06:46 <oxbar> Question.. if i have fedora on my m1 mac but want to put another distro on it.. how would i go about oing this ?

06:47 <oxbar> do i need to re-run the script and it overwrites ?

07:32 <chadmed> oxbar: do you want to replace fedora or put another distro alongside it?

08:25 <oxbar> chadmed: replace fedora.. I'm doing testing

08:33 <chadmed> oxbar: which distro?

09:04 <oxbar> It’s cool.. I deleted what I need and resized everything I’m good

17:53 <allmazz> guys, just for fun, can we put grub as payload in m1n1 stage1, and encrypt /boot partition for reach FDE? since grub works with luks2 it looks to be a dream for paranoia :)

18:29 <JamesB192> I also feel /, /boot and /efi (or equivalents) need not be ciphered.

18:31 <fl0_id> JamesB192 it's not dumb as such but prob overrated imo. like, I like my privacy too, but if ppl have access to my device, I'm prob f*ed already anyway

18:34 <spuostheterrible[mds]> Horrid take lmao

18:35 <spuostheterrible[mds]> FDE is great for at rest, all but the most dedicated will fail at cracking that

18:35 <spuostheterrible[mds]> If you have actual secrets on your device you should do that

18:40 <spuostheterrible[mds]> I don’t know about /boot encryption being important though

18:42 <fl0_id> spuostheterrible[mds] I'm not debating that. but when will you need it? for most non-techy ppl, like spouses, other protection suffice. when you really need FDE like law enforcement or border control, I'd advise everyone to travel with a blank-ish device. sure they can still detain you, but at least there is not a device they can analyse or ask you to unlock (not taking into account online acocunts they might ask you to unlock, but that's a diff issue)

18:42 <fl0_id> but if you have such big secrets on your device, don't travel with it.

18:42 <fl0_id> (and I'm not saying it's dumb, just overrated imo)

18:45 <twb> The model CrOS had was that you factory-reset the laptop before you board the plane, then don't load secrets back onto it until after you are past customs

18:45 <bgtlover[mds]> <JamesB192> "(probably wrongly) thinks full-..." <- I think it should be done by default for everything, as long as we have an unencrypted /efi or /boot. That could allow us to, for example, boot another mini linux distro, with a graphical tool, which prompts for the FDE password before using kexec to jump to your actual kernel, after checking its efi signature because your kernel must be signed, right? and then, that distro there could come

18:45 <bgtlover[mds]> with orca for example, which would then read aloud the prompt for the FDE password

18:46 <twb> That was back when the bad guy was China not USA

18:46 <bgtlover[mds]> so yeah, basically taking a page from mac OS and the way it boots

19:47 <fl0_id> twb at least I know some ppl used it that way. not sure if that was intentional :)

19:51 <leio> kexec can't work on asahi

19:54 <bgtlover[mds]> leio: hmm, we're getting into the interesting. Why not?

19:55 <leio> quoting a reddit answer: "kexec will ~never work properly because there is no way to reset system firmware for a bunch of stuff, including the GPU. Sorry. "

19:57 <bgtlover[mds]> leio: ahh, there goes that idea. Even if the distro one boots into isn't asahi and one just kexecs into it? what if that distro doesn't initialise the gpu and such at all?

19:57 <bgtlover[mds]> or maybe m1n1 could include support for basic speech/braille features for prompts for unlocking volumes?

19:59 <leio> sounds like a project for you ;)

19:59 <chaos_princess> you are reinventing an initramfs, why are you reinventing an initramfs

19:59 <leio> macOS does full reboot cycles for things like that as well

19:59 <leio> hey now, I was hoping we'd get a rust braille stack out of it :D

20:00 <chaos_princess> that belongs in u-boot, m1n1 does not support user interaction anyway

20:02 <bgtlover[mds]> chaos_princess: because people don't put brltty in initramfs for whatever reason, and when the system fails or we get dropped to a rescue shell, we have no idea of what happened, because the computer is silent, no speech. There is a plugin for dracut to add brltty, but I don't think any distro uses it

20:02 <chaos_princess> ok, so, then you have a solution to fix it?

20:03 <bgtlover[mds]> leio: actually, that's not very far off, there are messages in the odilia channel, someone in our community is implementing brltty, both client and server side, in rust

20:03 <chaos_princess> kexec is just the wrong tool for this specific job

20:03 <bgtlover[mds]> chaos_princess: what's that? I thought one gets from m1n1 directly to booting the kernel

20:04 <chaos_princess> no? it goes m1n1 -> u-boot -> grub or something -> kernel

20:05 <bgtlover[mds]> chaos_princess: I mean, does asahi use dracut? if so...yeah, enable that plugin for brltty, enable both speech and braille, it should be technically fixed. Next time I install fedora, I'll try that to see if it's possible, I never did anything that deep before

20:05 <bgtlover[mds]> s/brltty/brlapi/

20:06 <chaos_princess> FAR uses dracut, and i think altdistros are also "heavily encouraged" to use it

20:36 <jannau> brltty-dracut is available in fedora but does not seem to be installed by default

20:39 <bgtlover[mds]> exactly, and that's one of the issues. If that was there, many more of the weird failure conditions we could at least hear, so we know that's what's happening. Combined with the fact that pipewire now has support for running as a system component, we could recover our systems more or less the way y'all do, instead of needing the install media for almost everything

20:43 <bgtlover[mds]> I would like to never have to do any of that, for the gui to always come up, so then the silence between turning on the computer and getting speech at login would be very short, but sometimes horrible issues do happen, and we should know that they happened basically. If this stuff is done, I think that's better than what windows does, probably not better than macos by a long shot, but apple accessibility being what it is, being able to

20:43 <bgtlover[mds]> compare asahi to that is huge progress!