aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLeah Woods <info@minifree.org>2016-05-18 03:26:55 +0100
committerLeah Woods <info@minifree.org>2016-05-18 03:28:06 +0100
commit8145d5d5eeaebf7cefefd45827d0aebc107e3eb2 (patch)
treeb6f0a4fafc7e12efc261d08d4c546055100f58a1
parent5a2bbdf09d38d8920781684324b556346308f50d (diff)
downloadlibrebootfr-8145d5d5eeaebf7cefefd45827d0aebc107e3eb2.tar.gz
librebootfr-8145d5d5eeaebf7cefefd45827d0aebc107e3eb2.zip
encrypted parabola guide: Remove note about SeaBIOS
We love SeaBIOS now.
-rw-r--r--docs/src/gnulinux/encrypted_parabola.texi2
1 files changed, 0 insertions, 2 deletions
diff --git a/docs/src/gnulinux/encrypted_parabola.texi b/docs/src/gnulinux/encrypted_parabola.texi
index bae05f4e..0fcf90d2 100644
--- a/docs/src/gnulinux/encrypted_parabola.texi
+++ b/docs/src/gnulinux/encrypted_parabola.texi
@@ -43,8 +43,6 @@ This section deals with wiping the storage device on which you plan to install P
- make sure to read @uref{https://wiki.archlinux.org/index.php/Solid_State_Drives,this article}. Edit /etc/fstab later on when chrooted into your install. Also, read the whole article and keep all points in mind, adapting them for this guide.
-Wipe the MBR (if you use MBR):@* # @strong{lsblk}@* Your storage is probably /dev/sda, but be very sure to double check this or you WILL lose your data!@* # @strong{dd if=/dev/zero of=/dev/sda bs=446 count=1; sync}@* Never use SeaBIOS! The MBR section can easily be changed with malicious code, which SeaBIOS will blindly execute. This guide is for libreboot with GRUB-as-payload only.
-
Securely wipe the drive:@* # @strong{dd if=/dev/urandom of=/dev/sda; sync}@* NOTE: If you have an SSD, only do this the first time. If it was already LUKS-encrypted before, use the info below to wipe the LUKS header. Also, check online for your SSD what the recommended erase block size is. For example if it was 2MiB:@* # @strong{dd if=/dev/urandom of=/dev/sda bs=2M; sync}
If your drive was already LUKS encrypted (maybe you are re-installing your distro) then it is already 'wiped'. You should just wipe the LUKS header. @uref{https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/,https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/} showed me how to do this. It recommends doing the first 3MiB. Now, that guide is recommending putting zero there. I'm going to use urandom. Do this:@* # @strong{head -c 3145728 /dev/urandom > /dev/sda; sync}@* (Wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk).