diff --git a/README.md b/README.md index 3cad915..c1c2f24 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ To get the hole gpg thing working, you should use a offline computer. This syste Most people do not have laying around a lot of hardware, which the would spend using for this. In general nobody uses a dedicated offline root CA, if I need to explain why privacy is important. -# Prerequisites +## Prerequisites 1. small embedded linux powered device 2. easily available and widely used platform @@ -14,9 +14,9 @@ Most people do not have laying around a lot of hardware, which the would spend u 7. possible file integrity checks 8. USB-A connector(s) for the GNUK token/SmartCard Reader -# terminal user interface +## terminal user interface -## main page - overview +### main page - overview 1. Integrity OK/Fail 1. /root filesystem @@ -30,8 +30,6 @@ Most people do not have laying around a lot of hardware, which the would spend u 7. Key length Failure/Warning (BSI recommendation) 8. revocation certificate available -# Links -[https://vincentserpoul.github.io/post/alpine-linux-rpi0/] ## 00-preparation 1. format sd card with 3 partitions @@ -109,12 +107,14 @@ edit /etc/mdev.conf for usb tokens [ToDo] killall gpg-agent #mount encrypted container +``` cryptsetup -v luksOpen /media/mmcblk0p2/PRIVATE private_file mount /dev/mapper/private_file /mnt/private_file --Umount and close file killall gpg-agent umount /mnt/private_file cryptsetup luksClose private_file +``` ##kernel update [inProgress] @@ -152,28 +152,29 @@ apk add linux-rpi [offline] 1. extract original image to first partion 2. restore cmdline and usercfg.txt -[root] delete from overlay partition the cache folder + - [root] delete from overlay partition the cache folder 1. in case of a folder (delete from overlay the /usr) 2. in case of an image - `rm persist.img && dd if=/dev/zero of=persist.img bs=1024 count=0 seek=209715` - - `mkfs.ext4 persist.im` + - `mkfs.ext4 persist.img` + [online] 1. recreate .work folder under /media/persist 2. recreate usr folder under /media/persist -3. `mkdir /mnt/private_file +3. `mkdir /mnt/private_file` 4. check mountpoint for /usr | mount /usr 5. fix the repository 6. fix the network interface 7. apk update 8. apk upgrade 9. 're-add' installed packages [e.g. 00-preparation] -10. `remount /media/mmcblk0p1 rewritable` +10. remount /media/mmcblk0p1 rewritable 11. `mount -o rw,remount /media/mmcblk0p1/` -12. `cp apk to /media/mmcblk0p1/apk/armh` - --lsblk --mkinitfs -reboot without lbu commit +12. `cd /media/mmcblk0p2/cache && cp *.apk /media/mmcblk0p1/apks/armhf` +13. `lsblk` +14. `ln -s /media/mmcblk0p1/boot boot` +15. `mkinitfs` +16. reboot without lbu commit ## fast major release update 1. delete content of first partition @@ -190,13 +191,13 @@ reboot without lbu commit 10. apk upgrade 11. reboot -##generic minor (to install it into ram) +## generic minor (to install it into ram) 1. apk 2. apk upgrade 3. lbu commit ## 1.44" OLED and button -#create a overlay for /usr otherwise space is missing +create a overlay for /usr otherwise space is missing https://gist.github.com/sdalu/4fd108e0a96d6b41d52fde7542cc95ce [not working fbtft module mossing] apk add python2 #obsolete apk add build-base #binary is build for rpi3 @@ -210,13 +211,14 @@ pip install --user RPi.GPIO pip install --user spidev -##modern kernel approach +## modern kernel approach wget https://github.com/juj/fbcp-ili9341/archive/refs/heads/master.zip cmake -DWAVESHARE_ST7735S_HAT=ON -DSPI_BUS_CLOCK_DIVISOR=6 apk add raspberrypi-dev ## nitrokey +``` apk add py-pip build-base python3-dev py3-wheel [240Mb] apk add libffi-dev [7Mb] apk add openssl-dev rust cargo [337Mb] @@ -229,7 +231,8 @@ lbu inc /home lbu inc /root pip3 install --user wheel pip3 install --user pynitrokey [takes about 35min, can fail due missing space left on device, but cbor fails nevertheless] - + ``` + #fix $PATH to /root/.local/bin in /etc/profile #need mdev/udev rules to grant access for user #libudev-zero is a replacement, which is needed for pcscd @@ -241,5 +244,6 @@ lbu inc /root #general reconsideration of usefulness ### links -https://github.com/hashbang/airgap -https://riseup.net/de/security/message-security/openpgp/gpg-best-practices +[https://github.com/hashbang/airgap] +[https://riseup.net/de/security/message-security/openpgp/gpg-best-practices] +[https://vincentserpoul.github.io/post/alpine-linux-rpi0/]