This is just a record of noticable behavior of likely compromised system over a number of months that is about to be reinstalled. (Older computer & Garuda is running great; no issues really that need to be fixed; might be helpful for making Garuda or Linux more secure or for the new ISO release for September)
Bios noticeably was manipulated; about to do a reinstall; reinstalled all packages and removed orphans which seemed to help a bit yet system is not running as it should.
Seems like the firmware updates or hardened kernel updates could have allowed for this as well not sure how though or maybe zen.
Every once in a while get a failure to install for Firedragon or Librewolf or something else; can tell there are manipulations of packages during updates sometimes; a screenshot enclosed of this happening with Plymouth.
It looks like you are not using Plymouth anyway, as you do not have the splash kernel parameter set. These are your kernel parameters:
An easy way to stop getting that error message if you aren’t using Plymouth would be to just uninstall the package.
As for your BIOS, if you are having issues with it you should check to see if there is an update available because your last BIOS update was over five years ago. You also installed in legacy mode even though you have a UEFI board.
If you are going to reinstall, you may want to consider installing in UEFI mode instead. Who knows, maybe the CSM is related to whatever your issue with the BIOS is.
Windows partition was there; got compromised and was erased which is why it is still showing up; then there was a Garuda bios compromise that may or may not have been fixed; older UEFI system (2013) so could be an issue; looking into using secure boot with Arch / Garuda for a newer Zen 2 system with a bios that is still supported.
Also could have been an issue due to the triple boot partition which has PopOS (not a bleeding edge as Arch so an easier target) which also seemed wonky at some points during the 6 month install; does not show up on the system report from terminal which is something to think about; everything got compromised much earlier last year so props for all the hard work and great changes by all the Linux teams including Garuda, kernel, Plasma especially as well as some open source application fixes that were helpful as well as everyone working hard the forums to make things great.
Trying to completely replace Windows yet being held back now by only Audio Production software such as Ableton & VST installers for Arturia & Spitfire audio (which has free libraries that are very nice); which has more features then Bitwig still currently yet getting close; working on getting Ableton installed with Wine / Bottles.
Also trying to switch to Mixxx from Traktor DJ Pro 3.
Also KDE Wallet is popping up after any USB Device is plugged in or unplugged; (Ethernet over USB was used to upgrade the systems); seems to be some tricky file-less malware at play as well being injected into the firmware & bios possibly on the other older systems; working with bug bounty programs on other OS & apps as well as looking for a capable data forensics package that is open source and available …Still… to shine some light on the harder to find exploits & close as many holes also.
Only happening on the newer installs thought not this system that is completely broken. This might be due to many of the holes being used in this install being closed.
Was thinking this might have been an exploit because both web browsers are showing install failed warnings yet still being installed which might be evidence of payload injection in them.
“Every once in a while get a failure to install for Firedragon or Librewolf or something else; can tell there are manipulations of packages during updates sometimes; a screenshot enclosed of this happening with Plymouth.”
Thank you for all the responses very helpful; still learning about all the great changes that are always coming in so fast; trying to keep on top of updates and stay clear headed to think about how exploits are happening and find ways to explain them to developers to improve security. Much appreciated always.
Your Google-Fu is severely lacking. Instead of donning YATFH (yet another tin foil hat), please take whatever steps you need to solve the problem. This is an example, whether it fixes your problem or not. What you do from here is up to you.
Appreciate the help; am not looking to temporarily solve the problem; too many errors to report to all the package maintainers. No timeline needed for fixes that will most likely be in KDE Plasma 6 or Wayland it seems. Always open to learning anything.
Currently working on writing projects on Medium not related to Linux currently.
Exploiters have dropped another “Geschenk” (connotation not specified) that has been possible on many operating systems. Inserting a drive that is unencrypted; containing Bandcamp tracks recently downloaded of size 1.2 GB; with the ethernet unplugged after copying said files to an Encrypted install (possibly exploited); renders ddr3 memory exploitable likely from payload injected firmware package that allowed for the bios exploitation & manipulation of many variables within KDE & boot loader. Specifically this board was originally being exploited by overvoltaging the Fractal Integra 750 Watt bronze power supply & or the AMD APU 7850k motherboard that includes “5X overvoltage protection” as a feature that is dated hack-able and possibly dangerous to humans when the exploit is in use.
System froze after copying which could be to data forensics issues with the files downloaded that likely were injected with payloads that are accessible without internet access by hacking the physical smart meter on the residence most likely. This attack is being done on a number of systems and appliances including the water heater currently and has been for a number of year back to previous administration.
Creative yet beyond this ones pay grade currently.
Open to all criticism or logical fabrications on what is and is not possible and why.
On related note, on an Asus R8 after removing the xanmod kernel; there were significant performance improvements.
Leading to the conception; that other kernels might being exploited with payloads; then used as an attack surface on a running system against the running kernel.
Xanmod was never used; it is possible that this can be done to any kernel; or maybe just kernels that are not being used if it is not possible to exploit the running kernel directly without being detected. (KDE Cross kernel exploits are probably not tested)