aboutsummaryrefslogtreecommitdiff
path: root/docs/gnulinux
diff options
context:
space:
mode:
authorAlyssa Rosenzweig <alyssa@rosenzweig.io>2017-03-17 22:43:08 -0700
committerAlyssa Rosenzweig <alyssa@rosenzweig.io>2017-03-17 22:43:08 -0700
commit8022472fef91c59975f4e6d57097081729f87903 (patch)
tree84d266bbeb680eea1617c38c0a8acacffba0b7b3 /docs/gnulinux
parentbc677bc862eb6308b4af273fd1bb5fe58bfb19cc (diff)
downloadlibrebootfr-8022472fef91c59975f4e6d57097081729f87903.tar.gz
librebootfr-8022472fef91c59975f4e6d57097081729f87903.zip
Typographically correct quotes
Diffstat (limited to 'docs/gnulinux')
-rw-r--r--docs/gnulinux/configuring_parabola.md106
-rw-r--r--docs/gnulinux/encrypted_debian.md48
-rw-r--r--docs/gnulinux/encrypted_parabola.md68
-rw-r--r--docs/gnulinux/grub_boot_installer.md30
-rw-r--r--docs/gnulinux/grub_cbfs.md32
-rw-r--r--docs/gnulinux/grub_hardening.md6
6 files changed, 145 insertions, 145 deletions
diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md
index c81c6f06..ca7e5417 100644
--- a/docs/gnulinux/configuring_parabola.md
+++ b/docs/gnulinux/configuring_parabola.md
@@ -4,7 +4,7 @@ Configuring Parabola (post-install)
Post-installation configuration steps for Parabola GNU+Linux-libre.
Parabola is extremely flexible; this is just an example. This example
-uses LXDE because it\'s lightweight, but we recommend the *MATE* desktop
+uses LXDE because it's lightweight, but we recommend the *MATE* desktop
(which is actually about as lightweight as LXDE).
[Back to previous index](./)
@@ -52,7 +52,7 @@ It details configuration steps that I took after installing the base
system, as a follow up to
[encrypted\_parabola.html](encrypted_parabola.html). This guide is
likely to become obsolete at a later date (due to the volatile
-\'rolling-release\' model that Arch/Parabola both use), but attempts
+'rolling-release' model that Arch/Parabola both use), but attempts
will be made to maintain it.
**This guide was valid on 2014-09-21. If you see any changes that should
@@ -95,12 +95,12 @@ careful about this when reading anything on the Arch wiki.
-Some of these steps require internet access. I\'ll go into networking
+Some of these steps require internet access. I'll go into networking
later but for now, I just connected my system to a switch and did:\
\# **systemctl start dhcpcd.service**\
You can stop it later by running:\
\# **systemctl stop dhcpcd.service**\
-For most people this should be enough, but if you don\'t have DHCP on
+For most people this should be enough, but if you don't have DHCP on
your network then you should setup your network connection first:\
[Setup network connection in Parabola](#network)
@@ -111,13 +111,13 @@ Configure pacman {#pacman_configure}
pacman (**pac**kage **man**ager) is the name of the package management
system in Arch, which Parabola (as a deblobbed parallel effort) also
-uses. Like with \'apt-get\' on Debian or Devuan, this can be used to
+uses. Like with 'apt-get' on Debian or Devuan, this can be used to
add/remove and update the software on your computer.
Based on
<https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman>
and from reading <https://wiki.archlinux.org/index.php/Pacman> (make
-sure to read and understand this, it\'s very important) and
+sure to read and understand this, it's very important) and
<https://wiki.parabolagnulinux.org/Official_Repositories>
[Back to top of page.](#pagetop)
@@ -127,7 +127,7 @@ sure to read and understand this, it\'s very important) and
Updating Parabola {#pacman_update}
-----------------
-In the end, I didn\'t change my configuration for pacman. When you are
+In the end, I didn't change my configuration for pacman. When you are
updating, resync with the latest package names/versions:\
\# **pacman -Syy**\
(according to the wiki, -Syy is better than Sy because it refreshes the
@@ -136,7 +136,7 @@ when switching to another mirror).\
Then, update the system:\
\# **pacman -Syu**
-**Before installing packages with \'pacman -S\', always update first,
+**Before installing packages with 'pacman -S', always update first,
using the notes above.**
Keep an eye out on the output, or read it in /var/log/pacman.log.
@@ -145,12 +145,12 @@ will need to perform with certain files (typically configurations) after
the update. Also, you should check both the Parabola and Arch home pages
to see if they mention any issues. If a new kernel is installed, you
should also update to be able to use it (the currently running kernel
-will also be fine). It\'s generally good enough to update Parabola once
-every week, or maybe twice. As a rolling release distribution, it\'s a
+will also be fine). It's generally good enough to update Parabola once
+every week, or maybe twice. As a rolling release distribution, it's a
good idea never to leave your install too outdated; update regularly.
This is simply because of the way the project works; old packages are
deleted from the repositories quickly, once they are updated. A system
-that hasn\'t been updated for quite a while will mean potentially more
+that hasn't been updated for quite a while will mean potentially more
reading of previous posts through the website, and more maintenance
work.
@@ -166,7 +166,7 @@ sending an email to an important person before an allocated deadline,
and so on.
Relax - packages are well-tested regularly when new updates are made to
-the repositories. Separate \'testing\' repositories exist for this exact
+the repositories. Separate 'testing' repositories exist for this exact
reason. Despite what many people will tell you, Parabola is fairly
stable and trouble-free, so long as you are aware of how to check for
issues, and are willing to spend some time fixing issues in the rare
@@ -194,7 +194,7 @@ re-install it or install the distro on another computer, for example).
maintain your Parabola system:\
<https://wiki.archlinux.org/index.php/Pacman#Cleaning_the_package_cache>.
Essentially, this guide talks about a directory that has to be cleaned
-once in a while, to prevent it from growing too big (it\'s a cache of
+once in a while, to prevent it from growing too big (it's a cache of
old package information, updated automatically when you do anything in
pacman).**
@@ -203,8 +203,8 @@ To clean out all old packages that are cached:\
The wiki cautions that this should be used with care. For example, since
older packages are deleted from the repo, if you encounter issues and
-want to revert back to an older package then it\'s useful to have the
-caches available. Only do this if you are sure that you won\'t need it.
+want to revert back to an older package then it's useful to have the
+caches available. Only do this if you are sure that you won't need it.
The wiki also mentions this method for removing everything from the
cache, including currently installed packages that are cached:\
@@ -247,7 +247,7 @@ Add a user {#useradd}
Based on <https://wiki.archlinux.org/index.php/Users_and_Groups>.
It is important (for security reasons) to create and use a non-root
-(non-admin) user account for everyday use. The default \'root\' account
+(non-admin) user account for everyday use. The default 'root' account
is intended only for critical administrative work, since it has complete
access to the entire operating system.
@@ -275,20 +275,20 @@ It is a good idea to become familiar with it. Read
gain a full understanding. **This is very important! Make sure to read
them.**
-An example of a \'service\' could be a webserver (such as lighttpd), or
+An example of a 'service' could be a webserver (such as lighttpd), or
sshd (openssh), dhcp, etc. There are countless others.
<https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530> explains
-the background behind the decision by Arch (Parabola\'s upstream
+the background behind the decision by Arch (Parabola's upstream
supplier) to use systemd.
The manpage should also help:\
\# **man systemd**\
-The section on \'unit types\' is especially useful.
+The section on 'unit types' is especially useful.
-According to the wiki, systemd \'journal\' keeps logs of a size up to
+According to the wiki, systemd 'journal' keeps logs of a size up to
10% of the total size your / partition takes up. on a 60GB root this
-would mean 6GB. That\'s not exactly practical, and can have performance
+would mean 6GB. That's not exactly practical, and can have performance
implications later when the log gets too big. Based on instructions from
the wiki, I will reduce the total size of the journal to 50MiB (the wiki
recommends 50MiB).
@@ -307,20 +307,20 @@ Restart journald:\
The wiki recommends that if the journal gets too large, you can also
simply delete (rm -Rf) everything inside /var/log/journald/\* but
-recommends backing it up. This shouldn\'t be necessary, since you
+recommends backing it up. This shouldn't be necessary, since you
already set the size limit above and systemd will automatically start to
-delete older records when the journal size reaches it\'s limit
+delete older records when the journal size reaches it's limit
(according to systemd developers).
-Finally, the wiki mentions \'temporary\' files and the utility for
+Finally, the wiki mentions 'temporary' files and the utility for
managing them.\
\# **man systemd-tmpfiles**\
-The command for \'clean\' is:\
+The command for 'clean' is:\
\# **systemd-tmpfiles \--clean**\
-According to the manpage, this *\"cleans all files and directories with
-an age parameter\"*. According to the Arch wiki, this reads information
+According to the manpage, this *"cleans all files and directories with
+an age parameter"*. According to the Arch wiki, this reads information
in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/ to know what actions to
-perform. Therefore, it is a good idea to read what\'s stored in these
+perform. Therefore, it is a good idea to read what's stored in these
locations to get a better understanding.
I looked in /etc/tmpfiles.d/ and found that it was empty on my system.
@@ -329,7 +329,7 @@ etc.conf, containing information and a reference to this manpage:\
\# **man tmpfiles.d**\
Read that manpage, and then continue studying all the files.
-The systemd developers tell me that it isn\'t usually necessary to touch
+The systemd developers tell me that it isn't usually necessary to touch
the systemd-tmpfiles utility manually at all.
[Back to top of page](#pagetop)
@@ -341,12 +341,12 @@ Interesting repositories {#interesting_repos}
Parabola wiki at
<https://wiki.parabolagnulinux.org/Repositories#kernels> mentions about
-a repository called \[kernels\] for custom kernels that aren\'t in the
+a repository called \[kernels\] for custom kernels that aren't in the
default base. It might be worth looking into what is available there,
depending on your use case.
I enabled it on my system, to see what was in it. Edit /etc/pacman.conf
-and below the \'extra\' section add:\
+and below the 'extra' section add:\
*\[kernels\]\
Include = /etc/pacman.d/mirrorlist*
@@ -386,8 +386,8 @@ Add the same hostname to /etc/hosts, on each line. Example:\
*127.0.0.1 localhost.localdomain localhost myhostname\
::1 localhost.localdomain localhost myhostname*
-You\'ll note that I set both lines; the 2nd line is for IPv6. More and
-more ISPs are providing this now (mine does) so it\'s good to be
+You'll note that I set both lines; the 2nd line is for IPv6. More and
+more ISPs are providing this now (mine does) so it's good to be
forward-thinking here.
The *hostname* utility is part of the *inetutils* package and is in
@@ -400,12 +400,12 @@ core/, installed by default (as part of *base*).
According to the Arch wiki,
[udev](https://wiki.archlinux.org/index.php/Udev) should already detect
the ethernet chipset and load the driver for it automatically at boot
-time. You can check this in the *\"Ethernet controller\"* section when
+time. You can check this in the *"Ethernet controller"* section when
running this command:\
\# **lspci -v**
-Look at the remaining sections *\'Kernel driver in use\'* and *\'Kernel
-modules\'*. In my case it was as follows:\
+Look at the remaining sections *'Kernel driver in use'* and *'Kernel
+modules'*. In my case it was as follows:\
*Kernel driver in use: e1000e\
Kernel modules: e1000e*
@@ -463,8 +463,8 @@ continuing. Also read
is important, so make sure to read them!**
Install smartmontools (it can be used to check smart data. HDDs use
-non-free firmware inside, but it\'s transparent to you but the smart
-data comes from it. Therefore, don\'t rely on it too much):\
+non-free firmware inside, but it's transparent to you but the smart
+data comes from it. Therefore, don't rely on it too much):\
\# **pacman -S smartmontools**\
Read <https://wiki.archlinux.org/index.php/S.M.A.R.T.> to learn how to
use it.
@@ -502,7 +502,7 @@ For other systems you can try:\
\# **pacman -Ss xf86-video- | less**\
Combined with looking at your *lspci* output, you can determine which
driver is needed. By default, Xorg will revert to xf86-video-vesa which
-is a generic driver and doesn\'t provide true hardware acceleration.
+is a generic driver and doesn't provide true hardware acceleration.
Other drivers (not just video) can be found by looking at the
*xorg-drivers* group:\
@@ -541,9 +541,9 @@ X:\
\# **setxkbmap -print -verbose 10**
In my case, I wanted to use the Dvorak (UK) keyboard which is quite
-different from Xorg\'s default Qwerty (US) layout.
+different from Xorg's default Qwerty (US) layout.
-I\'ll just say it now: *XkbModel* can be *pc105* in this case (ThinkPad
+I'll just say it now: *XkbModel* can be *pc105* in this case (ThinkPad
X60, with a 105-key UK keyboard). If you use an American keyboard
(typically 104 keys) you will want to use *pc104*.
@@ -559,16 +559,16 @@ and\
In my case, I chose to use the *configuration file* method:\
Create the file /etc/X11/xorg.conf.d/10-keyboard.conf and put this
inside:\
-*Section \"InputClass\"\
-        Identifier \"system-keyboard\"\
-        MatchIsKeyboard \"on\"\
-        Option \"XkbLayout\" \"gb\"\
-        Option \"XkbModel\" \"pc105\"\
-        Option \"XkbVariant\" \"dvorak\"\
+*Section "InputClass"\
+        Identifier "system-keyboard"\
+        MatchIsKeyboard "on"\
+        Option "XkbLayout" "gb"\
+        Option "XkbModel" "pc105"\
+        Option "XkbVariant" "dvorak"\
EndSection*
For you, the steps above may differ if you have a different layout. If
-you use a US Qwerty keyboard, then you don\'t even need to do anything
+you use a US Qwerty keyboard, then you don't even need to do anything
(though it might help, for the sake of being explicit).
[Back to top of page.](#pagetop)
@@ -577,17 +577,17 @@ you use a US Qwerty keyboard, then you don\'t even need to do anything
### Install LXDE {#desktop_lxde}
-Desktop choice isn\'t that important to me, so for simplicity I decided
-to use LXDE. It\'s lightweight and does everything that I need. If you
+Desktop choice isn't that important to me, so for simplicity I decided
+to use LXDE. It's lightweight and does everything that I need. If you
would like to try something different, refer to
<https://wiki.archlinux.org/index.php/Desktop_environment>
Refer to <https://wiki.archlinux.org/index.php/LXDE>.
-Install it, choosing \'all\' when asked for the default package list:\
+Install it, choosing 'all' when asked for the default package list:\
\# **pacman -S lxde obconf**
-I didn\'t want the following, so I removed them:\
+I didn't want the following, so I removed them:\
\# **pacman -R lxmusic lxtask**
I also lazily installed all fonts:\
@@ -689,7 +689,7 @@ Right click lxde panel and *Add/Remove Panel Items*. Click *Add* and
select *Battery Monitor*, then click *Add*. Close and then right-click
the applet and go to *Battery Monitor Settings*, check the box that says
*Show Extended Information*. Now click *Close*. When you hover the
-cursor over it, it\'ll show information about the battery.
+cursor over it, it'll show information about the battery.
[Back to top of page.](#pagetop)
diff --git a/docs/gnulinux/encrypted_debian.md b/docs/gnulinux/encrypted_debian.md
index a8b5efdb..99c3fc47 100644
--- a/docs/gnulinux/encrypted_debian.md
+++ b/docs/gnulinux/encrypted_debian.md
@@ -15,7 +15,7 @@ to traditional BIOS systems.
On most systems, the /boot partition has to be left unencrypted while
the others are encrypted. This is so that GRUB, and therefore the
-kernel, can be loaded and executed since the firmware can\'t open a LUKS
+kernel, can be loaded and executed since the firmware can't open a LUKS
volume. Not so with libreboot! Since GRUB is already included directly
as a payload, even /boot can be encrypted. This protects /boot from
tampering by someone with physical access to the system.
@@ -23,12 +23,12 @@ tampering by someone with physical access to the system.
This guide is written for Debian net installer. You can download the ISO
from the homepage on [debian.org](https://www.debian.org/). Use this on
the GRUB terminal to boot it from USB (for 64-bit Intel or AMD):\
-**set root=\'usb0\'\
+**set root='usb0'\
linux /install.amd/vmlinuz\
initrd /install.amd/initrd.gz\
boot\
** If you are on a 32-bit system (e.g. X60):\
-**set root=\'usb0\'\
+**set root='usb0'\
linux /install.386/vmlinuz\
initrd /install.386/initrd.gz\
boot**
@@ -54,10 +54,10 @@ Use of the *diceware method* is recommended, for generating secure
passphrases (instead of passwords).
when the installer asks you to set up encryption (ecryptfs) for your
-home directory, select \'Yes\' if you want to: **LUKS is already secure
+home directory, select 'Yes' if you want to: **LUKS is already secure
and performs well. Having ecryptfs on top of it will add noticeable
performance penalty, for little security gain in most use cases. This is
-therefore optional, and not recommended. Choose \'no\'.**
+therefore optional, and not recommended. Choose 'no'.**
**Your user password should be different from the LUKS password which
you will set later on. Your LUKS password should, like the user
@@ -68,7 +68,7 @@ password, be secure.**
Partitioning
============
-Choose \'Manual\' partitioning:
+Choose 'Manual' partitioning:
- Select drive and create new partition table
- Single large partition. The following are mostly defaults:
@@ -77,9 +77,9 @@ Choose \'Manual\' partitioning:
- key size: whatever default is given to you
- IV algorithm: whatever default is given to you
- Encryption key: passphrase
- - erase data: Yes (only choose \'No\' if it\'s a new drive that
- doesn\'t contain your private data)
-- Select \'configure encrypted volumes\'
+ - erase data: Yes (only choose 'No' if it's a new drive that
+ doesn't contain your private data)
+- Select 'configure encrypted volumes'
- Create encrypted volumes
- Select your partition
- Finish
@@ -89,7 +89,7 @@ Choose \'Manual\' partitioning:
minute to make sure that the LUKS header is wiped out)
- Select encrypted space:
- use as: physical volume for LVM
- - Choose \'done setting up the partition\'
+ - Choose 'done setting up the partition'
- Configure the logical volume manager:
- Keep settings: Yes
- Create volume group:
@@ -119,7 +119,7 @@ mountpoints and filesystems to use.
- LVM LV swap
- use as: swap area
- done setting up partition
-- Now you select \'Finished partitioning and write changes to disk\'.
+- Now you select 'Finished partitioning and write changes to disk'.
@@ -135,7 +135,7 @@ Tasksel
=======
For Debian, use the *MATE* option, or one of the others if you want. The
-libreboot project recommends MATE, unless you\'re saavy enough to choose
+libreboot project recommends MATE, unless you're saavy enough to choose
something else.
If you want debian-testing, then you should only select barebones
@@ -145,10 +145,10 @@ install to point to the new distro, and then run **apt-get update** and
root. This is to avoid downloading large packages twice.
NOTE: If you want the latest up to date version of the Linux kernel,
-Debian\'s kernel is sometimes outdated, even in the testing distro. You
+Debian's kernel is sometimes outdated, even in the testing distro. You
might consider using [this repository](https://jxself.org/linux-libre/)
instead, which contains the most up to date versions of the Linux
-kernel. These kernels are also deblobbed, like Debian\'s kernels, so you
+kernel. These kernels are also deblobbed, like Debian's kernels, so you
can be sure that no binary blobs are present.
@@ -156,16 +156,16 @@ can be sure that no binary blobs are present.
Postfix configuration
=====================
-If asked, choose *\"No Configuration\"* here (or maybe you want to
-select something else. It\'s up to you.)
+If asked, choose *"No Configuration"* here (or maybe you want to
+select something else. It's up to you.)
Install the GRUB boot loader to the master boot record
======================================================
-Choose \'Yes\'. It will fail, but don\'t worry. Then at the main menu,
-choose \'Continue without a bootloader\'. You could also choose \'No\'.
+Choose 'Yes'. It will fail, but don't worry. Then at the main menu,
+choose 'Continue without a bootloader'. You could also choose 'No'.
Choice is irrelevant here.
*You do not need to install GRUB at all, since in libreboot you are
@@ -176,7 +176,7 @@ using the GRUB payload (for libreboot) to boot your system directly.*
Clock UTC
=========
-Just say \'Yes\'.
+Just say 'Yes'.
@@ -188,7 +188,7 @@ payload, press C to get to the command line.
Do that:\
grub&gt; **cryptomount -a**\
-grub&gt; **set root=\'lvm/matrix-rootvol\'**\
+grub&gt; **set root='lvm/matrix-rootvol'**\
grub&gt; **linux /vmlinuz root=/dev/mapper/matrix-rootvol
cryptdevice=/dev/mapper/matrix-rootvol:root**\
grub&gt; **initrd /initrd.img**\
@@ -199,7 +199,7 @@ grub&gt; **boot**
ecryptfs
========
-If you didn\'t encrypt your home directory, then you can safely ignore
+If you didn't encrypt your home directory, then you can safely ignore
this section.
Immediately after logging in, do that:\
@@ -219,11 +219,11 @@ Now you need to set it up so that the system will automatically boot,
without having to type a bunch of commands.
Modify your grub.cfg (in the firmware) [using this
-tutorial](grub_cbfs.html); just change the default menu entry \'Load
-Operating System\' to say this inside:
+tutorial](grub_cbfs.html); just change the default menu entry 'Load
+Operating System' to say this inside:
**cryptomount -a**\
-**set root=\'lvm/matrix-rootvol\'**\
+**set root='lvm/matrix-rootvol'**\
**linux /vmlinuz root=/dev/mapper/matrix-rootvol
cryptdevice=/dev/mapper/matrix-rootvol:root**\
**initrd /initrd.img**
diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md
index 7bda2625..c743459f 100644
--- a/docs/gnulinux/encrypted_parabola.md
+++ b/docs/gnulinux/encrypted_parabola.md
@@ -5,14 +5,14 @@ Installing Parabola or Arch GNU+Linux with full disk encryption (including /boot
Libreboot on x86 uses the GRUB
[payload](http://www.coreboot.org/Payloads#GRUB_2) by default, which
means that the GRUB configuration file (where your GRUB menu comes from)
-is stored directly alongside libreboot and it\'s GRUB payload
+is stored directly alongside libreboot and it's GRUB payload
executable, inside the flash chip. In context, this means that
installing distributions and managing them is handled slightly
differently compared to traditional BIOS systems.
On most systems, the /boot partition has to be left unencrypted while
the others are encrypted. This is so that GRUB, and therefore the
-kernel, can be loaded and executed since the firmware can\'t open a LUKS
+kernel, can be loaded and executed since the firmware can't open a LUKS
volume. Not so with libreboot! Since GRUB is already included directly
as a payload, even /boot can be encrypted. This protects /boot from
tampering by someone with physical access to the system.
@@ -36,7 +36,7 @@ drive.
-Boot Parabola\'s install environment. [How to boot a GNU+Linux
+Boot Parabola's install environment. [How to boot a GNU+Linux
installer](grub_boot_installer.html).
For this guide I used the 2015 08 01 image to boot the live installer
@@ -62,7 +62,7 @@ security issues if you do enable it. See [this
page](https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29)
for more info.
-- make sure it\'s brand-new (or barely used). Or, otherwise, be sure
+- make sure it's brand-new (or barely used). Or, otherwise, be sure
that it never previously contained plaintext copies of your data.
- make sure to read [this
@@ -79,15 +79,15 @@ example if it was 2MiB:\
\# **dd if=/dev/urandom of=/dev/sda bs=2M; sync**
If your drive was already LUKS encrypted (maybe you are re-installing
-your distro) then it is already \'wiped\'. You should just wipe the LUKS
+your distro) then it is already 'wiped'. You should just wipe the LUKS
header.
<https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/>
showed me how to do this. It recommends doing the first 3MiB. Now, that
-guide is recommending putting zero there. I\'m going to use urandom. Do
+guide is recommending putting zero there. I'm going to use urandom. Do
this:\
\# **head -c 3145728 /dev/urandom &gt; /dev/sda; sync**\
(Wiping the LUKS header is important, since it has hashed passphrases
-and so on. It\'s \'secure\', but \'potentially\' a risk).
+and so on. It's 'secure', but 'potentially' a risk).
@@ -142,7 +142,7 @@ I am using MBR partitioning, so I use cfdisk:\
\# **cfdisk /dev/sda**
I create a single large sda1 filling the whole drive, leaving it as the
-default type \'Linux\' (83).
+default type 'Linux' (83).
Now I refer to
<https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning>:\
@@ -198,7 +198,7 @@ Show that you just created it:\
Now I create the volume group, inside of which the logical volumes will
be created:\
\# **vgcreate matrix /dev/mapper/lvm**\
-(volume group name is \'matrix\' - choose your own name, if you like)
+(volume group name is 'matrix' - choose your own name, if you like)
Show that you created it:\
\# **vgdisplay**
@@ -214,7 +214,7 @@ the rest of the space, named root)\
You can also be flexible here, for example you can specify a /boot, a /,
a /home, a /var, a /usr, etc. For example, if you will be running a
web/mail server then you want /var in its own partition (so that if it
-fills up with logs, it won\'t crash your system). For a home/laptop
+fills up with logs, it won't crash your system). For a home/laptop
system (typical use case), a root and a swap will do (really).
Verify that the logical volumes were created, using the following
@@ -267,13 +267,13 @@ In my case I did the steps in the next paragraph, and followed the steps
in this paragraph again.
&lt;troubleshooting&gt;\
-   The following is based on \'Verification of package signatures\' in
+   The following is based on 'Verification of package signatures' in
the Parabola install guide.\
   Check there first to see if steps differ by now.\
   Now you have to update the default Parabola keyring. This is used for
signing and verifying packages:\
   \# **pacman -Sy parabola-keyring**\
-   It says that if you get GPG errors, then it\'s probably an expired
+   It says that if you get GPG errors, then it's probably an expired
key and, therefore, you should do:\
   \# **pacman-key \--populate parabola**\
   \# **pacman-key \--refresh-keys**\
@@ -294,7 +294,7 @@ me from using it.\
   I deleted the files that it mentioned and then it worked.
Specifically, I had this error:\
   *licenses: /usr/share/licenses/common/MPS exists in filesystem*\
-   I rm -Rf\'d the file and then pacman worked. I\'m told that the
+   I rm -Rf'd the file and then pacman worked. I'm told that the
following would have also made it work:\
   \# **pacman -Sf licenses**\
&lt;/troubleshooting&gt;\
@@ -322,7 +322,7 @@ command again!)
Chroot into new system:\
\# **arch-chroot /mnt /bin/bash**
-It\'s a good idea to have this installed:\
+It's a good idea to have this installed:\
\# **pacman -S linux-libre-lts**
It was also suggested that you should install this kernel (read up on
@@ -330,7 +330,7 @@ what GRSEC is):\
\# **pacman -S linux-libre-grsec**
This is another kernel that sits inside /boot, which you can use. LTS
-means \'long-term support\'. These are so-called \'stable\' kernels that
+means 'long-term support'. These are so-called 'stable' kernels that
can be used as a fallback during updates, if a bad kernel causes issues
for you.
@@ -380,13 +380,13 @@ information about each hook.) Specifically, for this use case:\
\# **vi /etc/mkinitcpio.conf**\
Then modify the file like so:
-- MODULES=\"i915\"
+- MODULES="i915"
- This forces the driver to load earlier, so that the console font
- isn\'t wiped out after getting to login). Macbook21 users will also
+ isn't wiped out after getting to login). Macbook21 users will also
need **hid-generic, hid and hid-apple to have a working keyboard
when asked to enter the LUKS password.**
-- HOOKS=\"base udev autodetect modconf block keyboard keymap
- consolefont encrypt lvm2 filesystems fsck shutdown\"
+- HOOKS="base udev autodetect modconf block keyboard keymap
+ consolefont encrypt lvm2 filesystems fsck shutdown"
- Explanation:
- keymap adds to initramfs the keymap that you specified in
/etc/vconsole.conf
@@ -412,7 +412,7 @@ Set the root password: At the time of writing, Parabola used SHA512 by
default for its password hashing. I referred to
<https://wiki.archlinux.org/index.php/SHA_password_hashes>.\
\# **vi /etc/pam.d/passwd**\
-Add rounds=65536 at the end of the uncommented \'password\' line.\
+Add rounds=65536 at the end of the uncommented 'password' line.\
\# **passwd root**\
Make sure to set a secure password! Also, it must never be the same as
your LUKS password.
@@ -444,7 +444,7 @@ failed login attempts.
Configure sudo - not covered here. Will be covered post-installation in
another tutorial, at a later date. If this is a single-user system, you
-don\'t really need sudo.
+don't really need sudo.
@@ -458,7 +458,7 @@ unmount:\
\# **umount -R /mnt**\
\# **swapoff -a**
-deactivate the lvm lv\'s:\
+deactivate the lvm lv's:\
\# **lvchange -an /dev/matrix/root**\
\# **lvchange -an /dev/matrix/swapvol**\
@@ -478,7 +478,7 @@ command line. The underlined parts are optional (using those 2
underlines will boot lts kernel instead of normal).
grub&gt; **cryptomount -a**\
-grub&gt; **set root=\'lvm/matrix-root\'**\
+grub&gt; **set root='lvm/matrix-root'**\
grub&gt; **linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/root
cryptdevice=/dev/sda1:root**\
grub&gt; **initrd /boot/initramfs-linux-libre-lts.img**\
@@ -514,7 +514,7 @@ Modify grub.cfg inside the ROM
automatically with this configuration. [grub\_cbfs.html](grub_cbfs.html)
shows you how. Follow that guide, using the configuration details below.
If you go for option 2 (re-flash), promise to do this on grubtest.cfg
-first! We can\'t emphasise this enough. This is to reduce the
+first! We can't emphasise this enough. This is to reduce the
possibility of bricking your device!
I will go for the re-flash option here. Firstly, cd to the
@@ -532,7 +532,7 @@ Extract grubtest.cfg:\
And modify:\
\$ **vi grubtest.cfg**
-In grubtest.cfg, inside the \'Load Operating System\' menu entry, change
+In grubtest.cfg, inside the 'Load Operating System' menu entry, change
the contents to:
cryptomount -a
@@ -571,18 +571,18 @@ Ocassionally, coreboot changes the name of a given board. If flashrom
complains about a board mismatch, but you are sure that you chose the
correct ROM image, then run this alternative command:\
\# **./flash forceupdate libreboot.rom**\
-You should see \"Verifying flash\... VERIFIED.\" written at the end of
+You should see "Verifying flash\... VERIFIED." written at the end of
the flashrom output.
With this new configuration, Parabola can boot automatically and you
will have to enter a password at boot time, in GRUB, before being able
-to use any of the menu entries or switch to the terminal. Let\'s test it
+to use any of the menu entries or switch to the terminal. Let's test it
out: reboot and choose grubtest.cfg from the GRUB menu, using the arrow
keys on your keyboard. Enter the name you chose, the GRUB password, your
LUKS passphrase and login as root/your user. All went well? Great!
If it does not work like you want it to, if you are unsure or sceptical
-in any way, don\'t despair: you have been wise and did not brick your
+in any way, don't despair: you have been wise and did not brick your
device! Reboot and login the default way, and then modify your
grubtest.cfg until you get it right! **Do \*not\* proceed past this
point unless you are 100% sure that your new configuration is safe (or
@@ -590,15 +590,15 @@ desirable) to use.**
Now, we can easily and safely create a copy of grubtest.cfg, called
grub.cfg. This will be the same except for one difference: the menuentry
-\'Switch to grub.cfg\' is changed to \'Switch to grubtest.cfg\' and,
+'Switch to grub.cfg' is changed to 'Switch to grubtest.cfg' and,
inside it, all instances of grub.cfg to grubtest.cfg. This is so that
the main config still links (in the menu) to grubtest.cfg, so that you
-don\'t have to manually switch to it, in case you ever want to follow
+don't have to manually switch to it, in case you ever want to follow
this guide again in the future (modifying the already modified config).
Inside libreboot\_util/cbfstool/{armv7l i686 x86\_64}, we can do this
with the following command:\
-\$ **sed -e \'s:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g\' -e
-\'s:Switch to grub.cfg:Switch to grubtest.cfg:g\' &lt; grubtest.cfg &gt;
+\$ **sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e
+'s:Switch to grub.cfg:Switch to grubtest.cfg:g' &lt; grubtest.cfg &gt;
grub.cfg**\
Delete the grub.cfg that remained inside the ROM:\
\$ **./cbfstool libreboot.rom remove -n grub.cfg**\
@@ -609,7 +609,7 @@ Now you have a modified ROM. Once more, refer to
<http://libreboot.org/docs/install/#flashrom>. Cd to the libreboot\_util
directory and update the flash chip contents:\
\# **./flash update libreboot.rom**\
-And wait for the \"Verifying flash\... VERIFIED.\" Once you have done
+And wait for the "Verifying flash\... VERIFIED." Once you have done
that, shut down and then boot up with your new configuration.
When done, delete GRUB (remember, we only needed it for the
@@ -643,7 +643,7 @@ Insert it into the luks volume:\
\# **cryptsetup luksAddKey /dev/sdX /etc/mykeyfile**\
and enter your LUKS passphrase when prompted. Add the keyfile to the
initramfs by adding it to FILES in /etc/mkinitcpio.conf. For example:\
-\# **FILES=\"/etc/mykeyfile\"**\
+\# **FILES="/etc/mykeyfile"**\
Create the initramfs image from scratch:\
\# **mkinitcpio -p linux-libre**\
\# **mkinitcpio -p linux-libre-lts**\
diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md
index b61fd7a2..c62ac863 100644
--- a/docs/gnulinux/grub_boot_installer.md
+++ b/docs/gnulinux/grub_boot_installer.md
@@ -35,7 +35,7 @@ Connect the USB drive. Check dmesg:\
Check lsblk to confirm which drive it is:\
**\$ lsblk**
-Check that it wasn\'t automatically mounted. If it was, unmount it. For
+Check that it wasn't automatically mounted. If it was, unmount it. For
example:\
**\$ sudo umount /dev/sdX\***\
**\# umount /dev/sdX\***
@@ -78,7 +78,7 @@ Connect the USB drive. Check dmesg:\
Check to confirm which drive it is, for example, if you think its sd3:\
**\$ disklabel sd3**
-Check that it wasn\'t automatically mounted. If it was, unmount it. For
+Check that it wasn't automatically mounted. If it was, unmount it. For
example:\
**\$ doas umount /dev/sd3i**\
@@ -112,12 +112,12 @@ Download the Debian or Devuan net installer. You can download the ISO
from the homepage on [debian.org](https://www.debian.org/), or [the
Devuan homepage](https://www.devuan.org/) for Devuan. Use this on the
GRUB terminal to boot it from USB (for 64-bit Intel or AMD):\
-**set root=\'usb0\'\
+**set root='usb0'\
linux /install.amd/vmlinuz\
initrd /install.amd/initrd.gz\
boot\
** If you are on a 32-bit system (e.g. X60):\
-**set root=\'usb0\'\
+**set root='usb0'\
linux /install.386/vmlinuz\
initrd /install.386/initrd.gz\
boot**\
@@ -146,7 +146,7 @@ Booting ISOLINUX images (manual method)
distribution. You must adapt them appropriately, for whatever GNU+Linux
distribution it is that you are trying to install.*
-If the ISOLINUX parser or *Search for GRUB configuration* options won\'t
+If the ISOLINUX parser or *Search for GRUB configuration* options won't
work, then press C in GRUB to access the command line.\
grub&gt; **ls**\
Get the device from above output, eg (usb0). Example:\
@@ -170,12 +170,12 @@ options in txt.cfg. This is important if you want 64-bit booting on your
system. Devuan versions based on Debian 8.x may also have the same
issue.
-Now look at the ISOLINUX menuentry. It\'ll look like:\
+Now look at the ISOLINUX menuentry. It'll look like:\
**kernel /path/to/kernel\
append PARAMETERS initrd=/path/to/initrd MAYBE\_MORE\_PARAMETERS\
-** GRUB works the same way, but in it\'s own way. Example GRUB
+** GRUB works the same way, but in it's own way. Example GRUB
commands:\
-grub&gt; **set root=\'usb0\'**\
+grub&gt; **set root='usb0'**\
grub&gt; **linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS**\
grub&gt; **initrd /path/to/initrd**\
grub&gt; **boot**\
@@ -191,16 +191,16 @@ now be booting your USB drive in the way that you specified.
Troubleshooting
===============
-Most of these issues occur when using libreboot with coreboot\'s \'text
-mode\' instead of the coreboot framebuffer. This mode is useful for
+Most of these issues occur when using libreboot with coreboot's 'text
+mode' instead of the coreboot framebuffer. This mode is useful for
booting payloads like memtest86+ which expect text-mode, but for
GNU+Linux distributions it can be problematic when they are trying to
-switch to a framebuffer because it doesn\'t exist.
+switch to a framebuffer because it doesn't exist.
In most cases, you should use the vesafb ROM images. Example filename:
libreboot\_ukdvorak\_vesafb.rom.
-parabola won\'t boot in text-mode
+parabola won't boot in text-mode
---------------------------------
Use one of the ROM images with vesafb in the filename (uses coreboot
@@ -209,11 +209,11 @@ framebuffer instead of text-mode).
debian-installer graphical corruption in text-mode (Debian and Devuan)
----------------------------------------------------------------------
-When using the ROM images that use coreboot\'s \"text mode\" instead of
+When using the ROM images that use coreboot's "text mode" instead of
the coreboot framebuffer, booting the Debian or Devuan net installer
results in graphical corruption because it is trying to switch to a
-framebuffer which doesn\'t exist. Use that kernel parameter on the
-\'linux\' line when booting it:\
+framebuffer which doesn't exist. Use that kernel parameter on the
+'linux' line when booting it:\
**vga=normal fb=false**
This forces debian-installer to start in text-mode, instead of trying to
diff --git a/docs/gnulinux/grub_cbfs.md b/docs/gnulinux/grub_cbfs.md
index c654d76a..e5b6a9b0 100644
--- a/docs/gnulinux/grub_cbfs.md
+++ b/docs/gnulinux/grub_cbfs.md
@@ -10,12 +10,12 @@ inside the flash chip. In context, this means that installing
distributions and managing them is handled slightly differently compared
to traditional BIOS systems.
-A libreboot (or coreboot) ROM image is not simply \"flat\"; there is an
+A libreboot (or coreboot) ROM image is not simply "flat"; there is an
actual filesystem inside called CBFS (coreboot filesystem). A utility
-called \'cbfstool\' allows you to change the contents of the ROM image.
-In this case, libreboot is configured such that the \'grub.cfg\' and
-\'grubtest.cfg\' files exist directly inside CBFS instead of inside the
-GRUB payload \'memdisk\' (which is itself stored in CBFS).
+called 'cbfstool' allows you to change the contents of the ROM image.
+In this case, libreboot is configured such that the 'grub.cfg' and
+'grubtest.cfg' files exist directly inside CBFS instead of inside the
+GRUB payload 'memdisk' (which is itself stored in CBFS).
You can either modify the GRUB configuration stored in the flash chip,
or you can modify a GRUB configuration file on the main storage which
@@ -35,7 +35,7 @@ Table of Contents
=================
- [Introduction](#introduction)
-- [1st option: don\'t re-flash](#option1_dont_reflash)
+- [1st option: don't re-flash](#option1_dont_reflash)
- [2nd option: re-flash](#option2_reflash)
- [Acquire the necessary utilities](#tools)
- [Acquiring the correct ROM image](#rom)
@@ -61,14 +61,14 @@ in CBFS, but this also means that you have to flash a new libreboot ROM
image on your system (some users feel intimidated by this, to say the
least). Doing so can be risky if not handled correctly, because it can
result in a bricked system (recovery is easy if you have the
-[equipment](../install/bbb_setup.html) for it, but most people don\'t).
-If you aren\'t up to that then don\'t worry; it is possible to use a
+[equipment](../install/bbb_setup.html) for it, but most people don't).
+If you aren't up to that then don't worry; it is possible to use a
custom GRUB menu without flashing a new image, by loading a GRUB
configuration from a partition on the main storage instead.
-1st option: don\'t re-flash {#option1_dont_reflash}
+1st option: don't re-flash {#option1_dont_reflash}
---------------------------
By default, GRUB in libreboot is configured to scan all partitions on
@@ -198,7 +198,7 @@ Ocassionally, coreboot changes the name of a given board. If flashrom
complains about a board mismatch, but you are sure that you chose the
correct ROM image, then run this alternative command:\
\# **./flash forceupdate libreboot.rom**\
-You should see **\"Verifying flash\... VERIFIED.\"** written at the end
+You should see **"Verifying flash\... VERIFIED."** written at the end
of the flashrom output. Once you have done that, shut down and then boot
up with your new test configuration.**
@@ -219,14 +219,14 @@ Final steps {#final_steps}
When you are satisfied booting from grubtest.cfg, you can create a copy
of grubtest.cfg, called grub.cfg. This is the same except for one
-difference: the menuentry \'Switch to grub.cfg\' will be changed to
-\'Switch to grubtest.cfg\' and inside it, all instances of grub.cfg to
+difference: the menuentry 'Switch to grub.cfg' will be changed to
+'Switch to grubtest.cfg' and inside it, all instances of grub.cfg to
grubtest.cfg. This is so that the main config still links (in the menu)
-to grubtest.cfg, so that you don\'t have to manually switch to it, in
+to grubtest.cfg, so that you don't have to manually switch to it, in
case you ever want to follow this guide again in the future (modifying
the already modified config). From /libreboot\_util/cbfstool, do:\
-\$ **sed -e \'s:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g\' -e
-\'s:Switch to grub.cfg:Switch to grubtest.cfg:g\' &lt; grubtest.cfg &gt;
+\$ **sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e
+'s:Switch to grub.cfg:Switch to grubtest.cfg:g' &lt; grubtest.cfg &gt;
grub.cfg**\
Delete the grub.cfg that remained inside the ROM:\
@@ -237,7 +237,7 @@ Add the modified version that you just made:\
**Now you have a modified ROM. Again, refer back to
[../install/\#flashrom](../install/#flashrom) for information on how to
-flash it. It\'s the same method as you used before. Shut down and then
+flash it. It's the same method as you used before. Shut down and then
boot up with your new configuration.**
[Back to top of page.](#pagetop)
diff --git a/docs/gnulinux/grub_hardening.md b/docs/gnulinux/grub_hardening.md
index fc14574b..78cd86a2 100644
--- a/docs/gnulinux/grub_hardening.md
+++ b/docs/gnulinux/grub_hardening.md
@@ -20,7 +20,7 @@ on the [GPG project website](https://www.gnu.org/software/gnupg/). GRUB
has some GPG support built in, for checking signatures.
This tutorial assumes you have a libreboot image (rom) that you wish to
-modify, to which we shall henceforth refer to as \"my.rom\". This
+modify, to which we shall henceforth refer to as "my.rom". This
tutorial modifies grubtest.cfg, this means signing and password
protection will work after switching to it in the main boot menu and
bricking due to incorrect configuration will be impossible. After you
@@ -61,8 +61,8 @@ signature checking code currently looks for
and as such it is not possible to supply signatures in an alternate
location.
-Note that this is not your LUKS password, but it\'s a password that you
-have to enter in order to use \"restricted\" functionality (such as
+Note that this is not your LUKS password, but it's a password that you
+have to enter in order to use "restricted" functionality (such as
console). This protects your system from an attacker simply booting a
live USB and re-flashing your firmware. **This should be different than
your LUKS passphrase and user password.**