M.2 Caddy
data1701d
joined 2 years ago
I’d just recommend checking hard drive SMART scores and stuff like that. Maybe run a memory test as well.
If you scroll down in journalctl, it can go later in time. Also, you can check different boots by changing the b parameter, with -b 0 being the current boot, -b -1 being the previous boot, b -2 being the boot before that, etcetera.
For UFW, I'd just try unblocking the Proton ports if it says they're blocked in Proton settings. Also, check to make sure you don't have two firewalls installed; while this once again shouldn't crash the system, my PC did some very weird things when both UFW and firewalld were installed.
Alright then. That probably eliminates the lp thing. Can I ask: what journalctl command (or logging command in general, if not journalctl) did you use? I'd recommend giving the results of journalctl -b -1 -p 3 and dmesg.
Also, it'd probably be a good idea to tell us what ports are getting blocked; that shouldn't be personally identifying in any way. After doing research on what those ports are and what ProtonVPN requires, try experimenting with unblocking some of them if you can; a blocked port shouldn't crash your system, but it's worth a shot.
I might also recommend looking at a task manager, just to make sure some application isn't taking up all your memory and causing the system to freeze.
Finally, take a look at your CPU temps in case this is some kind of cooling failure.
I don't think it's ProtonVPN, at least not directly, as those happened over 20 minutes before the crash (I'm assuming it happened somewhere around 9:32:30)
That last one looks really odd, and I'm wondering what that kernel module is used for. I'm looking around real quick.
EDIT: Looks like it's for line printers. I'm trying to think why your kernel would randomly load that. Can we see the contents of the following?:
/etc/modules-load.d/modules.conf/usr/lib/modules-load.d/modules.conf/usr/local/lib/modules-load.d/modules.conf(if it exists)/run/modules-load.d/modules.conf(if it exists)
Also, can you give us more information about your hardware, just to be sure?
xkcd 1085:
I was talking less install a bootkit and giving it back to be and more just straight-up stealing the laptop and seeing if they can get any personal info they can sell before formatting it and eBaying it.
Still, your points are totally valid.
The password thing is pretty based, honestly. What you say is probably not possible, as the NT kernel would have to support LUKS, I'm pretty sure, which it doesn't.
Precisely. I just use probably as a catch all.
It really shouldn't matter. I know what they're talking about and it's true.
It's not malicious or "ransomware", and this is perfectly normal, default behavior for most devices - both macOS and Windows implement full disk encryption in a default install these days, and your key is almost always in your Microsoft Account on the Microsoft website. While Microsoft does a lot of crap wrong, in this case, Windows's failure to decrypt under GRUB is security features actually kind of doing their job. Basically, trying to boot Windows through GRUB confuses the TPM, causing it to not want to give the keys in case the Windows boot partition has been tampered with by bad actors. Thus, you have to boot directly through Windows Boot Manager, not GRUB
Also, secure boot and TPM aren't just some conspiracy by Microsoft to block Linux; they are attempts at implementing legitimately necessary security features. Full disk encryption supported by correctly implemented secure boot and an encryption chip are essential to having modern security. Linux is not blocked by TPM and Secure Boot; it is certainly possible for Linux distributions to take advantage of them to enhance their own security. I have implemented automatic LUKS full disk encryption that similarly fails to unlock if the partition has been tampered with on my Debian install. In theory, they can actually be used to help improve your security.
That is not to say I think TPM and secure boot are good, though. The really obnoxious thing about secure boot is that all the certificates are controlled by Microsoft rather than a standards body or a group of certificate authorities. While so far, Microsoft has kept it relatively open by providing the third party CA and the shim binary in order to avoid having its neck snapped by the FTC, considering the current administration, we don't know how much longer they'll keep it up, and they could actualize the much-feared blocking of Linux.
The other big problem with TPMs and secure boot is that often, there are so many different implementations and frequently major security flaws in their implementations that weaken their protection. A typical petty thief stealing your laptop still probably won't be able to decrypt your drive, but a nation state can probably find a way. It doesn't help that Windows doesn't encrypt communication between the CPU and the TPM (luckily, the Linux kernel does that by default). Despite these issues, I'd say TPM and Secure Boot is better than nothing for most devices; not using them (EDIT: or a non-M$-controlled alternative, like a memorized drive password AND/OR FIDO keys, which may be better) at least in part means your device is more vulnerable to physical access and bootkit attacks than even most Windows laptops, and they are often the only tools at your defense
EDIT: An addendum: Now the really smart thing I've heard people do is to keep the boot partition on a flash drive (possibly with a keypad or biometrics) that you keep with you at all times.
I used Linux in a VM and WSL for several years, and I occasionally used it on an old laptop. It was in 2022 on the week I installed Cygwin that I thought, “I do more Linux stuff than Windows stuff. Why don’t I just straight up use Linux?”
I created a test install on a secondary drive, which has now been my main install for years and has been moved to a bigger drive twice.
I got very used to Linux, and Windows gave me no reason to come back.