Не апгрейдится 14.04

[kerogaz]

Делаю апгрейд, появляется такое окно и висит, пока Ctrl-C не сделаешь . А затем опять по новой при апгрейде. Ок на картинке на мышь не
реагирует

[Bizdelnick]

Вам что-то непонятно в приведённом тексте?

Ок на картинке на мышь не реагирует

Клавишами, клавишами.

[kerogaz]

Вам что-то непонятно в приведённом тексте?

Ок на картинке на мышь не реагирует

Клавишами, клавишами.

Вопрос 1
Какими клавишами
Вопрос 2
А не слетят ли при этом драйвера которые поставили в сервисном центре DELL. Что-то уж совсем они не новую убунту поставили. Может именно и-за драйверов/ . Они почему-то предложили нам именно только Ubuntu (а нам лучше было бы CentOS)

[Bizdelnick]

Какими клавишами

Да как обычно — вверх, вниз, вправо, влево, таб, энтер и т.д.

А не слетят ли при этом драйвера которые поставили в сервисном центре DELL.

Судя по написанному, они и так вряд ли работают. Хуже точно не будет, лучше — весьма вероятно.

[kerogaz]

Какими клавишами

Да как обычно — вверх, вниз, вправо, влево, таб, энтер и т.д.

А не слетят ли при этом драйвера которые поставили в сервисном центре DELL.

Судя по написанному, они и так вряд ли работают. Хуже точно не будет, лучше — весьма вероятно.

Вот я нарыл по этому вопросу
https://forums.linuxmint.com/viewtopic.php?t=233579
Late after the battle, but here are explanations why third-party drivers are incompatible with secure boot :
http://askubuntu.com/questions/755238/why-...d-party-modules
In short :
- secure boot is a UEFI feature that checks that boot-time codes are signed by one of the key in memory, or (when using shim) by one of the key in the Machine Owner Key (MOK) list.
- Mint is based on Ubuntu, uses Ubuntu's bootloader, Ubuntu's kernel etc
- Ubuntu's bootloader, shim, is signed. Then the kernel is signed by Canonical (Ubuntu's developer).
- third-party driver are DKMS modules to the kernel. So if you want to have them with secure boot, they need to be signed.
- DKMS modules are compiled locally on your machine. So Canonical cannot sign them, as you (or someone else) may have tampered with them.
Thus, they are not compatible with (default) secure boot, and you have to turn it off to use them.
If you keep secure boot on, the modules are not going to be used by the kernel, and you may run into problems, e.g. of hardware support.

Possible solution (other than turning secure boot off):
- create a signing key
- enroll it in the MOKlist or in the firmware list
- sign the modules yourself
This is more easily said than done. And fastidious. Here are two references for thos that would want to go down this road :
http://www.linuxjournal.com/content/take-c...efi-secure-boot
http://www.rodsbooks.com/efi-bootloaders/controlling-sb.html
But let's hope a better solution appears in the future.

Why didn't this happen before ?
I dont know what the secure boot support was for LM<=16. But I know for LM 17.x : it is based on Ubuntu 14.04, which supports secure boot at the level of shim and grub (bootloader level). But Ubuntu 14.04 did NOT require the kernel to be signed. So unsigned DKMS modules worked perfectly.
Ubuntu was criticized (including by other linux distros) for this policy. Because it meant you could boot any unsigned distro once grub was in place, which kind of defeats the purpose of secure boot, for what it's worth.
(I'm not defending any of these opinions, just stating them. I dont pretend to know enough to have a well formed opinion on these matters. Though I do tend to think secure boot is useless on linux, at least for the purpose it was created : defeating malwares. I think it can be useful in the case where you take possession of it, putting your own keys, so that you control personally what can get booted on the computer)
So with 16.04, Ubuntu changed their policy and required the kernel to be also signed, and that's where we are.
That does suggest a possible
Alternative solution (untested)
- extract grubx64.efi from a LM17.x install or a Ubuntu 14.04 install
- uninstall grub on your LM18, but keep backup of all the config files
- put back all the grub config files etc, and put the extracted grubx64.efi where it should (i.e. on the ESP, at EFI/ubuntu/grubx64.efi)
- check with efibootmgr that grub is still first in the boot order
you should now be able to boot an unsigned kernel. I think. And thus unsigned DKMS modules. Maybe.
Not sure. That also depends on what the kernel does. Like if the kernel also checks the secure boot policy or not (even if unsigned).
If the kernel does check the secure boot policy, then it will be more complicated. Will need to extract a previous kernel from a LM17.x install. Which may bring its own set of troubles because these are kernel in the 3.x series, while LM18 uses a 4.4.x kernel.

All in all, I think it's a lot of troubles to try to get secure boot and third-party drivers to work together, on LM18.
It shouldnt be.
Ubuntu went out of its way to support secure boot, but then now it doesnt really support it anymore. Because let's be honest, nearly everyone needs third-party drivers. Say for a nvidia graphic card, or for wifi.
I hope in the future they can find a way to make this work (though I have no idea how). Because it's hard to explain to a normal user that he has to disable a feature with the word "secure" in it. Doesnt sound good. And it's often complex to turn off. Also for users who dual boot with windows, secure boot does provide some benefits. And at work, the company policy may require secure boot on.
Top
hughparker1
Level 2
Level 2
Posts: 72
Joined: Wed Oct 01, 2014 4:18 pm
Re: [SOLVED] Update Manager msg "UEFI not compatible with use of third-party drivers"

[kerogaz]

В общем , чтобы особенно не париться и драйвера работали просто отключаем boot secure (или ставим Ubuntu 16.04)
https://www.youtube.com/watch?v=AMc15OcRfug

[kerogaz]

В общем отключил я uefi (в прошивке) а затем и программно (нажал ok выбрав его стрелкой) Сделал apt upgrade и ...слетел драйвер Nvidia (NVS 510) Зашел на сайт nvidia и скачал оттуда драйвер со странным расширением .run. Сделал его испонляемым, запустил и драйвер установился . Правда при установке приходилось отвечать на разные вопросы вопросы и в конце вышло сообщение об ошибке, я зашел на форум и там тоже такая ситуация с драйвером но сказали что несмотря на ошибку драйвер установился . Так что теперь всё в порядке