7 files changed, 254 insertions, 207 deletions

diff --git a/docs/gnulinux/configuring_parabola.md b/docs/gnulinux/configuring_parabola.md
index 29dc0243..2aef3624 100644
--- a/docs/gnulinux/configuring_parabola.md
+++ b/docs/gnulinux/configuring_parabola.md
@@ -1,5 +1,6 @@
 ---
 title: Configuring Parabola (post-install) 
+x-toc-enable: true
 ...
 
 Post-installation configuration steps for Parabola GNU+Linux-libre.
@@ -7,38 +8,6 @@ Parabola is extremely flexible; this is just an example. This example
 uses LXDE because it's lightweight, but we recommend the *MATE* desktop
 (which is actually about as lightweight as LXDE).
 
-Table of Contents
-=================
-
--   [Configuring pacman](#pacman_configure)
-    -   [Updating Parabola](#pacman_update)
-    -   [Maintaining Parabola during system updates](#pacman_maintain)
-        -   [Clearing package cache after updating](#pacman_cacheclean)
-        -   [Pacman command equivalents (compared to other package
-            managers)](#pacman_commandequiv)
-    -   [your-freedom](#yourfreedom)
-
--   [Add a user account](#useradd)
--   [System D](#systemd)
--   [Interesting repositories](#interesting_repos)
--   [Setup a network connection in Parabola](#network)
-    -   [Setting hostname](#network_hostname)
-    -   [Network status](#network_status)
-    -   [Network interface names](#network_devicenames)
-    -   [Network setup](#network_setup)
--   [System maintenance](#system_maintain) - important!
--   [Configuring the desktop](#desktop)
-    -   [Install Xorg](#desktop_xorg)
-    -   [Xorg keyboard layout](#desktop_kblayout)
-    -   [Install LXDE](#desktop_lxde)
-    -   [LXDE - clock](#lxde_clock)
-    -   [LXDE - font](#lxde_font)
-    -   [LXDE - screenlock](#lxde_screenlock)
-    -   [LXDE - automounting](#lxde_automount)
-    -   [LXDE - disable suspend](#lxde_suspend)
-    -   [LXDE - battery monitor](#lxde_battery)
-    -   [LXDE - network manager](#lxde_network)
-
 While not strictly related to the libreboot project, this guide is
 intended to be useful for those interested in installing Parabola on
 their libreboot system.
@@ -86,9 +55,13 @@ careful about this when reading anything on the Arch wiki.
 
 Some of these steps require internet access. I'll go into networking
 later but for now, I just connected my system to a switch and did:
+
     # systemctl start dhcpcd.service
+
 You can stop it later by running:
+
     # systemctl stop dhcpcd.service\
+
 For most people this should be enough, but if you don't have DHCP on
 your network then you should setup your network connection first:\
 [Setup network connection in Parabola](#network)
@@ -114,6 +87,7 @@ In the end, I didn't change my configuration for pacman. When you are
 updating, resync with the latest package names/versions:
 
     # pacman -Syy
+
 (according to the wiki, -Syy is better than Sy because it refreshes the
 package list even if it appears to be up to date, which can be useful
 when switching to another mirror).\
@@ -190,6 +164,7 @@ The wiki also mentions this method for removing everything from the
 cache, including currently installed packages that are cached:
 
     # pacman -Scc
+
 This is inadvisable, since it means re-downloading the package again if
 you wanted to quickly re-install it. This should only be used when disk
 space is at a premium.
@@ -227,6 +202,7 @@ Read the entire document linked to above, and then continue.
 Add your user:
 
     # useradd -m -G wheel -s /bin/bash *yourusername*
+
 Set a password:
 
     # passwd *yourusername*
@@ -254,6 +230,7 @@ supplier) to use systemd.
 The manpage should also help:
 
     # man systemd
+
 The section on 'unit types' is especially useful.
 
 According to the wiki, systemd 'journal' keeps logs of a size up to
@@ -287,9 +264,11 @@ Finally, the wiki mentions 'temporary' files and the utility for
 managing them.
 
     # man systemd-tmpfiles
+
 The command for 'clean' is:
 
     # systemd-tmpfiles --clean
+
 According to the manpage, this *"cleans all files and directories with
 an age parameter"*. According to the Arch wiki, this reads information
 in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/ to know what actions to
@@ -301,6 +280,7 @@ However, /usr/lib/tmpfiles.d/ contained some files. The first one was
 etc.conf, containing information and a reference to this manpage:
 
     # man tmpfiles.d
+
 Read that manpage, and then continue studying all the files.
 
 The systemd developers tell me that it isn't usually necessary to touch
@@ -343,6 +323,7 @@ when installing Parabola. You can also do it with systemd (do so now, if
 you like):
 
     # hostnamectl set-hostname *yourhostname*
+
 This writes the specified hostname to /etc/hostname. More information
 can be found in these manpages:
 
@@ -430,6 +411,7 @@ non-free firmware inside, but it's transparent to you but the smart
 data comes from it. Therefore, don't rely on it too much):
 
     # pacman -S smartmontools
+
 Read <https://wiki.archlinux.org/index.php/S.M.A.R.T.> to learn how to
 use it.
 
@@ -449,6 +431,7 @@ Based on <https://wiki.archlinux.org/index.php/Xorg>.
 Firstly, install it!
 
     # pacman -S xorg-server
+
 I also recommend installing this (contains lots of useful tools,
 including *xrandr*):
 
@@ -458,9 +441,11 @@ Install the driver. For me this was *xf86-video-intel* on the ThinkPad
 X60. T60 and macbook11/21 should be the same.
 
     # pacman -S xf86-video-intel
+
 For other systems you can try:
 
     # pacman -Ss xf86-video- | less
+
 Combined with looking at your *lspci* output, you can determine which
 driver is needed. By default, Xorg will revert to xf86-video-vesa which
 is a generic driver and doesn't provide true hardware acceleration.
@@ -566,6 +551,7 @@ I also like to install these:
 Enable LXDM (the default display manager, providing a graphical login):
 
     # systemctl enable lxdm.service
+
 It will start when you boot up the system. To start it now, do:
 
     # systemctl start lxdm.service
@@ -576,17 +562,20 @@ start lxde without lxdm. Read
 <https://wiki.archlinux.org/index.php/Xinitrc>.
 
 Open LXterminal:
+
     $ cp /etc/skel/.xinitrc \~
+
 Open .xinitrc and add the following plus a line break at the bottom of
 the file.\
 *\# Probably not needed. The same locale info that we set before\
 \# Based on advice from the LXDE wiki export LC\_ALL=en\_GB.UTF-8\
 export LANGUAGE=en\_GB.UTF-8\
 export LANG=en\_GB.UTF-8\
-\
+
 \# Start lxde desktop\
 exec startlxde\
 * Now make sure that it is executable:
+
     $ chmod +x .xinitrc
 
 ### LXDE - clock {#lxde_clock}
@@ -643,6 +632,7 @@ Install Network Manager:
 You will also want the graphical applet:
 
     # pacman -S network-manager-applet
+
 Arch wiki says that an autostart rule will be written at
 */etc/xdg/autostart/nm-applet.desktop*
 
@@ -657,6 +647,7 @@ LXDE uses openbox, so I refer to:\
 It tells me for the applet I need:
 
     # pacman -S xfce4-notifyd gnome-icon-theme
+
 Also, for storing authentication details (wifi) I need:
 
     # pacman -S gnome-keyring
@@ -665,6 +656,7 @@ I wanted to quickly enable networkmanager:
 
     # systemctl stop dhcpcd
     # systemctl start NetworkManager
+
 Enable NetworkManager at boot time:
 
     # systemctl enable NetworkManager
@@ -677,8 +669,6 @@ theme, in *lxappearance*.
 
 Copyright © 2014, 2015 Leah Rowe <info@minifree.org>\
 
-
-
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License Version 1.3 or any later
 version published by the Free Software Foundation
diff --git a/docs/gnulinux/encrypted_debian.md b/docs/gnulinux/encrypted_debian.md
index 27e5be35..2a1e2e79 100644
--- a/docs/gnulinux/encrypted_debian.md
+++ b/docs/gnulinux/encrypted_debian.md
@@ -22,17 +22,20 @@ tampering by someone with physical access to the system.
 
 This guide is written for Debian net installer. You can download the ISO
 from the homepage on [debian.org](https://www.debian.org/). Use this on
-the GRUB terminal to boot it from USB (for 64-bit Intel or AMD):\
-**set root='usb0'\
-linux /install.amd/vmlinuz\
-initrd /install.amd/initrd.gz\
-boot\
-** If you are on a 32-bit system (e.g. X60):\
-**set root='usb0'\
-linux /install.386/vmlinuz\
-initrd /install.386/initrd.gz\
-boot**
-
+the GRUB terminal to boot it from USB (for 64-bit Intel or AMD):
+
+    set root='usb0'
+    linux /install.amd/vmlinuz
+    initrd /install.amd/initrd.gz
+    boot
+    
+If you are on a 32-bit system (e.g. X60):
+
+    set root='usb0'
+    linux /install.386/vmlinuz
+    initrd /install.386/initrd.gz
+    boot
+    
 [This guide](grub_boot_installer.md) shows how to create a boot USB
 drive with the Debian ISO image.
 
@@ -165,13 +168,11 @@ Booting your system
 ===================
 
 At this point, you will have finished the installation. At your GRUB
-payload, press C to get to the command line.
+payload, press C to get to the command line, and enter:
 
-Do that:\
     grub> cryptomount -a
-    grub> set root='lvm/matrix-rootvol'\
-grub> **linux /vmlinuz root=/dev/mapper/matrix-rootvol
-cryptdevice=/dev/mapper/matrix-rootvol:root**\
+    grub> set root='lvm/matrix-rootvol'
+    grub> linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root
     grub> initrd /initrd.img
     grub> boot
 
@@ -182,6 +183,7 @@ If you didn't encrypt your home directory, then you can safely ignore
 this section.
 
 Immediately after logging in, do that:
+
     $ sudo ecryptfs-unwrap-passphrase
 
 This will be needed in the future if you ever need to recover your home
@@ -199,12 +201,11 @@ Modify your grub.cfg (in the firmware) [using this
 tutorial](grub_cbfs.md); just change the default menu entry 'Load
 Operating System' to say this inside:
 
-**cryptomount -a**\
-**set root='lvm/matrix-rootvol'**\
-**linux /vmlinuz root=/dev/mapper/matrix-rootvol
-cryptdevice=/dev/mapper/matrix-rootvol:root**\
-**initrd /initrd.img**
-
+    cryptomount -a
+    set root='lvm/matrix-rootvol'
+    linux /vmlinuz root=/dev/mapper/matrix-rootvolcryptdevice=/dev/mapper/matrix-rootvol:root
+    initrd /initrd.img
+    
 Without specifying a device, the *-a* parameter tries to unlock all
 detected LUKS volumes. You can also specify -u UUID or -a (device).
 
@@ -302,8 +303,6 @@ problems. Removing that worked around the issue.
 
 Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>\
 
-
-
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License Version 1.3 or any later
 version published by the Free Software Foundation
diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md
index 25c4e5c6..deb0ba4e 100644
--- a/docs/gnulinux/encrypted_parabola.md
+++ b/docs/gnulinux/encrypted_parabola.md
@@ -65,12 +65,14 @@ article](https://wiki.archlinux.org/index.php/Solid_State_Drives). Edit
 whole article and keep all points in mind, adapting them for this guide.
 
 Securely wipe the drive:
+
     # dd if=/dev/urandom of=/dev/sda; sync
 
 NOTE: If you have an SSD, only do this the first time. If it was already
 LUKS-encrypted before, use the info below to wipe the LUKS header. Also,
 check online for your SSD what the recommended erase block size is. For
 example if it was 2MiB:
+
     # dd if=/dev/urandom of=/dev/sda bs=2M; sync
 
 If your drive was already LUKS encrypted (maybe you are re-installing
@@ -82,6 +84,7 @@ guide is recommending putting zero there. I'm going to use urandom. Do
 this:
 
     # head -c 3145728 /dev/urandom > /dev/sda; sync
+
 (Wiping the LUKS header is important, since it has hashed passphrases
 and so on. It's 'secure', but 'potentially' a risk).
 
@@ -93,6 +96,7 @@ list the available keymaps and use yours:
 
     # localectl list-keymaps
     # loadkeys LAYOUT
+
 For me, LAYOUT would have been dvorak-uk.
 
 Establish an internet connection
@@ -142,13 +146,14 @@ I am then directed to
 
 Parabola forces you to RTFM. Do that.
 
-It tells me to run:
+To populate the list below, it tells me to run:
+
+    # cryptsetup benchmark
 
-    # cryptsetup benchmark (for making sure the list below is
-populated)\
 Then:
 
     # cat /proc/crypto
+
 This gives me crypto options that I can use. It also provides a
 representation of the best way to set up LUKS (in this case, security is
 a priority; speed, a distant second). To gain a better understanding, I
@@ -162,10 +167,14 @@ on
 Reading through, it seems like Serpent (encryption) and Whirlpool (hash)
 is the best option.
 
-I am initializing LUKS with the following:\
-\# **cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash
+I am initializing LUKS with the following:
+
+    # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash
+
 whirlpool --iter-time 500 --use-random --verify-passphrase luksFormat
-/dev/sda1** Choose a **secure** passphrase here. Ideally lots of
+/dev/sda1
+
+ Choose a **secure** passphrase here. Ideally lots of
 lowercase/uppercase numbers, letters, symbols etc all in a random
 pattern. The password length should be as long as you are able to handle
 without writing it down or storing it anywhere.
@@ -178,14 +187,14 @@ Create LVM
 
 Now I refer to <https://wiki.archlinux.org/index.php/LVM>.
 
-Open the LUKS partition:
+Open the LUKS partition at /dev/mapper/lvm:
 
     # cryptsetup luksOpen /dev/sda1 lvm
-(it will be available at /dev/mapper/lvm)
 
 Create LVM partition:
 
     # pvcreate /dev/mapper/lvm
+
 Show that you just created it:
 
     # pvdisplay
@@ -194,22 +203,24 @@ Now I create the volume group, inside of which the logical volumes will
 be created:
 
     # vgcreate matrix /dev/mapper/lvm
+
 (volume group name is 'matrix' - choose your own name, if you like)
 Show that you created it:
 
     # vgdisplay
 
-Now create the logical volumes:
+Now create the logical volumes (2G swap parittion named swapvol):
+
+    # lvcreate -L 2G matrix -n swapvol
 
-    # lvcreate -L 2G matrix -n swapvol (2G swap partition, named
-swapvol)\
-Again, choose your own name if you like. Also, make sure to choose a
-swap size of your own needs. It basically depends on how much RAM you
-have installed. I refer to
+Again, choose your own name if you like. Also, make sure to choose a swap size
+of your own needs. It basically depends on how much RAM you have installed. I
+refer to
 <http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space>.
+This creates a single large partition in the rest of the space, named root:
+
+    # lvcreate -l +100%FREE matrix -n root
 
-    # lvcreate -l +100%FREE matrix -n root (single large partition in
-the rest of the space, named root)\
 You can also be flexible here, for example you can specify a /boot, a /,
 a /home, a /var, a /usr, etc. For example, if you will be running a
 web/mail server then you want /var in its own partition (so that if it
@@ -227,6 +238,7 @@ Create / and swap partitions, and mount
 For the swapvol LV I use:
 
     # mkswap /dev/mapper/matrix-swapvol
+
 Activate swap:
 
     # swapon /dev/matrix/swapvol
@@ -263,49 +275,70 @@ server)) and then did:
 
     # pacman -Syy
     # pacman -Syu
-    # pacman -Sy pacman (and then I did the other 2 steps above,
-again)\
+    # pacman -Sy pacman
+
 In my case I did the steps in the next paragraph, and followed the steps
 in this paragraph again.
 
-<troubleshooting>\
-   The following is based on 'Verification of package signatures' in
-the Parabola install guide.\
-   Check there first to see if steps differ by now.\
-   Now you have to update the default Parabola keyring. This is used for
-signing and verifying packages:\
-   \# **pacman -Sy parabola-keyring**\
-   It says that if you get GPG errors, then it's probably an expired
-key and, therefore, you should do:\
-   \# **pacman-key --populate parabola**\
-   \# **pacman-key --refresh-keys**\
-   \# **pacman -Sy parabola-keyring**\
-   To be honest, you should do the above anyway. Parabola has a lot of
-maintainers, and a lot of keys. Really!\
-   If you get an error mentioning dirmngr, do:\
-   \# **dirmngr </dev/null**\
-   Also, it says that if the clock is set incorrectly then you have to
-manually set the correct time\
-   (if keys are listed as expired because of it):\
-   \# **date MMDDhhmm\[\[CC\]YY\]\[.ss\]**\
-   I also had to install:\
-   \# **pacman -S archlinux-keyring**\
-   \# **pacman-key --populate archlinux**\
-   In my case I saw some conflicting files reported in pacman, stopping
-me from using it.\
-   I deleted the files that it mentioned and then it worked.
-Specifically, I had this error:\
-   *licenses: /usr/share/licenses/common/MPS exists in filesystem*\
-   I rm -Rf'd the file and then pacman worked. I'm told that the
-following would have also made it work:\
-   \# **pacman -Sf licenses**\
-</troubleshooting>\
+Troubleshooting
+---------------
+
+The following is based on 'Verification of package signatures' in
+the Parabola install guide.
+
+Check there first to see if steps differ by now.
+
+Now you have to update the default Parabola keyring. This is used for
+signing and verifying packages:
+
+   # pacman -Sy parabola-keyring
+
+It says that if you get GPG errors, then it's probably an expired
+key and, therefore, you should do:
+
+   # pacman-key --populate parabola
+   # pacman-key --refresh-keys
+   # pacman -Sy parabola-keyring
+
+To be honest, you should do the above anyway. Parabola has a lot of
+maintainers, and a lot of keys. Really!
+
+If you get an error mentioning dirmngr, do:
+
+   # dirmngr < /dev/null
+
+Also, it says that if the clock is set incorrectly then you have to manually
+set the correct time
+
+   # date MMDDhhmm\[\[CC\]YY\]\[.ss\]
+
+I also had to install:
+
+   # pacman -S archlinux-keyring
+   # pacman-key --populate archlinux
+
+In my case I saw some conflicting files reported in pacman, stopping
+me from using it.
+I deleted the files that it mentioned and then it worked.
+Specifically, I had this error:
+
+   licenses: /usr/share/licenses/common/MPS exists in filesystem
+
+I rm -Rf'd the file and then pacman worked. I'm told that the
+following would have also made it work:
+
+    # pacman -Sf licenses
+
+More packages
+--------------
 
 I also like to install other packages (base-devel, compilers and so on)
 and wpa\_supplicant/dialog/iw/wpa\_actiond are needed for wireless after
-the install:\
-\# **pacstrap /mnt base base-devel wpa\_supplicant dialog iw
-wpa\_actiond**
+the install:
+
+    # pacstrap /mnt base base-devel wpa_supplicant dialog iw
+
+wpa\_actiond
 
 Configure the system
 --------------------
@@ -315,9 +348,11 @@ Generate an fstab - UUIDs are used because they have certain advantages
 prefer labels instead, replace the -U option with -L):
 
     # genfstab -U -p /mnt >> /mnt/etc/fstab
+
 Check the created file:
 
     # cat /mnt/etc/fstab
+
 (If there are any errors, edit the file. Do **NOT** run the genfstab
 command again!)
 
@@ -346,16 +381,18 @@ Parabola does not have wget. This is sinister. Install it:
 Locale:
 
     # vi /etc/locale.gen
+
 Uncomment your needed localisations. For example en\_GB.UTF-8 (UTF-8 is
 highly recommended over other options).
 
     # locale-gen
-    # echo LANG=en\_GB.UTF-8 > /etc/locale.conf
-    # export LANG=en\_GB.UTF-8
+    # echo LANG=en_GB.UTF-8 > /etc/locale.conf
+    # export LANG=en_GB.UTF-8
 
 Console font and keymap:
 
     # vi /etc/vconsole.conf
+
 In my case:
 
     KEYMAP=dvorak-uk
@@ -364,6 +401,7 @@ In my case:
 Time zone:
 
     # ln -s /usr/share/zoneinfo/Europe/London /etc/localtime
+
 (Replace Zone and Subzone to your liking. See /usr/share/zoneinfo)
 
 Hardware clock:
@@ -374,6 +412,7 @@ Hostname: Write your hostname to /etc/hostname. For example, if your
 hostname is parabola:
 
     # echo parabola > /etc/hostname
+
 Add the same hostname to /etc/hosts:
 
     # vi /etc/hosts
@@ -392,6 +431,7 @@ Mkinitcpio: Configure /etc/mkinitcpio.conf as needed (see
 information about each hook.) Specifically, for this use case:
 
     # vi /etc/mkinitcpio.conf
+
 Then modify the file like so:
 
 -   MODULES="i915"
@@ -418,9 +458,11 @@ with (this is different from Arch, specifying linux-libre instead of
 linux):
 
     # mkinitcpio -p linux-libre
+
 Also do it for linux-libre-lts:
 
     # mkinitcpio -p linux-libre-lts
+
 Also do it for linux-libre-grsec:
 
     # mkinitcpio -p linux-libre-grsec
@@ -430,9 +472,11 @@ default for its password hashing. I referred to
 <https://wiki.archlinux.org/index.php/SHA_password_hashes>.
 
     # vi /etc/pam.d/passwd
+
 Add rounds=65536 at the end of the uncommented 'password' line.
 
     # passwd root
+
 Make sure to set a secure password! Also, it must never be the same as
 your LUKS password.
 
@@ -457,7 +501,8 @@ file=/var/log/faillog*\
 To unlock a user manually (if a password attempt is failed 3 times),
 do:
 
-    # pam\_tally --user *theusername* --reset What the above
+    # pam_tally --user *theusername* --reset What the above
+
 configuration does is lock the user out for 10 minutes, if they make 3
 failed login attempts.
 
@@ -487,6 +532,7 @@ Lock the encrypted partition (close it):
     # cryptsetup luksClose lvm
 
     # shutdown -h now
+
 Remove the installation media, then boot up again.
 
 Booting from GRUB
@@ -538,13 +584,18 @@ current firmware - where *libreboot.rom* is an example: make sure to
 adapt:
 
     # flashrom -p internal -r libreboot.rom
+
 If flashrom complains about multiple flash chips detected, add a *-c*
 option at the end, with the name of your chosen chip is quotes.\
 You can check if everything is in there (*grub.cfg* and *grubtest.cfg*
 would be really nice):
+
     $ ./cbfstool libreboot.rom print
+
 Extract grubtest.cfg:
+
     $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg\
+
 And modify:
 
     $ vi grubtest.cfg
@@ -578,20 +629,25 @@ Save your changes in grubtest.cfg, then delete the unmodified config
 from the ROM image:
 
     $ ./cbfstool libreboot.rom remove -n grubtest.cfg
-and insert the modified grubtest.cfg:\
-\$ **./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t
-raw**\
+
+and insert the modified grubtest.cfg:
+
+    # ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t
+
+raw
 
 Now refer to [../install/#flashrom](../install/#flashrom). Cd (up) to
 the libreboot\_util directory and update the flash chip contents:
 
     # ./flash update libreboot.rom
+
 Ocassionally, coreboot changes the name of a given board. If flashrom
 complains about a board mismatch, but you are sure that you chose the
 correct ROM image, then run this alternative command:
 
     # ./flash forceupdate libreboot.rom
-You should see "Verifying flash\... VERIFIED." written at the end of
+
+You should see "Verifying flash... VERIFIED." written at the end of
 the flashrom output.
 
 With this new configuration, Parabola can boot automatically and you
@@ -616,13 +672,17 @@ the main config still links (in the menu) to grubtest.cfg, so that you
 don't have to manually switch to it, in case you ever want to follow
 this guide again in the future (modifying the already modified config).
 Inside libreboot\_util/cbfstool/{armv7l i686 x86\_64}, we can do this
-with the following command:\
-\$ **sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e
+with the following command:
+
+    # sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e
+
 's:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg >
-grub.cfg**\
+grub.cfg
+
 Delete the grub.cfg that remained inside the ROM:
 
     $ ./cbfstool libreboot.rom remove -n grub.cfg
+
 Add the modified version that you just made:
 
     $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw
@@ -632,7 +692,8 @@ Now you have a modified ROM. Once more, refer to
 directory and update the flash chip contents:
 
     # ./flash update libreboot.rom
-And wait for the "Verifying flash\... VERIFIED." Once you have done
+
+And wait for the "Verifying flash... VERIFIED." Once you have done
 that, shut down and then boot up with your new configuration.
 
 When done, delete GRUB (remember, we only needed it for the
@@ -656,26 +717,32 @@ will be asked to enter your passphrase a second time. A workaround is to
 put a keyfile inside initramfs, with instructions for the kernel to use
 it when booting. This is safe, because /boot/ is encrypted (otherwise,
 putting a keyfile inside initramfs would be a bad idea).\
-Boot up and login as root or your user. Then generate the key file:\
-\# **dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile
-iflag=fullblock**\
+Boot up and login as root or your user. Then generate the key file:
+
+    # dd bs=512 count=4 if=/dev/urandom of=/etc/mykeyfile
+
+iflag=fullblock
+
 Insert it into the luks volume:
 
     # cryptsetup luksAddKey /dev/sdX /etc/mykeyfile
+
 and enter your LUKS passphrase when prompted. Add the keyfile to the
 initramfs by adding it to FILES in /etc/mkinitcpio.conf. For example:
 
     # FILES="/etc/mykeyfile"
+
 Create the initramfs image from scratch:
 
     # mkinitcpio -p linux-libre
     # mkinitcpio -p linux-libre-lts
     # mkinitcpio -p linux-libre-grsec
+
 Add the following to your grub.cfg - you are now able to do that, see
 above! -, or add it in the kernel command line for GRUB:
 
     # cryptkey=rootfs:/etc/mykeyfile
-\
+
 You can also place this inside the grub.cfg that exists in CBFS:
 [grub\_cbfs.md](grub_cbfs.md).
 
@@ -775,8 +842,6 @@ problems. Removing that worked around the issue.
 Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>\
 Copyright © 2015 Jeroen Quint <jezza@diplomail.ch>\
 
-
-
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License Version 1.3 or any later
 version published by the Free Software Foundation
diff --git a/docs/gnulinux/grub_boot_installer.md b/docs/gnulinux/grub_boot_installer.md
index 228dadff..6137b5b7 100644
--- a/docs/gnulinux/grub_boot_installer.md
+++ b/docs/gnulinux/grub_boot_installer.md
@@ -1,18 +1,12 @@
 ---
 title: How to install GNU+Linux on a libreboot system
+x-toc-enable: true
 ...
 
 This section relates to preparing, booting and installing a GNU+Linux
 distribution on your libreboot system, using nothing more than a USB
 flash drive (and *dd*).
 
--   [Prepare the USB drive (in GNU+Linux)](#prepare)
--   [Installing GNU+Linux with full disk encryption](#encryption)
--   [Debian or Devuan net install?](#debian_netinstall)
--   [Booting ISOLINUX images (automatic method)](#parse_isolinux)
--   [Booting ISOLINUX images (manual method)](#manual_isolinux)
--   [Troubleshooting](#troubleshooting)
-
 **This section is only for the GRUB payload. For depthcharge (used on
 CrOS devices in libreboot), instructions have yet to be written in the
 libreboot documentation.**
@@ -72,6 +66,7 @@ how to create the bootable GNU+Linux USB drive:
 Connect the USB drive. Check dmesg:
 
     $ dmesg | tail
+
 Check to confirm which drive it is, for example, if you think its sd3:
 
     $ disklabel sd3
@@ -92,10 +87,8 @@ Continue reading, for information about how to do that.
 Installing GNU+Linux with full disk encryption
 ----------------------------------------------
 
--   [Installing Debian or Devuan GNU+Linux with full disk encryption
-    (including /boot)](encrypted_debian.md)
--   [Installing Parabola GNU+Linux with full disk encryption (including
-    /boot)](encrypted_parabola.md)
+-   [Debian or Devuan GNU+Linux with full disk encryption](encrypted_debian.md)
+-   [Parabola GNU+Linux with full disk encryption](encrypted_parabola.md)
 
 Debian or Devuan net install?
 -----------------------------
@@ -103,16 +96,21 @@ Debian or Devuan net install?
 Download the Debian or Devuan net installer. You can download the ISO
 from the homepage on [debian.org](https://www.debian.org/), or [the
 Devuan homepage](https://www.devuan.org/) for Devuan. Use this on the
-GRUB terminal to boot it from USB (for 64-bit Intel or AMD):\
-**set root='usb0'\
-linux /install.amd/vmlinuz\
-initrd /install.amd/initrd.gz\
-boot\
-** If you are on a 32-bit system (e.g. X60):\
-**set root='usb0'\
-linux /install.386/vmlinuz\
-initrd /install.386/initrd.gz\
-boot**\
+GRUB terminal to boot it from USB (for 64-bit Intel or AMD):
+
+
+    set root='usb0'
+    linux /install.amd/vmlinuz
+    initrd /install.amd/initrd.gz
+    boot
+
+If you are on a 32-bit system (e.g. X60):
+
+    set root='usb0'
+    linux /install.386/vmlinuz
+    initrd /install.386/initrd.gz
+    boot
+
 We recommend using the *MATE* desktop.
 
 Booting ISOLINUX images (automatic method)
@@ -131,14 +129,21 @@ distribution. You must adapt them appropriately, for whatever GNU+Linux
 distribution it is that you are trying to install.*
 
 If the ISOLINUX parser or *Search for GRUB configuration* options won't
-work, then press C in GRUB to access the command line.\
+work, then press C in GRUB to access the command line.
+
     grub> ls
-Get the device from above output, eg (usb0). Example:\
-    grub> cat (usb0)/isolinux/isolinux.cfg\
+
+Get the device from above output, eg (usb0). Example:
+
+    grub> cat (usb0)/isolinux/isolinux.cfg
+
 Either this will show the ISOLINUX menuentries for that ISO, or link to
-other .cfg files, for example /isolinux/foo.cfg.\
-If it did that, then you do:\
+other .cfg files, for example /isolinux/foo.cfg.
+
+If it did that, then you do:
+
     grub> cat (usb0)/isolinux/foo.cfg
+
 And so on, until you find the correct menuentries for ISOLINUX. **The
 file */isolinux/foo.cfg* is a fictional example. Do not actually use
 this example, unless you actually have that file, if it is
@@ -154,15 +159,17 @@ options in txt.cfg. This is important if you want 64-bit booting on your
 system. Devuan versions based on Debian 8.x may also have the same
 issue.
 
-Now look at the ISOLINUX menuentry. It'll look like:\
-**kernel /path/to/kernel\
-append PARAMETERS initrd=/path/to/initrd MAYBE\_MORE\_PARAMETERS\
-** GRUB works the same way, but in it's own way. Example GRUB
-commands:\
-    grub> set root='usb0'\
+Now look at the ISOLINUX menuentry. It'll look like:
+
+    kernel /path/to/kernel append PARAMETERS initrd=/path/to/initrd ...
+
+GRUB works similarly. Example GRUB commands:
+
+    grub> set root='usb0'
     grub> linux /path/to/kernel PARAMETERS MAYBE\_MORE\_PARAMETERS
     grub> initrd /path/to/initrd
     grub> boot
+
 Note: *usb0* may be incorrect. Check the output of the *ls* command in
 GRUB, to see a list of USB devices/partitions. Of course this will vary
 from distro to distro. If you did all of that correctly, then it should
@@ -193,8 +200,9 @@ When using the ROM images that use coreboot's "text mode" instead of
 the coreboot framebuffer, booting the Debian or Devuan net installer
 results in graphical corruption because it is trying to switch to a
 framebuffer which doesn't exist. Use that kernel parameter on the
-'linux' line when booting it:\
-**vga=normal fb=false**
+'linux' line when booting it:
+
+    vga=normal fb=false
 
 This forces debian-installer to start in text-mode, instead of trying to
 switch to a framebuffer.
@@ -211,8 +219,6 @@ debian-installer (text mode) net install method.
 Copyright © 2014, 2015, 2016 Leah Rowe <info@minifree.org>\
 Copyright © 2016 Scott Bonds <scott@ggr.com>\
 
-
-
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License Version 1.3 or any later
 version published by the Free Software Foundation
diff --git a/docs/gnulinux/grub_cbfs.md b/docs/gnulinux/grub_cbfs.md
index 4b58d3e5..01e4d3de 100644
--- a/docs/gnulinux/grub_cbfs.md
+++ b/docs/gnulinux/grub_cbfs.md
@@ -1,5 +1,6 @@
 ---
 title: How to replace the default GRUB configuration file 
+x-toc-enable: true
 ...
 
 Libreboot on x86 uses the GRUB
@@ -27,20 +28,6 @@ Here is an excellent writeup about CBFS (coreboot filesystem):
 **This guide is \*only\* for the GRUB payload. If you use the
 depthcharge payload, ignore this section entirely.**
 
-Table of Contents
-=================
-
--   [Introduction](#introduction)
--   [1st option: don't re-flash](#option1_dont_reflash)
--   [2nd option: re-flash](#option2_reflash)
-    -   [Acquire the necessary utilities](#tools)
-    -   [Acquiring the correct ROM image](#rom)
-    -   [Extract grubtest from the ROM image](#extract_testconfig)
-    -   [Re-insert the modified grubtest.cfg into the ROM
-        image](#reinsert_modified_testconfig)
-    -   [Testing](#testing)
-    -   [Final steps](#final_steps)
-
 Introduction
 ------------
 
@@ -58,7 +45,7 @@ If you aren't up to that then don't worry; it is possible to use a
 custom GRUB menu without flashing a new image, by loading a GRUB
 configuration from a partition on the main storage instead.
 
-1st option: don't re-flash {#option1_dont_reflash}
+1st option: don't re-flash
 ---------------------------
 
 By default, GRUB in libreboot is configured to scan all partitions on
@@ -94,22 +81,23 @@ of this page is irrelevant to you); **in libreboot\_grub.cfg on disk, if
 you are adapting it based on grub.cfg from CBFS then remove the check
 for libreboot\_grub.cfg otherwise it will loop.**.
 
-2nd option: re-flash {#option2_reflash}
+2nd option: re-flash
 --------------------
 
 You can modify what is stored inside the flash chip quite easily. Read
 on to find out how.
 
-Acquire the necessary utilities {#tools}
+Acquire the necessary utilities
 -------------------------------
 
 Use ***cbfstool*** and ***flashrom***. There are available in the
 *libreboot\_util* release archive, or they can be compiled (see
 [../git/\#build\_flashrom](../git/#build_flashrom)). Flashrom is also
 available from the repositories:
+
     # pacman -S flashrom
 
-Acquiring the correct ROM image {#rom}
+Acquiring the correct ROM image
 -------------------------------
 
 You can either work directly with one of the ROM images already included
@@ -119,19 +107,22 @@ image file is named *libreboot.rom*, so please make sure to adapt.
 
 ROM images are included pre-compiled in libreboot. You can also dump
 your current firmware, using flashrom:
+
     $ sudo flashrom -p internal -r libreboot.rom
     # flashrom -p internal -r libreboot.rom
+
 If you are told to specify the chip, add the option **-c {your chip}**
 to the command, for example:
 
     # flashrom -c MX25L6405 -p internal -r libreboot.rom
 
-Extract grubtest.cfg from the ROM image {#extract_testconfig}
+Extract grubtest.cfg from the ROM image
 ---------------------------------------
 
 You can check the contents of the ROM image, inside CBFS:
 
-    $ cd \.../libreboot\_util/cbfstool** $ ./cbfstool libreboot.rom
+    $ cd .../libreboot\_util/cbfstool** $ ./cbfstool libreboot.rom
+
 print**
 
 The files *grub.cfg* and *grubtest.cfg* should be present. grub.cfg is
@@ -145,7 +136,7 @@ Extract grubtest.cfg from the ROM image:
 
 Modify the grubtest.cfg accordingly.
 
-Re-insert the modified grubtest.cfg into the ROM image {#reinsert_modified_testconfig}
+Re-insert the modified grubtest.cfg into the ROM image
 ------------------------------------------------------
 
 Once your grubtest.cfg is modified and saved, delete the unmodified
@@ -164,11 +155,14 @@ Testing
 [../install/\#flashrom](../install/#flashrom) for information on how to
 flash it.
     $ cd /libreboot\_util** \# **./flash update libreboot.rom\
+
 Ocassionally, coreboot changes the name of a given board. If flashrom
 complains about a board mismatch, but you are sure that you chose the
 correct ROM image, then run this alternative command:
+
     # ./flash forceupdate libreboot.rom
-You should see **"Verifying flash\... VERIFIED."** written at the end
+
+You should see **"Verifying flash... VERIFIED."** written at the end
 of the flashrom output. Once you have done that, shut down and then boot
 up with your new test configuration.**
 
@@ -180,7 +174,7 @@ sceptical in any way, then re-do the steps above until you get it right!
 Do \*not\* proceed past this point unless you are 100% sure that your
 new configuration is safe (or desirable) to use.**
 
-Final steps {#final_steps}
+Final steps
 -----------
 
 When you are satisfied booting from grubtest.cfg, you can create a copy
@@ -190,10 +184,12 @@ difference: the menuentry 'Switch to grub.cfg' will be changed to
 grubtest.cfg. This is so that the main config still links (in the menu)
 to grubtest.cfg, so that you don't have to manually switch to it, in
 case you ever want to follow this guide again in the future (modifying
-the already modified config). From /libreboot\_util/cbfstool, do:\
-\$ **sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e
+the already modified config). From /libreboot\_util/cbfstool, do:
+
+    # sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e
+
 's:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg >
-grub.cfg**\
+grub.cfg
 
 Delete the grub.cfg that remained inside the ROM:
 
@@ -211,8 +207,6 @@ boot up with your new configuration.**
 Copyright © 2014, 2015 Leah Rowe <info@minifree.org>\
 Copyright © 2015 Jeroen Quint <jezza@diplomail.ch>\
 
-
-
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License Version 1.3 or any later
 version published by the Free Software Foundation
diff --git a/docs/gnulinux/grub_hardening.md b/docs/gnulinux/grub_hardening.md
index 12485949..c4843890 100644
--- a/docs/gnulinux/grub_hardening.md
+++ b/docs/gnulinux/grub_hardening.md
@@ -31,14 +31,10 @@ image:
 
 Helpful links:
 
--   [GRUB manual
-    \#security](https://www.gnu.org/software/grub/manual/html_node/Security.html#Security)
--   [GRUB info
-    pages](http://git.savannah.gnu.org/cgit/grub.git/tree/docs/grub.texi)
--   [SATA connected storage considered dangerous until proven
-    otherwise.](../../faq.md#firmware-hddssd)
--   [Coreboot GRUB security
-    howto](https://www.coreboot.org/GRUB2#Security)
+-   [GRUB manual](https://www.gnu.org/software/grub/manual/html_node/Security.html#Security)
+-   [GRUB info pages](http://git.savannah.gnu.org/cgit/grub.git/tree/docs/grub.texi)
+-   [SATA connected storage considered dangerous.](../../faq.md#firmware-hddssd)
+-   [Coreboot GRUB security howto](https://www.coreboot.org/GRUB2#Security)
 
 GRUB Password
 =============
@@ -138,7 +134,7 @@ First generate a GPG keypair to use for signing. Option RSA (sign only)
 is ok.
 
 **Warning:** GRUB does not read ASCII armored keys. When attempting to
-trust \... a key filename it will print error: bad signature
+trust ... a key filename it will print error: bad signature
 
     mkdir --mode 0700 keys
     gpg --homedir keys --gen-key
@@ -158,6 +154,7 @@ Now that we have a key, we can sign some files with it. We have to sign:
 Suppose that we have a pair of **my.kernel** and **my.initramfs** and an
 on-disk **libreboot\_grub.cfg**. We sign them by issuing the following
 commands:
+
     gpg --homedir keys --detach-sign my.initramfs
     gpg --homedir keys --detach-sign my.kernel
     gpg --homedir keys --detach-sign libreboot_grub.cfg
@@ -176,12 +173,10 @@ What remains now is to include the modifications into the image (rom):
     cbfstool my.rom add -n grubtest.cfg -f my.grubtest.cfg -t raw
     cbfstool my.rom add -n grubtest.cfg.sig -f my.grubtest.cfg.sig -t raw
 
-\... and flashing it.
+... and flashing it.
 
 Copyright © 2017 Fedja Beader <fedja@protonmail.ch>\
 
-
-
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License Version 1.3 or any later
 version published by the Free Software Foundation
diff --git a/docs/gnulinux/index.md b/docs/gnulinux/index.md
index 3814b75f..4903d1c6 100644
--- a/docs/gnulinux/index.md
+++ b/docs/gnulinux/index.md
@@ -24,8 +24,6 @@ instructions have yet to be written.**
 
 Copyright © 2014, 2015 Leah Rowe <info@minifree.org>\
 
-
-
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU Free Documentation License Version 1.3 or any later
 version published by the Free Software Foundation