1 files changed, 87 insertions, 87 deletions
diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md
index f04b969a..36a60c61 100644
--- a/docs/gnulinux/encrypted_parabola.md
+++ b/docs/gnulinux/encrypted_parabola.md
@@ -71,12 +71,12 @@ article](https://wiki.archlinux.org/index.php/Solid_State_Drives). Edit
 whole article and keep all points in mind, adapting them for this guide.
 
 Securely wipe the drive:\
-\#     dd if=/dev/urandom of=/dev/sda; sync
+    # dd if=/dev/urandom of=/dev/sda; sync
 NOTE: If you have an SSD, only do this the first time. If it was already
 LUKS-encrypted before, use the info below to wipe the LUKS header. Also,
 check online for your SSD what the recommended erase block size is. For
 example if it was 2MiB:\
-\# **dd if=/dev/urandom of=/dev/sda bs=2M; sync**
+# **dd if=/dev/urandom of=/dev/sda bs=2M; sync**
 
 If your drive was already LUKS encrypted (maybe you are re-installing
 your distro) then it is already 'wiped'. You should just wipe the LUKS
@@ -85,7 +85,7 @@ header.
 showed me how to do this. It recommends doing the first 3MiB. Now, that
 guide is recommending putting zero there. I'm going to use urandom. Do
 this:\
-\#     head -c 3145728 /dev/urandom > /dev/sda; sync
+    # head -c 3145728 /dev/urandom > /dev/sda; sync
 (Wiping the LUKS header is important, since it has hashed passphrases
 and so on. It's 'secure', but 'potentially' a risk).
 
@@ -96,8 +96,8 @@ Change keyboard layout
 
 Parabola live shell assumes US Qwerty. If you have something different,
 list the available keymaps and use yours:\
-\#     localectl list-keymaps
-\#     loadkeys LAYOUT
+    # localectl list-keymaps
+    # loadkeys LAYOUT
 For me, LAYOUT would have been dvorak-uk.
 
 
@@ -125,7 +125,7 @@ dm-mod
 
 device-mapper will be used - a lot. Make sure that the kernel module is
 loaded:\
-\# **modprobe dm-mod**
+# **modprobe dm-mod**
 
 Create LUKS partition
 ---------------------
@@ -139,7 +139,7 @@ security purposes (mitigates brute force attacks), so anything lower
 than 5 seconds is probably not ok.
 
 I am using MBR partitioning, so I use cfdisk:\
-\# **cfdisk /dev/sda**
+# **cfdisk /dev/sda**
 
 I create a single large sda1 filling the whole drive, leaving it as the
 default type 'Linux' (83).
@@ -152,15 +152,15 @@ I am then directed to
 Parabola forces you to RTFM. Do that.
 
 It tells me to run:\
-\# **cryptsetup benchmark** (for making sure the list below is
+# **cryptsetup benchmark** (for making sure the list below is
 populated)\
 Then:\
-\#     cat /proc/crypto
+    # cat /proc/crypto
 This gives me crypto options that I can use. It also provides a
 representation of the best way to set up LUKS (in this case, security is
 a priority; speed, a distant second). To gain a better understanding, I
 am also reading:\
-\# **man cryptsetup**
+# **man cryptsetup**
 
 Following that page, based on my requirements, I do the following based
 on
@@ -169,7 +169,7 @@ Reading through, it seems like Serpent (encryption) and Whirlpool (hash)
 is the best option.
 
 I am initializing LUKS with the following:\
-\# **cryptsetup -v \--cipher serpent-xts-plain64 \--key-size 512 \--hash
+# **cryptsetup -v \--cipher serpent-xts-plain64 \--key-size 512 \--hash
 whirlpool \--iter-time 500 \--use-random \--verify-passphrase luksFormat
 /dev/sda1** Choose a **secure** passphrase here. Ideally lots of
 lowercase/uppercase numbers, letters, symbols etc all in a random
@@ -187,29 +187,29 @@ Create LVM
 Now I refer to <https://wiki.archlinux.org/index.php/LVM>.
 
 Open the LUKS partition:\
-\#     cryptsetup luksOpen /dev/sda1 lvm
+    # cryptsetup luksOpen /dev/sda1 lvm
 (it will be available at /dev/mapper/lvm)
 
 Create LVM partition:\
-\#     pvcreate /dev/mapper/lvm
+    # pvcreate /dev/mapper/lvm
 Show that you just created it:\
-\# **pvdisplay**
+# **pvdisplay**
 
 Now I create the volume group, inside of which the logical volumes will
 be created:\
-\#     vgcreate matrix /dev/mapper/lvm
+    # vgcreate matrix /dev/mapper/lvm
 (volume group name is 'matrix' - choose your own name, if you like)
 Show that you created it:\
-\# **vgdisplay**
+# **vgdisplay**
 
 Now create the logical volumes:\
-\# **lvcreate -L 2G matrix -n swapvol** (2G swap partition, named
+# **lvcreate -L 2G matrix -n swapvol** (2G swap partition, named
 swapvol)\
 Again, choose your own name if you like. Also, make sure to choose a
 swap size of your own needs. It basically depends on how much RAM you
 have installed. I refer to
 <http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space>.\
-\# **lvcreate -l +100%FREE matrix -n root** (single large partition in
+# **lvcreate -l +100%FREE matrix -n root** (single large partition in
 the rest of the space, named root)\
 You can also be flexible here, for example you can specify a /boot, a /,
 a /home, a /var, a /usr, etc. For example, if you will be running a
@@ -219,7 +219,7 @@ system (typical use case), a root and a swap will do (really).
 
 Verify that the logical volumes were created, using the following
 command:\
-\# **lvdisplay**
+# **lvdisplay**
 
 
 
@@ -227,15 +227,15 @@ Create / and swap partitions, and mount
 ---------------------------------------
 
 For the swapvol LV I use:\
-\#     mkswap /dev/mapper/matrix-swapvol
+    # mkswap /dev/mapper/matrix-swapvol
 Activate swap:\
-\# **swapon /dev/matrix/swapvol**
+# **swapon /dev/matrix/swapvol**
 
 For the root LV I use:\
-\# **mkfs.btrfs /dev/mapper/matrix-root**
+# **mkfs.btrfs /dev/mapper/matrix-root**
 
 Mount the root (/) partition:\
-\# **mount /dev/matrix/root /mnt**
+# **mount /dev/matrix/root /mnt**
 
 
 
@@ -250,8 +250,8 @@ Now I am following the rest of
 referenced <https://wiki.archlinux.org/index.php/Installation_guide>.
 
 Create /home and /boot on root mountpoint:\
-\#     mkdir -p /mnt/home
-\# **mkdir -p /mnt/boot**
+    # mkdir -p /mnt/home
+# **mkdir -p /mnt/boot**
 
 Once all the remaining partitions, if any, have been mounted, the
 devices are ready to install Parabola.
@@ -259,9 +259,9 @@ devices are ready to install Parabola.
 In **/etc/pacman.d/mirrorlist**, comment out all lines except the Server
 line closest to where you are (I chose the UK Parabola server (main
 server)) and then did:\
-\#     pacman -Syy
-\#     pacman -Syu
-\# **pacman -Sy pacman** (and then I did the other 2 steps above,
+    # pacman -Syy
+    # pacman -Syu
+# **pacman -Sy pacman** (and then I did the other 2 steps above,
 again)\
 In my case I did the steps in the next paragraph, and followed the steps
 in this paragraph again.
@@ -272,23 +272,23 @@ the Parabola install guide.\
    Check there first to see if steps differ by now.\
    Now you have to update the default Parabola keyring. This is used for
 signing and verifying packages:\
-   \#     pacman -Sy parabola-keyring
+       # pacman -Sy parabola-keyring
    It says that if you get GPG errors, then it's probably an expired
 key and, therefore, you should do:\
-   \#     pacman-key \--populate parabola
-   \#     pacman-key \--refresh-keys
-   \#     pacman -Sy parabola-keyring
+       # pacman-key \--populate parabola
+       # pacman-key \--refresh-keys
+       # pacman -Sy parabola-keyring
    To be honest, you should do the above anyway. Parabola has a lot of
 maintainers, and a lot of keys. Really!\
    If you get an error mentioning dirmngr, do:\
-   \#     dirmngr </dev/null
+       # dirmngr </dev/null
    Also, it says that if the clock is set incorrectly then you have to
 manually set the correct time\
    (if keys are listed as expired because of it):\
-   \#     date MMDDhhmm\[\[CC\]YY\]\[.ss\]
+       # date MMDDhhmm\[\[CC\]YY\]\[.ss\]
    I also had to install:\
-   \#     pacman -S archlinux-keyring
-   \#     pacman-key \--populate archlinux
+       # pacman -S archlinux-keyring
+       # pacman-key \--populate archlinux
    In my case I saw some conflicting files reported in pacman, stopping
 me from using it.\
    I deleted the files that it mentioned and then it worked.
@@ -296,13 +296,13 @@ Specifically, I had this error:\
    *licenses: /usr/share/licenses/common/MPS exists in filesystem*\
    I rm -Rf'd the file and then pacman worked. I'm told that the
 following would have also made it work:\
-   \#     pacman -Sf licenses
+       # pacman -Sf licenses
 </troubleshooting>\
 
 I also like to install other packages (base-devel, compilers and so on)
 and wpa\_supplicant/dialog/iw/wpa\_actiond are needed for wireless after
 the install:\
-\# **pacstrap /mnt base base-devel wpa\_supplicant dialog iw
+# **pacstrap /mnt base base-devel wpa\_supplicant dialog iw
 wpa\_actiond**
 
 
@@ -313,21 +313,21 @@ Configure the system
 Generate an fstab - UUIDs are used because they have certain advantages
 (see <https://wiki.parabola.nu/Fstab#Identifying_filesystems>. If you
 prefer labels instead, replace the -U option with -L):\
-\#     genfstab -U -p /mnt >> /mnt/etc/fstab
+    # genfstab -U -p /mnt >> /mnt/etc/fstab
 Check the created file:\
-\#     cat /mnt/etc/fstab
+    # cat /mnt/etc/fstab
 (If there are any errors, edit the file. Do **NOT** run the genfstab
 command again!)
 
 Chroot into new system:\
-\# **arch-chroot /mnt /bin/bash**
+# **arch-chroot /mnt /bin/bash**
 
 It's a good idea to have this installed:\
-\# **pacman -S linux-libre-lts**
+# **pacman -S linux-libre-lts**
 
 It was also suggested that you should install this kernel (read up on
 what GRSEC is):\
-\# **pacman -S linux-libre-grsec**
+# **pacman -S linux-libre-grsec**
 
 This is another kernel that sits inside /boot, which you can use. LTS
 means 'long-term support'. These are so-called 'stable' kernels that
@@ -335,35 +335,35 @@ can be used as a fallback during updates, if a bad kernel causes issues
 for you.
 
 Parabola does not have wget. This is sinister. Install it:\
-\# **pacman -S wget**
+# **pacman -S wget**
 
 Locale:\
-\#     vi /etc/locale.gen
+    # vi /etc/locale.gen
 Uncomment your needed localisations. For example en\_GB.UTF-8 (UTF-8 is
 highly recommended over other options).\
-\#     locale-gen
-\#     echo LANG=en\_GB.UTF-8 > /etc/locale.conf
-\# **export LANG=en\_GB.UTF-8**
+    # locale-gen
+    # echo LANG=en\_GB.UTF-8 > /etc/locale.conf
+# **export LANG=en\_GB.UTF-8**
 
 Console font and keymap:\
-\#     vi /etc/vconsole.conf
+    # vi /etc/vconsole.conf
 In my case:
 
     KEYMAP=dvorak-uk
     FONT=lat9w-16
 
 Time zone:\
-\#     ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
+    # ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
 (Replace Zone and Subzone to your liking. See /usr/share/zoneinfo)
 
 Hardware clock:\
-\# **hwclock \--systohc \--utc**
+# **hwclock \--systohc \--utc**
 
 Hostname: Write your hostname to /etc/hostname. For example, if your
 hostname is parabola:\
-\#     echo parabola > /etc/hostname
+    # echo parabola > /etc/hostname
 Add the same hostname to /etc/hosts:\
-\#     vi /etc/hosts
+    # vi /etc/hosts
 
     #<ip-address> <hostname.domain.org> <hostname>
     127.0.0.1   localhost.localdomain   localhost   parabola
@@ -375,9 +375,9 @@ Configure the network: Refer to
 Mkinitcpio: Configure /etc/mkinitcpio.conf as needed (see
 <https://wiki.parabola.nu/Mkinitcpio>). Runtime modules can be found in
 /usr/lib/initcpio/hooks, and build hooks can be found in
-/usr/lib/initcpio/install. (\# **mkinitcpio -H hookname** gives
+/usr/lib/initcpio/install. (# **mkinitcpio -H hookname** gives
 information about each hook.) Specifically, for this use case:\
-\#     vi /etc/mkinitcpio.conf
+    # vi /etc/mkinitcpio.conf
 Then modify the file like so:
 
 -   MODULES="i915"
@@ -402,18 +402,18 @@ Then modify the file like so:
 Now using mkinitcpio, you can create the kernel and ramdisk for booting
 with (this is different from Arch, specifying linux-libre instead of
 linux):\
-\#     mkinitcpio -p linux-libre
+    # mkinitcpio -p linux-libre
 Also do it for linux-libre-lts:\
-\#     mkinitcpio -p linux-libre-lts
+    # mkinitcpio -p linux-libre-lts
 Also do it for linux-libre-grsec:\
-\# **mkinitcpio -p linux-libre-grsec**
+# **mkinitcpio -p linux-libre-grsec**
 
 Set the root password: At the time of writing, Parabola used SHA512 by
 default for its password hashing. I referred to
 <https://wiki.archlinux.org/index.php/SHA_password_hashes>.\
-\#     vi /etc/pam.d/passwd
+    # vi /etc/pam.d/passwd
 Add rounds=65536 at the end of the uncommented 'password' line.\
-\#     passwd root
+    # passwd root
 Make sure to set a secure password! Also, it must never be the same as
 your LUKS password.
 
@@ -428,17 +428,17 @@ Extra security tweaks
 Based on <https://wiki.archlinux.org/index.php/Security>.
 
 Restrict access to important directories:\
-\# **chmod 700 /boot /etc/{iptables,arptables}**
+# **chmod 700 /boot /etc/{iptables,arptables}**
 
 Lockout user after three failed login attempts:\
 Edit the file /etc/pam.d/system-login and comment out that line:\
-*\# auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\
+*# auth required pam\_tally.so onerr=succeed file=/var/log/faillog*\
 Or just delete it. Above it, put:\
 *auth required pam\_tally.so deny=2 unlock\_time=600 onerr=succeed
 file=/var/log/faillog*\
 To unlock a user manually (if a password attempt is failed 3 times),
 do:\
-\# **pam\_tally \--user *theusername* \--reset** What the above
+# **pam\_tally \--user *theusername* \--reset** What the above
 configuration does is lock the user out for 10 minutes, if they make 3
 failed login attempts.
 
@@ -452,20 +452,20 @@ Unmount, reboot!
 ----------------
 
 Exit from chroot:\
-\# **exit**
+# **exit**
 
 unmount:\
-\#     umount -R /mnt
-\# **swapoff -a**
+    # umount -R /mnt
+# **swapoff -a**
 
 deactivate the lvm lv's:\
-\#     lvchange -an /dev/matrix/root
-\#     lvchange -an /dev/matrix/swapvol
+    # lvchange -an /dev/matrix/root
+    # lvchange -an /dev/matrix/swapvol
 
 Lock the encrypted partition (close it):\
-\# **cryptsetup luksClose lvm**
+# **cryptsetup luksClose lvm**
 
-\#     shutdown -h now
+    # shutdown -h now
 Remove the installation media, then boot up again.
 
 
@@ -521,14 +521,14 @@ I will go for the re-flash option here. Firstly, cd to the
 libreboot\_util/cbfstool/{armv7l i686 x86\_64} directory. Dump the
 current firmware - where *libreboot.rom* is an example: make sure to
 adapt:\
-\#     flashrom -p internal -r libreboot.rom
+    # flashrom -p internal -r libreboot.rom
 If flashrom complains about multiple flash chips detected, add a *-c*
 option at the end, with the name of your chosen chip is quotes.\
 You can check if everything is in there (*grub.cfg* and *grubtest.cfg*
 would be really nice):\
-$     ./cbfstool libreboot.rom print
+    $ ./cbfstool libreboot.rom print
 Extract grubtest.cfg:\
-$     ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg
+    $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg
 And modify:\
 $ **vi grubtest.cfg**
 
@@ -559,18 +559,18 @@ hardening your GRUB configuration, for security purposes.
 
 Save your changes in grubtest.cfg, then delete the unmodified config
 from the ROM image:\
-$     ./cbfstool libreboot.rom remove -n grubtest.cfg
+    $ ./cbfstool libreboot.rom remove -n grubtest.cfg
 and insert the modified grubtest.cfg:\
 $ **./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t
 raw**\
 
 Now refer to <http://libreboot.org/docs/install/#flashrom>. Cd (up) to
 the libreboot\_util directory and update the flash chip contents:\
-\#     ./flash update libreboot.rom
+    # ./flash update libreboot.rom
 Ocassionally, coreboot changes the name of a given board. If flashrom
 complains about a board mismatch, but you are sure that you chose the
 correct ROM image, then run this alternative command:\
-\#     ./flash forceupdate libreboot.rom
+    # ./flash forceupdate libreboot.rom
 You should see "Verifying flash\... VERIFIED." written at the end of
 the flashrom output.
 
@@ -601,21 +601,21 @@ $ **sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e
 's:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg >
 grub.cfg**\
 Delete the grub.cfg that remained inside the ROM:\
-$     ./cbfstool libreboot.rom remove -n grub.cfg
+    $ ./cbfstool libreboot.rom remove -n grub.cfg
 Add the modified version that you just made:\
-$     ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw
+    $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw
 
 Now you have a modified ROM. Once more, refer to
 <http://libreboot.org/docs/install/#flashrom>. Cd to the libreboot\_util
 directory and update the flash chip contents:\
-\#     ./flash update libreboot.rom
+    # ./flash update libreboot.rom
 And wait for the "Verifying flash\... VERIFIED." Once you have done
 that, shut down and then boot up with your new configuration.
 
 When done, delete GRUB (remember, we only needed it for the
 *grub-mkpasswd-pbkdf2* utility; GRUB is already part of libreboot,
 flashed alongside it as a *payload*):\
-\# **pacman -R grub**
+# **pacman -R grub**
 
 
 
@@ -637,20 +637,20 @@ put a keyfile inside initramfs, with instructions for the kernel to use
 it when booting. This is safe, because /boot/ is encrypted (otherwise,
 putting a keyfile inside initramfs would be a bad idea).\
 Boot up and login as root or your user. Then generate the key file:\
-\# **dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile
+# **dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile
 iflag=fullblock**\
 Insert it into the luks volume:\
-\#     cryptsetup luksAddKey /dev/sdX /etc/mykeyfile
+    # cryptsetup luksAddKey /dev/sdX /etc/mykeyfile
 and enter your LUKS passphrase when prompted. Add the keyfile to the
 initramfs by adding it to FILES in /etc/mkinitcpio.conf. For example:\
-\#     FILES="/etc/mykeyfile"
+    # FILES="/etc/mykeyfile"
 Create the initramfs image from scratch:\
-\#     mkinitcpio -p linux-libre
-\#     mkinitcpio -p linux-libre-lts
-\#     mkinitcpio -p linux-libre-grsec
+    # mkinitcpio -p linux-libre
+    # mkinitcpio -p linux-libre-lts
+    # mkinitcpio -p linux-libre-grsec
 Add the following to your grub.cfg - you are now able to do that, see
 above! -, or add it in the kernel command line for GRUB:\
-\#     cryptkey=rootfs:/etc/mykeyfile
+    # cryptkey=rootfs:/etc/mykeyfile
 \
 You can also place this inside the grub.cfg that exists in CBFS:
 [grub\_cbfs.html](grub_cbfs.html).