Building Microsoft CBL-Mariner (Linux) ISO

NOTE: I was able to build the ISO on Ubuntu 20.04 as the work platform (I got lots of errors with Ubuntu 18.04)

The only guide that worked for me is: https://www.techrepublic.com/article/microsoft-linux-is-not-what-you-think-or-hoped-it-would-be/ but I made some changes to the procedure (i.e., I built CBL-Mariner instead of CBL-MarinerDemo)

root@ub2004:/wip# add-apt-repository ppa:longsleep/golang-backports
root@ub2004:/wip# apt-get update
root@ub2004:/wip# apt -y install -y make tar wget curl rpm qemu-utils golang-1.15-go genisoimage python-minimal bison gawk
root@ub2004:/wip# apt -y install pigz
root@ub2004:/wip# ln -vsf /usr/lib/go-1.15/bin/go /usr/bin/go
root@ub2004:/wip# curl -fsSL https://get.docker.com -o get-docker.sh
root@ub2004:/wip# sh get-docker.sh
root@ub2004:/wip# usermod -aG docker $USER

root@ub2004:/wip# git clone https://github.com/microsoft/CBL-Mariner.git
root@ub2004:/wip# pushd CBL-Mariner/toolkit
root@ub2004:/wip/CBL-Mariner/toolkit# git checkout 1.0-stable
root@ub2004:/wip/CBL-Mariner/toolkit# make package-toolkit REBUILD_TOOLS=y
root@ub2004:/wip/CBL-Mariner/toolkit# cd ..
root@ub2004:/wip/CBL-Mariner# cp out/toolkit-1.0.20210722.0141-x86_64.tar.gz .
root@ub2004:/wip/CBL-Mariner# tar -xzvf toolkit-*.tar.gz
root@ub2004:/wip/CBL-Mariner# cd toolkit/
root@ub2004:/wip/CBL-Mariner/toolkit# make iso REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/full.json

root@ub2004:/wip/CBL-Mariner/toolkit# du -sh /wip/CBL-Mariner/out/images/full/full-1.0.20210722.0200.iso

678M /wip/CBL-Mariner/out/images/full/full-1.0.20210722.0200.iso

I was able to install the ISO on VirtualBox.

You can follow the steps on this page to install the output ISO on VirtualBox: https://linuxiac.com/microsoft-cbl-mariner-linux-1/

VMWare OVFTools required to build OVA CBL-mariner images (VHDX, OVA/VMDK)

– download 64-bit Linux VMWare-tools from https://my.vmware.com/group/vmware/downloads/details?downloadGroup=OVFTOOL441&productId=646
# chmod a+x VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle
# ./VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle
(NOTE: “./VMware-ovftool-4.4.1-16812187-lin.x86_64.bundle –uninstall-product vmware-ovftool” to uninstall)

– # make image REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/core-ova.json
(builds OVA, VMDK, and VMX files in CBL-Mariner/out/images/ )


– # make image REBUILD_TOOLS=y REBUILD_PACKAGES=n CONFIG_FILE=./imageconfigs/core-efi.json
(builds a 381MB VHDX file in CBL-Mariner/out/images/core-efi/ )

NOTE: in the VMDK file, the password field for the root user in the /etc/shadow file is set to <NULL>. Which meant that after creating a VM with the VMDK, I couldn’t login after I booted up the CBL-Mariner. I had to slave the VMDK to another VM, in order to manually change the <NULL> to the encrypted value of a known password. Alternatively, you can use the VMware disk tool to mount the VMDK after generating it on the Ubuntu instance, and edited the /etc/shadow file. On the other hand, the username and password for the CBLMarinerDemo is mariner_user  and p@ssw0rd

Thou shalt know thy neighbors

No, I do not mean camping outside their house or becoming a nuisance. But go out of your way if necessary to say hello regularly. 

To the subject of this article, I was reading about a recent incident where a lady was attacked in her house (by an ex or so) and she made it out, and all the way to a neighbor’s house where she screamed and knocked on the door around 3am or so. 

The neighbor heard the scream, turned over, and went back to sleep. 

In the morning he discovered blood streaks on his door. The attacker apparently trailed the lady and dragged her back to her house and finished the job. 

From the neighbor’s comment you can sense he was a little sad he didn’t get up, but from the way he referred to the lady, I wouldn’t even suggest they were acquaintances. 

Now, this is all conjecture after the fact so we can never be sure of what difference it would have made if any to the subsequent events that took place. But it is possible the neighbor heard the scream, and his brain subconsciously goes something like: (1) no one is breaking into my house, (2) I didn’t hear my name, (3) I don’t really know anyone in this neighborhood, (4) it’s not my business, (5) go back to sleep. 

Now consider the difference it might have made if for example the victim had regularly greeted this neighbor (at a minimum), or gone a step further and had known the neighbor’s name, and instead of just screaming, had screamed the neighbor’s actual name out in her distress.  The neighbor’s brain might instead have gone: (1) no one is breaking into my house, (2) was that my name I heard? (3) sounds like that lady a few houses down the street that always says hello, (4) I better get up and make sure she’s not in trouble. 

So yes, we have the extreme at one end where neighbors become busybodies, and the other extreme where even though we are just yards apart we might as well have been on different continents. We need to find a middle ground. The typical African and possibly other cultures (which for some reason appears to have a correlation with third world nations) almost never have a neighbor who is a stranger. Whereas the independence (and huge personal space) that an affluent lifestyle associated with first world nations have over time created the opposite – strangers that may have dwelled next to each other for years or decades. 

I am also guilty of the same thing. I have new neighbors on two sides. To the neighbors at the back, I did say hi once, to which they responded but it didn’t go beyond that. I do not know their names. On one side is a new Hispanic family to which I do not even believe we have ever exchanged greetings. Part of the reason of course is that we all literally arrive at home and disappear inside our various houses. 

This lack of connection does not bode well for a neighbor getting into trouble and expecting some help from those around. Yes, people will call the police if the disturbance is obvious or loud enough, but in general refuse to really “engage”. They may step out when the neighborhood is flooded in “blue” with their lights flashing, but usually by then the damage is already done, whereas maybe even a neighbor putting on their floodlights and stepping outside during the incident itself (not saying they put themselves in danger) may cause an attacker to cease long enough to make a difference to the outcome. 

Ultimately, lack of familiarity makes our response impersonal. We literally fail to respond, or do the minimum possible. I always try to imagine when driving if someone cuts me off for example, that the person is an acquaintance at a minimum. That literally prevents me from having any angry thoughts that might escalate to road rage. For example, say you recognize the car, what are you likely to do? You might smile, pull level with the other car, wind down your window, get their attention, and say something like “you clown! You just cut me off!” with a smile on your face and in your voice. To which the other party (also recognizing you) might respond with a smile and a wave acknowledging you in return. Even on a bad day where you are completely frustrated, you would still likely not react angrily if you recognize the other car. In fact it may completely change your mood for the better. 

But when we have no personal connection with another party, our default response is nonchalance at a minimum, suspicious, or aggressive at the other end of the scale. 

It also makes me wonder what difference it might have made to some of the suicide cases in the news regularly. Take some of the well-known celebrities that have committed suicide. They seem happy, have many friends, have every material thing their heart desires, appear well adjusted, then their suicide seems to happen out of the blues. Now I am not talking of the celebrity friends they have, that they only meet on the red carpet or at exclusive parties; nor the celebrity friends living in the same zip code each behind their 10-foot electrified-fence mansions (nothing wrong with having a mansion), but instead say they have a run-of-the-mill neighbor (who would also be rich but not necessarily a celebrity) who says a genuine hello from time to time. Maybe the person with suicidal tendencies may have come across the neighbor on the faithful day and that “hello” might be all it takes to make a difference. 

So make some effort to know your neighbors. Respect their privacy of course. The line maybe subtle but a greeting here and there hurts no one. An invitation to a house party or a kid’s birthday party (if they also have children) may taw the ice or foster some familiarity or help know where that line is where the neighbor is comfortable interacting over. For example, if they appear uninterested or gruff, don’t take it personal, still say hello wherever your paths cross. You can never be sure what difference you might be making in their lives as well as yours. 

7:30pm Hogle Zoo, SLC, Utah. 

Timeout with the Raspberry Pi 2

There is a website called EstateSales ( https://estatesales.org/ ) where you can bid for all sorts of stuff (new, used, etc.) and I believe they have a presence in most US states if not the larger cities.

I bidded on a Raspberry Pi 2 (status not tested) and got it for $2. If I add the gas to drive to the pickup location and back, maybe the total would come to about $8. I then bought a USB WiFi card for $4 on Ebay since the Pi 2 does not come with a WiFi inbuilt chip on the board.

Below are my notes from the “experience”:

– – – – This section is only if you can’t get the Pi on the network via its Ethernet interface – – –

– My first issue was that the Pi came with a HDMI port for which I didn’t have the cable, but fortunately my German friend left a Monitor with a VGA-to-HDMI cable attached. I connected it to the Pi as well as a USB keyboard and powered the Pi using its USB port connected to a USB port on my desktop PC.

– Second issue was that I didn’t know the password of the pi user since it was pre-owned so I had to intercept the boot process (the splash screen says to press the SHIFT key), append “init=/bin/bash” to the “kernel” line, and then issue a “mount -o rw,remount /” followed by a password reset for the pi and root users.
– – – – – – – – – – – – – – – – – – – – – –

– Connect through a console (HDMI Monitor and USB keyboard). If you decide not to get a WiFi card and you don’t want to attach the Pi via an Ethernet cable to your router, you can do the following to get access to the Pi from a Windows PC that you have connected to it via its Ethernet port (I couldn’t get it to access the Internet via ICS for some reason).
– Set ethernet interface eth0 to dhcp in /etc/network/interfaces
– Connect it to a Windows PC via an ethernet cable
– Configure ICS on say the WIFI interface of the Windows PC with the Ethernet as the “home network” (ICS then pops-up the message that it will assign 192.168.137.1 to the Ethernet interface on the PC)
– Run “arp -a” on the Windows PC and look for all IPs in the 192.168.137.x (one of them will be the IP assigned to the raspberry by ICS)
– The interface on this specific Pi has the MAC address b8-27-eb-90-b3-30 which is also visible in the “arp -a” output
– SSH to the Pi IP address and login with the root or pi user

– NOTE: ping the broadcast IP of the IP address assigned to the Windows Ethernet interface may help get the MAC/IP assigned to the Raspberry Pi to show up in the output of the “arp -a” command e.g., “ping 192.168.137.255”

– NOTE: if you can’t get the Pi to be assigned an IP address via ICS, do the following:

  1. Make sure ICS service is running on the Windows PC (restart it if necessary)
  2. Disable ICS on the NIC that is being shared via ICS (e.g., the WiFi NIC) then re-enable ICS

NOTE: watch out for the SD card on which the O/S is installed. It is very easy to eject it without noticing – if you are on the console, you will see it start to display “read errors” on the SD card and essentially stops working. If you are just attempting to boot up the Pi, it won’t boot at all since the O/S is on the SD card.

Issue three: The much older kernel on the Pi (I think it was 3.18 from year 2016) did not have drivers for the Ralink WiFi (USB) card I got off E-Bay. I was able to upgrade the O/S to a 4.19 kernel, but later decided I would just install a completely new Pi distribution by using the https://www.raspberrypi.org/software/ Windows Raspberry Pi Imager (there is a version for Ubuntu as well). The Imager prompts to select a O/S distro/version and the target Storage (I inserted the SD card into my Windows laptop using a Micro SD Adapter) and it will then download the selected image and (over)write it to the the SD card so backup its contents first if you need them.
The latest version as at 05/26/2021 is the 1.1GB Raspberry Pi OS (32-bit) released 2021-03-04 (includes the Pi Desktop).
There is also a 0.4GB Raspberry Pi OS Lite (32-bit) with no desktop environment released on the same date (2021-03-04)

– In order to access the instance via SSH, you need to enable the SSH service first:
sudo systemctl enable ssh
sudo systemctl start ssh

– I decided to configure the Pi to boot into multi-user mode (CLI with network services) instead of graphical mode which will consume more system resources:
sudo systemctl set-default multi-user


My particular Ralink WiFI USB card had the MAC address 00:E0:2D:90:70:34
Sample network interface file content: https://gist.github.com/spikeheap/7857064

– Configure the WiFI network you intend the system to join in the file /etc/wpa_supplicant/wpa_supplicant.conf :

ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=US

network={
ssid=”IA”
psk=”my-Super-Password”
}

– Configure the network interfaces in the file /etc/network/interfaces

source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

alow-hotplug wlan0
auto wlan0
iface wlan0 inet dhcp
wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

auto eth0
iface eth0 inet dhcp

– Reconfigure the WiFI start the card:
sudo wpa_cli -i wlan0 reconfigure
sudo ifdown wlan0
sudo ifup wlan0

– Restart the networking service if necessary:
sudo systemctl restart networking

– Troubleshooting: To scan and check WiFI networks, use the command “sudo iwlist wlan0 scan” and check the essid field. This field should be the same as what you entered in the ssid field in the /etc/wpa_supplicant/wpa_supplicant.conf file .

root@raspberrypi:~# lsusb
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp.
Bus 001 Device 004: ID 1c4f:0002 SiGma Micro Keyboard TRACER Gamma Ivory
Bus 001 Device 005: ID 0bda:c811 Realtek Semiconductor Corp. <—- needs drivers
Bus 001 Device 006: ID 148f:7601 Ralink Technology, Corp. <—- supported out of the box by the 2021-03-04 distro


Just for fun: I also had a Realtek WiFi USB card as well that is normally connected to my Windows Desktop PC so I can avoid using an Ethernet cable to connect it to the Internet router which is somewhere else in the house. You can see it is detected from the output of the “lsusb” command above but the Pi OS did not have in-built drivers for it. You can install the drivers as follows:

sudo wget http://downloads.fars-robotics.net/wifi-drivers/install-wifi -O /usr/bin/install-wifi
sudo chmod +x /usr/bin/install-wifi
sudo /usr/bin/install-wifi
(this script detects the card, downloads and install the appropriate driver and configures the card. In this case, it downloaded the driver file 8821cu-5.10.17-1403.tar.gz)

– Some Links

http://downloads.fars-robotics.net/ (lots of commands related to setting up networking on the Pi)
http://downloads.fars-robotics.net/wifi-drivers/ (drivers for Realtek cards)
https://www.raspberrypi.org/forums/viewtopic.php?p=1133815#p1133815 (where I got the reference to the install-wifi script)

Pi 2 with the WiFI USB card

Using Let’s encrypt SSL certificates

Letsencrypt certificates are only valid for 90 days so you have to continually renew them.

  1. Install Certbot/Letsencrypt on a Linux system where we will be generating the certificates for our website:
    sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
    sudo yum install -y letsencrypt

2a. Generate the certificate (command):
cd /etc/letsencrypt/ && certbot certonly -d ‘itayemi.com,*.itayemi.com’ –manual

– NOTE: the certbot command prompts you to create a DNS TXT record (you MUST do this before pressing the Enter key to continue!!)
———————————————————————

Please deploy a DNS TXT record under the name
_acme-challenge.itayemi.com with the following value:

obLL0Cludw4VpwXJuMG0AFlRryUbdb0ozHiNrgAvqx8

Before continuing, verify the record is deployed.
———————————————————————

2b. In cPanel, use “Zone Editor” in the “Domains” section to add the TXT record (e.g., _acme-challenge.itayemi.com) with the displayed value (e.g., obLL0Cludw4VpwXJuMG0AFlRryUbdb0ozHiNrgAvqx8)
———————————————————————

2c. In the Linux session, press the Enter key to continue

2d. You are prompted to create a file on your webserver (or website). You MUST do so before pressing the ENTER key to continue:
———————————————————————

Create a file containing just this data:

AKJdNT8vtAwQefuoBWItTxj9-n5K947LhmHPWdTWl0s.vrNHNIC3FVyuv2kJU8JcnmZK_lfarmjV_FDWrtWY1wc

And make it available on your web server at this URL:

http://itayemi.com/.well-known/acme-challenge/AKJdNT8vtAwQefuoBWItTxj9-n5K947LhmHPWdTWl0s
———————————————————————

2e. In cPanel, use the “File Editor” in the “Files” section to create the indicated file http://itayemi.com/.well-known/acme-challenge/vxp4GyEKqvkniMdE_20XCR2RpPiPPjfvhAqgAtC-8Hk with the indicated content e.g., (vxp4GyEKqvkniMdE_20XCR2RpPiPPjfvhAqgAtC-8Hk.vrNHNIC3FVyuv2kJU8JcnmZK_lfarmjV_FDWrtWY1wc)

  • the file is in directory /home2/itayemi/public_html/.well-known/acme-challenge/
  • use the “+File” link to the top left of the “File Manager” page to add the new file
  • then click on the file, and select the “Edit” button to edit the file to add the content,
  • then click the “Save Changes” button, then the “Close” button

———————————————————————


2f. In the Linux session, press the Enter key to continue, the process will complete and display the certificate details e.g.:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/itayemi.com/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/itayemi.com/privkey.pem
    Your certificate will expire on 2021-09-11. To obtain a new or
    tweaked version of this certificate in the future, simply run
    certbot again. To non-interactively renew all of your
    certificates, run “certbot renew”

for each domain/FQDN, select “Update Certificate” link under the “Actions” column, populate the “Certificate: (CRT)” textbox with the content of the file /etc/letsencrypt/live/itayemi.com/cert.pem on the Linux system, and populate the “Private Key (KEY)” field with the content of the file /etc/letsencrypt/live/itayemi.com/privkey.pem, then click the “Install Certificate” button.

———————————————————————


IMPORTANT NOTES:

  • I then installed a root crontab entry to renew the certificates every 90-days

# crontab -l
# autorenew certificates for *.itayemi.com which should generate new
# valid certificates every 3 months. Note that I still have to login
# to itayemi.com cpanel and update the CRT and Private key fields of each
# defined FQDN with the new certificate generated by certbot
#i.e., cert.pem and privkey.pem
45 2,9,16 1,5,10,15,25,30 * * cd /etc/letsencrypt/ && certbot renew renew

  • INSTALLING THE LETSENCRYPT Certificate in cPanel
  • Login to hihostnow.com.ng (Client Area) -> Select “Services” -> “My Services” from the menu
  • Click on the “Status” button to the right of the target service e.g., itayemi.com
  • Expand the “Actions” menu (left-side of page) and click on “Login to cPanel”
  • In itayemi.com cpanel, select “SSL/TLS” (under the “Security” section)
  • Select “INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS) – Manage SSL sites”
  • For each listed FQDNs/certificate row, select the “Update Certificate” link under the “Actions” column; populate the “Certificate: (CRT)” textbox with the content of the file /etc/letsencrypt/live/itayemi.com/cert.pem on the Linux system, and populate the “Private Key (KEY)” field with the content of the file /etc/letsencrypt/live/itayemi.com/privkey.pem, then click the “Install Certificate” button.

Installing Mac OSX 10.15 Catalina on HP EliteBook Folio 9740m

Installing Mac OSX 10.15 Catalina on HP EliteBook Folio 9740m


You need to create the Installation USB on a Mac (real or a VM).
You can find VM images for Mac OSX suitable for use with Oracle VirtualBox or VMWare Workstation on the Internet. In this research, I used the Mac OSX 10.13 High Sierra VM deployed on VirtualBox to create the Installation USB for Mac OSX Catalina (I had instability issues when I tried to use the Mojave/Catalina VMs). Please remember to follow the instructions associated with deploying the VM on VirtualBox/Workstation – e.g., there are “vboxmanage” commands you need to run otherwise the VM will be stuck in a continuous reboot loop.
Also I found out the hard way that the latest VirtualBox (6.1.4-136177) crashed my Windows laptop on which I deployed the Mac OSX VM consistently once I started the VM. I then tried the older VirtualBox version 6.0.18-136238 and that worked with no issues. Also note that on Linux, you must register the VM (“vboxmanage registervm “) before running the other vboxmanage commands specified in the procedure for deploying the VM. You also need to add the Linux user you are running VirtualBox as to the Linux group vboxusers otherwise you will not be able to attach a USB drive to the VM. Remmeber to install the VirtualBox extension pack as well.


  • Login to the mac OSX VM
  • Download “macoS Catalina Patcher” utility abd use it to download the macOS catalina installation files from Apple
  • Download https://github.com/chris1111/HP-Probook-EliteBook-Package-Creator
  • The instructions for running it to create the boot installation USB are on the same page. There is also an English walk-through video at https://www.hackintosh-montreal.com/t7559-hp-probook-elitebook-macos#111778
  • Summary:
    – run the “Gatekeeper” app (it is in the HP-ProBook-EliteBook-Package-Creator directory after you decompress the downloaded zip file);
    – run the Packager (needs Internet access) to create the “Create Install Media HP Laptop” app; attach a (minimum size 16GB) USB drive to the MAC oSX VM;
    – run the “Create Install Media HP Laptop” app which launches disk utility app where you need to erase the whole USB drive with “Format” set to “Mac OSX Extended (Journaled)”, “Scheme” set to “GUID Partition Map”.
    – once erase is completed, exit the disk utility and you will get a drive list from which you select the drive you just erased/formatted;
    – you then get a dialog box asking you to select the location of your “Install macOS Catalina.app” (either “10.9 to 10.12” OR “10.13.to 10.15”), then browse to where you downloaded the installation files and select the “Install macOS Catalina” installer; the HP Probook/EliteBook creator app will then copy files to the USB;
    – once completed, it will automatically launch the “Clover EFI” installation app, click the “continue” button, change the installation location to the USB drive that was just created (likely named “Install macOS Catalina”), click on the “Customize” button, the relevant selections for my laptop are below, then click “Install” button:

-> Install Clover in the ESP
-> Drivers off
-> Boot Sectors -> Install boot0af in MBR
-> Clover for BIOS (legacy) booting -> Clover EFI 64-bits SATA
-> BIOS Drivers, 64 bit -> Recommended drivers (all)
                                     -> File System drivers (all)
-> UEFI Drivers -> Recommended drivers (all)
                          -> File System drivers -> apfs, Fat, HFSPlus
                          -> Memory fix drivers -> OsxAptioFixDrv
                          -> Additional drivers -> OsxFatBinaryDrv, PartitionDxe
-> Themes (select all)
-> Drivers Kext -> FakeSMC, VoodooPS2Controller


  • Once done, copy the Gatekeeeper application and the HP-ProBook-EliteBook-macOS.pkg post-installation package to the USB drive volume “Install macOS Catalina”
  • Eject the USB drive and plug it to your target HP laptop
  • Power on your target laptop, press ESC key to interrupt the boot process, press F10 to enter BIOS setup – make the changes recommended on the “HP ProBook EliteBook Package Creator” web page then save and exit. For my laptop, the BIOS settings are: Deactivate Fast Boot, deactivate “SecureBoot”, set “Boot Mode” to “UEFI Hybrid (With CSM)”, deactivate LAN switching, deactivate Wake On LAN and Wake on USB, “SATA Device Mode” to “AHCI”, disable firewire/IEEE1394, disable “Trusted Execution Technology (TXT)”
  • Boot the target HP laptop with the USB drive, use disk utility to erase the laptop’s disk – if you only see volumes and not the disk devices, select “View -> Show All Devices” from the Disk Utility menu (if planning to multiboot, use disk utility to create all the partitions you need – in my example I erased the HDD using “GUID Partition Map” scheme, then created 3 partitions: OSXHDD, LINUXOS, WINOS. I set all the non-OSX partitions set to type ExFAT), install the macOS Catalina to your newly formatted OSX volume.
  • When completed, reboot with the USB in place, once started from the USB, select the option to boot from the OSX disk you just installed Catalina to – the install will continue – when it reboots again, select the option to boot from the OSX disk again, it may reboot again, select the OSX disk again, it will then boot to the GUI to complete the setup – go through the setup wizard to complete the configuration and create your login user account.
  • At the desktop, open the USB install drive (should be named “Install macOS Catalina”), copy the Gatekeeper and HP-ProBook-EliteBook-macOS.pkg to your Desktop.
  • Run gatekeeper and choose “Disable” to allow you to run software from any source
  • Run the Post-Installer “HP-ProBook-EliteBook-macOS.pkg”, change the installation target location to your laptop disk, select the customize button, and select all the options necessary for your specific laptop (see video on the creator web page), and complete the clover installation. My customized selection were as follows:

HP-ProBook-EliteBook-macOS
        -> HP Laptop Clover V2.5K r5103
                  -> 7 series macOS 10.12>10.15 -> Elitebook 9x70m
                  -> Intel HD 3000/4000 Graphics -> Intel HD 4000 -> Low screen 1366×768
                  -> HDMI -> HDMI Low screen
                  -> Fan Patch -> FanSmooth
        -> SSDT Generator
        -> Airport WIFI Fix -> AirportBrcmFixup (for Broadcom or Atheros for Atheros card)
        -> Bluetooth
        -> HWMonitor
        -> Applications

  • DO NOT reboot the laptop yet otherwise you will get kernel panics and it will be stuck in a loading/panic/reboot loop.
  • Open Terminal app:

# sudo su -
# mount -o rw /
# mkdir /tmp/efi
# df -h
# mount -t msdos /dev/disk0s1 /tmp/efi (*see note below)
# cd /tmp/efi/EFI/CLOVER/ACPI/patched/
# rm DSDT.dsl DSDT.aml SSDT.aml origin.dsl

Note: the EFI partition on the HDD may already be mounted (usually under /Volumes/ESP) so this mount command will throw a “Resource busy” error. If it is already mounted as /Volumes/ESP then you should “cd /Volumes/ESP/EFI/CLOVER/ACPI/patched/ ” in order to delete the files indicated above.

  • Edit /tmp/efi/EFI/CLOVER/config.plist and set the DefaultVolume to your OSX volume name, and the ScreenResolution key to your actual resolution (1366×768 for my laptop) if necessary.

# cd /
# diskutil umount /tmp/efi

Fix Sound: To get sound to work properly (AppleALC kext that comes with the post installer enables the headphone jack but not the in-built speaker), you need to use the VoodHDA kext:

  • Download VoodooHDA 2.9.2 install package from https://github.com/chris1111/VoodooHDA-2.9.2-Clover-V15/releases
  • Unzip the downloaded file and open/run the package
  • Click the Continue button (x3), agree to the license terms, then click the Customize button -> Expand “VoodooHDA Clover UEFI/ESP” -> Select “macOS Catalina” -> “Install”

Eject the USB install drive, and reboot your “Mac” laptop, it should come up with WiFI, LAN, SD card, and Sound fully functional.

NOTE: the SSDT.aml was responsible was responsible for the continuous reboot “memory panic stackshot succeeded …” kernel panic that made my laptop continuously reboot. The only file you should have in the EFI/CLOVER/ACPI/patched/ directory in the EFI partition on your boot volume is the SSDT-FIXCAT.aml

Bootloader Setup: The easiest way to use CLOVER bootloader is to mount the EFI partition and copy EFI\CLOVER\CLOVERX64.efi to EFI/Boot/BOOTX64.efi (yes, overwrite BOOTX64.efi if prompted). Note that if you are multi-booting and you installed Windows or Linux after installing Mac OSX, you may need to repeat the copy again afterwards if you still want to use CLOVER bootloader. Alternatively, you may setup your laptop (BIOS) to use CLOVER by setting up the BIOS: System Configuration -> Boot Options -> Define Customized Boot Option -> Add -> enter “EFI\CLOVER\CLOVERX64.efi” -> in “UEFI Boot Order” (Move “Customized Boot to the top position) -> Save -> Exit. If you choose this alternative option, you should delete any other file that is in EFI/Boot/ directory.

Fun stuff: You can cast sound or video or your laptop desktop to a recent TV such as the Samsung series 8 that supports AirPlay. If I select my TV, I am prompted for the Airplay code which is displayed on my TV. You can even decide whether to just mirror your desktop to the TV or use the TV as a second screen (“As Separate Display”)!

Other: In Microsoft Windows, to mount the EFI partition on a O/S disk, run “mountvol <driveletter>: /s” from any admin cmd.exe session. To mount the EFI partition on a USB drive, run “mountvol” which will list all available volume, you can then run “mountvol <driveletter>: <\\?\volume-name-as-displayed-in-mountvol-output>”

Disclaimer: if you like Mac OSX buy a real Mac. This is for educational research purposes only.

Acknowledgement: chris1111

Refs:
https://github.com/chris1111/HP-Probook-EliteBook-Package-Creator
https://www.hackintosh-montreal.com/t7559-hp-probook-elitebook-macos#111778
https://unix.stackexchange.com/questions/129305/how-can-i-enable-access-to-usb-devices-within-virtualbox-guests

Vampire Diaries

For some reason I cannot donate blood. Back in 2017 I volunteered but was turned down because I hadn’t been in the country long enough and my last country of residence was Nigeria which is known for malaria.

Fast forward some 2.5 years and I got a notice from the Red Cross that I can now donate blood. In January the Red Cross had a blood donation drive in my office. Three different people attempted to draw blood from both arms. Lucky that I am not squeamish or afraid of needles because the needle they used looked humongous compared to a regular hypodermic needle. After poking both my arms several times without getting any blood to flow into the tube talk-less of the bag, they finally gave up. I joking asked the lady if she’s sure I am alive.

Another 2 months passes and I got another call that they need blood and every “whole blood” (as opposed to plasma for example) donation can potentially help three people. I signed up again and drove to the center the following morning at 10 AM (a Saturday). We basically repeated the same “show” from two months earlier. The youngest person on staff (and I suspect the most junior had a go first). In and out, left and right the needle went, she’s sure she’s in the vein but no blood comes out. She got a little blood into the tube but that was all. Finally she calls her colleague who she says is very good. He too starts on the same arm. I mentioned the January issue and he kind of laughed it off stating they probably just weren’t good enough to make it happen. After a while, his younger colleague suggested he may want to try my other arm as the vein seems to be more “hydrated”

So he switched to the other arm and repeated the same process. Finally he gave up and called the most experienced staff there who I think was the leader as well. She comes and repeats the same process and actually got the flood flowing slowly through the tube but she says at that rate, the device will time out.

I asked if she had any idea what was going on and she said while she’s not certain, it maybe that my platelets are overly aggressive and once the needle goes in, they react and start blocking the ingress point – basically clotting. The lady suggested that if I really wanted to help, seems it appears I can’t donated blood, I could donate my time in other ways such as welcoming people and ensuring they sign in properly when they arrive to donate blood.

I am going to give it one more try and after that if they still can’t get blood out of my veins, I may likely have them take my name off their list.

Valentine Blues

I have not been fair to all the retailers hoping to make a killing today. I confess I haven’t blown my fair share of cash on Valentine’s day(s). As far as I can remmeber I have only taken a lady out once on Valentine’s day and that ended disastrously – no not the night itself, that just left me “feeling one way” or “feeling somehow” in a manner of speaking common where I grew up – I was instead referring to the whole courtship attempt.
So tonight was not any different from the same night for several decades. I meant the whole relationship or lack of it to be accurate and not because I didn’t want it to happen.

“What about bumble?” asks a concerned cousin over the phone, “I have a lot of luck there” he says as his voice drops lower. He’s married. I am past judging anyone. I have my excuse ready “Mormons don’t do bumble”. Of cos that’s not true, there are Mormons on bumble but most want a fellow member of the church.

Bernie (not his real name) says to me in the afternoon: “Any plans for tonight?”. He is my house mate or more accurately my tenant.
I answered “No not really.”
He says “Damn bro! Ok, Ok, are you getting any p**sy tonight?” he can be persistent (for lack of a better word). He is 23.
“Not likely” I said.
“Well James isn’t getting any for sure.” James (not his real name) is our other housemate who actually has a wife, a home, and kids in the next state some 10 hours away. He calls home every night to talk to his kids.
I laughed, “Well you can take one for the team.”
“Definitely bro! I will!”
I heard him rev his Porsche as he headed out about an hour later.

James comes home and asks if the clothes in the washing machine are mine. I said it is likely Bernie’s.
“Well, he needs to learn to do his laundry when he is going to be home. He should realize someone else might want to use the washing machine.”
I offered to go check on the machine. Since he had already washed the large blanket that was in it, I moved it to the dryer and set it to 50.
A lady I didn’t know had put up a flier in an Afro group I belong to for a movies night. I got dressed and headed out. There were only 4 of us there which I guess is a good thing – I assume all the others in the group had partners to spend the night with. It is actually a studio. We watched Midsommar which is a weird movie.
Afterwards, I considered going to a bar to hang out for a while, but then I realize most people out on the town would be in pairs and it was already going on 11 PM. Too late to get into trouble. I set google maps to take me home.

As I flew home doing 77 in a 70, I had “The house of the rising sun” on repeat on my car stereo. I had the beginning of a story involving a serial killer that murdered his victims to this particular soundtrack but it didn’t come together so I dropped it. I have written sporadically in recent times – it is strange how some memories come back to you when the context is right – “Go find someone you can impress by your writing” she had said.

The female electronic voice was my date for the night.

Crossing America

I left Minot on the fourth of January 2018 after having lived there for a year. My car was packed full of everything I could manage to fit into it. I then made my way to Southfield (MI) with the intention of staying with a cousin for a week or two. That didn’t work out as madam went rogue, so I checked into an AirBnB with a young couple. They had a couple of cats who mostly lived in their room. The bigger one was several years and wouldn’t give you the time of day. The young one was about 6 months or so and would make a dash for the couple’s room if you so much as looked at it. The apartment had two rooms and the room I stayed in was the AirBnB room and the single bathroom was shared. They gave me the run of the whole place which was nice. The only thing that was of concern (for their health) was that they smoked way too much – fortunately not inside the apartment – but even in the January “freeze” they made the trip to the balcony several times to go smoke when they were home.

After 10 days, I packed up once again and headed south to Indianapolis where I stayed with another cousin and his family. I slept on the couch in the living room throughout which suited me perfectly as it meant I could watch TV as much as I wanted. Of course I paid for my late nights when the kids boisterously get ready for school in the mornings. All these while, I kept churning out job applications like a mill. I finally got an invite for a job at HPE in Aplharetta (GA). After another 10 days or so I was back on the road. Checked into an AirBnB that had a curious set up. It was a fairly large house with three rooms upstairs. Two rooms including the one I stayed in shared a bath and the master had a bath en-suite. The ground floor had a kitchen and a fairly open area which was the living room. This had about 4 beds as it seems they were also had low-paying short staying tenants. There was a very young couple (late teens or so) that had sectioned off a part of the living room with a hanging sheet, and a couple of other guys also staying on the ground floor. I guess the AirBnB guests stayed upstairs. There was a lady as well as the person running the place on behalf of the actual host listed on the AirBnB website – he lived in the master bedroom. The house was in a quiet middle-upper class area and I understand people actually lease some of these vacant homes and then run them as AirBnB guest houses.

I thought the interview went well and after not getting any feedback from HPE after another week or so, I was back on the road to my big cousin’s place in North Carolina. It was while I was staying with my uncle that I got the invite for a video interview for the job with Oracle. I was interviewed by the lady (Ericka) who would be my manager and a colleague (John). The interview possibly lasted 15 to 20 mins but the questions were not particularly difficult. I got a job offer some days afterwards. Most days I drove to my aunt’s place in Charlotte (about 20 miles away) and spent the day with her.

After a couple of weeks, I set out across the country to Corona (CA) where I stayed another couple of weeks with another cousin. It was one of those new luxurious housing complexes with a swimming pool in the center of the courtyard. I never did make it into the swimming pool – I mostly watched TV all day with the intention of getting into the pool at least once before I left California – didn’t happen. Finally it was time for the last leg of my journey to Lehi (UT) where I resumed work. Excluding the local journey within each city where I had stayed, I had covered at least 5,300 miles and possibly closer to 6,000 miles all side trips factored in.

I have since then gone by air to New York (passport renewal) and Florida (on the job training), but to truly “cover” the country I need to (at least) get to Seattle or Portland at one end and maybe Maine at the other.

across_usa

Don’t change

Don’t Change

I was talking to a friend on the phone as we walked into the “Ivie juice bar” in Orem. The lady behind the counter took our orders and I sat down to wait.
A lady walks out from the backroom to deliver a completed order to another sitting customer.
I got up once she returned with our order and engaged her in conversation. Something I wouldn’t have done in another life.
She laughed and noted that I cut off my friend in order to hand her my phone. She could see his picture on the screen. I said this was more important and he can always call me back. She appeared eager enough to give me her number. As she handed back my phone, my left hand which had been in my pocket up until that moment came out. Her eyes flashed very briefly at the hand and I saw her expression change ever so slightly.
I know that look and I know that smile that is a mixture of guilt and regret. May be it is 5% in my head, but I am certain it is 95% true.
I said I will call her as she walked away to which she nodded.
I sent a text the next day. No response.
I called two days after and let it ring until it went to voice mail. I didn’t leave any messages. There was no point.
You are different, you are special, why would you want to be normal when you were born to standout?
Don’t get me wrong, I subscribe to not being “normal”: be creative; be idiosyncratic; be colorful, be flowery; but be deformed (in any way) is not one of those normal you shouldn’t be. If I had the power, I would grow a normal hand with normal fingers. You would think at my age I would be used to it and sometimes I almost convince myself that I am, but events such as these are there to remind me that I am indeed different – not necessarily in a positive way.

Time proceeds without stopping and so must I – after all nothing is certain except death and taxes.

Dual-Booting Mac OSX and Windows on MacBookPro

NOTE: Thanks to @TGIK on the thread https://discussions.apple.com/thread/250137979 who came up with the solution.

System: MackBook Pro (13-inch, Late 2011), Intel Core i5, 4GB RAM, Intel HD Graphics 3000, SuperDrive

Background:

  • Purpose of this guide: Due to poor EFI support on the earlier MACs (think 2012 and earlier?), when Windows is installed in EFI mode, the audio card does not work (EFI boot mode exposes devices in a different way, which effectively leads to audio not working). This guide uses registry DSDT override in Windows to enable the audio card without using any third party bootloader so your Mac OSX is more or less still vanilla 🙂
  • I first tried to install Windows with BootCamp but got the “GPT/MBR wont install” issue after EFIbooting the Windows 8.1 USB.
  • I then converted the Hybrid GPT/MBR partition scheme the BootCamp had created to GPT with protected MBR by:
    (1) disabling SIP – boot the MAC while holding down command+R to get to OSX Recovery, start Terminal from the Utilities menu, run “crsutil disable”, restart the MAC.
    (2) download gdisk and install gdisk (https://sourceforge.net/projects/gptfdisk/ ), determine your disk device name (e.g., from Disk Utilities), update the partition by running gdisk against the disk, selecting x for advanced, type n, then type w to write, Y to accept changes.
    sudo gdisk /dev/disk0
    x (ENTER key)
    n (ENTER key)
    w (ENTER key)
    Y (ENTER key)
    (3) run gdisk again and check the output that the partition scheme is now listed as GPT with protected MR; quit gdisk
    (4) You may want to re-enable SIP (boot while holding Command+R to get into OSX Recovery, start Terminal from the Utilities menu, run “crsutil enable”, restart the MAC.
  • I installed Windows from the prepared USB (press Option key when booting and select the EFIboot – it should have a USB icon). I chose to reformat the partition I had created in Mac OSX for Windows in the installation wizard.
  • In Windows, I installed the BootCamp Drivers (The BootCamp Assistant should have copied it to the USB for you, otherwise download them from the Apple website). This enables enabled WiFi and everything else but with no audio and the audio device in device manager had the error “This device cannot start. (Code 10)”
  • I then found @TGIK’s solution thread on Apple’s Support Forum after which I did the following to get the audio to work:
  1. Boot into Mac OSX and use MaciASL software to dump your DSDT in OSX : https://sourceforge.net/projects/maciasl/
    Install and run MaciASL. From the MaciASL menu chose the save as disassembled DSL option e.g., with filename DSDT (MaciASL will tag on extension DSL once you choose the right file type in the “save as” dialog box)
  2. Copy the DSDT.DSL to a USB or put it online (e.g., your email or google drive)
  3. Re-boot the MAC into Windows

The remaining steps are extracted from the guide: https://egpu.io/forums/pc-setup/fix-dsdt-override-to-correct-error-12/

4. Download and install the required tools:

  • Windows Binary Tools (WBT – Dec 2016) extracted to c:\dsdt directory. [ https://acpica.org/sites/acpica/files/iasl-win-20161222.zip ]
  • Windows Driver Kit (WDK), which contains the Windows ASL Compiler (asl.exe) [ https://go.microsoft.com/fwlink/p/?LinkId=526733 ]
  • Notepad++ text editor
  • Copy WDK’s ASL compiler into the c:\dsdt directory. Do this by opening Command Prompt (run as administrator) and then copy-and-paste the commands below: mkdir c:\dsdt
    c: & cd \dsdt
    set 64bit_OS_asl=”C:\Program Files (x86)\Windows Kits\10\Tools\x64\ACPIVerify\asl.exe”
    set 32bit_OS_asl=”C:\Program Files (x86)\Windows Kits\10\Tools\x86\ACPIVerify\asl.exe”
    copy /y %32bit_OS_asl% c:\dsdt > nul & copy /y %64bit_OS_asl% c:\dsdt > nul
    if not exist c:\dsdt\asl.exe echo ERROR: Failed to copy asl.exe to c:\dsdt

5. Copy the DSDT.DSL into the c:\dsdt folder

6. Edit the DSL as described and add the QWordMemory section (I used the “Intel method” as recommended in the egpu.io guide). See (iii) under section “OPTION 1: Use the Intel method” i.e.:
… With Notepad++, open the resultant c:\dsdt\dsdt.dsl file and search for ResourceProducer. Beneath it will be a series of “DWordMemory” resource entries. Under the last DWordMemory entry in that area, typically above the _CRS method, add a ‘QWordMemory’ (64-bit) entry as shown in red below. …

(NOTE: the lines starting with “QWordMemory” to the line ending with ” TypeStatic)” are the lines introduced into the DSDT.DSL file)

DWordMemory (ResourceProducer, PosDecode, MinFixed, MaxFixed, Cacheable, ReadWrite,
   0x00000000,         // Granularity
   0x000A0000,         // Range Minimum
   0x000BFFFF,         // Range Maximum
   0x00000000,         // Translation Offset
   0x00020000,         // Length
   ,, , AddressRangeMemory, TypeStatic)
QWordMemory (ResourceProducer, PosDecode, MinFixed, MaxFixed, Cacheable, ReadWrite,
   0x0000000000000000, // Granularity
   0x0000000C20000000, // Range Minimum,  set it to 48.5GB
   0x0000000E0FFFFFFF, // Range Maximum,  set it to 56.25GB
   0x0000000000000000, // Translation Offset
   0x00000001F0000000, // Length calculated by Range Max - Range Min.
   ,, , AddressRangeMemory, TypeStatic)
})
   Method (_CRS, 0, Serialized)  // _CRS: Current Resource Settings

7. Create an updated dsdt.aml file from the update DSDT.DSL file (using the commands):
c: & cd \dsdt
iasl -ve DSDT.DSL

Note: the iasl actually creates a file called iASLcnnPCo.aml. Just rename it to anything you want e.g., DSDT.AML

8. Load the updated/modified AML using registry DSDT override:
cd c:\dsdt
asl /loadtable DSDT.aml
bcdedit -set TESTSIGNING ON

9. Reboot Windows and you should have audio working when it comes back up.
(I noticed two devices in the “Sound, video and game controllers” section in Device manager: “Cirrus Logic CS4206B(AB 28)” and “High Definition Audio Device” (with the error “This device cannot start. (Code 10)”).

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

** If your MAC is equipped with a DVD drive (e.g., SuperDrive), you can avoid this long guide by installing Windows in legacy MBR boot mode. Write the Windows ISO to a DVD-R media (or if you have the Windows install DVD already even better). After creating a suitable partition for Windows within Mac OSX, just boot the MAC while holding the Option key, choose to boot from the DVD drive (not EFIboot !), and install Windows into the target partition. Install BootCamp Drivers within Windows and you are done! Everything should just work.

*The Windows USB can be created with unetbootbin, Rufus, or the Windows 7 USB/DVD creator tool.

Referencess:
https://mac.filehorse.com/download-daemon-tools/
https://sourceforge.net/projects/gptfdisk/
https://docs.google.com/viewer?url=http://manuals.info.apple.com/en_US/boot_camp_install-setup_10.7.pdf
https://apple.stackexchange.com/questions/8044/how-can-i-install-boot-camp-off-a-windows-7-usb-flash-drive
https://www.cnet.com/how-to/install-win-7-on-macbook-air-from-a-usb-drive/
https://macriot.com/mcrt/2014/12/08/windows-cannot-be-installed-on-to-this-disk-the-selected-disk-is-of-the-gpt-partition-style/
https://bl.ocks.org/balupton/1603bb4b7769d1af0fd7
https://superuser.com/questions/508026/windows-detects-gpt-disk-as-mbr-in-efi-boot/508454#508454?newreg=06d03dd9848a46babff1704022ce593c
https://www.quora.com/How-do-I-turn-off-the-rootless-in-OS-X-El-Capitan-10-11