Re: [gentoo-user] How to flash an LSI SAS controller from IR to IT mode on linux with sas2flsh

[mad.scientist.at.large]

Surprising that you can do that on a VM, clearly they don't provide much 
security if you can do such powerful things as flashing firmware, pretty easy 
to write a VM virus that flashes all the flash memory to random, 1, or 0 values 
that would totally brick a server and add in cards as well as hard drives.  it 
may be hard to reverse engineer most firmware, but that doesn't mean it's hard 
to corrupt.

In any case, sorry for your' problems.  thumb drives of 32G and less are really 
cheap now that the huge ones are available  (got a 16GB for <$7).  I'm 
ridiculously poor by american standards (still fighting SS, thank god i got 
public housing!) and i bought a couple in the last 6 months.

manufacturers are starting to make firmware upgrades for linux, and i believe 
there is a program that can be used to install dos firmware upgrades from 
linux.  I Actually have 2 machines with both windows and linux firmware updates 
available, but they are servers (13 yr old, not surprisingly they were free!).  
i've become interested in servers as they depreciate quickly and tend to be 
built like tanks (though they are equally heavy).


mad.scientist.at.large (a good madscientist)
--
God bless the rich, the greedy and the corrupt politicians they have put into 
office.   God bless them for helping me do the right thing by giving the rich 
my little pile of cash.  After all, the rich know what to do with money.

Regarding uefi, i never believed in it, long before an asian asus manufacturer 
was kind enough to leave their ftp server open, and someone found the master 
key there and let the world know.   besides which, it's pretty hard to produce 
an encryption algorithm that will still be hard to break in 5-10 years due to 
ever increasing processing power, especially if people find some flaws in the 
algorithm or implementation. 

I suppose that since it's a card you want to flash you might be able to do it 
on a friends machine, possibly.  Good luck.


20. Mar 2018 13:02 by taii...@gmx.com :


> On 03/19/2018 08:02 PM, > mad.scientist.at.la...@tutanota.com 
> > wrote:
>>   >> A virtual machine is useful largely because it isolates the VM from 
>> the real hardware, therefore it's not likely you can update firmware from a 
>> VM (you really shouldn't be able to).>> 
> Actually you can update firmware from a VM, I have done it manytimes 
> on many different PCI-e cards and I already updated the IRmode firmware 
> to the latest version in a linux VM (but you need DOSto go IR>IT)
> 
> It is part of the reason as to why SR-IOV was created besides the
> performance benefits you also get security benefits with restricted
> registers and the inability to flash a malicious firmware from aguest if 
> you attach a VF to the VM instead of the PF.
> 
> I don't have any UEFI machines as I hate UEFI (all my machines run
> coreboot with the grub payload)
> 
>>   >> The reason they still want us to upgrade with dos is it's a lowest 
>> common denominator, i.e. every one has it or can get it (freedos).  it also 
>> helps that it's a minimal enviroment.In any case, I suggest you run a REAL 
>> freedos on a Real machine, so that you can update real not virtual firmware. 
>>  i.e. no Virtual Machine.>> 
> The issue is not being able to use linux as well and having a bare
> metal freedos won't help my disk driver issue there still won't be away 
> to load the files.
>

Re: [gentoo-user] How to flash an LSI SAS controller from IR to IT mode on linux with sas2flsh

[taii...@gmx.com]

On 03/19/2018 08:02 PM, mad.scientist.at.la...@tutanota.com wrote:

A virtual machine is useful largely because it isolates the VM from the real 
hardware, therefore it's not likely you can update firmware from a VM (you 
really shouldn't be able to).
Actually you can update firmware from a VM, I have done it many times on 
many different PCI-e cards and I already updated the IR mode firmware to 
the latest version in a linux VM (but you need DOS to go IR>IT)


It is part of the reason as to why SR-IOV was created besides the 
performance benefits you also get security benefits with restricted 
registers and the inability to flash a malicious firmware from a guest 
if you attach a VF to the VM instead of the PF.


I don't have any UEFI machines as I hate UEFI (all my machines run 
coreboot with the grub payload)

The reason they still want us to upgrade with dos is it's a lowest common 
denominator, i.e. every one has it or can get it (freedos).  it also helps that 
it's a minimal enviroment.

In any case, I suggest you run a REAL freedos on a Real machine, so that you 
can update real not virtual firmware.  i.e. no Virtual Machine.
The issue is not being able to use linux as well and having a bare metal 
freedos won't help my disk driver issue there still won't be a way to 
load the files.

Re: [gentoo-user] [SOLVED] dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking dev-libs/libressl-2.6.0)

[thelma]

On 03/20/2018 02:41 AM, Neil Bothwick wrote:
> On Mon, 19 Mar 2018 21:07:05 -0600, the...@sys-concept.com wrote:
> 
>> I'm upgrading older system and I have a blocker I can not resolve:
>> running: emerge -eavq @world
> 
> That's more a reinstall than an upgrade, do you have a particular reason
> for using -e?

I was upgrading the box and switching to a new profile "17.0"
So I had to do "-e @world" and  followed the manual.

>> dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking
>> dev-libs/libressl-2.6.0)
>>
>> [blocks B ] dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking
>> dev-libs/libressl-2.6.0)
>>
>>  * Error: The above package list contains packages which cannot be
>>  * installed at the same time on the same system.
>>
>>   (dev-libs/openssl-1.0.2n:0/0::gentoo, ebuild scheduled for merge)
>> pulled in by
> 
>> dev-libs/openssl:0= required by
> [lots of packages]
> 
>>   (dev-libs/libressl-2.6.0:0/43::gentoo, ebuild scheduled for merge)
>> pulled in by dev-libs/libressl required by
>> (app-crypt/easy-rsa-3.0.1-r1:0/0::gentoo, ebuild scheduled for merge)
> 
> I suspect you have the libressl flag set for easy-rsa. You cannot have
> both openssl and libressl installed at the same time so unset that flag
> and re-emerge easy-rsa.

That was a good guess,  yes I had to remove temporarily "easy-rsa" and
"libreoffice-bin"

--
Thelma

Re: [gentoo-user] dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking dev-libs/libressl-2.6.0)

[Neil Bothwick]

On Mon, 19 Mar 2018 21:07:05 -0600, the...@sys-concept.com wrote:

> I'm upgrading older system and I have a blocker I can not resolve:
> running: emerge -eavq @world

That's more a reinstall than an upgrade, do you have a particular reason
for using -e?
 
> dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking
> dev-libs/libressl-2.6.0)
> 
> [blocks B ] dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking
> dev-libs/libressl-2.6.0)
> 
>  * Error: The above package list contains packages which cannot be
>  * installed at the same time on the same system.
> 
>   (dev-libs/openssl-1.0.2n:0/0::gentoo, ebuild scheduled for merge)
> pulled in by

> dev-libs/openssl:0= required by
[lots of packages]

>   (dev-libs/libressl-2.6.0:0/43::gentoo, ebuild scheduled for merge)
> pulled in by dev-libs/libressl required by
> (app-crypt/easy-rsa-3.0.1-r1:0/0::gentoo, ebuild scheduled for merge)

I suspect you have the libressl flag set for easy-rsa. You cannot have
both openssl and libressl installed at the same time so unset that flag
and re-emerge easy-rsa.


-- 
Neil Bothwick

 There are two kinds of people in this world: Those who are
good with words, and those who are... erm... thingy 


pgpVffLNtjwxs.pgp
Description: OpenPGP digital signature

[gentoo-user] Re: dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking dev-libs/libressl-2.6.0)

[Nikos Chantziaras]

On 20/03/18 05:07, the...@sys-concept.com wrote:

I'm upgrading older system and I have a blocker I can not resolve:
running: emerge -eavq @world

dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking dev-libs/libressl-2.6.0)

[blocks B ] dev-libs/openssl:0 ("dev-libs/openssl:0" is blocking 
dev-libs/libressl-2.6.0)


Look in your /etc/portage/package.use whether any package has "libressl" 
USE flag set. Remove all occurrences of it (if there are any.)


Then, uninstall libressl:

  emerge -aC dev-libs/libressl

Now try the @world update again.



When I try to run:
emerge -1avq @system

[blocks B ] 

Try to update libbsd and keyutils first manually:

  emerge -a1 dev-libs/libbsd
  emerge -a1 sys-apps/keyutils

Also, to re-emerge @system, you should be using:

  emerge -ae @system



!!! The slot conflict(s) shown above involve package(s) which may need to
!!! be rebuilt in order to solve the conflict(s). However, the following
!!! package(s) cannot be rebuilt for the reason(s) shown:

   (dev-libs/libpcre2-10.22:0/0::gentoo, installed): ebuild is masked or 
unavailable
   (net-wireless/bluez-5.43-r1:0/3::gentoo, installed): ebuild is masked or 
unavailable
   (dev-libs/libxml2-2.9.4-r1:2/2::gentoo, installed): ebuild is masked or 
unavailable
   (dev-db/unixODBC-2.3.2-r1:0/0::gentoo, installed): ebuild is masked or 
unavailable
   (dev-db/sqlite-3.17.0:3/3::gentoo, installed): ebuild is masked or 
unavailable
   (dev-lang/python-3.4.5:3.4/3.4m::gentoo, installed): ebuild is masked or 
unavailable
   (net-fs/samba-4.5.10:0/0::gentoo, installed): ebuild is masked or unavailable
   (dev-lang/python-2.7.12:2.7/2.7::gentoo, installed): ebuild is masked or 
unavailable


Try updating them manually:

  emerge -a1 dev-libs/libpcre2 net-wireless/bluez dev-libs/libxml2 
dev-db/unixODBC dev-db/sqlite dev-lang/python:2.7 net-fs/samba 
dev-lang/python:3.4


If it keeps failing, try to uninstall the affected packages, *except* 
python.


In general, with Gentoo, you should keep it updated at least once a 
month. If you leave it for too long, it might become unrecoverable and 
you'd need to install from scratch.