity :)
<chadmed>
sometimes the neurodivergence hits different :P
<tpw_rules>
^^^
<TheDcoder>
LOL
regalramp has joined #asahi
Brainium has quit [Quit: Konversation terminated!]
confusomu has joined #asahi
possiblemeatball has joined #asahi
cylm has quit [Ping timeout: 480 seconds]
mini0n has quit [Quit: Leaving]
pthariensflame has joined #asahi
Stary has quit [Ping timeout: 480 seconds]
chadmed_ has quit [Remote host closed the connection]
Stary has joined #asahi
<zzywysm>
marcan: i just tried to install Asahi Linux via one true recovery on a new Mac mini M1, and it is badly broken. i get "Unable to determine primary OS. The installer requires you..."
<zzywysm>
j274ap, board id 0x22, chip id 0x8103, iBoot-8419.60.44, Bootmode: one true recoveryOS, OS version 12.6.2 (21G320), SFR version 22.3.65.0.0,0 System rOS version: 13.1 (22C65), no fallback rOS, login user: None
<zzywysm>
one change i did make was i renamed my Mac boot volume from "Macintosh HD" to "MacOS-SSD"
<zzywysm>
apart from updating the system software to 12.6.2, changing a couple minor system preferences, uninstalling garageband and imovie, and renaming that Mac boot volume as described, this is basically straight out of the box from the Apple Store
<TheDcoder>
Pretty sure you need to enter login user creds for the installation to work
Stary has quit [Ping timeout: 480 seconds]
<TheDcoder>
Nevermind if "None" is the name of your login user...
<zzywysm>
TheDcoder: i've installed via one true recovery on my MacBook Air M1 before, and you don't have to enter your login creds until step2
<TheDcoder>
1TR is restricted if not bound to a known-good macOS IIRC
<zzywysm>
on my MacBook Air i guess it was bound by default, since i never had an issue. on this Mac mini something is clearly different because it's not working
<TheDcoder>
I don't recall the specific but I'm pretty sure it's not possible... but take my advice with a pinch of salt
<zzywysm>
i've always run the Asahi installer in one true recovery, because resizing the partition i'm currently booted off of always squicked me out
<zzywysm>
i wonder if modifying your Mac boot volume name in the Finder breaks something subtle that the Asahi installer doesn't expect?
<TheDcoder>
Don't worry, macOS will introduce some casual corruption even if you don't resize it mounted ;)
<tpw_rules>
never actually heard of resizing causing corruption but it will freeze the machine for a long time if you tuch it
<TheDcoder>
Also doesn't 1TR live on same partition as well?
<zzywysm>
the fact that my recoveryOS is 13.1 even though i only ever gave macOS permission to update me to 12.6.2 is very confusing to me
<TheDcoder>
Same partition different container
<TheDcoder>
tpw_rules: my M1 Air did not freeze at all during the resize
<tpw_rules>
it won't if you don't trigger a disk access somehow
<TheDcoder>
To be honest I was just watching the terminal in full screen and moving the cursor around a bit
<zzywysm>
my unease at live-resize shenanigans may give you a hint as to my age :D
<TheDcoder>
21? That's how old I am and I also do my root fs resize with a Live USB. But things are different in Mac and you simply can't plop in GParted Live :)
<tpw_rules>
yeah if you try and open a program or even minimize the window it will just hang
<TheDcoder>
Guess I got lucky then
<zzywysm>
i'm gonna hold off trying to install Asahi Linux while booted in macOS and leave this Mac mini in one true recovery in case marcan comes back and wants any additional debugging info
Techcable has quit [Read error: Connection reset by peer]
Techcable has joined #asahi
Stary has joined #asahi
<marcan>
zzywysm: please upload the log somewhere
<zzywysm>
marcan: any suggestions for copying it out of one true recovery?
<marcan>
recovery has safari and curl
<marcan>
or just copy it to a USB HDD
<marcan>
< zzywysm> the fact that my recoveryOS is 13.1 even though i only ever gave macOS permission to update me to 12.6.2 is very confusing to me <- this is normal
<marcan>
recoveryOS only ever goes up in version, therefore version lineages cannot ever be forked, therefore all macOS releases must use the newest recoveryOS in existence at the time of release
<marcan>
in macOS, do you have a pending (downloaded but not installed) OS update?
<zzywysm>
maybe? i didn't think i told it to download releases, but maybe it did before i turned that off?
<zzywysm>
how shall i check?
<zzywysm>
oh, i do have "download new updates when available" checked
<marcan>
just go into the update settings and see if it shows it in that state
<marcan>
yeah, there you go
<marcan>
so the thing is macOS makes live changes to the root filesystem outside the blessed snapshot for updates, and that includes clobbering the SystemVersion plist (which the installer needs to check)
<marcan>
within macOS, these days we have a codepath to check the blessed snapshot, which is mounted
<marcan>
but in recoveryOS, I have no idea how to identify said snapshot and mount it
<marcan>
so it looks into the live root filesystem, finds a mess, can't figure out what macOS version it is
<zzywysm>
so get over my fears and install Asahi Linux while booted into normal macOS?
<marcan>
pretty much
<zzywysm>
thx marcan
<marcan>
(patches to fix this welcome, if someone knows where the blessed snapshot name is stored / how to get it from recoveryOS)
leah2 has quit [Ping timeout: 480 seconds]
<zzywysm>
marcan: does tmutil work within recoveryos? it looks like it has a subcommand "listlocalsnapshots"
<marcan>
no, that's not the same thing
<marcan>
this isn't time machine
possiblemeatball has quit [Quit: Leaving]
regalramp has quit [Ping timeout: 480 seconds]
SSJ_GZ has joined #asahi
hertz has quit [Quit: My MacBook has gone to sleep. ZZZzzz…]
tim has joined #asahi
tim has quit [Remote host closed the connection]
w3enjoyer has joined #asahi
w3enjoyer has quit [Remote host closed the connection]
jluthra has quit [Remote host closed the connection]
jluthra has joined #asahi
LinuxM1 has quit [Ping timeout: 480 seconds]
bps2 has quit [Ping timeout: 480 seconds]
bcrumb has joined #asahi
bcrumb has quit []
jeffmiw has joined #asahi
jeffmiw has quit [Quit: Konversation terminated!]
hertz has joined #asahi
mkurz has quit [Quit: Leaving]
jacksonchen666 has quit [Remote host closed the connection]
jacksonchen666 has joined #asahi
bps2 has joined #asahi
yc has quit [Quit: Leaving.]
Zopolis4 has quit [Quit: Connection closed for inactivity]
bcrumb has joined #asahi
chadmed_ has joined #asahi
possiblemeatball has joined #asahi
jeffmiw has joined #asahi
bcrumb has quit [Quit: WeeChat 3.7.1]
bps2 has quit [Ping timeout: 480 seconds]
SSJ_GZ has joined #asahi
cylm has joined #asahi
bps2 has joined #asahi
derzahl has quit [Remote host closed the connection]
Tramtrist has quit [Remote host closed the connection]
Tramtrist has joined #asahi
jess has quit [Quit: Lost terminal]
amarioguy has joined #asahi
jacksonchen666 has quit [Ping timeout: 480 seconds]
jacksonchen666 has joined #asahi
jess has joined #asahi
balor has quit [Quit: balor]
balor has joined #asahi
bcrumb has joined #asahi
bcrumb has quit [Quit: WeeChat 3.7.1]
mini0n has joined #asahi
faruk has joined #asahi
<faruk>
I've enabled sound in devicetree/recompiled sound driver. it's working so far. What should I do to make sure that I do not blow up my speaker other than not going more than 80% volume?
<faruk>
I know it's all my responsibility if it blows up anyway
<ah->
when it asks you to put it in ProAudio mode, that's a dropdown in pavucontrol under Configuration
bluetail8 has joined #asahi
faruk has joined #asahi
landscape15 has joined #asahi
TobiasGrosser has joined #asahi
bluetail has quit [Ping timeout: 480 seconds]
bluetail8 is now known as bluetail
<TobiasGrosser>
chadmed: I just read through your https://github.com/AsahiLinux/docs/wiki/Apple-Platform-Security-Crash-Course article and was surprised by the phrase " An existing weakness is that /boot must be stored in the clear, and there is currently no Secure Boot or Measured Boot analogue with which we can guarantee the integrity of the kernel or initramfs." I have little experience in this space, but was wondering how to best set up
<ChaosPrincess>
Currently m1n1 loads its stage 2 from /boot and does not support it being encrypted or signed
<ChaosPrincess>
You can get secureboot by doing a single stage m1n1 directly into kernel
<TobiasGrosser>
Mh, I am not 100% sure I understand. Is the boot process of Asahi described somewhere on the wiki?
<TobiasGrosser>
So you say we load m1ni-stage-1 from the EFI partition, which then loads m1mi-stage-2 from the /boot directory. Then grub is loaded from EFI or /boot, ...?
<ChaosPrincess>
apple stuff -> m1n1 stage 1 (on apfs) -> m1n1 stage 2 (on ESP) -> u-boot (inside stage 2) -> grub (on ESP) -> kernel
<TobiasGrosser>
I see, but the kernel and initrd today are on a ext4 partition, which are loaded after grub (ESP), right?
<TobiasGrosser>
In particular, they are in the /boot folder of that ext4 partition. At least the ubuntu-asahi that I installed had a shared root '/' and '/boot' parition. AFAIU both of them could remain shared and be encrypted, so only apfs and ESP remain unencrypted. Or am I wrong here?
<tpw_rules>
i don't think that gets you much because the ESP is still unencrypted and m1n1 can't directly read from / or /boot
<TobiasGrosser>
I mostly try to understand the desirable end goal.
<TobiasGrosser>
AFAIU m1n1 would not need to read from / or /boot. It would just load grub (from ESP), which would then encrypt the (/ and /boot) partitions and pass control to the linux kernel.
<TobiasGrosser>
encrypt -> decrypt
<tpw_rules>
then an attacker can add a malicious grub
<tpw_rules>
(m1n1 also cannot load grub)
<TobiasGrosser>
Ahh, m1n1 loads uboot and uboot today is on the unencrypted ext4 partition?
<tpw_rules>
i guess u-boot must have some secure boot support but i don't know anything about it, nor more importantly if it can be burned into the u-boot binary loaded by m1n1 so that the SEP protects it from modification
<TobiasGrosser>
For my personal needs, I feel an encrypted / would be good enough. I would love to see SEP eventually, but mostly would like my data encrypted if I loose my laptop.
<tpw_rules>
then that's achievable today, you just would have to authenticate with a password or whatever every boot and would be susceptible to an evil maid attack
<ChaosPrincess>
If your threat scenario is lost laptop, you can set up an encrypted /
<TobiasGrosser>
That's what I am trying to do (and failing because of me not understanding exactly how to configure grub). I will debug this further over the next weeks, but thought its useful to understand the setup a little bit more.
<ChaosPrincess>
Move kernel and initrd to ESP, do / decryption from initrd
<TobiasGrosser>
I came across the ubuntu tutorial where the encrypted both / and /boot and thought that could work here as well. It seems because m1n1 stage 2 is on /boot that, I need to keep an unencrypted /boot.
<TobiasGrosser>
Ah, interesting. What about m1n1 stage 2?
<ChaosPrincess>
its on esp
dsharshakov has joined #asahi
<TobiasGrosser>
Aha.
<TobiasGrosser>
And grub is also on ESP, no?
<ChaosPrincess>
aye
<TobiasGrosser>
Mh, then I could leave kernel and initrd encrypted in /boot (as ext4) partition and let grub decrypt it, no?
<dsharshakov>
U-Boot does have UEFI-style Secure Boot. However, that needs some improvements to work with keys/certs fused into the image (since no secure variable store available)
<ChaosPrincess>
TobiasGrosser: i guess that would work too
<TobiasGrosser>
OK.
<TobiasGrosser>
That is helpful.
<dsharshakov>
And likely later the solution would be to create a fused bundle of m1n1-2 + u-boot + kernel and sign it. m1n1 will be the boot picker in that case
<TobiasGrosser>
Right. And you would store this bundle on ESP?
<ChaosPrincess>
Yes
<TobiasGrosser>
Would grub then still be in the picture?
<ChaosPrincess>
but imo, thats a bad idea
<dsharshakov>
I talked to m a r c a n about that, he said that we need sep first to not compromise the signing key if password is compromised. I didn't fully understand the issue, but ok
<ChaosPrincess>
m1n1 shouldnt be a boot picked
<ChaosPrincess>
-d+r
<dsharshakov>
TobiasGrosser: GRUB can be removed in such a case
<TobiasGrosser>
ah, interesting.
<dsharshakov>
ChaosPrincess: well, can be avoided if DT stabilizes
<TobiasGrosser>
I see.
<dsharshakov>
if DT is stable enough to keep compatibility, then m1n1-1 -> m1n1-2 (common) + U-Boot built in -> EFI boot manager (grub) -> selectable kernels
<TobiasGrosser>
I see.
<TobiasGrosser>
OK, that's super helpful. I think Marcan has more ambitious goals with respect to secure boot. I mostly want to get my ext4 partition encrypted and in a shape that I can take advantage of later secure boot changes.
<TobiasGrosser>
AFAIU I can try to have a single / and /boot partition that is encrypted, have grub stored in (ESP) decrypt and load this partition.
<dsharshakov>
yes
<TobiasGrosser>
That seems both attainable today and future proof with respect to secure boot hackery.
<dsharshakov>
you need secboot rly in case you're in a dormitory and someone can mess with boot and then wait for you to enter password
<TobiasGrosser>
Right.
<TobiasGrosser>
Thank you all, this was super helpful. I was a little unclear about the actual setup that I can get to today, but have no a good idea what to try for.
<dsharshakov>
read evil maid attack. If you unlock the drive after tampering then you might compromise the data
<TobiasGrosser>
Now I need to get back to grub config pains (and figuring out why my keyboard stopped working after grub changes)
<dsharshakov>
To encrypt you probably can also create a partition for /home
<dsharshakov>
however that has some disadvantages and unsure whether the install would be fine after you partition the drive
<TobiasGrosser>
Right. An encrypted home is likely the easiest to setup. I will see where I end up with. This was already super helpful. Thank you dsharshakov and ChaosPrincess.
<dsharshakov>
I've recently seen a report of somehow breaking the install after changing partitions: I'd recommend being careful and ready to DFU the system (sorta factory reset)
<dsharshakov>
ecryptfs might be one of the easiest choices btw. As well as cryfs or smth similar. Essentially it's a transparent crypto fs for your homedir. Not as secure as FDE, but easiest to setup
<TobiasGrosser>
Yes, I saw that as well.
<TobiasGrosser>
Right. I might compromise for an encrypted home. Let's see. At the moment the laptop is a hobby to explore asahi, so I can take some risks.
landscape15 has quit [Quit: WeeChat 3.8]
dsharshakov has quit [Quit: Page closed]
TobiasGrosser has left #asahi [#asahi]
dg_ has joined #asahi
dg_ is now known as hotbbqsauce
<hotbbqsauce>
box64 emulation layer is not supported on the latest bleeding edge asahi kernel with gpu driver support?
<hotbbqsauce>
Only test on Asahi for now, using the default "16K page" kernel
<bluetail>
I also just set APM_level = off... sudo hdparm -B 255 /dev/sda; sudo hdparm -B 255 /dev/sdb;
<bluetail>
was 250 before
balor has quit [Quit: balor]
balor has joined #asahi
Zopolis4 has quit [Quit: Connection closed for inactivity]
krbtgt has joined #asahi
possiblemeatball has quit [Quit: Leaving]
zshroot has joined #asahi
<zshroot>
hello everyone, i am an undergrad student new to open source developement, are there any resource from which i can learn and start contributing to this project
Zopolis4 has joined #asahi
Guest1427 has quit [Quit: Guest1427]
Bandicoot has joined #asahi
bps2 has joined #asahi
julio7359 has joined #asahi
zshroot has left #asahi [#asahi]
julio7359 has quit [Ping timeout: 480 seconds]
Dementor has quit [Remote host closed the connection]
possiblemeatball has joined #asahi
Dementor has joined #asahi
bps2 has quit [Ping timeout: 480 seconds]
jeffmiw has quit [Remote host closed the connection]
julio7359 has joined #asahi
Brainium has joined #asahi
Bandicoot has quit [Remote host closed the connection]