Secure boot question and user question

Similar Messages

• Going to be getting a gtx 770 - Secure Boot question/s

  I understand that secure boot has to be disabled, but do I also have to enable legacy support?
  http://h10025.www1.hp.com/ewfrf/wc/document?docname=c03975089&cc=us&dlc=en&lc=en
  windows 8.1 - UEFI - ami 80.07 9/5/2013
  This question was solved.
  View Solution.

  Hi:
  If you are going to add an non-HP video card, you have to change both settings in accordance with the instructions at the link below.
  http://h10025.www1.hp.com/ewfrf/wc/document?cc=us&dlc=en&docname=c03653200&lc=en&jumpid=reg_r1002_us...

• Dual booting S540 and linux with Secure Boot?

  At some point I intend to install archlinux with dual boot on my Thinkpad S540 which currently runs Windows 8.1.
  All the current advice about dual boot on UEFI machines seems to indicate that the way to go is to disable Secure Boot (and Fastboot) for Windows, and then do the linux install choosing a linux bootloader to allow booting either O/S. I believe I know the steps needed to do that.
  Does anyone have any experience with dual booting Windows 8.1 and ArchLinux on the S540?  I would like to retain Secure Boot for Windows, and in the ideal world have Secure Boot running for ArchLinux also. However Secure Boot is fraught with problems for Linux. There are a few distributions such as Ubuntu which will in principle support Secure Boot but I only use ArchLinux and want to install that particular flavour of linux on my machine. It is of course possible to keep switching Secure Boot on and off in the BIOS before booting either of the two installed operating systems but it would be neater and cleaner to have it all with Secure Boot on, or all with it off.
  This is all very new stuff so there may well be a lot of problems, but it is worth exploring. I use rEFInd as my bootloader on another UEFI desktop computer to boot ArchLinux so I am familiar with that bootloader, but dual boot is another thing, and Secure Boot with the fast moving developments in that area is something that until now very few people have tinkered with.
  Any replies and guidance/suggestions appreciated.

  I'm guessing /boot can run from ntfs, however probably not as efficiently as if it were running on ext3/4. Mine runs on Ext4.
  To add confusion, you only create one Extended partition, all partitions you create within the Extended partition are called Logical partitions. You should be able to create enough Logical partitions for your needs.
  Primary/Extended partitions are normally sda1-4 and Logical partitions will usually start from sda5 on modern Sata HDD systems.
  For /boot I would create a small 100mb Ext4 Logical partition. This partition cannot be inside LVM nor encrypted when using Grub1.  I'm not familiar with Grub2.

• MJG's signed Shim for UEFI Secure Boot now available

  There have been a number of posts about EFI and Secure Boot recently, so I thought some people might be interested in this:
  http://mjg59.dreamwidth.org/20303.html
  That's Matthew Garrett's announcement of a signed binary version of his Shim boot loader. Basically, this program will boot on a computer with Secure Boot active in its default mode (with Microsoft's keys in the firmware) and then launch another boot loader (called grubx64.efi, although it could be something other than GRUB in that filename) that you sign with your keys. The end result is something that's more secure than disabling Secure Boot entirely and easier than installing your own Secure Boot keys. I haven't yet tried this version of the binary, so I can't provide help beyond pointing you to MJG's own blog, but I thought some people might want to know about it.
  FWIW, although you could sign and launch my rEFInd boot manager with this version of Shim, the current version (0.4.7) won't be very useful when signed in this way, since it doesn't yet "talk" to Shim. I'm working on changing that, so that rEFInd will launch binaries signed in a way that Shim supports.

  kristof wrote:A signed bootloader is nice, but unless the Arch developers start distributing a version of the kernel that's also signed with a MOK, secure boot isn't being fully utilized.
  Largely true, but:
  Secure Boot is here, and seems likely to stay. Given this fact, all Linux distributions (including Arch) need a way to cope with it. There are basically two choices: Provide instructions on how to deal with it (difficult because of system-to-system differences) or provide signed binaries (a boot loader at a minimum, or preferably a boot loader and kernel).
  It's possible to "provide" a signed binary by generating the key locally and signing it locally. This could be done by scripts in the installation process, for example. Of course, that still leaves a need to get the installer booted on a Secure Boot system, but that could be handled with the Linux Foundation's pre-bootloader.
  To be truly effective, Secure Boot really requires support all the way up the software chain. Signing a kernel does no good if the kernel can load unsigned modules, for instance. Fedora's taking steps to provide such security, but Ubuntu seems to be going with a more relaxed approach. In truth, Linux isn't as bothered by malware as is Linux, so it's unclear that going with a Fedora-esque approach is really helpful; but OTOH, it's conceivable that malware authors will start using Linux as a vector to install boot-time malware if Windows becomes sufficiently locked down, so maybe some paranoia is in order.
  At the moment and as a practical matter, technical Linux users (including most Arch users) will find it quicker and easier to disable Secure Boot than to use shim. As shim and various support tools (signing utilities, boot managers, etc.) mature, though, this may not be the case. It may also be desirable or even necessary to leave Secure Boot enabled, in which case adopting shim now may make sense. Likewise if you want to learn about it now so that you can use it in the future.

• Creating a Boot drive and a data drives

  I have just installed a new 750 GB hard drive into a PowerMac G5, it had a 160 GB drive already, and I left that in there. I would like to use the older smaller drive as the boot drive, and the newer bigger one as the user data drive.
  How do I go about doing it to minimize problems? I can clone the older drive onto the newer one, using disk utility. Once I do that, then what? Please give me some detailed steps.
  Where do I divide things up, put system and applications on the boot drive, and users on the data drive? What about Library? What about things like etc, tmp, and var? Will I have problems cloning users? Please help

  You do not need to clone to the new drive, unless you want to be able to startup from it.
  Just use Disk Utility. Select the new drive in the Disk Utility sidebar. If you just want one partition on the drive, you can use the Erase tab to format it. Select Mac OS Extended (Journaled) as the format type. If you want to partition it and format it, use the Partition tab. One possibility is to create two partition, with one partition being about the size of the 160GB startup drive. You can then periodically clone your regular startup drive to that smaller partition to have a bootable backup (very useful for trouble-shooting). The second partition can be the rest of the space. How you partition the drive is up to you...
  You should keep your system and library files on the startup drive. You should generally keep your application files on your startup drive, in the Application folder. You may also want to keep all of default first level folders in your Home (user) folder on the startup drive. These are the folders like Documents, Music, Movies, etc. that are created during the OS installation.
  Inside these user folders, I have moved my large folders (such as +iTunes Music+ at <home>/Music/iTunes/) to my second drive. Then I create an alias named exactly like the moved folder, and put it back in the original location. When iTunes is started, it should act like the folder was still on startup drive in the default location. Alternately, you can move the folder and tell iTunes where the new location is in its preferences, but I like using the default settings when possible.
  You should be able to take similar actions to put your iPhoto library folder and others on your second drive. If you have sub-folders in your documents folder, you can also alias them to folders on your second drive. Essentially, most of your user-created data can be on the second drive, but it will look like a default setup in Finder and to the system.
  There are more technical things you can do, such as move your entire user folder to the second drive. You can look at those possibilities as well...

• Windows 8.1 Ent eval enabled Secure Boot I think

  I want to get my laptop back to its original format.
  Currently dual booting Windows7/8.1
  During the installation of Windows 8.1 Enterprise evaluation it paused to say it was going to enable secure boot.  I did'nt think much of it I thought I could change it back from the bios.  Did it flash my firmware?  I checked the system status
  with msinfo32.exe; was legacy mode and with powershell; secure boot not supported.  I don't have any options to disable secure boot in the bios nor from within Windows -"I know how to disable it in windows 8.1".  I can't boot a foreign
  operating system, but I can boot a Microsoft OS which sounds like secure boot to me.  I want to get it back to running Windows 7 dual booting with Linux.  I use both at work and need both.  I made the mistake by loading the Eval on my primary
  laptop.  I read I need to revert back to Windows 7 completely, formating and re-installing the OS.  Will this clear my secure boot simulation issue?  I have not changed the partitions or removed any O/S's.   What's the best way
  to proceed?

  Hi,
  I want to explain that, Secure Boot is indepent with system, you can disable it in UEFI interface.
  To disable Secure Boot, you can follow the steps below:
  1.Before disabling Secure Boot, consider whether it is necessary. From time to time, your manufacturer may update the list of trusted hardware, drivers, and operating systems for your PC. To check for updates, go to Windows Update, or check your manufacturer's
  website.
  2.Open the PC BIOS menu. You can often access this menu by pressing a key during the bootup sequence, such as F1, F2, F12, or Esc.
  Or, from Windows, hold the Shift key while selecting Restart. Go to Troubleshoot > Advanced Options: UEFI Firmware Settings.
  3.Find the Secure Boot setting, and if possible, set it to Disabled. This option is usually in either the Security tab, the Boot tab, or the Authentication tab.
  4.Save changes and exit. The PC reboots.
  I found an aticle that teach how to install dual-boot Windows 7 and Ubuntu 12.04 on a PC with UEFI hardware:
  http://www.linuxbsdos.com/2012/10/11/dual-boot-windows-7-and-ubuntu-12-04-on-a-pc-with-uefi-hardware/
  Hope this helps.
  Roger Lu
  TechNet Community Support

• Mavericks server alerts and User account questions

  Hi
  I'm looking for more detailed information about setting up Alerts in Mavericks Server, plus I seem to have a strange problem with new user accounts when setting up.
  More Info.
  I have a Mac Mini acting almost 100% exclusively as a Time Machine backup device with encryption of three portable computers on a wired network.  This was originally set up three years using Snow Leopard Server and a 2Tb external FireWire Drive.
  The external drive is now proving too small, and in any case is showing the possible first signs of failure when tested, so the intention is to replace it with a RAID of some sort, probably a 2-drive RAID 1 device but if the budget allows we might be able to look at RAID 5 or 6 units.
  It seems a good opportunity to clean install Mavericks Server on the Mini, so I've set up a test station on my MacBook Pro with my Mac Pro (both running 10.9.2) as a test backup client.  The Server OS is on an external FireWire boot drive, and the TM backup folders are on another external, in this case a USB 3.0
  For obvious reasons there does not seem to be any reason to turn on more services than absolutely necessary, so just Time Machine and File Sharing for the moment.  All works well but I can't seem to get Alerts working.  I've listed 3 different eMail addresses (all mine) for the alerts to be sent to, and I have two Admin Accounts for Notifications, both using the same AppleID I set the Server software up with.  I've gone through the rather sparse setup help information carefully, and there is no information about additional services being required, although I did try setting up the Mail client (tested sending and receiving) on the Server and having it running whilst the backups were being tested.
  As I said, the test backups went fine and when I disconnected the backup drive from the Server to simulate a failed drive the TM on the Mac Pro client showed an alert saying the backup drive could not be found.  However, there were no emails or Notifications received, either on the Mac Pro or my iPhone from the Server.
  There seems to be minimal amount of information available about the workings of Mavericks Server, but I have gone through what I can additionally find online about Mountain Lion Server, with no real indication of what it is that I am missing.  The only instructions seem to be exactly what I've done, so your advice would be appreciated.
  Another thing that puzzles me, is that when restarting the MacBook Pro I get all the Admin and Standard User Accounts (created in Server.app) showing at the login screen.  This is only four Accounts in total, so what would happen if this was 50 Users?  If I click on the 'User' tab in Server.app I get 83 User Accounts showing, but that was not the case until this evening, as only the Admin and Stardard User Accounts I had set up were visible.
  It's obviously possible that I've mucked up the install and basic setup somehow, but I can't see that anything I've done would have these effects as I've been careful to follow the options put in front of me.
  Thank you in advance.

  There's nothing to fetch. You assign the value from the function GET_APPLICATION_PROPERTY(USERNAME); as you would any value returned from a function.
  DECLARE
     myVar    VARCHAR2(50);
  BEGIN
     myVar := GET_APPLICATION_PROPERTY(USERNAME);
  END;Hope this helps.
  Craig...
  -- If my response or the response of another is helpful or answers your question please mark the response accordingly. Thanks!

• HT5699 I forgot my security support question and answer, what should i do?

  I forgot my security support question and answer, what should i do

  See Kappy's great User Tips.
  See my User Tip for some help: Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities https://discussions.apple.com/docs/DOC-4551
  Rescue email address and how to reset Apple ID security questions
  http://support.apple.com/kb/HT5312
  Send Apple an email request for help at: Apple - Support - iTunes Store - Contact Us http://www.apple.com/emea/support/itunes/contact.html
  Call Apple Support in your country: Customer Service: Contacting Apple for support and service http://support.apple.com/kb/HE57
   Cheers, Tom

• Apple Macbook 13.3" Laptop-Black 2008 2.4GHz Intel Core 2 Duo will not boot up and instead I get a grey screen with a folder and a question mark over it.

  My Apple Macbook 13.3" Laptop-Black 2008 2.4GHz Intel Core 2 Duo will not boot up and instead I get a grey screen with a folder and a question mark over it.  I've tried Option key, and Control S keys and it still will not boop up.  Can anyone help?

  If you are running Snow Leopard:
  Reinstall OS X without erasing the drive
  1. Repair the Hard Drive and Permissions
  Boot from your Snow Leopard Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Utilities menu. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer.
  If DU reports errors it cannot fix, then you will need Disk Warrior and/or Tech Tool Pro to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.
  2. Reinstall Snow Leopard
  If the drive is OK then quit DU and return to the installer.  Proceed with reinstalling OS X.  Note that the Snow Leopard installer will not erase your drive or disturb your files.  After installing a fresh copy of OS X the installer will move your Home folder, third-party applications, support items, and network preferences into the newly installed system.
  Download and install Mac OS X 10.6.8 Update Combo v1.1.
  If you are running Lion or later:
  Reinstall Lion, Mountain Lion, or Mavericks without erasing drive
  Boot to the Recovery HD:
  Restart the computer and after the chime press and hold down the COMMAND and R keys until the menu screen appears. Alternatively, restart the computer and after the chime press and hold down the OPTION key until the boot manager screen appears. Select the Recovery HD and click on the downward pointing arrow button.
  Repair
  When the recovery menu appears select Disk Utility. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported then click on the Repair Permissions button. When the process is completed, then quit DU and return to the main menu.
  Reinstall Mountain Lion or Mavericks
  OS X Mavericks- Reinstall OS X
  OS X Mountain Lion- Reinstall OS X
  OS X Lion- Reinstall Mac OS X
       Note: You will need an active Internet connection. I suggest using Ethernet
                   if possible because it isthree times faster than wireless.

• Terminology question: "booting as root" vs. "booting in single user mode"

  Terminology question: "booting as root" vs. "booting in single user mode".  Are these terms interchangeable, or is there a subtle or not-so-subtle difference?  (Obviously something I don't do often.)
  Thanks in advance.

  Boot to Single user allows root access.
  It isn't "booting to root" as in Linux, but I think is as close as it gets.
  You can enable root from a normal boot:
  http://www.youtube.com/watch?v=Y-JEpDi-cME
  Interesting read:
  http://www.securemac.com/macosxsingleuser.php
  This is fun:
  http://osxdaily.com/2007/01/22/what-happens-in-the-mac-os-x-boot-process/

• HT201363 i must have misspelt my security email adress and ive forgotten my security questions!, what do i do? please help

  i must have misspelt my security email adress and ive forgotten my security questions!, what do i do? please help

  You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  (101115)

• Hi, I have an iMac which I just booted up and have a white screen with a blue folder with a question mark blinking on and off. Any help would be appreciated. Tommy

  Hi, I have an iMac which I just booted up and have a white screen with a blue folder with a question mark blinking on and off. Any help would be appreciated. Tommy

  That means your iMac could not find a system to use for startup.  That may mean the internal hard drive has become faulty, or the hard drive mechanism is fine, but the startup volume ("Macintosh HD" unless you renamed it) may have some type of data corruption that makes it unbootable.
  First, you should try resetting PRAM
  http://support.apple.com/kb/HT1379
  and if that does not help, use this procedure to reset SMC (power management).  If your iMac is from 2008, this is the procedure for Intel (not PowerPC) Macs.
  http://support.apple.com/kb/HT3964
  (This forum category is for "iMac (PPC)," so if this iMac is older (with a PowerPC processor), please post back.)
  Disconnect all peripheral devices.  When you connect it back to power, if you have been using a power strip of some type, try connecting it directly to a wall outlet, by itself (at least initially).  Start up with nothing but the power cord connected, then add only standard mouse and keyboard.  If it works, run it that way for a while. 
  If PRAM and SMC reset have no effect, you should insert your Mac OS X installation disc (for the currently installed system) in the optical drive, and restart with the C key held down.  This should get you to the Installer screen, where you can run Disk Utility from the Utilities menu. 
  In Disk Utility, does the internal hard drive appear in the sidebar?  If so, select Macintosh HD in the sidebar and go to the First Aid tab.  Use Repair Disk.  If an error is found, note if Disk Utility was able to fix it or not.
  You can then quit Disk Utility and attempt to restart normally.

• Boot Camp and Windows XP Questions

  I have a new intel iMac and want to install Windows XP (just for kicks, really). I have a copy of a Windows XP disc that I bought for my dad a couple of years ago. The Boot Camp page says that you have to have Windows XP with Service Pack 2. How do I know if my XP has Service Pack 2?? I went to the windows home page, and one can download Service Pack 2, but the Boot Camp instructions seem to imply that you have to have a copy of Windows XP with Service Pack 2. Anyone have any insight? Will my XP work?
  iMac Intel, Powerbook G4   Mac OS X (10.4.6)  

  Just an idea for you. There is an entire Apple Discussion forum dedicated to Boot Camp and Windows XP.
  Whereas, not everyone here with an Intel iMac has installed, tried to install or has experience with BC & XP, everyone there has or at least has an interest. You may attract help more quickly there.
  The Forum is at the bottom of the main Apple Discussions page under Windows Compatible Technology.
  Here is a link;
  Forum: Boot Camp Public Beta

• Export/import login server and user grup security

  Hi,
  I followed the instructions to export Login server, user group
  security using the ssoexp.csh, secexp.csh. Then I imported the
  login server, and user group security using the ssoimp.csh,
  secimp.csh .
  I then logged into Portal and check the users, all the users are
  imported properly. However, I didn't see any group that are
  supposed to be imported. Do I missing anything?
  The syntax to run the secimp is as follows:
  secimp.csh -s portal30 -p portal30 -o portal30 -m reuse -d
  sec.dmp -c target_database
  The import finished w/o error. How can I see the groups in the
  new portal instance that I tried to import objects in?
  I noticed that the wwsec_group$ in the source area is over 3000,
  and in the target the count is only 10, which is the number of
  group I have before the import. But during the export, I don't
  see the wwsec_group$ table being exported, is that the problem?
  P.S. versions are: 9iAS 1.0.2, portal version 3.0.9.8 on solaris.
  Thanks;
  Kelly.

  This question is best suited to the Oracle9iAS SSO and Portal Security forum.
  Thanks

• Not able to get rid of security-related questions in runtime

  Hi,
  I am simply using NetBeans 6.0.1 and the emulator QwertyDevice and the emulator platform WTK 2.5.2 for CLDC.
  I have chosen Alias as trusted in the signing option in the project configuration page. however still I am getting security confirmation questions in runtime to access the local files for instance.
  Would anyone please advise me how to get rid of that?
  Also I have deployed the application on SonyEricsson k800i and would like to get rid of the security confirmations on that device as well. What is the guideline?
  Thank you

  Right clicking on it is not even an option, just hovering over it seems to induce a "nuclear" reset of the whole desktop and graphic card on the iMac.
  Have meanwhile found a possible solution by erasing the dock preference file in the user/library/preferences folder to reset the dock to it's default state. Will try this out through a Skype conversation with that Buddy.
  Was seen here :
  https://discussions.apple.com/message/16447109#16447109
  Thank you for stepping in. Good to know that people are still willing to help in this community.
  Greetz to the UK from France