Re: Package identification
Sent with Proton Mail secure email.
On Friday, 11 July 2025 at 14:41, Thomas Schmitt <scdbackup@gmx.net> wrote:
> Hi,
>
> Wolf wrote:
>
> > > > My default settings in EFI was Thunderbolt security: OFF.
> > > > Today, I changed security from OFF to "User Authorization" and now
> > > > keyboard is working.
> > > > I tested changing back from "User Authorization" to OFF and the keyboard
> > > > became unusable again.
>
>
> I wrote:
>
> > > (So Thunderbolt is off, not the security. {:)
>
>
> Max Nikulin wrote:
>
> > Might it be related to requirement of physical presence as an attempt to
> > protect against unauthorized changing of boot options? Depending on firmware
> > implementation it may trust some input devices more than others.
>
>
> That's what i, too, fuzzily understand from "Thunderbolt security:".
>
> The question is what manipulates this setting so that the keyboard is
> accepted or not accepted before Linux is up.
>
> If it is indeed the upgrade of some Debian packages, then we only have
> three candidates for disabling the keyboard:
> -----------------------------------------------------------------------
> Start-Date: 2025-07-06 09:27:29
> Commandline: apt upgrade
> Requested-By: g (1000)
> Upgrade: firefox-nightly:amd64 (142.0a1~20250704212032,
> 142.0a1~20250705211551), firmware-sof-signed:amd64 (2025.01-1, 2025.05-1),
> mobile-broadband-provider-info:amd64 (20240407-1, 20250613-2)
> End-Date: 2025-07-06 09:27:35
> -----------------------------------------------------------------------
>
> I posted this in a quote from an inadvertedly private mail by Wolf:
> [🔎] 10860483020789762392@scdbackup.webframe.org">https://lists.debian.org/msgid-search/[🔎] 10860483020789762392@scdbackup.webframe.org
> The list of suspects for enabling is in there too. But much longer.
>
> The open problem is how to verify or disprove that above upgrade run
> really causes the change in the EFI setting.
> I would propose "apt-get install --reinstall" but have to confess that
> i am too cowardish to test such a proposal before making it and that i
> also don't know how much this resembles an "apt upgrade" which installs
> the same packages.
>
>
> Have a nice day :)
>
> Thomas
As I'm doing upgrades daily, and, usually, reboot the system after, I can somehow detect involved packages.
But I reinstalled all grub related packages listed in the lengthy upgrade and the keyboard did not turn on. Maybe more packages are involved.
The problem may be related to how some EFI settings are read by different modules.
I have an illuminated keyboard, so I detected 3 changes when thunderbolt security set to user authorization.
1. the keyboard is activated and I can interact with EFI
2. the keyboard is switched off for a moment
3. the keyboard is switched on and I can interact with grub.
When thunderbolt security is turned OFF (not thunderbolt turned off!) all 3 steps are skipped, I can use keyboard only after Linux image is loaded.
I think "security OFF" value read from EFI is ignored by the last bootloader, but "user authorization" is respected.
Thanks,
Wolf
Reply to: