formatting
This commit is contained in:
parent
d1f72ce4a0
commit
34649eeff9
42
README.md
42
README.md
@ -3,7 +3,7 @@ To get the hole gpg thing working, you should use a offline computer. This syste
|
||||
Most people do not have laying around a lot of hardware, which the would spend using for this. In general nobody uses a dedicated offline root CA, if I need to explain why privacy is important.
|
||||
|
||||
|
||||
# Prerequisites
|
||||
## Prerequisites
|
||||
|
||||
1. small embedded linux powered device
|
||||
2. easily available and widely used platform
|
||||
@ -14,9 +14,9 @@ Most people do not have laying around a lot of hardware, which the would spend u
|
||||
7. possible file integrity checks
|
||||
8. USB-A connector(s) for the GNUK token/SmartCard Reader
|
||||
|
||||
# terminal user interface
|
||||
## terminal user interface
|
||||
|
||||
## main page - overview
|
||||
### main page - overview
|
||||
|
||||
1. Integrity OK/Fail
|
||||
1. /root filesystem
|
||||
@ -30,8 +30,6 @@ Most people do not have laying around a lot of hardware, which the would spend u
|
||||
7. Key length Failure/Warning (BSI recommendation)
|
||||
8. revocation certificate available
|
||||
|
||||
# Links
|
||||
[https://vincentserpoul.github.io/post/alpine-linux-rpi0/]
|
||||
|
||||
## 00-preparation
|
||||
1. format sd card with 3 partitions
|
||||
@ -109,12 +107,14 @@ edit /etc/mdev.conf for usb tokens [ToDo]
|
||||
killall gpg-agent
|
||||
|
||||
#mount encrypted container
|
||||
```
|
||||
cryptsetup -v luksOpen /media/mmcblk0p2/PRIVATE private_file
|
||||
mount /dev/mapper/private_file /mnt/private_file
|
||||
--Umount and close file
|
||||
killall gpg-agent
|
||||
umount /mnt/private_file
|
||||
cryptsetup luksClose private_file
|
||||
```
|
||||
|
||||
##kernel update [inProgress]
|
||||
|
||||
@ -152,28 +152,29 @@ apk add linux-rpi
|
||||
[offline]
|
||||
1. extract original image to first partion
|
||||
2. restore cmdline and usercfg.txt
|
||||
[root] delete from overlay partition the cache folder
|
||||
- [root] delete from overlay partition the cache folder
|
||||
1. in case of a folder (delete from overlay the /usr)
|
||||
2. in case of an image
|
||||
- `rm persist.img && dd if=/dev/zero of=persist.img bs=1024 count=0 seek=209715`
|
||||
- `mkfs.ext4 persist.im`
|
||||
- `mkfs.ext4 persist.img`
|
||||
|
||||
[online]
|
||||
1. recreate .work folder under /media/persist
|
||||
2. recreate usr folder under /media/persist
|
||||
3. `mkdir /mnt/private_file
|
||||
3. `mkdir /mnt/private_file`
|
||||
4. check mountpoint for /usr | mount /usr
|
||||
5. fix the repository
|
||||
6. fix the network interface
|
||||
7. apk update
|
||||
8. apk upgrade
|
||||
9. 're-add' installed packages [e.g. 00-preparation]
|
||||
10. `remount /media/mmcblk0p1 rewritable`
|
||||
10. remount /media/mmcblk0p1 rewritable
|
||||
11. `mount -o rw,remount /media/mmcblk0p1/`
|
||||
12. `cp apk to /media/mmcblk0p1/apk/armh`
|
||||
|
||||
-lsblk
|
||||
-mkinitfs
|
||||
reboot without lbu commit
|
||||
12. `cd /media/mmcblk0p2/cache && cp *.apk /media/mmcblk0p1/apks/armhf`
|
||||
13. `lsblk`
|
||||
14. `ln -s /media/mmcblk0p1/boot boot`
|
||||
15. `mkinitfs`
|
||||
16. reboot without lbu commit
|
||||
|
||||
## fast major release update
|
||||
1. delete content of first partition
|
||||
@ -190,13 +191,13 @@ reboot without lbu commit
|
||||
10. apk upgrade
|
||||
11. reboot
|
||||
|
||||
##generic minor (to install it into ram)
|
||||
## generic minor (to install it into ram)
|
||||
1. apk
|
||||
2. apk upgrade
|
||||
3. lbu commit
|
||||
|
||||
## 1.44" OLED and button
|
||||
#create a overlay for /usr otherwise space is missing
|
||||
create a overlay for /usr otherwise space is missing
|
||||
https://gist.github.com/sdalu/4fd108e0a96d6b41d52fde7542cc95ce [not working fbtft module mossing]
|
||||
apk add python2 #obsolete
|
||||
apk add build-base #binary is build for rpi3
|
||||
@ -210,13 +211,14 @@ pip install --user RPi.GPIO
|
||||
pip install --user spidev
|
||||
|
||||
|
||||
##modern kernel approach
|
||||
## modern kernel approach
|
||||
wget https://github.com/juj/fbcp-ili9341/archive/refs/heads/master.zip
|
||||
cmake -DWAVESHARE_ST7735S_HAT=ON -DSPI_BUS_CLOCK_DIVISOR=6
|
||||
apk add raspberrypi-dev
|
||||
|
||||
|
||||
## nitrokey
|
||||
```
|
||||
apk add py-pip build-base python3-dev py3-wheel [240Mb]
|
||||
apk add libffi-dev [7Mb]
|
||||
apk add openssl-dev rust cargo [337Mb]
|
||||
@ -229,6 +231,7 @@ lbu inc /home
|
||||
lbu inc /root
|
||||
pip3 install --user wheel
|
||||
pip3 install --user pynitrokey [takes about 35min, can fail due missing space left on device, but cbor fails nevertheless]
|
||||
```
|
||||
|
||||
#fix $PATH to /root/.local/bin in /etc/profile
|
||||
#need mdev/udev rules to grant access for user
|
||||
@ -241,5 +244,6 @@ lbu inc /root
|
||||
#general reconsideration of usefulness
|
||||
|
||||
### links
|
||||
https://github.com/hashbang/airgap
|
||||
https://riseup.net/de/security/message-security/openpgp/gpg-best-practices
|
||||
[https://github.com/hashbang/airgap]
|
||||
[https://riseup.net/de/security/message-security/openpgp/gpg-best-practices]
|
||||
[https://vincentserpoul.github.io/post/alpine-linux-rpi0/]
|
||||
|
Loading…
Reference in New Issue
Block a user