diff options
author | Alyssa Rosenzweig <alyssa@rosenzweig.io> | 2017-05-13 08:36:17 -0700 |
---|---|---|
committer | Alyssa Rosenzweig <alyssa@rosenzweig.io> | 2017-05-13 08:36:17 -0700 |
commit | 4023e32d806365234d0d931be8ebf15a7b728e4b (patch) | |
tree | 9791723b56e33f94c2d744a45d55acf8bd2c2ba8 | |
parent | a68fcbe31a9b7c75503e8e18ee59b5ed4ab8ac4c (diff) | |
download | librebootfr-4023e32d806365234d0d931be8ebf15a7b728e4b.tar.gz librebootfr-4023e32d806365234d0d931be8ebf15a7b728e4b.zip |
Pad code bottoms
-rw-r--r-- | docs/gnulinux/configuring_parabola.md | 18 | ||||
-rw-r--r-- | docs/gnulinux/encrypted_parabola.md | 27 | ||||
-rw-r--r-- | docs/gnulinux/grub_cbfs.md | 3 | ||||
-rw-r--r-- | docs/hardware/gm45_remove_me.md | 5 | ||||
-rw-r--r-- | docs/hardware/x200.md | 1 | ||||
-rw-r--r-- | docs/install/bbb_setup.md | 5 | ||||
-rw-r--r-- | docs/install/c201.md | 4 | ||||
-rw-r--r-- | docs/install/index.md | 1 | ||||
-rw-r--r-- | docs/install/r400_external.md | 6 | ||||
-rw-r--r-- | docs/install/t400_external.md | 6 | ||||
-rw-r--r-- | docs/install/t500_external.md | 6 | ||||
-rw-r--r-- | docs/install/t60_unbrick.md | 1 | ||||
-rw-r--r-- | docs/install/x60_unbrick.md | 1 | ||||
-rw-r--r-- | docs/install/x60tablet_unbrick.md | 1 |
14 files changed, 85 insertions, 0 deletions
diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md index e70204e1..7fc9d688 100644 --- a/docs/gnulinux/configuring_parabola.md +++ b/docs/gnulinux/configuring_parabola.md @@ -56,8 +56,10 @@ careful about this when reading anything on the Arch wiki. Some of these steps require internet access. I'll go into networking later but for now, I just connected my system to a switch and did: # systemctl start dhcpcd.service + You can stop it later by running: # systemctl stop dhcpcd.service\ + For most people this should be enough, but if you don't have DHCP on your network then you should setup your network connection first:\ [Setup network connection in Parabola](#network) @@ -83,6 +85,7 @@ In the end, I didn't change my configuration for pacman. When you are updating, resync with the latest package names/versions: # pacman -Syy + (according to the wiki, -Syy is better than Sy because it refreshes the package list even if it appears to be up to date, which can be useful when switching to another mirror).\ @@ -159,6 +162,7 @@ The wiki also mentions this method for removing everything from the cache, including currently installed packages that are cached: # pacman -Scc + This is inadvisable, since it means re-downloading the package again if you wanted to quickly re-install it. This should only be used when disk space is at a premium. @@ -196,6 +200,7 @@ Read the entire document linked to above, and then continue. Add your user: # useradd -m -G wheel -s /bin/bash *yourusername* + Set a password: # passwd *yourusername* @@ -223,6 +228,7 @@ supplier) to use systemd. The manpage should also help: # man systemd + The section on 'unit types' is especially useful. According to the wiki, systemd 'journal' keeps logs of a size up to @@ -256,9 +262,11 @@ Finally, the wiki mentions 'temporary' files and the utility for managing them. # man systemd-tmpfiles + The command for 'clean' is: # systemd-tmpfiles --clean + According to the manpage, this *"cleans all files and directories with an age parameter"*. According to the Arch wiki, this reads information in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/ to know what actions to @@ -270,6 +278,7 @@ However, /usr/lib/tmpfiles.d/ contained some files. The first one was etc.conf, containing information and a reference to this manpage: # man tmpfiles.d + Read that manpage, and then continue studying all the files. The systemd developers tell me that it isn't usually necessary to touch @@ -312,6 +321,7 @@ when installing Parabola. You can also do it with systemd (do so now, if you like): # hostnamectl set-hostname *yourhostname* + This writes the specified hostname to /etc/hostname. More information can be found in these manpages: @@ -399,6 +409,7 @@ non-free firmware inside, but it's transparent to you but the smart data comes from it. Therefore, don't rely on it too much): # pacman -S smartmontools + Read <https://wiki.archlinux.org/index.php/S.M.A.R.T.> to learn how to use it. @@ -418,6 +429,7 @@ Based on <https://wiki.archlinux.org/index.php/Xorg>. Firstly, install it! # pacman -S xorg-server + I also recommend installing this (contains lots of useful tools, including *xrandr*): @@ -427,9 +439,11 @@ Install the driver. For me this was *xf86-video-intel* on the ThinkPad X60. T60 and macbook11/21 should be the same. # pacman -S xf86-video-intel + For other systems you can try: # pacman -Ss xf86-video- | less + Combined with looking at your *lspci* output, you can determine which driver is needed. By default, Xorg will revert to xf86-video-vesa which is a generic driver and doesn't provide true hardware acceleration. @@ -535,6 +549,7 @@ I also like to install these: Enable LXDM (the default display manager, providing a graphical login): # systemctl enable lxdm.service + It will start when you boot up the system. To start it now, do: # systemctl start lxdm.service @@ -615,6 +630,7 @@ Install Network Manager: You will also want the graphical applet: # pacman -S network-manager-applet + Arch wiki says that an autostart rule will be written at */etc/xdg/autostart/nm-applet.desktop* @@ -629,6 +645,7 @@ LXDE uses openbox, so I refer to:\ It tells me for the applet I need: # pacman -S xfce4-notifyd gnome-icon-theme + Also, for storing authentication details (wifi) I need: # pacman -S gnome-keyring @@ -637,6 +654,7 @@ I wanted to quickly enable networkmanager: # systemctl stop dhcpcd # systemctl start NetworkManager + Enable NetworkManager at boot time: # systemctl enable NetworkManager diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md index 5f0b796b..e1f6a9d7 100644 --- a/docs/gnulinux/encrypted_parabola.md +++ b/docs/gnulinux/encrypted_parabola.md @@ -82,6 +82,7 @@ guide is recommending putting zero there. I'm going to use urandom. Do this: # head -c 3145728 /dev/urandom > /dev/sda; sync + (Wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk). @@ -93,6 +94,7 @@ list the available keymaps and use yours: # localectl list-keymaps # loadkeys LAYOUT + For me, LAYOUT would have been dvorak-uk. Establish an internet connection @@ -166,6 +168,7 @@ is the best option. I am initializing LUKS with the following: # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash + whirlpool --iter-time 500 --use-random --verify-passphrase luksFormat /dev/sda1 @@ -313,6 +316,7 @@ and wpa\_supplicant/dialog/iw/wpa\_actiond are needed for wireless after the install: # pacstrap /mnt base base-devel wpa\_supplicant dialog iw + wpa\_actiond Configure the system @@ -323,9 +327,11 @@ Generate an fstab - UUIDs are used because they have certain advantages prefer labels instead, replace the -U option with -L): # genfstab -U -p /mnt >> /mnt/etc/fstab + Check the created file: # cat /mnt/etc/fstab + (If there are any errors, edit the file. Do **NOT** run the genfstab command again!) @@ -354,6 +360,7 @@ Parabola does not have wget. This is sinister. Install it: Locale: # vi /etc/locale.gen + Uncomment your needed localisations. For example en\_GB.UTF-8 (UTF-8 is highly recommended over other options). @@ -364,6 +371,7 @@ highly recommended over other options). Console font and keymap: # vi /etc/vconsole.conf + In my case: KEYMAP=dvorak-uk @@ -372,6 +380,7 @@ In my case: Time zone: # ln -s /usr/share/zoneinfo/Europe/London /etc/localtime + (Replace Zone and Subzone to your liking. See /usr/share/zoneinfo) Hardware clock: @@ -382,6 +391,7 @@ Hostname: Write your hostname to /etc/hostname. For example, if your hostname is parabola: # echo parabola > /etc/hostname + Add the same hostname to /etc/hosts: # vi /etc/hosts @@ -400,6 +410,7 @@ Mkinitcpio: Configure /etc/mkinitcpio.conf as needed (see information about each hook.) Specifically, for this use case: # vi /etc/mkinitcpio.conf + Then modify the file like so: - MODULES="i915" @@ -426,9 +437,11 @@ with (this is different from Arch, specifying linux-libre instead of linux): # mkinitcpio -p linux-libre + Also do it for linux-libre-lts: # mkinitcpio -p linux-libre-lts + Also do it for linux-libre-grsec: # mkinitcpio -p linux-libre-grsec @@ -438,9 +451,11 @@ default for its password hashing. I referred to <https://wiki.archlinux.org/index.php/SHA_password_hashes>. # vi /etc/pam.d/passwd + Add rounds=65536 at the end of the uncommented 'password' line. # passwd root + Make sure to set a secure password! Also, it must never be the same as your LUKS password. @@ -466,6 +481,7 @@ To unlock a user manually (if a password attempt is failed 3 times), do: # pam\_tally --user *theusername* --reset What the above + configuration does is lock the user out for 10 minutes, if they make 3 failed login attempts. @@ -495,6 +511,7 @@ Lock the encrypted partition (close it): # cryptsetup luksClose lvm # shutdown -h now + Remove the installation media, then boot up again. Booting from GRUB @@ -546,6 +563,7 @@ current firmware - where *libreboot.rom* is an example: make sure to adapt: # flashrom -p internal -r libreboot.rom + If flashrom complains about multiple flash chips detected, add a *-c* option at the end, with the name of your chosen chip is quotes.\ You can check if everything is in there (*grub.cfg* and *grubtest.cfg* @@ -594,17 +612,20 @@ from the ROM image: and insert the modified grubtest.cfg: # ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t + raw Now refer to [../install/#flashrom](../install/#flashrom). Cd (up) to the libreboot\_util directory and update the flash chip contents: # ./flash update libreboot.rom + Ocassionally, coreboot changes the name of a given board. If flashrom complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command: # ./flash forceupdate libreboot.rom + You should see "Verifying flash\... VERIFIED." written at the end of the flashrom output. @@ -633,6 +654,7 @@ Inside libreboot\_util/cbfstool/{armv7l i686 x86\_64}, we can do this with the following command: # sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e + 's:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > grub.cfg @@ -649,6 +671,7 @@ Now you have a modified ROM. Once more, refer to directory and update the flash chip contents: # ./flash update libreboot.rom + And wait for the "Verifying flash\... VERIFIED." Once you have done that, shut down and then boot up with your new configuration. @@ -676,20 +699,24 @@ putting a keyfile inside initramfs would be a bad idea).\ Boot up and login as root or your user. Then generate the key file: # dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile + iflag=fullblock Insert it into the luks volume: # cryptsetup luksAddKey /dev/sdX /etc/mykeyfile + and enter your LUKS passphrase when prompted. Add the keyfile to the initramfs by adding it to FILES in /etc/mkinitcpio.conf. For example: # FILES="/etc/mykeyfile" + Create the initramfs image from scratch: # mkinitcpio -p linux-libre # mkinitcpio -p linux-libre-lts # mkinitcpio -p linux-libre-grsec + Add the following to your grub.cfg - you are now able to do that, see above! -, or add it in the kernel command line for GRUB: diff --git a/docs/gnulinux/grub_cbfs.md b/docs/gnulinux/grub_cbfs.md index 8d10c478..09e2c288 100644 --- a/docs/gnulinux/grub_cbfs.md +++ b/docs/gnulinux/grub_cbfs.md @@ -109,6 +109,7 @@ your current firmware, using flashrom: $ sudo flashrom -p internal -r libreboot.rom # flashrom -p internal -r libreboot.rom + If you are told to specify the chip, add the option **-c {your chip}** to the command, for example: @@ -158,6 +159,7 @@ Ocassionally, coreboot changes the name of a given board. If flashrom complains about a board mismatch, but you are sure that you chose the correct ROM image, then run this alternative command: # ./flash forceupdate libreboot.rom + You should see **"Verifying flash\... VERIFIED."** written at the end of the flashrom output. Once you have done that, shut down and then boot up with your new test configuration.** @@ -183,6 +185,7 @@ case you ever want to follow this guide again in the future (modifying the already modified config). From /libreboot\_util/cbfstool, do: # sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e + 's:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > grub.cfg diff --git a/docs/hardware/gm45_remove_me.md b/docs/hardware/gm45_remove_me.md index e083990a..d230c2a5 100644 --- a/docs/hardware/gm45_remove_me.md +++ b/docs/hardware/gm45_remove_me.md @@ -91,16 +91,19 @@ descriptor+gbe file into the ROM image.\ For 16MiB flash chips: # dd if=ich9fdgbe\_16m.bin of=libreboot.rom bs=1 count=12k + conv=notrunc For 8MiB flash chips: # dd if=ich9fdgbe\_8m.bin of=libreboot.rom bs=1 count=12k + conv=notrunc For 4MiB flash chips: # dd if=ich9fdgbe\_4m.bin of=libreboot.rom bs=1 count=12k + conv=notrunc Your libreboot.rom image is now ready to be flashed on the system. Refer @@ -204,6 +207,7 @@ Assuming that your libreboot image is named **libreboot.rom**, copy the and then run: # dd if=deblobbed\_descriptor.bin of=libreboot.rom bs=1 count=12k + conv=notrunc Alternatively, if you got a the **deblobbed\_4kdescriptor.bin** file (no @@ -248,6 +252,7 @@ Insert that into a factory.rom image (NOTE: do this on a copy of it. Keep the original factory.rom stored safely somewhere): # dd if=demefactory\_4kdescriptor.bin of=factory\_nome.rom bs=1 + count=4k conv=notrunc TODO: test this.\ diff --git a/docs/hardware/x200.md b/docs/hardware/x200.md index 492083c0..8afbe504 100644 --- a/docs/hardware/x200.md +++ b/docs/hardware/x200.md @@ -231,6 +231,7 @@ pehjota started collecting some steppings for different CPUs on several X200 laptops. You can get the CPUID by running: # dmesg | sed -n 's/\^.\* microcode: CPU0 + sig=0x\\(\[\^,\]\*\\),.\*\$/\\1/p' What pehjota wrote: The laptops that have issues resuming from suspend, diff --git a/docs/install/bbb_setup.md b/docs/install/bbb_setup.md index 6f2bc07d..7c55319e 100644 --- a/docs/install/bbb_setup.md +++ b/docs/install/bbb_setup.md @@ -150,6 +150,7 @@ Alternatives to SSH (in case SSH fails) You can also use a serial FTDI debug board with GNU Screen, to access the serial console. # screen /dev/ttyUSB0 115200 + Here are some example photos:\ ![](images/x200/ftdi.jpg) ![](images/x200/ftdi_port.jpg)\ @@ -202,6 +203,7 @@ before continuing. Check that the firmware exists: # ls /lib/firmware/BB-SPI0-01-00A0.\* + Output: /lib/firmware/BB-SPI0-01-00A0.dtbo @@ -210,6 +212,7 @@ Then: # echo BB-SPI0-01 > /sys/devices/bone\_capemgr.\*/slots # cat /sys/devices/bone\_capemgr.\*/slots + Output: 0: 54:PF--- @@ -223,6 +226,7 @@ Output: Verify that the spidev device now exists: # ls -al /dev/spid\* + Output: crw-rw---T 1 root spi 153, 0 Nov 19 21:07 /dev/spidev1.0 @@ -247,6 +251,7 @@ your BBB. Now test flashrom: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 + Output: Calibrating delay loop... OK. diff --git a/docs/install/c201.md b/docs/install/c201.md index 3e924614..b8edc211 100644 --- a/docs/install/c201.md +++ b/docs/install/c201.md @@ -124,12 +124,14 @@ device (e.g. using the *root* account). In addition, the The SPI flash has to be read first: # flashrom -p host -r flash.img\ + **Note: it might be a good idea to copy the produced flash.img file at this point and store it outside of the device for backup purposes.** Then, the **cros-flash-replace** script has to be executed as such: # ./cros-flash-replace flash.img coreboot ro-frid + If any error is shown, it is definitely a bad idea to go further than this point. @@ -173,12 +175,14 @@ host (e.g. using the *root* account). In addition, the The SPI flash has to be read first (using the right spi programmer): # flashrom -p *programmer* -r flash.img + **Note: it might be a good idea to copy the produced flash.img file at this point and store it outside of the device for backup purposes.** Then, the **cros-flash-replace** script has to be executed as such: # ./cros-flash-replace flash.img coreboot ro-frid + If any error is shown, it is definitely a bad idea to go further than this point. diff --git a/docs/install/index.md b/docs/install/index.md index 7e2161b7..6a947da6 100644 --- a/docs/install/index.md +++ b/docs/install/index.md @@ -332,6 +332,7 @@ When you have booted up again, you must also do this: If flashing fails at this stage, try the following: # sudo ./flashrom/i686/flashrom -p + internal:laptop=force\_I\_want\_a\_brick -w [yourrom.rom](#rom) You should see within the output the following:\ diff --git a/docs/install/r400_external.md b/docs/install/r400_external.md index b4429e56..7c87b08d 100644 --- a/docs/install/r400_external.md +++ b/docs/install/r400_external.md @@ -215,6 +215,7 @@ Log in as root on your BBB, using the instructions in Test that flashrom works: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512\ + In this case, the output was: flashrom v0.9.7-r1854 on Linux 3.8.13-bone47 (armv7l) @@ -230,12 +231,15 @@ How to backup factory.rom (change the -c option as neeed, for your flash chip): # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory.rom # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory1.rom # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory2.rom Note: the **-c** option is not required in libreboot's patched @@ -244,6 +248,7 @@ have been removed.\ Now compare the 3 images: # sha512sum factory\*.rom + If the hashes match, then just copy one of them (the factory.rom) to a safe place (on a drive connected to another system, not the BBB). This is useful for reverse engineering work, if there is a desirable @@ -260,6 +265,7 @@ address to one that is correct for your system.** Now flash it: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -w + path/to/libreboot/rom/image.rom -V ![](images/x200/disassembly/0015.jpg) diff --git a/docs/install/t400_external.md b/docs/install/t400_external.md index 8dc2204a..bb3a93e2 100644 --- a/docs/install/t400_external.md +++ b/docs/install/t400_external.md @@ -213,6 +213,7 @@ Log in as root on your BBB, using the instructions in Test that flashrom works: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 + In this case, the output was: flashrom v0.9.7-r1854 on Linux 3.8.13-bone47 (armv7l) @@ -228,12 +229,15 @@ How to backup factory.rom (change the -c option as neeed, for your flash chip): # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory.rom # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory1.rom # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory2.rom Note: the **-c** option is not required in libreboot's patched @@ -242,6 +246,7 @@ have been removed.\ Now compare the 3 images: # sha512sum factory\*.rom + If the hashes match, then just copy one of them (the factory.rom) to a safe place (on a drive connected to another system, not the BBB). This is useful for reverse engineering work, if there is a desirable @@ -258,6 +263,7 @@ address to one that is correct for your system.** Now flash it: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -w + path/to/libreboot/rom/image.rom -V ![](images/x200/disassembly/0015.jpg) diff --git a/docs/install/t500_external.md b/docs/install/t500_external.md index 56021fe0..05f418c8 100644 --- a/docs/install/t500_external.md +++ b/docs/install/t500_external.md @@ -230,6 +230,7 @@ Log in as root on your BBB, using the instructions in Test that flashrom works: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 + In this case, the output was: flashrom v0.9.7-r1854 on Linux 3.8.13-bone47 (armv7l) @@ -245,12 +246,15 @@ How to backup factory.rom (change the -c option as neeed, for your flash chip): # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory.rom # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory1.rom # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -r + factory2.rom Note: the **-c** option is not required in libreboot's patched @@ -259,6 +263,7 @@ have been removed.\ Now compare the 3 images: # sha512sum factory\*.rom + If the hashes match, then just copy one of them (the factory.rom) to a safe place (on a drive connected to another system, not the BBB). This is useful for reverse engineering work, if there is a desirable @@ -275,6 +280,7 @@ address to one that is correct for your system.** Now flash it: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -w + path/to/libreboot/rom/image.rom -V ![](images/x200/disassembly/0015.jpg) diff --git a/docs/install/t60_unbrick.md b/docs/install/t60_unbrick.md index d2d59f42..9fd49bbf 100644 --- a/docs/install/t60_unbrick.md +++ b/docs/install/t60_unbrick.md @@ -144,6 +144,7 @@ source code which can be built. SSH'd into the BBB: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -w + yourrom.rom It should be **Verifying flash\... VERIFIED** at the end. If flashrom diff --git a/docs/install/x60_unbrick.md b/docs/install/x60_unbrick.md index 24b4cb63..2493e56a 100644 --- a/docs/install/x60_unbrick.md +++ b/docs/install/x60_unbrick.md @@ -129,6 +129,7 @@ source code which can be built. SSH'd into the BBB: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -w + yourrom.rom It should be **Verifying flash\... VERIFIED** at the end. If flashrom diff --git a/docs/install/x60tablet_unbrick.md b/docs/install/x60tablet_unbrick.md index d02a8ae6..f18e3629 100644 --- a/docs/install/x60tablet_unbrick.md +++ b/docs/install/x60tablet_unbrick.md @@ -108,6 +108,7 @@ source code which can be built. SSH'd into the BBB: # ./flashrom -p linux\_spi:dev=/dev/spidev1.0,spispeed=512 -w + yourrom.rom It should be **Verifying flash\... VERIFIED** at the end. If flashrom |