IMO, its not a brand issue. Its a seller/batch/brand issue. Hard drives are sensitive to vibration, and if you buy multiple drives from the same place, at the same time, and all the same brand and model, you might be setting yourself up for a bad experience if someone accidentally slammed those boxes around earlier in their life.

I highly recommend everyone buy their drives from different sellers, at different times, spread out over various models from different brands. This helps eliminate the bad batch issue.

And linux distros

Both

What files do you have in /dev/nvme0n1p1?

From the looks of it, that should be your linux boot partition.

If you can, just remove every other drive temporarily while you focus on that specific drive. This will help avoid making changes to the windows bootloader.

From there, boot into an arch iso, mount your btrfs subvolumes (i.e. /mnt and /mnt/home and /mnt/var/logs and whatever other subvolumes you have), mount your boot partition into your btrfs mount point (i.e /mnt/boot), and then arch-chroot into your system (/mnt).

From there you’ll be in your actual system. If you’re using systemd-boot, run the bootctl install command. This will copy the systemd-boot UEFI boot manager to the ESP, create a UEFI boot entry for it and set it as the first in the UEFI boot order.

If you are using grub, follow the grub guidelines for installing their bootloader (im not familiar with grub commands).

Once that is done, go ahead and run mkinitcpio -P to make sure your kernel images are bootable options for your bootloader.

After that, exit and unmount the boot and BTRFS subvolumes and reboot.

That should get you back into your system.

Yo delete the pics of your fingerprint lol

Secure boot helps protect against evil maid attacks by checking hardware and OS signatures. If the boot process has been tampered with, the user can be alerted that the secure boot process can no longer properly verify signatures.

While its probably true that you can no longer guarantee that system can be used safely ever again, at least you will be aware that it was tampered with and you can go ahead and send that system to e-waste and get you a new system.

Depends on the OS, but you can generally have mkinitcpio handle generating new UKIs after updates and also have it trigger something like sbctl to re-sign images.

It seems the issue here is that initramfs is not signed, which makes this attack possible.

If it is signed and an evil maid modifies the initramfs itself, it will break the secure boot process and the user will be notified that their system has been tampered with. This should indicate that the secure boot protection is working.

If initramfs is not signed and it drops to the debug shell, then the attacker can make any changes to your system without it affecting secure boot, since it has already passed the protection. At least that’s my understanding when I read this.

Why did you try to reencrypt your drive? Thats not typically a resolution for not being able to boot into your system.

Sorry. Im not sure what would make it a good or bad port. Im not familiar with what the differences would be.

It was originally released on N64 and the Switch Online N64 mode seems fine. It feels like the original game.

Honestly, its probably a good thing they canceled it. They were going to butcher that perfect game.

But also FYI, Perfect Dark is available on Nintendo Switch Online as a Nintendo 64 +17 Mature title, along with Turok and Turok 2

Forgive me. Just trying to understand. How does the kernel flag NEO_DISABLE_MITIGATIONS have any affect on the CPU? Seems to be targeted towards OpenCL and Level Zero, which are APIs to access GPU hardware directly.

The kernel mitigations would be for the CPU, not the GPU.

Depends on how you use your system if you have multiple users. CPU mitigations wont protect GPU workloads, and vice versa. If your CPU was mitigating GPU workloads, that would probably be a massive performance loss.

This is fine for single user systems. If your system allows more than 1 users, this is probably not something you want to do.

Cancel Christmas first. See how that goes.

I changed my mkinitcpio hook from the busybox initencrypt to systemd init sd-encrypt to help with this, as it presents a different way to unlock a LUKS partition. Be sure to read the notes about sd-vconsole if you use this hook. Your mileage may vary since im not sure which OS you’re on.

https://wiki.archlinux.org/title/Mkinitcpio#Common_hooks

Eric Berger: “SpaceX had a small issue during a rocket test. In other news, SLS deserves to be defunded to the total amount of $0”

They’re okay with this. This is not an issue for them.