Puppy Linux Discussion Forum

I made a LiveUSB with ISO image of FossaPup64_9.5. I want to use it on computers with Secure Boot turned on, and I found the thread here entitled How to boot Puppy from USB with Secure Boot enabled? in which the poster says his problem was solved.

Per that thread, I followed viewtopic.php?p=15734#p15734:

Use Gparted program.
Setup the USB stick with 2 partitions.
First one, small 300MB, fat32 format, flagged boot. (location for boot loader files, boot partition)
Rest of drive, whatever other partition(s), but one ext3 or 4 format. (location to put frugal installs)
(this is UEFI standard requirement, and some computers, look for a fat32 partition, for boot loader files)

Run Frugalpup Installer main program.
On the main window are selection buttons.
Select the Puppy button, to do the install.
Go through install process, selecting to install to the big ext formatted partition.

Press enter, makes the directory, not the OK button.
complete the install.

When it gets back to the main Frugalpup window.
Select the boot button.
Select the location of the frugal install, on the USB stick.
Select the small 300MB partition on the USB stick, as location to install the boot loader. (may need to scroll the selection window)
Select the boot loader type.
UEFI
mbr ->legacy bios boot
both

The UEFI will also install the needed files, to support secure boot enabled in UEFI.

When you first boot the USB stick, on a UEFI computer, with secure boot enabled.
A process will start, to allow you to install the Puppy security key, to the computer.
It will add this Puppy key, to the other ones, loaded on the computer.

I set up a 16GB USB2.0 as described above using GParted. Then I used FrugalPup installer as described above for a Frugal Installation, and I selected "both" when it came time to select the Bootloader type. Everything seemed to work okay. The new Frugally installed FossaPup booted from my USB with Secure Boot OFF just fine.

However, then I turned Secure Boot to ON, and when I tried to boot, I got a blue screen with an error message "Security Violation (Ax10)". There was no "process to install the Puppy security key".

I noted that, in one place, Bigpup said to "just install UEFI" when selecting Bootloader type, so I re-did everything with GParted and Frugalpup Installer, except that I selected UEFI instead of "both" when selecting the boot loader type.

After this second installation, FossaPup will not Boot at all. In legacy boot, I get a message "Bad partition table", then in UEFI with Secure Mode ON, I get the same "Security Violation (Ax10)" blue screen, and then in UEFI with Secure Mode OFF, I now get error messages that some EFI files are missing.

I have been able to get Ubuntu LiveUSBs to boot in Secure Mode ON on this computer, so I don't think it's something with the way the BIOS is set up.

Any ideas? How many times should I repeat the steps of (a) GParted and (b) FrugalPup installer before giving up?

I made a LiveUSB with ISO image of FossaPup64_9.5.

Did you use the latest version of Frugalpup Installer version 35?
What specific operating system did you run Frugalpup installer in?

If you did use Frugalpup installer V35
Frugalpup installer has been worked on and improved a lot over the past few months.
You may have discovered a bug that got into it.
When I wrote the steps to using it.
I was using Frugalpup installer V20.

I suggest you report this on the Frugalpup Installer topic, so the developer of Frugalpup Installer will see it.
viewtopic.php?t=337

Here, I will do it for you.
Lets see what the developer has to say about this issue.
viewtopic.php?p=41170#p41170

Please answer my questions.
I have some ideas, but need your answers.

bigpup wrote: ↑Mon Nov 08, 2021 5:09 pm

Did you use the latest version of Frugalpup Installer version 35?
What specific operating system did you run Frugalpup installer in?

I used the Frugalpup Installer that came bundled in FossaPup64_9.5 ISO. I downloaded that ISO from the "Main" hyperlink on the Puppy Linux website #download page. I'm not sure which version of Frugalpup Installer that was (and I don't have access to the OS right now). I ran it on FossaPup by booting FossaPup from a LiveUSB I made with that same downloaded ISO. The ISO was booted UEFI secure boot OFF, and it booted and worked great. (Actually, I really, really liked what I saw of FossaPup in that short time!)

When I wrote the steps to using it.
I was using Frugalpup installer V20.

Is there a way to get the old V20 of Frugalpup Installer to try that and see if it works?

Here, I will do it for you.

Thank you.

Please answer my questions.
I have some ideas, but need your answers.

I hope I answered them adequately. I have a related issue that I'm going to throw out, although I think it probably doesn't have any relevance...
Initially, I got interested in Puppy Linux because I was interested in something that ran in RAM without making any changes to the HDD of the computer. First, I tried TAILS, but my attempts to boot TAILS also failed. I followed all the instructions on the TAILS website, but I couldn't get my laptop to recognize the TAILS bootable USB in the boot menu. It just wasn't an option. I tried mutliple times from scratch on 3 different high-brand USB sticks, trying different combinations of various things and seeking advice in online forums, and never could get the laptop to recognize the USB. There are two reasons this might be relevant: (1) both TAILS and PuppyLinux, being RAM-only, which is unusual, makes me wonder if there is something quirky about my computer; (2) I am common to both attempts, which makes me wonder if there is something really fundamental that I am not understanding (although I have made installs of other Linux distros from LiveUSBs multiple times...).

bigpup wrote: ↑Mon Nov 08, 2021 5:09 pm

Did you use the latest version of Frugalpup Installer version 35?
What specific operating system did you run Frugalpup installer in?
Please answer my questions.
I have some ideas, but need your answers.

Well, I re-downloaded FossaPup64_9.5 and re-created the LiveUSB with the ISO. It boots in UEFI secure boot OFF just great. (In fact, I am using FossaPup to reply to you in the forum right now!!)

It turns out that the version of Frugalpup Installer bundled in my FossaPup64_9.5 ISO is V20.

Using the Puppy Package Manager, I discovered that a much newer version is available for download. Normally, I would upgrade, but everything I have seen in the Package Manager and on the web says that I shouldn't upgrade Puppy distros unless there is a very good reason to.

Shall I try upgrading Frugalpup Installer and see what happens?

ChrisFH wrote: ↑Tue Nov 09, 2021 9:17 am

bigpup wrote: ↑Mon Nov 08, 2021 5:09 pm

Did you use the latest version of Frugalpup Installer version 35?
What specific operating system did you run Frugalpup installer in?
Please answer my questions.
I have some ideas, but need your answers.

Shall I try upgrading Frugalpup Installer and see what happens?

Well, I just tried it, and the Package Manager wouldn't download anything. It gave an error window (Frugalpup-35.pet not available), then advanced to a window that summarizes the Package Manager activity, which said "frugalpup-35 was already installed". I went back to the program to confirm.

The program still describes itself as V20, although I wonder if that is a mistake since the Package Manager said V35 is already installed...

Edit: After looking at the screencapture images of V35 on gyro's website, I think the Frugalpup Installer in FossaPup64_9.5 is V20 even though the Package Manager says V35 has already been installed.

I can't solve the problem you raised on this thread. But FYI, the 'already installed' notice by PPM is informational. PPM will install a selected version if it reports that version present, but only if the present version is in the 'base', not in a SaveFile or SaveFolder.
The 'base' on Fossapup64 is puppy_fossapup64_9.5.sfs, on media, copied into RAM on boot-up. Built in applications are cataloged at /root/.packages/builtin_files. Note the './dot' signifying a hidden file. Left-Click 'rox's Eye' to see them. Files you actually install are cataloged at /root/.packages, but not in the /builtin_files folder.
When you download a package --whether via PPM or web-browser-- it initially only exists, as a package, in RAM. If you 'install' a package, its files will still only be in RAM until you execute a Save. Puppy will catalog the installation, but that catalog, itself, is only in RAM. Executing a Save writes the contents of a package and the revised /root/.packages folder to your SaveFile/Folder.
Puppys operate as a 'merge-in RAM file-system', created anew on boot-up with priorities on how to the effect of that merger. The highest priority is what exists in RAM, but --except as noted below-- you can easily modify that. Next are the files derived from your SaveFile/Folder. Lower priority is assigned to the files derived from the 'base'. If one of those files conflict with the file in your SaveFile/Folder, the file from your Base will not be used.

When you've chose 'auto-install' under PPM, or left-click a package you've downloaded, Puppy checks the above catalogs. Because RAM and SaveFile/Folders have higher priority, It will permit the 're'-installation of 'built-in' files, but not user-installed files, Still that installation is only in RAM until Saved. With the exception of --AFAIK only-- python modules you can test the effects of an new 'installation' without Saving. Menu>Exit>Restart-X, AKA Graphical Server causes a Puppy to re-catalog the contents of its current system.
We are human and mistakes happen, and its not uncommon that someone forgets to change a version number to reflect an up-grade. What will often (always?) work is that you can delete or edit the file or line cataloging an application, Restart-x, and then "re"-install a package. Initially only in RAM, a Save will result in 'over-writing' the files in the SaveFile/Folder.

Fossapup64 9.5 already has Frugalpup installer v20.
It should work.

If you want to try using the Frugalpup installer v35.
Get it from here:
https://www.mediafire.com/folder/rdyc5l ... /frugalpup
Download the frugalpup-35.pet to someplace you can find it.
Navigate in Rox file manager to that location.
Left click on frugalpup-35.pet to install it.
Reboot so memory is cleared out and everything new is in the save.
That way Frugalpup v35 is running loaded from the save.

One possible cause of issue, but good to do anyway.
Quickpet icon on desktop.
Run Quickpet>info>Fossapup updates
It does do some bug fixes. Maybe one is causing your issue.
Reboot and update the save, so the new changes are now being used.

After this second installation, FossaPup will not Boot at all. In legacy boot, I get a message "Bad partition table", then in UEFI with Secure Mode ON,
I get the same "Security Violation (Ax10)" blue screen, and then in UEFI with Secure Mode OFF, I now get error messages that some EFI files are missing.

I am wondering if this USB could be going bad.
If you can, try using a different USB drive.

To really start with a clean USB.
Use Gparted.
This time make a new partition table.
I usually use msdos for type. But your UEFI may be looking to see a GPT type partition table.
Make partitions and format them.

Gparted also can run a check of the file system you just put on the USB partitions.
In the main Gparted window showing the partitions on the drive.
Right click on a partition.
Select check.
Do that for each one.

I wonder if the UEFI wants to see something different for the flag on the first partition.
Could try to flag it esp instead of boot.

The bad thing about Puppy is it tries to be able to work on any computer very old, very new, and all in between.
Gets a little messy sometimes

Secure boot disabled, is no big deal, if you are booting with an operating system that is yours. You know it is good to use.

Disable fast boot, in the computers UEFI settings, is sometimes needed.

mikeslr wrote: ↑Tue Nov 09, 2021 3:39 pm

I can't solve the problem you raised on this thread. But FYI...

Thanks. I have to read this again later when I less fatigued.

bigpup wrote: ↑Wed Nov 10, 2021 7:42 am

I am wondering if this USB could be going bad.
If you can, try using a different USB drive.

Perhaps. The USB is brand new and made by a reputable manufacturer in my country. I trouble with TAILS but tried 3 different USB sticks. I think the issue is either with my computer or with me.
Last night, I re-did everything again, and that USB is working right now on "UEFI secure boot OFF".

To really start with a clean USB.
Use Gparted.
This time make a new partition table.
I usually use msdos for type. But your UEFI may be looking to see a GPT type partition table.
Make partitions and format them.
...
I wonder if the UEFI wants to see something different for the flag on the first partition.
Could try to flag it esp instead of boot.
...
Disable fast boot, in the computers UEFI settings, is sometimes needed.

I have used Gparted before every Frugal Install attempt, but haven't tried GPT or esp flag or disable fast boot. Will try those tonight!

Secure boot disabled, is no big deal, if you are booting with an operating system that is yours. You know it is good to use.

Yes, I understand. I am trying to find a way I can use friends'/roommates'/partners' or, especially, work laptops. My own laptop died recently. I was given this one by someone, but it is the same age as the one that died and wouldn't be surprised if it dies soon too. I have a work laptop, but I cannot turn off secure boot on that machine.

Actually, after reading more about MOK security, I am wondering if getting FossaPup USB to work with secure boot will still not be adequate for using Puppy on the work laptop because it seems like, if you can prevent turning off secure boot (as my IT dept has), you could also prevent the installation of new security keys. Lubuntu LiveUSB boots on my work laptop, but I read that Ubuntu's bootloader security key is somehow bundled with Microsoft's, although I don't understand the details.

Also, I wonder if Ubuntu's bootloader could be used with a normal full install of FossaPup (on a USB stick) since FossaPup is based on Ubuntu. Like, you would install FossaPup on the ext4 partition but then install Ubuntu's bootloader on the fat32 partition. I have no idea if that's possible, but anyway, I will ask about that in a separate forum question/thread...

One thing about old laptops.
If it has a fan.
It is going to get dirty inside.
Removing the back cover and cleaning it out.
Will cure a lot of issues and make it work much longer.

bigpup wrote: ↑Thu Nov 11, 2021 12:40 am

Well, I tried everything you suggested, and I still couldn't secure boot on my laptop. However, today, I took the USB to work and decided to just try it, and... it works!! Goes through security key installation process, and then boots perfectly. I feel kind of foolish. I'd still like to know why the secure boot process works on my Dell at work that is "locked down" by the IT department, but doesn't work on my Dell at home that I theoretically have complete control over... but I guess it is not so important since I can boot with secure boot OFF on my own laptop.

I thank you for all your help. I guess to save everyone's time, this thread is closed?

The computer is messing with you
Quick, but it in a room with no windows!
Never had a computer start working OK, after throwing it out the window!

UEFI bios is a constant moving target, of being changed how it works.
Each new version, does something differently.
The manufactures can do their own setup for how UEFI works.

Look in the UEFI setup for any settings dealing with security, booting, etc.....
Who knows, the manufacture could have some enable/disable setting about being able to install a new security key.

Looks like your company IT department, does not know how to disable, USB booting, in the computers UEFI setup

Indeed, the process for making puppy work on secure boot varies extensively, or perhaps its not even possible. i.e Surface pro 2 has a extremely limited UEFI BIOS, and even if you can install keys through windows, the only tool released by microsoft installs the signature that only allows keys signed with it. (In my case I just wiped it to Setup mode)
Security Violation means that the key that it decided to use for booting doesn't match the allow list (db). Or possibly it was put on the deny list (dbx), although I fail to see why would they do that..
Anyway, as aforementioned, look around in the UEFI BIOS for managing secure boot, or EFI... keys..
If you do find it, add your .efi or .cer file to 'authorized signatures'. (Perhaps they named it db, I don't know what other manufacturers do)
Additionally you don't necessarily need to set the esp flag to your fat32 partition.

See this post about installing the Puppy security key the first time you try booting:
viewtopic.php?p=44175#p44175

I am a beginner but I thought that we must be in UEFI mode to create a system to be booted in UEFI mode.

I have only used Lick to create a Puppy system. I did for a thumb drive and it boots using UEFI. I also created a Puppy in a 471 MB partition in my SSD but that is quite tight. Lick did the formatting (I think); it used NTFS.

Sam Hobbs wrote: ↑Wed Dec 15, 2021 11:30 pm

I am a beginner but I thought that we must be in UEFI mode to create a system to be booted in UEFI mode.

I have only used Lick to create a Puppy system. I did for a thumb drive and it boots using UEFI. I also created a Puppy in a 471 MB partition in my SSD but that is quite tight. Lick did the formatting (I think); it used NTFS.

You don't need to have the system being booted initially via UEFI to create a partition to be booted by UEFI.

Phoenix wrote: ↑Tue Dec 21, 2021 12:36 am

Sam Hobbs wrote: ↑Wed Dec 15, 2021 11:30 pm

I am a beginner but I thought that we must be in UEFI mode to create a system to be booted in UEFI mode.

I have only used Lick to create a Puppy system. I did for a thumb drive and it boots using UEFI. I also created a Puppy in a 471 MB partition in my SSD but that is quite tight. Lick did the formatting (I think); it used NTFS.

You don't need to have the system being booted initially via UEFI to create a partition to be booted by UEFI.

I did not mean create a partition; I said create a system. Those are different. I was referring to the process of putting a system into a partition.

Sam Hobbs wrote: ↑Tue Dec 21, 2021 12:48 am

Phoenix wrote: ↑Tue Dec 21, 2021 12:36 am

Sam Hobbs wrote: ↑Wed Dec 15, 2021 11:30 pm

I am a beginner but I thought that we must be in UEFI mode to create a system to be booted in UEFI mode.

I have only used Lick to create a Puppy system. I did for a thumb drive and it boots using UEFI. I also created a Puppy in a 471 MB partition in my SSD but that is quite tight. Lick did the formatting (I think); it used NTFS.

You don't need to have the system being booted initially via UEFI to create a partition to be booted by UEFI.

I did not mean create a partition; I said create a system. Those are different. I was referring to the process of putting a system into a partition.

My bad. But no, you do not need to have a computer in UEFI mode to create a UEFI-bootable system.