From 256beaaaad7aa75d214452528d7c7d89cfa083f3 Mon Sep 17 00:00:00 2001 From: user Date: Thu, 21 Jul 2022 15:56:02 +0200 Subject: [PATCH] minor things --- archlinux.md | 22 ++++++++++++++++++++++ fido2.md | 16 ++++++++++++++++ filesystems.md | 13 ++++++++++++- lenovo_L13YOGA_G2_AMD.md | 17 +++++++++++++++++ 4 files changed, 67 insertions(+), 1 deletion(-) create mode 100644 lenovo_L13YOGA_G2_AMD.md diff --git a/archlinux.md b/archlinux.md index b52d791..53f45fe 100644 --- a/archlinux.md +++ b/archlinux.md @@ -15,4 +15,26 @@ journalctl --disk-usage && journalctl --vacuum-size={size}M ``` or prepare the file`/etc/systemd/journald.conf` and this value:`SystemMaxUse=50M` +## customize fresh system +- /etc/mkinitcpio.conf +- /boot/loader/entries/arch.conf https://wiki.archlinux.org/title/Kernel_parameters#systemd-boot +- unified kernel image https://wiki.archlinux.org/title/Unified_kernel_image +- kernel cmdline + - power state cpu + - WARNING: do not use the partuuid in the cmdline. check the uuid correctness with the LUKS container, `blkid` + - root and resume are links to the mapper +- reboot the system to check if anything is broken +- add secureboot https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Implementing_Secure_Boot + +## failure recovery +1. boot from archlinux usb stick +2. mount LUKS Container `cryptsetup luksOpen /dev/nvme0n1pX luksDev` +3. temporary dir `mkdir tmpmnt` +4. mount `mount -o subvol=@ /dev/mapper/luksDev tmp` +5. `arch-chroot tmp bash` +6. `mount /dev/nmve0n1p1 /boot` +7. fix stuff +8. `mkinicpio -p linux` +9. sync, unmount boot and tmp +10. `cryptsetup luksClose luksdev` \ No newline at end of file diff --git a/fido2.md b/fido2.md index cc0945e..1b9fd11 100644 --- a/fido2.md +++ b/fido2.md @@ -14,12 +14,22 @@ pamu2fcfg -o pam://$(hostname) -i pam://$(hostname) -n >> ~/.config/Yubico/u2f_k ``` - WebAuth - main feature, login with username (known value by user), ChallengeResponse ( secret ) and button (interactive)/PIN + - https://webauthn.io/ to test - resident keys - HMAC-secret extension - symmetric key scoped to a credential - https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-client-to-authenticator-protocol-v2.0-id-20180227.html#sctn-hmac-secret-extension ## hardware +##### udev rules +In general there should be no need to add the rules after install the libfido2 +https://github.com/Yubico/libfido2/blob/main/udev/70-u2f.rules +this list just contains legitime FIDO2 tokens +``` + +``` #### OpenSK +##### udev +https://raw.githubusercontent.com/google/OpenSK/f2496a8e6d71a4e838884996a1c9b62121f87df2/rules.d/55-opensk.rules #### solo2 ```bash udo lpc55 ls @@ -87,7 +97,13 @@ Properties { } ``` +#### somu +it is build around: STM32L432KC https://www.st.com/en/microcontrollers-microprocessors/stm32l432kc.html #### nitrokey +##### storage +##### start +##### udev +https://raw.githubusercontent.com/Nitrokey/libnitrokey/master/data/41-nitrokey.rules ### code snippets resident-key aka discoverable credentials (`fido2-token -S` to set the PIN, otherwise all other things fails, after using the PIN an additional touch is needed but not declared. Check this with diff --git a/filesystems.md b/filesystems.md index fde8797..ae7cf69 100644 --- a/filesystems.md +++ b/filesystems.md @@ -2,7 +2,18 @@ ## btrfs ### btrfs scrub As a copy-on-write (COW) filesystem btrfs can compensate some errors from the underlying storage - +##### btrfs resize +``` +btrfs filesystem show -d +btrfs filesystem resize -500m /dev/mapper/ubuntu--vg-root/@subvolume +``` +##### btrfs snapshot size +to show all snapshots enable quotas +``` + [root@localhost ~]# btrfs quota enable /btrfs/ + [root@localhost ~]# + [root@localhost ~]# btrfs qgroup show /btrfs/ +``` ##### systemd handling create for all btrfs filesystems a regulary scrub timer. ```bash diff --git a/lenovo_L13YOGA_G2_AMD.md b/lenovo_L13YOGA_G2_AMD.md new file mode 100644 index 0000000..7b10aa6 --- /dev/null +++ b/lenovo_L13YOGA_G2_AMD.md @@ -0,0 +1,17 @@ +--- +keywords: + - IT +--- +# Lenovo L13 Yoga G2 AMD +- Art.Nr.: 21AES01A00 +- AMD Ryzen™ 5 PRO 5650U HexaCore Mobilprozessor (6 Kerne/ 12 Threads • 2.30 bis 4.2 GHz • 3MB L2 Cache • 16MB L3 Cache • 15 Watt) +- 16GB, DualChannel, onBoard (fest integriert), DDR4-3200 MHz onBoard +- 33.8 cm (13.3"), Full-HD (1.920 x 1080 Bildpunkte, 16:9), LED-Backlight, **IPS-Technologie**, MultiTouch (10-Finger), Digitizer-Oberfläche mit Unterstützung für aktive Eingebestifte, 360° drehbar +- MediaTek MT7921 + +My own system: https://linux-hardware.org/?probe=6dfbd97685 + +### broken under archlinux +1. keyboard backlight https://wiki.archlinux.org/title/Keyboard_backlight#On_GNOME +2. keyboard FN keys +3. bluetooth daemon disabled by default \ No newline at end of file