cracauer, "trackpad does not work, but the trackpoint does" Sounds like everything is good then! :-)

I am one of those that actively disable the touchpad because I drag my palm on it and it has phantom taps. Just can't take it.

I use the trackpoint and also the "keynav" package is another good keyboard mouse tool.

cracauer, Since I was snarky I will also try to help. I assume you have xf86-input-synaptics installed?

rwp: yes it is installed.

3, 2, 1. here it goes! i've isolated that suspend-resume (or rather resume) fails with "options SMP" but works without on my macbook

where do i go from here? should i prepare for a summer in a basement going from zero to here as a kernel hacker, or is there an easier first step?

i might add that no search result for "smp" on bugs.freebsd.org appears to be relevant, but that's how far i got.

(obviously; filing such a ticket could be my next step, but i'm uncertain of how to phrase it in the best possible actionable manner.)

how long did it take you to determine smp made a difference?

twentyone kernel builds...

oof

the wiki for that seems not to have been updated in quite a while

I have not heard about SMP causing it, but I have had suspend fail if I had intel-vt enabled.

I'm very confident it is SMP. Just tried a kernel based on GENERIC only excluding SMP, and it resumes.

welcome to smp wait till you get the smt2 smt4 smt8 threading foo...

imgur.com/a/13fmOeN 20years ago smp athlon mp / tyan tiger

2 x 2GHz

vlc 0.8.0 haha

2 cores / 2 threads.

intel-vt and amd svm is ring -1, vmm foobar for xen,vmware esxi, linux kvm/qemu

virtual machines

vt-d and iommu is the for devices ...pciE

mmu for io devices

dgpu passthrough

m.2 pciE,usb,ahci even better..i passthrough those devices now in vmware-vmx..

close my lid and suspend-to-ram kernel.org/doc/html/v4.18/admin-guide/pm/sleep-states.html#s2ram s3 defined by ACPI.

Title: System Sleep States — The Linux Kernel documentation

vmware vm's and host os, wifi, usb mouse,joystick all come back.

tcp/http keepalive is another matter

s4 to disk/hibernate bah. dont want to waste the space on un-encrypted partition.

What macbook is it?

The thing that's most likely to break suspend/resume, in my experience, is if the TPM is activated.

debdrup: MacBookPro11,1; A1502 EMC 2678, or late-2013 as the apple heads tend to call it.

TPM chips are only in those new arm-based macbooks?

What would you guys recommend for wiping a disk securely, wipe(1) I have seen recommended, but I assume you can just dd /dev/urandom over the disk... also how many times would you recommend to run wipe/dd?

polarian: What kind of disk is that?

HDD

SSDs aren't as easy I know... and normally you got to rely on secure erase features

Such tools would kill or degrade health of SSDs, afaik, anyway.

using a tool already made, like wipe if you don't know how to use dd correctly

tercaL: yes... and it isn't effective either due to cells being taken in/out of use... and the load balancing between them...

llua: "use dd correcty?"

I don't see what is so advanced about writing random bits to a disk...

polarian: Filling the disk with random bytes/data, so that the data recovery would get harder

tercaL: yes... but my point here is... llua implied doing this with dd if hard

although I have read using /dev/zero can be done too...

its faster, but I assume not as secure, as zeros can be data

? With HDD, once upon a time at least, there were some tricks you could use to try and recover data that was written over (shave a micron or so off the top of the disc platter and play games with lab equipment, with no guarantee of success). With SSD there's nothing like residual magnetic layer from previous to exploit. Once a sector is written over, that's it, it's done. Again, difficulty being that internal to the SSD's

controller it may be dynamically remapping sectors so if someone's willing to play games there, something may be recoverable ... if the machine in question has secure erase in BIOS setup just use that for SSD.

and also TRIM, I guess

makes it almost impossible to recover - afaik

As I ubnderstand it, TRIM uses same mechanism.

gnisho: I can't actually find an explanation on how secure erase works on NAND?

you got any links I can read up on it?

I am curious

also gnisho nothing is perfect, but if you are reselling a disk then it is not a big deal

polarian: a naive assumption would be, that a dedicated tool (wipe, shred, ...) might be better at the job than the generic one (dd) or at least more convenient. if this is for regulatory reasons, check them. otherwise most of them say something like: all X, then ~X, then random. if the disk was already encrypted, maybe you leave of the random run

last time I checked, most people dont have a clean environment at home

and if you are getting rid of a disk, you can always give it a smash...

ridcully_: I am doing a prewipe before FDE

FDE will not wipe the disk

Digging on documentation. And, yes, the regulatory requirements for multipass secure erase are because of possibility to recover data from HDD. Multipass wipe on SSD doesn't actually accomplish anything.

although I heard someone talking about how they FDE a disk, then write /dev/zero to the FDE'd disk (which would encrypt 0s, so randomise it) and it is like 2 minutes faster

idk how effective it is

and it was using Linux, not BSD

gnisho: multi-pass is 7 passes to be sufficiently destroyed, correct

7 rings a bell

I seem to remember three passes with /dev/urandom being the standard.

i'd not FDE for a wipe. but if the disk already had encrypted data on it, i'd not waste my time with say 7 random runs over it

? Data is data is data. So long as the tool in question works properly, doesn't matter what the OS is, if a tool dumps zeros over the device, it dumps zeros over the device.

@polarian 7-pass is actually more than, say, the DoD asks for generally.

gnisho: what is the standard?

(with citation for further reading if possible?)

'Course, as places like the NSA, you'd have to do three passes, then toss the device in a shredder anyways.

varies, not entirely sure on criteria, but 3 or 5 is usually sufficient as of last I knew.

CrtxReavr: lol, they could just skip the passes and go straight to shreadding?

or you know... they could just stick a foundry at the datacentre

lob the disk in

That would not be protocol.

complete demagnatisation

polarian: en.wikipedia.org/wiki/Data_erasure - Standards section

Title: Data erasure - Wikipedia

ridcully_: thanks

e.g. Schneier says, 0, 1, 5x random

Military had procedures for destroying paper documents that involved, shredding, burning, then physicaly stirring the ashes.

guardiandatadestruction.com/resource-center/dod-5220-m-vs-nist-800 Hunh, new standard since last I looked. anywhere from 1 to 7 passes required.

Title: Erasing data? DoD 5220.22 has been replaced with NIST 800-88 Clear and Purge - Guardian Data Destruction

Title: SP 800-88 Rev. 1, Guidelines for Media Sanitization | CSRC

NIST only does 1 round of zeros?!!?

Anywhere from 1 to 7, depending on circumstances

why zeros?

'Cause they're wider than ones.

ah...

so the magnetic fingerprint is bigger? therefore bigger chance to overwrite residual data?

Again, for SSD it doesn't matter. Also take note that for modern HDD, data encoding is much more complex than it used to be, even a run of zeros is still a complex waveform to the surface.

in the end of course there is also just the drill bit or the shredder

gnisho: only talking about HDDs here!

Okay!

techspot.com/article/2600-ssd-trimming-explained interdasting article, some of this is new to me...

Title: Explainer: What is SSD Trimming? | TechSpot

ridcully_: or melting it

I so want to chuck some platters into a plant pot and thermite it

if anyone can recover data from a resolidfied clump of metal, I would be surprised

as for securely erasing an SSD... I assume the only way is to trust that the vendor has decent firmware so that when nvme/ATA secure erase issued, it securely destroys the data...

because the drive controller prevents effective data destruction

or the better way... take the PCB out... rip of the NAND chips, and recycle the PCB

and smash the NAND into powder

I have heard some people even burning the NAND too

I have an old linux compat layer installed with debootstrap

I ran it again with a newer ubuntu release, but /etc/lsb-release in the compat layer dirs stays the same

can I just rm it all and debootstrap it fresh?

hi!

I don't have network connection inside VirtualBox running freebsd, any instructions to configure it?

Iarfen: You can edit /etc/rc.conf to configure the network in the VM.

... or use "ifconfig" if you'd like.

|cos|: TPM chips are present for anything with EFI or UEFI, as it's part of the specification for if you're doing secure boot.

I don't think you can disable it on Macbooks though.

[00:02:04] [01] [00:00:00] Building lang/rust | rust-1.78.0

[00:02:04] [02] [00:00:00] Building devel/llvm15@default | llvm15-15.0.7_10

here we go again

I assume TPM is not supported by geli?

can only find one whitepaper on it

and nothing else

my issue currently is that if I am to FDE my server... I would need to type in a passphrase

cant do that remotely, and having to plug in directly to the server every time I want to reboot it would be a hassle

then again you rarely need to reboot a server...

hello I need assistance with my freebsd videotron.eu/pastebin/?70ebfcda8cc3…GQaAMjbhVhoNsP3MY85D2UNaLwY49MJ3qya

Title: PrivateBin

anyone can help?

sixpiece, I don't know but it looks like there is a DNS problem on your system. It says "pkg: No SRV record found for the repo 'FreeBSD'

Is the error persistent?

it's new

Can you resolve the hostname from the command line: host pkg.freebsd.org

"host" is a bind-tools command. You might only have base: getent hosts pkg.freebsd.org

no cannot rwp

"ping" is rather a crass tool for looking at DNS problems but lots of people use "ping" too.

You can't? Oh good! Then we have the problem.

What is in your /etc/resolv.conf file? That's what instructs where to look for DNS nameservers.

interesting maybe it was installing bind 918 the issue?

Title: PrivateBin

it looks like local addresses

can these things work together?

I renewed dhcp and no luck

sixpiece, Yes. 127.0.0.1 is looking for a locally running nameserver. Do you have one running? Alternatively DHCP should be assigning a nameserver. That would be the normal thing with DHCP.

You can override DHCP and provide a nameserver, such as Google's well known 8.8.8.8, and that would work. But using the DHCP provided nameserver is the most normal thing.

polarian: I haven't seen a write-up anywhere, though maybe klara systems has one, for where you boot into an unencrypted root, then you can ssh in with the key, and re-root into an FDE root

scoobybejesus: meh

I might just do it manually

better than putting a head and keyboard on it every time you need to reboot

so what should do to fix this?

all the local unbound

I tried to create a name server

scoobybejesus: have you got any guides on re-rooting

in resolv.conf

like, booting to unencrypted

decrypting the volume, and then rooting into it

so it's only one or the other?

I am looking. this is something Allan Jude has spoken about several times and apparently wrote a paper on, but it was early times

seems old... bsdcan.org/2016/schedule/events/674.en.html

Title: BSDCan2016: Booting from Encrypted Disks on FreeBSD

partway there: people.freebsd.org/~lidl/blog/re-root.html

Title: Using FreeBSD's re-root capability

sixpiece, How did /etc/resolv.conf get to be edited as it is in your paste where the resolvconf nameservers were commented out and the 127.0.0.1 line added? That's okay if it was accompanied by installing a local caching nameserver. Which is apparently the problem. So... Whatever did that action, undo that action. Don't override it. Let DHCP set it.

sixpiece, As a short term workaround (that can last a long time) edit the file again and change 127.0.0.1 to Google's 8.8.8.8 nameserver address. That's a public nameserver okay for you to use. Then things should be working.

But longer term it is better to understand what's happening with DHCP and why that file is not set properly after DHCP'ing an address. That will be important on laptops for example which are mobile and may be connecting on a captured portal system at a hotel, coffee shop, airport, library, city wifi, or something and need to use the DHCP nameserver or be unable to accept the EULA.

scoobybejesus: could just output over serial... plug the serial cable into a rpi for example and use for aggregation, then run a sshd and ssh into it to attach to serial

which then I can manage it all no problem

rwp: around?

issue is the mobo doesn't support serial... therefore I would need a uart card

although

Hi cracauer. Did you get your touchpad problems figured out?

usb is a serial bus...

No. I played with libinput config, but it changes nothing.

Wondering whether you have additional thoughts.

What model of laptop is this?

Stinkpad T14 gen1 amd

I have always had Thinkpads and I have never had any trouble with them. Which is one of the reasons I keep using them. Because most of the time more things work with them than with other random vendors.

I have had to fix up the multimedia keys on the last series as builtin support seems to have been lost. But those generate ACPI events and I fix them up in the ACPI system.

Yeah, this is my best-working under FreeBSD laptop. Except for this and no microphone.

But I haven't had a problem with my touchpad. But as you saw I disable the touchpad and use the trackpoint, keynav, and an actual mouse on my desktop.

this seems dang close. not many mods needed to adapt. just have the ssh user run the script on login forums.freebsd.org/threads/the-ques…boot-and-zfs-native-encrypted.91940

Title: Solved - The quest for unencrypted /boot and ZFS native encrypted / | The FreeBSD Forums

polarian, With GRUB there is a "mandos" package which people use to automate supplying decryption keys. I remember looking to see if there was something similar on FreeBSD and was disappointed that nothing out of the box seems to exist. I think it must be possible to create one.

I'll pack a trackball.

The trackball and the touchpad seem like very similar brain-hand functionality. People would like both of them together. Or dislike both of them together.

rwp: but that requires using grub :/

polarian, Right. And hence our disappointment.

Native ZFS encryption in the newer OpenZFS releases available on 14 give us a few options which would work great for me. But ZFS native encryption is also the new code and has had a number of bugs found and reported there. More in the area of send|recv as one might expect. It's a complicated bit adding encryption and compression and handling send|recv too. I am waiting a while longer.

I still can't see in my Xorg.0.log where it throughs away my trackpad.

Running GELI is the mature rock solid way that we feel can't be problematic. Except there seems no way to supply the key in any automated way at boot time. I feel certain there must be a way however. It just hasn't appeared to us yet.

cracauer, Me brainstorming... I would boot a live-boot image to verify that it isn't just something about the current installation. I would boot a Refracta Linux because I like that one the best. That would verify that your hardware is okay. And then boot a live FreeBSD and see if it works with the touchpad. That would verify if it is a FreeBSD problem or a currently installed problem.

Yeah. I *think* the pad worked with the windows that came with the laptop, but I'm not sure and the install isn't installed anymore.

cracauer, refracta.org is my current favorite live boot image. The maintainer is also very active and extremely helpful if needed. I would boot it and see if it handles things okay. It's a good hardware verification step.

Title: Refracta home

Oh. Under Linux Mint the trackpad doesn't work either...

Not working under Linux Mint would be a flag that we have either a broken touchpad or some type incompatible touchpad. And as far as I know the T14 is compatible. It's newer than anything I personally have and can't vouch for it though.

Because that's two different systems, FreeBSD and Mint, that both say there is no touchpad there. That's pointing the finger of blame at the touchpad not working.

Have you had the touchpad disconnected at some point? Such as to add RAM or whatever that required removing the palmrest? Perhaps the connector did not get connected back up properly. That would be a likely situation and an easy fix.

Hmmm. I changed the NVMe.

But the trackpad buttons do work.

Maybe it is time to do a little inspection review of it. And I will cross my fingers and hope for the best. Good luck! :-)

The buttons below the touchpad? Or the buttons below the trackpoint and keyboard? Those are different. Different connectors.

Ah. Now it works. Guess what I did. Helps to by cynical.

The keyboard, trackpoint, and trackpoint buttons are all part of the keyboard assembly (at least on thinkpads up through the T400 series I am familar with). The touchpad and touchpad buttons are part of the palmrest. And also fingerprint reader if there too.

What did you do? What did you do? Don't keep us in suspense!

I *dis*abled the trackpad in the bios

Now it works. But the buttons stopped working.

Ha!

Now if I turn the trackpoint back on then the trackpad buttons work again.

I guess I'm all set except for microphone in.

thanks for your help

I know nothing about it other than that I needed webcamd_enable="YES" in /etc/rc.conf to enable webcamd.

webcam works in chromium.

Truly I am just one of the blind people feeling part of an elephant and trying to describe it. I know parts of the system pretty well. I know nothing at all about other parts of the system.

So say we all.

I have been using FreeBSD long enough now that I realize I am getting the same daily experience again and again. I need to branch out and spend time working with other parts of the system to try to round out my understanding of those other parts.

I do not recommend Xorg input.

cracauer, I am re-reading and looking for clarification. In the BIOS as things are working is the touchpad enabled or disabled. Did you say that disabling the touchpad caused it to work?

Yes.

I had to set trackpoint to enabled and trackpad to disabled so that both work, along with the buttons.

cracauer, Originally when I read that I thought it was simply a typo. But I saw that you emphasized it. That's really a crazy thing! I would never have thought it. Thanks for clarifying it.

thank you rwp going to check now fell asleep earlier

Good luck!

thank yoyu

Title: Vultr DNS Servers | Vultr Docs

it's strange cause I use Vultr's DNS resolvers and it doesn't work but then I add nameserver 8.8.8.8 and it works even for ipv6

but whatever it's working now with its default dns servers

then local unbound is for local only while unbound is for outside of this area