From 89adcf141219625da33dbec3b24f7faa7bd85bfc Mon Sep 17 00:00:00 2001 From: cmn Date: Fri, 26 Jan 2024 15:22:34 +0100 Subject: [PATCH] SMART, hp prodesk600 --- hp-prodesk600G2-MiniPC.md | 16 ++++++++++++++++ linux_hardening.md | 13 +++++++------ 2 files changed, 23 insertions(+), 6 deletions(-) create mode 100644 hp-prodesk600G2-MiniPC.md diff --git a/hp-prodesk600G2-MiniPC.md b/hp-prodesk600G2-MiniPC.md new file mode 100644 index 0000000..d90f835 --- /dev/null +++ b/hp-prodesk600G2-MiniPC.md @@ -0,0 +1,16 @@ +# HP Prodesk 600 G2 Mini PC + +## Hardware + +## Benchmark + + +## Quirks + +### UEFI removable device +[UEFI Spec v2.8 (May 2020)](https://uefi.org/sites/default/files/resources/UEFI%20Spec%202.8B%20May%202020.pdf#page=573): + +> For removable media devices there must be only one UEFI-compliant system partition, and that partition must contain an UEFI-defined directory in the root directory. The directory will be named EFI. All OS loaders and applications will be stored in a subdirectory below EFI called BOOT. There must only be one executable EFI image for each supported processor architecture in the BOOT directory. For removable media to be bootable under EFI, it must be built in accordance with the rules laid out in Section3.5.1.1. This guarantees that there is only one image that can be automatically loaded from a removable media device by the EFI Boot Manager. Any additional EFI executables must be in directories other than BOOT. + +### no active display after kernel loading +add `nomodeset`into the kernel config line. This happens, if the monitor is a 4k resolution model. \ No newline at end of file diff --git a/linux_hardening.md b/linux_hardening.md index 9f68fec..88544f1 100644 --- a/linux_hardening.md +++ b/linux_hardening.md @@ -53,11 +53,13 @@ block device -> dm-integrity -> cryptsetup(mdadm/lvm2 (RAID1)) -> btrfs - [ ] block device sector size - [ ] block device support for SCT/ERC `smartctl -l scterc /dev/sdX` - [ ] Block device support for write-verify `hdparm -R1 /dev/sdX` -- [ ] block device support ``hdparm --dco-identify /dev/sdX` +- [ ] block device support `hdparm --dco-identify /dev/sdX` -Western Digital Time Limited Error Recovery (TLER) -Seagate Error Recovery Control (ERC) -Samsung/Hitachi Command Completion Time Limit (CCTL) +| Vendor | Code | +|-----------------|--------------------------------------| +| Western Digital | Time Limited Error Recovery (TLER) | +| Seagate | Error Recovery Control (ERC) | +| Samsung/Hitachi | Command Completion Time Limit (CCTL) | Odroid HC1 HDD @@ -254,7 +256,6 @@ Checksum: correct sudo hdparm -R1 /dev/sda -Touch HW dongle /dev/sda: setting write-read-verify to 1 @@ -738,6 +739,7 @@ ERC settings: `smartctl -l scterc /dev/sda` or setting `smartctl -l scterc,150,1 #### related issues - https://cateee.net/lkddb/web-lkddb/BLK_DEV_INTEGRITY.html +- https://kdave.github.io/authenticated-hashes-for-btrfs-part1/ ##### cryptsetup - https://gitlab.com/cryptsetup/cryptsetup/-/issues/632 xxHASH64 support, needs separate `--tag-size 8` - https://gitlab.com/cryptsetup/cryptsetup/-/issues/668 dm-integrity documentation with setting recommendation @@ -750,7 +752,6 @@ ERC settings: `smartctl -l scterc /dev/sda` or setting `smartctl -l scterc,150,1 - https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html - https://man7.org/linux/man-pages/man8/integritysetup.8.html - ### package manager integrity ##### pacman based integrity check ```