Gummiboot and encrypted / partition

Similar Messages

• Grub, UEFI, and encrypted partitions

  I followed the tutorials on the Wiki regarding setting up luks encryption over LVM which worked fine. Part of this process involved getting grub to decrypt the root partition, which also worked. However, I later went and followed instructions for getting UEFI boot to work; I created a separate /boot partition, used grub-install, etc. I'm now in a weird state, though: grub is still using (and unlocking) the root partition and using whatever is in its /boot directory when it really should be using the /boot partition. I've managed to confuse myself enough through all this that I'm not sure what config files and commands I need to mess with to get grub to load the initramfs from the actual boot partition while not also screwing up the root partition that should be unlocked/mounted by systemd.
  My common sense tells me that the latter has nothing to do with the former but it took me long enough to figure out the hack of copying everything in the boot partition to root's /boot just to get the thing booting again after a kernel update that I'd rather just ask here

  tcdavis wrote:I'm now in a weird state, though: grub is still using (and unlocking) the root partition and using whatever is in its /boot directory when it really should be using the /boot partition.
  UEFI and a dedicated /boot partition are separate things, and they are not dependent on one another. The problem is most likely coincidental.
  Make sure your "root=" and "cryptdevice=" kernel parameters are correct. Edit /etc/default/grub, and use the UUID of the LUKS container on the new /boot partition, replacing the old UUID of the root filesystem. This should be the UUID of the LUKS container itself, not the filesystem contained within it. Use `cryptsetup luksUUID /dev/sda2` substituting sda2 with your /boot partition. This only applies to the kernel and is not directly related to GRUB, so it's just a precautionary measure.
  Make sure /boot is mounted, and regenerate grub.cfg:
  mount /boot
  grub-mkconfig -o /boot/grub/grub.cfg
  Delete the contents of /boot on the root partition to prevent confusion:
  umount /boot
  rm -r /boot
  mkdir /boot
  mount /boot
  Also make sure your /boot partition is being mounted (via crypttab and a keyfile) automatically at boot, or you will run into problems later on.
  Strike0 wrote:If you, in your first attempt, installed grub to the MBR and your bios is set to dual legacy/uefi, the grub bios may take precedence now. You should boot the machine/install ISO in pure efi mode before executing the grub install for uefi and best wipe the grub bios which probably installed itself to sectors before the first partition.
  I don't know enough about the GRUB internals to say whether or not the UUID of the /boot partition is embedded in GRUB's UEFI stub, but in theory the following commands should overwrite both the BIOS boot loader and UEFI.
  mount /boot
  grub-install --target=i386-pc --recheck
  grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=grub_uefi --recheck
  This way GRUB should use the correct /boot no matter if it is booting in BIOS or UEFI mode.
  If these instructions don't solve your problem, please specify what stage of the boot process is failing, and what you saw prior to the boot failure (e.g. did you get a GRUB rescue shell? Did you see the GRUB menu? Did GRUB indicate an incorrect UUID?)

• OpenSUSE - Arch switch: encrypted partitions, keeping /home and other

  Hello,
  I am considering switching from openSUSE to Arch -- I want to gain performance, avoid releases and try something new -- but have some doubts/questions. I would appreciate if you could help me a bit with resolving them :)
  i. From what I see on the fora some of you are (ex) SUSE users so... will I miss anything?
  ii. Should I expect any problems in general?
     a) I am using nVidia proprietary drivers and, despite all downsides, would like to keep doing so. Are there any problems regarding installation or keeping them up to date?
     b) Is it possible to use s2ram and s2disk or obtain working counterpart(s), as, I hear, there are some problems with those?
     c) Is it possible to install software from debs and/or rpms? Possibly without extracting and moving files manually?
     d) Is it safe to assume that hardware and all applications not specific to any distribution will work just as well as they do on SUSE? I know, Linux is Linux but still.
  /edit:   e) Does getting fonts to be displayed properly takes a lot of tweaking? This problem does not exist on SUSE but on other distros it used to be a pain.
  iii. I have SUSE installed on encrypted partitions (with luks and /dev/mapper so it's pretty similar to setup recommended for Arch in that matter) and would like to avoid reencrypting as well as keep /home untouched. Is it possible and not too complicated?
  (I have seen http://wiki.archlinux.org/index.php/LUKS_Encrypted_Root, http://wiki.archlinux.org/index.php/Off … tall_Guide and http://wiki.archlinux.org/index.php/Ins … ing_Linux)
  Any additional information and comments are welcome.
  Last edited by skx (2009-02-16 15:36:33)

  quarkup wrote:ii)
  a) No problemo. I use nVidia drivers too for my 6800go, with no issues.
  Inxsible wrote:ii c) [....] I think there are packages in AUR, which can help you convert them to an Arch PKGBUILD and then install them.
  Thanks.
  bgc1954 wrote:i)
  Well, if you used suse for any length of time, you might miss the incredible slowness of yast as compared to pacman. :D
  YaST is not that slow anymore ;)
  What about the encryption part? That's the one that makes me anxious.
  Last edited by skx (2009-02-16 15:50:58)

• Link to a file in encrypted partition

  Hi all,
  I have an encrypted partition with some files I use regularly.  If I mount the partition, I can make a shortcut to files by dragging them onto the dock.  If I click the icon on the dock, and the encrypted partion is not mounted, I get prompted for the password and the partion mounts and the file opens.
  I'd like to put several of these shortcuts in a single folder on my dock.  Just dragging and dropping does nothing.  Any thoughts?

  So I solved this by having an applescipt call a bash script.  Kind of a silly round-about way to do it, but it works.

• Additional, encrypted partition mounted as /Users

  Recently I removed DVD-ROM drive from my MacBook Pro and installed 60GB SSD for system (in regular HDD bay) and my old HDD instead of DVD drive.
  My plan is to use fast SSD drive for system and the HDD for data.
  I would like to have my HDD partition mounted as /Users so all users' home directories are stored on HDD.
  I read this article: http://www.red-sweater.com/blog/1935/lions-whole-disk-encryption but it seams there is a problem with logging in if the user's home directory resides on separate encrypted partition.
  My question is:
  Is there any chance I can have "fully functional" /Users directory mounted as additional encrypted partition?
  Thanks,
  Mike

  Hi Linc,
  Thanks for your answer.
  No, because the Users volume would already have to be unlocked and mounted before you could log in, and that's impossible.
  I don't think it is impossible. I would reather say: "Apple makes it difficult to do".
  I barely see any problem with mounting other partitions on the system level during boot.
  The question is: "How hard is it to do that now?"
  The second question is: "When (and how) Apple will make it easier?"
  The best you could do would be to log in, mount the volume as root at /Users, then log out and log in again. I wouldn't recommend that you try this.
  Yeah... I don't feel like log in two times. I wouldn't recommend it either.
  I have another idea which is:
  1. Mount addtitional encrypted partition as /Volumes/Whatever
  2. Create directories like:
  /Volumes/Whatever/Documents
  /Volumes/Whatever/Pictures
  /Volumes/Whatever/Music
  /Volumes/Whatever/Library
  3. Mount these directories in places under /Users/MyUser/... during login.
  So there are other questions:
  1. How to do it the "Mac way"?
  2. There are maybe some directories which probably can not be mounted this way as its content can be necessary for login process to perform (probably some subdirectories of Library). Is it the case?
  Cheers,
  Mike

• [Solved] installation and setup question - gummiboot and EFI

  Hi,
  This is the first time i'm installing arch. i hit the below issues. hope someone can help me out. my understanding of uefi is just about an hour worth of reading or less..
  (the wiki didn't mention the kernel requirement when I started installing it... now it does and i updated the beginner's guide wiki post.)
  Problem
  Gummiboot#Installing says that "If you are still running kernel 3.7 or have not booted in EFI mode, creating the boot entry will fail. You should however still be able to boot gummiboot as it copies the binary to the default EFI binary location on your ESP (/boot/EFI/BOOT/BOOTX64.EFI on x64 systems). "
  the gummiboot part fails. gummiboot gives this error at install  saying file system is not FAT EFI, so first I got gummiboot and gummiboot-efi both using pacman. then, I provided the --path to install and now it coughs up because the latest iso isn't 3.8 yet.
  Failed to access EFI variables. Is the "efivarfs" filesystem mounted?
  I can see efivars but this is asking for efivarfs.
  so instead I did,
  # cp /usr/lib/gummiboot/gummibootx64.efi /boot/efi/EFI/gummiboot/gummiboot.efi
  # efibootmgr -c -d /dev/sda -p 1 -w -L "Gummiboot" -l '\EFI\gummiboot\gummiboot.efi'
  how do I set this up? I'm afraid if I overwrite /boot/efi/EFI/BOOT/BOOTX64.EFI  windows might not boot.
  after the installation (of course without gummiboot stuff) now when I reboot, I don't see any gummiboot menu at all because i didn't copy it to EFI/BOOT. it goes straight to windows 8 boot. during boot if I press F12 and see the menu option on thinkpad, I see gummiboot as the first entry(must be because of efibootmgr) followed by windows boot manager. When I select the gummiboot and enter, it just circles back to the same menu. I have setup the loader.conf and arch.conf as described in the wiki.
  how do I set gummiboot to work? i dont mind pressing F12 and then going to gumiboot-> arch until 3.8 is out.
  If this isn't possible, can I install rEFInd without messing gummiboot? looking at the dir structure of FAT EFI I think it should be possible but not 100% sure until i try it out. Also, to get rid of gummiboot, i should delete the directories, uninstall using pacman and get rid of the efibootmgr change I made, right?
  Last edited by lobo2 (2013-03-15 04:07:47)

  srs5694 wrote:
  sidneyk wrote:Maybe not, I use rEFInd and mount ESP on /boot/efi and copy over updated kernels and initramfs. Maybe if you are mounting ESP at /boot the kernel and initramfs get written to both places at once, I don't know. I also don't know if /boot is where gummiboot expects them to be.
  I realize this has been at least partially addressed by others, but I want to make two points very explicit:
  In Linux, partitions (or more precisely, the filesystems that most of them contain) are accessed by mounting them at a mount point (a directory). Thus, when you mount the ESP at /boot, the contents of /boot are the ESP. Put another way, mounting the ESP at /boot means that to read or write the ESP, you read or write files and directories under /boot. You can test this yourself by mounting and unmounting a partition that's not basic to the minute-to-minute functioning of the computer. The ESP will actually work fine for this. Unmount it from /boot or /boot/efi and then issue a mount command to mount it elsewhere (say, "mount /dev/sda1 /mnt"). Then check the files under your temporary mount point, and even copy a file there. You can then unmount it and mount it back where you normally do and look for the file you copied -- it should be there. Play with this until you fully grok it.
  Gummiboot runs before Linux, and it has no conception of Linux mount points. Thus, whether you mount the ESP at /boot, at /boot/efi, at /home/fred/abadmountpointforanesp is irrelevant, so long as the files on the ESP are laid out in the way that gummiboot expects. The trickiest aspect of this for those unfamiliar with the Linux mount system is that you do not include the Linux mount point in filename references for pre-boot programs like gummiboot. That is, if you mount the ESP at /boot and place the kernel at /boot/vmlinuz, then in gummiboot, the kernel would be \vmlinuz.
  Yeah, I figured this out based on the OP's response to that and thinking it through, I just never really thought about it much before now. But I will argue that the mount point /boot and the EFI partition are indeed 2 different locations. I know that once the ESP is mounted at /boot that this distinction disappears until it is umounted and something written to /boot, but while mounted as such, /boot and ESP are virtually the same, at least to the Linux system. I realize the EFI programs are ran before any OS and therefore don't really care about any OS specifics.
  I wonder if the OP has confused the info between gummiboot and rEFInd (possibly from the Beginners Guide) because to me, after reading the gummiboot wiki, it just seems that it would be much simpler to just give gummiboot what it wants, i.e. ESP mounted at /boot, whether it's a separate partion or not. I'll have to take a look again at the Beginners Guide to see again the order of things there, but if it isn't, maybe it should be having the user ensure that pacman has completely updated the new system and then go on to the boot loader specifics. I was just thinking though, that the way the install medium is now, that it was automatically pulling the latest stuff down as part of the install process. I know it's not pulling testing or multilib without user intervention, but the core, stable stuff it is. That seems to be part of the confusion here maybe, 2 different versions of gummiboot with gummiboot changing some things between the 2 and maybe the kernels, too.
  [EDIT] I took another look at the Beginner's Guide and it says that most users will probably want to use the [core], [extra], and [community] repos, which are enabled by default. It goes on to recommend that [multilib] be enabled for users wanting to run 32 bit programs and then reminds you to run #pacman -Sy to update the package lists, but not #pacman -Syu which would apply any changes from the repos since starting the install. Shouldn't matter much, even if the [multilib] repo was enabled because at that point no 32 bit libs have been installed, but it would matter if a user decided to enable the testing repos.
  I wouldn't ordinarily recommend it, but in this case, if the OP is comfortable with the risk, then it might be useful to, at least temporarily, enable the [testing] repo and do #pacman -Syu to pull in the 3.8 kernel. Note that this is likely to also pull in other packages from [testing], but if you haven't installed X yet or any desktop environment, then what is pulled in shouldn't be too overwhelming. He can then immediately go back and disable [testing] if desired. I'm currently using testing without any issues, but there are risks to doing so.
  Last edited by sidneyk (2013-03-14 18:13:43)

• Suspend to ram and encryption

  Hi,
  I installed Arch on my netbook with LUKS encryption on the /home partition.
  I frequently use suspend to RAM on this netbook, but I find quite insecure the fact that if I suspend the netbook and then resume later, an attacker could have access to all my data unencrypted.
  What would be the proper way to use suspend to RAM and encryption?
  Would it be possible to prompt for a passphrase to mount the /home encrypted partition
  when waking up from suspend?

  I suppose you are too much, you really shouldn't hold your breath
  If there is any option for changing where the memory is remapped to you may want to try a few different values and see if it makes any difference.

• Btrfs and encrypted volumes

  I suppose this is a rather complicated question, but hopefully i can word it well enough:
  If i have a btrfs volume on an encrypted partition (using dm-crypt/luks), and i want to expand it to another physical drive, would i need to setup an encrypted volume on the second drive as well, or would the first volume's encryption apply to the 2 (once i've run btrfs-vol -b).
  More precicesly should i run "btrfs-vol -a /dev/mapper/encrypted-vol2 /media/foo" or would "btrfs-vol -a /dev/sdc1 /media/foo" be better.
  I've already attempted doing so with both partitions encrypted, which results in a significant amount of CPU usage required to access the drives and potentially might slow things down more then needed. I'd like to know if doing it on an unencrypted partition would work while still maintaining the encryption.

  I have no specific knowledge about btrfs, but with my understanding of how device mapper works in general, I would say you would find yourself with some files being encrypted and some files not.
  The filesystem is just seeing an underlying block device, there's no difference for it between accessing a 'raw' block device (like a partition) and a device-mapper block device (like an encrypted partition). I doubt btrfs does any extensive check on the nature of the block device before using it, because that wouldn't be really portable.

• Encrypted partition

  hi
  i have an encrypted partition use by suse
  is there a way to use it with arch linux?
  thanks

  Generally you would use the same method you (or suse) uses to mount and unlock the encrypted partition.
  If you use Luks for the encryption with dm_crypt you could simply run:
  cryptsetup luksOpen /dev/hdaX name_of_partition
  mount /dev/mapper/name_of_partition /partition_mountpoint
  To do all of this atomatically you would need to edit /mnt/etc/crypttab and enter the needed information.
  Here are two wiki entries concerning LUKS with Arch, they do not directly relate to what you need but you could use some pieces of it.
  LUKS Encrypted Root
  RAID Encryption LVM
  Most of the above is only valid when you're using LUKS I suppose. I also can't say anything about other methods because I never used them.

• After the last Yosemite update on my MacBook pro I turned the FileVault on, now my Mac is freezing all the time and encrypting the drive looks like going to last forever and I am unable to use my MacBook pro what must I do???!!!

  after the last Yosemite update on my MacBook pro I turned the FileVault on, now my Mac is freezing all the time and encrypting the drive looks like going to last forever and I am unable to use my MacBook pro what must I do???!!!

  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
  You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
  In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
  You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
  Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
  4. Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB ' com.adobe.AAM.Updater-1.0 com.adobe.AAM.Updater-1.0 com.adobe.AdobeCreativeCloud com.adobe.CS4ServiceManager com.adobe.CS5ServiceManager com.adobe.fpsaud com.adobe.SwitchBoard com.adobe.SwitchBoard com.apple.aelwriter com.apple.AirPortBaseStationAgent com.apple.FolderActions.enabled com.apple.installer.osmessagetracing com.apple.mrt.uiagent com.apple.ReportCrash.Self com.apple.rpmuxd com.apple.SafariNotificationAgent com.apple.usbmuxd com.citrixonline.GoToMeeting.G2MUpdate com.google.keystone.agent com.google.keystone.daemon com.microsoft.office.licensing.helper com.oracle.java.Helper-Tool com.oracle.java.JavaUpdateHelper com.oracle.java.JavaUpdateHelper org.macosforge.xquartz.privileged_startx org.macosforge.xquartz.startx ' ' 879294308 4071182229 461455494 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 3694147963 1233118628 2456546649 2806998573 2778718105 2636415542 842973933 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 523110921 3873345487 ' 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<10) print "com.apple.";} ' ' { sub(/ :/,"");print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { split("'"${p[41]}"'",b);split("'"${p[42]}"'",c);for(i in b) print b[i]".plist\t"c[i];if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"cksum "F|getline C;split(C, A);C="checksum "A[1];"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F" ("T", "C")";else F=F" ("C")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */   /;' ' s/^.+ |\(.+\)$//g;p ' '/\.(appex|pluginkit)\/Contents\/Info\.plist$/p' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR/d;s/^.+: //p;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' pluginkit scutil dtrace profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$(RefProc): \$Message' -k Sender Req 'fsev|kern|launchd' -k RefProc Rne 'Aq|WebK' -k Message Rne 'Goog|ksadm|probe|Roame|SMC:|smcD|sserti|suhel| VALI|ver-r|xpma' -k Message Req 'abn|bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|NVDA\(|pagin|proc: t|Roamed|rror|SL|TCON|Throttli|tim(ed? ?|ing )o|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,Ex}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????|wc -l' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' " -F '\$Time \$Message' -k Sender kernel -k Message CSeq 'n Cause: -' " );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors App\ extensions Lockfiles Memory\ pressure SMC Shutdowns );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};A'$((7+i))'() { v=` eval sudo "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};';done;A9(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2 7 8;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;B1&&D73 19 53 67 55;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 54 12 56;D23 5 14 12 14;D22 6 36 13 15;D22 20 52 66 54;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D82 35 49 61 51;D82 11 17 17 20;for i in 0 1;do D82 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A8 18 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;B3 4 0 65;A3 14 6 32 0;B4 0 16 11;A1 26 50 64;B7 16;C3 52;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D73 21 0 32 19;D73 10 42 32 40;D82 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 21 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D83 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 10 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 21 48 49 49;B3 4 22 57;A1 21 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D12 4 51 32 53;D23 22 9 37 7;A9;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  8. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
  exec bash
  and press return. Then paste the script again.
  10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return  three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
  [Process completed]
  to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
  12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
  14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
  Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• Can I use One Hard Drive for 2x Time Machine Back Ups and another partition for all my data?

  Hi Forum,
  I am planning to but a RAID disc set up, but if i get a 2 disc set up, on one disc, can i have:
  Time Machine back up for one Mac
  Time Machine back up for 2nd Mac
  Anothe partition for all my data.
  then have that RAID'd to second disc?

  no one?
  and if this set up was on one disc, and one partition for one TM was for the Mini that has this drive attached, would TM back up this whole drive 2x TM Partitions and 1x partitions with data on, ok? it wouldn't get confused by trying to back itself up

• Is it possible to do multiple ssids and encryptions on an autonomous AP without vlans?

  I got a customer who just has autonomous APs. They are upgrading from 1210s to 1262s. They are currently running a config that is wide open with no authentication or encryption and using a VPN tunnel on the wireless clients for security. They want to switch to using WPA2/PSK with the new APs. They have existing clients that have to continue to work during the upgrade to the new APs. They run 3 shifts so it is a 24 hr operation with no downtime. What I was thinking would be to configure the 1262 with multiple SSIDs, one with their existing settings and one with the new. Then I could swap the APs one at a time and it would only impact service for a short period of time while I was mounting the new AP. Then once all the new APs are installed I could transition the clients over to the new SSID and encryption then disable the old SSID once all the clients are switched over. I've done this before with a WLC but not with an autonomous APs. The only config examples I can find uses VLANs. This customer is not using VLANs. Is there anyway to use multiple SSIDs with different encryption on a single radio on an autonomous 1262 without VLANs?
  The site has about 30 APs and 100 clients. Yes I know a controller would be preferred for a site of this size but that is a question for sales and why they didn't see them a controller. I just get stuck with what they sell them.
  thanks

  Hi Don,
  Im afraid on the autonmous platform you can not map multiple WLANS to a single vlan.
  "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
  ‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

• Unable to connect to Wi-Fi connection using WPA2 PSK authentication and encryption type TKIP

  I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
  My issue is copy/pasted below:
  Original Title: TKIP selection in WiFi network settings
  I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
  On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
  Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
  7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
  When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
  if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
  the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.

  I was referred to here from this thread at the Windows Insider Program: http://answers.microsoft.com/en-us/insider/forum/insider_wintp-insider_web/unable-to-connect-to-wi-fi-connection-using-wpa2/07bae1ed-c7fb-4f85-9d26-5549cc23e57a?msgId=2eb70420-fe35-494b-a13d-dcacd4d55eb9&rtAction=1426697691002
  My issue is copy/pasted below:
  Original Title: TKIP selection in WiFi network settings
  I have a workplace WiFi connection using WPA2 PSK authentication and encryption type TKIP.
  On the machine I used to test Windows 10, I had a previous installation of Windows 7 professional which connected to my workplace WiFi using the above settings. After installing Windows 10, my workplace wifi settings were imported and worked fine.
  Windows 10 had a system crash, and since I had deleted my previous windows installation, I performed a complete reinstall of Windows 7. However, when I went to install Windows 10 again, I had not taken the time to set up my workplace Wifi on Windows
  7 before installing Windows 10. As a result, I had to set up my workplace wifi as a new connection in Windows 10.
  When going to set up the wifi connection, the encryption type was grayed out, but appeared to default to AES. Searching the internet suggested that Windows 8.1 did not need a encryption type selected, because Windows could automatically determine
  if it was TKIP or AES, hence why the option to select encryption type was grayed out. However, after completing the setup of my workplace wifi, Windows 10 could not connect to my workplace wifi. After restoring Windows 7 with a factory reset, and setting up
  the workplace wifi (the encryption type selection was not grayed out and I manually selected TKIP encryption), my workplace wifi was working again.

• Usb flash drive partitions and view partitions in windows 7 or 8 O.S using C or C++ or C#

  I want to make 2 partitions in usb flash drive. How can a usb can be partitioned using C or C++ or C# languages? And these partitions can be able to see either in a tool or in windows o.s

  Hi,
  Your issue is out of support range of VS General Question forum which mainly discusses the usage issue of Visual Studio IDE such as
  WPF & SL designer, Visual Studio Guidance Automation Toolkit, Developer Documentation and Help System
  and Visual Studio Editor.
  Maybe you can try to consult on this forum:
  https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/home?forum=wdk
  Anyway, I am moving your question to the moderator forum ("Where is the forum for..?"). The owner of the forum will direct you to a right forum.
  Thanks,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Recovery and Tools partition problem

  Hi;
  My Elitebook 8460p recover and tool partition deleted I want to recover my hard drive factory default but i can't find any rescue DVD.
  Please help me..

  Welcome to the HP Forum!
  mgs_mgs wrote:
  Hi;
  My Elitebook 8460p recover and tool partition deleted I want to recover my hard drive factory default but i can't find any rescue DVD.
  Please help me..
  That is indeed unfortunate. You will need to order a recovery disk set from HP or an HP Partnet. Here is how to order a recovery disk set.
  Kind regards,
  erico
  ****Please click on Accept As Solution if a suggestion solves your problem. It helps others facing the same problem to find a solution easily****
  2015 Microsoft MVP - Windows Experience Consumer