diff options
Diffstat (limited to 'docs/howtos')
22 files changed, 649 insertions, 40 deletions
diff --git a/docs/howtos/encrypted_trisquel.html b/docs/howtos/encrypted_trisquel.html new file mode 100644 index 00000000..2529da4c --- /dev/null +++ b/docs/howtos/encrypted_trisquel.html @@ -0,0 +1,321 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <style type="text/css"> + body { + background:#fff; + color:#000; + font-family:sans-serif; + font-size:1em; + } + div.important { + background-color:#ccc; + } + </style> + + <title>Installing Trisquel GNU/Linux with full disk encryption (including /boot)</title> +</head> + +<body> + <header> + <h1>Installing Trisquel GNU/Linux with full disk encryption (including /boot)</h1> + <aside>Or <a href="../index.html">back to main index</a></aside> + </header> + + <p> + Because GRUB is installed directly as a payload of libreboot (or coreboot), you don't need an unencrypted /boot partition + when setting up an encrypted system. This means that your machine can really secure data while powered off. + </p> + + <p> + This works in Trisquel 7, and probably Trisquel 6. Boot the 'net installer' (Install Trisquel in Text Mode). <a href="grub_boot_installer.html">How to boot a GNU/Linux installer</a>. + </p> + + <p> + Set a strong user password (ideally above 40 characters, of lowercase/uppercase, numbers and symbols) and when the installer asks you to setup + encryption (ecryptfs) for your home directory, select 'Yes'. + </p> + + <p> + <b> + Your user password should be different than the LUKS password which you will set later on. + Your LUKS password should, like the user password, be secure. + </b> + </p> + + <h1>Partitioning</h1> + + <p>Choose 'Manual' partitioning:</p> + <ul> + <li>Select drive and create new partition table</li> + <li> + Single large partition. The following are mostly defaults: + <ul> + <li>Use as: physical volume for encryption</li> + <li>Encryption: aes</li> + <li>key size: 256</li> + <li>IV algorithm: xts-plain64</li> + <li>Encryption key: passphrase</li> + <li>erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)</li> + </ul> + </li> + <li> + Select 'configure encrypted volumes' + <ul> + <li>Create encrypted volumes</li> + <li>Select your partition</li> + <li>Finish</li> + <li>Really erase: Yes</li> + <li>(erase will take a long time. be patient)</li> + </ul> + </li> + <li> + Select encrypted space: + <ul> + <li>use as: physical volume for LVM</li> + <li>Choose 'done setting up the partition'</li> + </ul> + </li> + <li> + Configure the logical volume manager: + <ul> + <li>Keep settings: Yes</li> + </ul> + </li> + <li> + Create volume group: + <ul> + <li>Name: <b>buzz</b> (you can use whatever you want here, this is just an example)</li> + <li>Select crypto partition</li> + </ul> + </li> + <li> + Create logical volume + <ul> + <li>select <b>buzz</b> (or whatever you named it before)</li> + <li>name: <b>distro</b> (you can use whatever you want here, this is just an example)</li> + <li>size: default, minus 2048 MB</li> + </ul> + </li> + <li> + Create logical volume + <ul> + <li>select <b>buzz</b> (or whatever you named it before)</li> + <li>name: <b>swap</b> (you can use whatever you want here, this is just an example)</li> + <li>size: press enter</li> + </ul> + </li> + </ul> + + <h1>Further partitioning</h1> + + <p> + Now you are back at the main partitioning screen. You will simply set mountpoints and filesystems to use. + </p> + <ul> + <li> + LVM LV distro + <ul> + <li>use as: ext4</li> + <li>mount point: /</li> + <li>done setting up partition</li> + </ul> + </li> + <li> + LVM LV swap + <ul> + <li>use as: swap area</li> + <li>done setting up partition</li> + </ul> + </li> + <li>Now you select 'Finished partitioning and write changes to disk'.</li> + </ul> + + <h1>Kernel</h1> + + <p> + Installation will ask what kernel you want to use. linux-generic is fine. + </p> + + <h1>Tasksel</h1> + + <p> + Just continue here, without selecting anything. You can install everything later (it's really easy). + </p> + + <h1>Install the GRUB boot loader to the master boot record</h1> + + <p> + Choose 'Yes'. It will fail, but don't worry. Then at the main menu, choose 'Continue without a bootloader'. + </p> + + <p> + <i>You do not need to install GRUB at all, since in libreboot you are using the GRUB payload (for libreboot) to boot your system directly.</i> + </p> + + <h1>Clock UTC</h1> + + <p> + Just say 'Yes'. + </p> + + <h1> + Booting your system + </h1> + + <p> + At this point, you will have finished the installation. At your GRUB payload, press C to get to the command line. + </p> + + <p> + Do that:<br/> + grub> <b>cryptomount -a (ahci0,msdos1)</b><br/> + grub> <b>set root='lvm/buzz-distro'</b><br/> + grub> <b>linux /vmlinuz root=/dev/mapper/buzz-distro cryptdevice=/dev/mapper/buzz-distro:root quiet splash ro</b><br/> + grub> <b>initrd /initrd.img</b><br/> + grub> <b>boot</b> + </p> + + <h1> + ecryptfs + </h1> + + <p> + Immediately after logging in, do that:<br/> + $ <b>sudo ecryptfs-unwrap-passphrase</b> + </p> + + <p> + This will be needed in the future if you ever need to recover your home directory from another system, so write it down and keep the note + somewhere secret. Ideally, you should memorize it and then burn the note (or not even write it down, and memorize it still)> + </p> + + <h1> + Modify grub.cfg (CBFS) + </h1> + + <p> + Now you need to set it up so that the system will automatically boot, without having to type a bunch of commands. + </p> + + <p> + Modify your grub.cfg (in the firmware) <a href="grub_cbfs.html">using this tutorial</a>; + just change the default menu entry 'Load Operating System' to say this inside: + </p> + + <p> + <b>cryptomount -a (ahci0,msdos1)</b><br/> + <b>set root='lvm/buzz-distro'</b><br/> + <b>linux /vmlinuz root=/dev/mapper/buzz-distro cryptdevice=/dev/mapper/buzz-distro:root quiet splash ro</b><br/> + <b>initrd /initrd.img</b> + </p> + + <p> + Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see + GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. <b>This should be different than your LUKS passphrase and user password.</b> + </p> + + <p> + The GRUB utility can be used like so:<br/> + $ <b>grub-mkpasswd-pbkdf2</b> + </p> + + <p> + Give it a password (remember, it has to be secure) and it'll output something like:<br/> + <b>grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b> + </p> + + <p> + Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):<br/> + </p> + <pre> +<b>set superusers="root"</b> +<b>password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b> + </pre> + + <p> + Obviously, replace it with the correct hash that you actually got for the password that you entered. Meaning, not the hash that you see above! + </p> + + <p> + After this, you will have a modified ROM with the menu entry for cryptomount, and the entry before that for the GRUB password. Flash the modified ROM + using <a href="../index.html#flashrom">this tutorial</a>. + </p> + + <h1> + Update Trisquel + </h1> + + <p> + $ <b>sudo apt-get update</b><br/> + $ <b>sudo apt-get upgrade</b> + </p> + + <p> + At the time of writing, Trisquel 7 had <a href="https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1274680">this</a> + bug from upstream. The workaround identified in <a href="https://trisquel.info/en/forum/trisquel-7-memory-leak-issues">this page</a> + was as follows:<br/> + $ <b>sudo apt-get remove libpam-smbpass</b> + </p> + + <h1> + Install a desktop (optional) + </h1> + + <p> + Installs the default desktop:<br/> + $ <b>sudo apt-get install trisquel</b> + </p> + + <p> + It might ask for postfix configuration. I just choose 'No configuration'. + </p> + + <p> + Next time you boot, it'll start lightdm and you can login. To start lightdm now, do:<br/> + $ <b>sudo service lightdm start</b> + </p> + + <p> + Go back to the terminal (ctrl-alt-f1) and exit:<br/> + $ <b>exit</b> + </p> + + <p> + Go back to lightdm (ctrl-alt-f7) and login. + </p> + + <p> + Since you installed using net install and you only installed the base system, network-manager isn't controlling + your eth0 but instead /etc/network/interfaces is. Comment out the eth0 lines in that file, and then do:<br/> + $ <b>sudo /etc/init.d/networking stop</b><br/> + $ <b>sudo service network-manager restart</b> + </p> + + <h1> + Conclusion + </h1> + + <p> + If you followed all that correctly, you should now have a fully encrypted system. + </p> + +<hr/> + + <p> + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. + </p> + +</body> +</html> diff --git a/docs/howtos/grub_boot_installer.html b/docs/howtos/grub_boot_installer.html index 9377cfc1..38a47955 100644 --- a/docs/howtos/grub_boot_installer.html +++ b/docs/howtos/grub_boot_installer.html @@ -63,11 +63,43 @@ the way you specified. </p> + <h1>Troubleshooting</h1> + + <h2>debian-installer (trisquel net install) graphical corruption in text-mode</h2> + <p> + When using the ROM images that use coreboot's "text mode" instead of the coreboot framebuffer, + booting the Trisquel net installer results in graphical corruption because it is trying to switch to a framebuffer which doesn't + exist. Use that kernel parameter on the 'linux' line when booting it:<br/> + <b>vga=normal fb=false</b> + </p> + + <p> + Tested in Trisquel 6 (and 7). This forces debian-installer to start in text-mode, instead of trying to switch to a framebuffer. + </p> + + <p> + If selecting text-mode from a GRUB menu created using the ISOLINUX parser, you can press E on the menu entry to add this. + Or, if you are booting manually (from GRUB terminal) then just add the parameters. + </p> + + <p> + This workaround was found on the page: <a href="https://www.debian.org/releases/stable/i386/ch05s04.html">https://www.debian.org/releases/stable/i386/ch05s04.html</a>. + It should also work for gNewSense, Debian and any other apt-get distro that provides debian-installer (text mode) net install method. + </p> + <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. + </p> + </body> </html> diff --git a/docs/howtos/grub_cbfs.html b/docs/howtos/grub_cbfs.html index d95904d0..b82a12a9 100644 --- a/docs/howtos/grub_cbfs.html +++ b/docs/howtos/grub_cbfs.html @@ -11,6 +11,9 @@ font-family:sans-serif; font-size:1em; } + div.important { + background-color:#ccc; + } </style> <title>Libreboot documentation: GRUB menu</title> @@ -42,12 +45,11 @@ <p> Download libreboot_src.tar.gz or libreboot_bin.tar.gz from <a href="http://libreboot.org/" target="_blank">http://libreboot.org/</a> - <br/><b>If you downloaded libreboot_meta.tar.gz, refer to <a href="../index.html#build_meta">../index.html#build_meta</a> before continuing.</b> + <br/><b>If you downloaded libreboot from git, refer to <a href="../index.html#build_meta">../index.html#build_meta</a> before continuing.</b> </p> <p> - On apt-get distributions such as Trisquel you can install the build dependency (GCC) by running:<br/> - <b>$ sudo apt-get install build-essential</b> + First, <a href="../index.html#build_dependencies">install the build dependencies</a>. </p> <p> @@ -74,21 +76,152 @@ </p> <p> + If you currently have flashed a ROM image from an older version, it is recommended to update first: basically, modify one of the latest ROM's + and then flash it. + </p> + + <p> Display contents of ROM:<br/> <b>$ ./cbfstool libreboot_usqwerty.rom print</b> </p> <p> - The libreboot_usqwerty.rom file contains your grub.cfg. + The libreboot_usqwerty.rom file contains your grub.cfg, along with a copy called grubtest.cfg. + You should extract, modify and re-insert the copy first. grub.cfg will load first, but it has a menu entry for switching to the copy (grubtest.cfg). + This reduces your chance of making a mistake that could make your machine unbootable (or very hard to boot). </p> <p> Extract grub.cfg from the ROM:<br/> - <b>$ ./cbfstool libreboot_usqwerty.rom extract -n grub.cfg -f grub.cfg</b> + <b>$ ./cbfstool libreboot_usqwerty.rom extract -n grubtest.cfg -f grubtest.cfg</b> </p> <p> - Now you have a grub.cfg in cbfstool directory. Edit it however you wish. + Now you have a grubtest.cfg in cbfstool directory. Edit it however you wish. + </p> + + <div class="important"> + + <h2>Example modification (Trisquel GNU/Linux, can also be adapted, or copied, for other apt-get distros)</h2> + + <p> + Look at the 3 lines under the menu entry 'Load Operating System'; these are all you need to change. + </p> + + <p> + As an example, on my test system in /boot/grub/grub.cfg I see for the main menu entry: + <b>linux /boot/vmlinuz-3.15.1-gnu.nonpae root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro crashkernel=384M-2G:64M,2G-:128M quiet splash $vt_handoff</b> + <b>initrd /boot/initrd.img-3.15.1-gnu.nonpae</b> + </p> + + <p> + crashkernel=384M-2G:64M,2G-:128M and $vt_handoff can be safely ignored. + </p> + + <p> + I use this to get my partition layout:<br/> + $ <b>lsblk</b> + </p> + + <p> + In my case, I have no /boot partition, instead /boot is on the same partition as / on sda1. Yours might be different. + In GRUB terms, sda means ahci0. 1 means msdos1, or gpt1, depending on whether I am using MBR or GPT partitioning. + Thus, /dev/sda1 is GRUB is (ahci0,msdos1) or (ahci0,gpt1). In my case, I use MBR partitioning so it's (ahci0,msdos1). + 'msdos' is GRUB's name simply because this partitioning type is traditionally used by MS-DOS. It doesn't mean you have a + proprietary OS. + </p> + + <p> + Trisquel doesn't keep the filenames of kernels consistent, instead it keeps old kernels and new kernel updates are provided + with the version in the filename. This can make GRUB payload a bit tricky. Fortunately, there are symlinks /vmlinuz and /initrd.img + so if your /boot and / are on the same partition, you can set GRUB to boot from that. These are also updated automatically when + installing kernel updates from your distributions apt-get repositories. + NOte: when using jxself.org/linux-libre kernels, these are not updated at all and you have to update them manually. + </p> + + <p> + For the GRUB payload's grub.cfg (in 'Load Operating System' menu entry), we therefore have (in this example):<br/> + <b>set root='ahci0,msdos1'</b><br/> + <b>linux /vmlinuz root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro quiet splash</b><br/> + <b>initrd /initrd.img</b> + </p> + + <p> + Optionally, you can convert the UUID to it's real device name, for example /dev/sda1 in this case. + sdX naming isn't very reliable, though, which is why UUID is used for most distributions. + </p> + + <p> + Alternatively, if your /boot is on a separate partition then you cannot rely on the /vmlinuz and /initrd.img symlinks. + Instead, go into /boot and create your own symlinks (update them manually when you install a new kernel update).<br/> + $ <b>sudo -s</b><br/> + # <b>cd /boot/</b><br/> + # <b>rm -rf vmlinuz initrd.img</b><br/> + # <b>ln -s <u>kernel</u> ksym</b><br/> + # <b>ln -s <u>initrd</u> isym</b><br/> + # <b>exit</b> + </p> + + <p> + Replace the underlined <b>kernel</b> and <b>initrd</b> filenames above with the actual filenames, of course. + </p> + + <p> + Then your grub.cfg menu entry (for payload) becomes like that, for example if / was on sda2 and /boot was on sda1:<br/> + <b>set root='ahci0,msdos1'</b><br/> + <b>linux /ksym root=/dev/sda2 ro quiet splash</b><br/> + <b>initrd /isym</b> + </p> + + <p> + There are lots of possible variations so please try to adapt. + </p> + + <h2>Parabola GNU/Linux-libre</h2> + + <p> + You can basically adapt the above. Note however that Parabola does not keep old kernels still installed, and the file names + are always consistent, so you don't need to boot from symlinks, you can just use the real thing directly. + </p> + + </div> + + <p> + Now you have your modified grub.cfg. (right?) + </p> + + <p> + Delete the grubtest.cfg that remained inside the ROM:<br/> + <b>$ ./cbfstool libreboot_usqwerty.rom remove -n grubtest.cfg</b> + </p> + + <p> + Display ROM contents and now you see grubtest.cfg no longer exists there:<br/> + <b>$ ./cbfstool libreboot_usqwerty.rom print</b> + </p> + + <p> + Add the modified version that you just made:<br/> + <b>$ ./cbfstool libreboot_usqwerty.rom add -n grubtest.cfg -f grubtest.cfg -t raw</b> + </p> + + <p> + Now display ROM contents again and see that it exists again:<br/> + <b>$ ./cbfstool libreboot_usqwerty.rom print</b> + </p> + + <p> + Now you have a modified ROM. Refer back to <a href="../index.html#flashrom">../index.html#flashrom</a> for information + on how to flash it. + </p> + + <p> + Choose (in GRUB) the menu entry that switches to grubtest.cfg. If it works, then your config is safe and you can continue below. + </p> + + <p> + Rename (just reduce confusion):<br/> + $ <b>mv grubtest.cfg grub.cfg</b> </p> <p> @@ -117,14 +250,25 @@ </p> <p> + If all went well, GRUB should now boot your system the way you intended. + </p> + + <p> <b>Anecdotally, a user reported that segmentation faults occur with cbfstool when using this procedure depending on the size of the grub.cfg being re-insterted. In his case, a minimum size of 857 bytes was required. This could (at the time of this release) be a bug in cbfstool that should be investigated with the coreboot community. If cbfstool segfaults, then keep this in mind. 'strace' (or gdb? clang?) could be used for debugging. This was in libreboot 5th release (based on coreboot from late 2013). Not sure if the issue perists in the 6th release (based on coreboot from June 1st, 2014 at the time of writing); I have never personally encountered the bug. strace (from that user) is here: <a href="cbfstool_libreboot5_strace">cbfstool_libreboot5_strace</a>. The issue has been reported by a few users, so does not happen all the time: this bug (if it still exists) could (should) be reproduced.</b> </p> <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> diff --git a/docs/howtos/t60_dev/t60_unbrick.jpg b/docs/howtos/t60_dev/t60_unbrick.jpg Binary files differnew file mode 100644 index 00000000..820a9b42 --- /dev/null +++ b/docs/howtos/t60_dev/t60_unbrick.jpg diff --git a/docs/howtos/t60_heatsink.html b/docs/howtos/t60_heatsink.html index d2d52fdb..f10ea60c 100644 --- a/docs/howtos/t60_heatsink.html +++ b/docs/howtos/t60_heatsink.html @@ -118,8 +118,15 @@ <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> diff --git a/docs/howtos/t60_lcd_15.html b/docs/howtos/t60_lcd_15.html index b5fbd5f5..3b382f5a 100644 --- a/docs/howtos/t60_lcd_15.html +++ b/docs/howtos/t60_lcd_15.html @@ -79,8 +79,15 @@ <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> diff --git a/docs/howtos/t60_mainboard/t60_ati_gpu.jpg b/docs/howtos/t60_mainboard/t60_ati_gpu.jpg Binary files differdeleted file mode 100644 index d2c83db2..00000000 --- a/docs/howtos/t60_mainboard/t60_ati_gpu.jpg +++ /dev/null diff --git a/docs/howtos/t60_mainboard/t60_intel_gpu.jpg b/docs/howtos/t60_mainboard/t60_intel_gpu.jpg Binary files differdeleted file mode 100644 index 46fc5619..00000000 --- a/docs/howtos/t60_mainboard/t60_intel_gpu.jpg +++ /dev/null diff --git a/docs/howtos/t60_security.html b/docs/howtos/t60_security.html index 0ce36456..27d1e75e 100644 --- a/docs/howtos/t60_security.html +++ b/docs/howtos/t60_security.html @@ -346,12 +346,6 @@ </ul> </li> <li> - Software-based security hardening (GRUB trust/cryptomount, kernel LUKS/ecryptfs, etc). - <ul> - <li>modify grub to delay password attemps by a few seconds, and fail after a set time (and record all attemps in a counter, writing that to nvram)</li> - </ul> - </li> - <li> General tips/advice and web links showing how to detect physical intrusions. </li> <li> @@ -386,10 +380,17 @@ <li>Atheros PCI wifi: unknown, but lower than intel wifi.</li> <li>Microphone: only problematic if the computer gets compromised.</li> <li>Speakers: only problematic if the computer gets compromised.</li> - <li>EC: can be mitigated if following the <b>(not yet written)</b> guide on software security.</li> + <li>EC: can be mitigated if following the guide on software security.</li> </ul> <h1> + Further reading material (software security) + </h1> + <ul> + <li><a href="encrypted_trisquel.html">Installing Trisquel GNU/Linux with full disk encryption (including /boot)</a></li> + </ul> + + <h1> References </h1> <h2 id="ref1">[1] physical access</h2> @@ -423,8 +424,15 @@ <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> diff --git a/docs/howtos/t60_unbrick.html b/docs/howtos/t60_unbrick.html index 9a262126..69648e1c 100644 --- a/docs/howtos/t60_unbrick.html +++ b/docs/howtos/t60_unbrick.html @@ -304,8 +304,15 @@ <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> diff --git a/docs/howtos/x60_heatsink.html b/docs/howtos/x60_heatsink.html index 0feee779..22b55e1c 100644 --- a/docs/howtos/x60_heatsink.html +++ b/docs/howtos/x60_heatsink.html @@ -134,8 +134,15 @@ <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> diff --git a/docs/howtos/x60_lcd_change.html b/docs/howtos/x60_lcd_change.html new file mode 100644 index 00000000..3ddeaac0 --- /dev/null +++ b/docs/howtos/x60_lcd_change.html @@ -0,0 +1,54 @@ +<!DOCTYPE html> +<html> +<head> + <meta charset="utf-8"> + <meta name="viewport" content="width=device-width, initial-scale=1"> + + <style type="text/css"> + body { + background:#fff; + color:#000; + font-family:sans-serif; + font-size:1em; + } + </style> + + <title>Libreboot documentation: Unbricking the ThinkPad T60</title> +</head> + +<body> + + <header> + <h1>Changing the LCD panel on X60</h1> + </header> + + <p>Or go <a href="../index.html">back to main index</a></p> + + <p>This tutorial is incomplete, and only pictures for now.</p> + + <p> + <img src="x60_lcd_change/0001.JPG" alt="" /> + <img src="x60_lcd_change/0002.JPG" alt="" /> + <img src="x60_lcd_change/0003.JPG" alt="" /> + <img src="x60_lcd_change/0004.JPG" alt="" /> + <img src="x60_lcd_change/0005.JPG" alt="" /> + <img src="x60_lcd_change/0006.JPG" alt="" /> + <img src="x60_lcd_change/0007.JPG" alt="" /> + </p> + +<hr/> + + <p> + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. + </p> + +</body> +</html> diff --git a/docs/howtos/x60_lcd_change/0001.JPG b/docs/howtos/x60_lcd_change/0001.JPG Binary files differnew file mode 100755 index 00000000..fd066eb2 --- /dev/null +++ b/docs/howtos/x60_lcd_change/0001.JPG diff --git a/docs/howtos/x60_lcd_change/0002.JPG b/docs/howtos/x60_lcd_change/0002.JPG Binary files differnew file mode 100755 index 00000000..96949f1e --- /dev/null +++ b/docs/howtos/x60_lcd_change/0002.JPG diff --git a/docs/howtos/x60_lcd_change/0003.JPG b/docs/howtos/x60_lcd_change/0003.JPG Binary files differnew file mode 100755 index 00000000..90216aaa --- /dev/null +++ b/docs/howtos/x60_lcd_change/0003.JPG diff --git a/docs/howtos/x60_lcd_change/0004.JPG b/docs/howtos/x60_lcd_change/0004.JPG Binary files differnew file mode 100755 index 00000000..3b704a45 --- /dev/null +++ b/docs/howtos/x60_lcd_change/0004.JPG diff --git a/docs/howtos/x60_lcd_change/0005.JPG b/docs/howtos/x60_lcd_change/0005.JPG Binary files differnew file mode 100755 index 00000000..823bab94 --- /dev/null +++ b/docs/howtos/x60_lcd_change/0005.JPG diff --git a/docs/howtos/x60_lcd_change/0006.JPG b/docs/howtos/x60_lcd_change/0006.JPG Binary files differnew file mode 100755 index 00000000..040f2ca4 --- /dev/null +++ b/docs/howtos/x60_lcd_change/0006.JPG diff --git a/docs/howtos/x60_lcd_change/0007.JPG b/docs/howtos/x60_lcd_change/0007.JPG Binary files differnew file mode 100755 index 00000000..42c2607c --- /dev/null +++ b/docs/howtos/x60_lcd_change/0007.JPG diff --git a/docs/howtos/x60_security.html b/docs/howtos/x60_security.html index 6abda98d..660dbd68 100644 --- a/docs/howtos/x60_security.html +++ b/docs/howtos/x60_security.html @@ -207,12 +207,6 @@ </ul> </li> <li> - Software-based security hardening (GRUB trust/cryptomount, kernel LUKS/ecryptfs, etc). - <ul> - <li>modify grub to delay password attemps by a few seconds, and fail after a set time (and record all attemps in a counter, writing that to nvram)</li> - </ul> - </li> - <li> General tips/advice and web links showing how to detect physical intrusions. </li> <li> @@ -247,10 +241,17 @@ <li>Atheros PCI wifi: unknown, but lower than intel wifi.</li> <li>Microphone: only problematic if the computer gets compromised.</li> <li>Speakers: only problematic if the computer gets compromised.</li> - <li>EC: can be mitigated if following the <b>(not yet written)</b> guide on software security.</li> + <li>EC: can be mitigated if following the guide on software security.</li> </ul> <h1> + Further reading material (software security) + </h1> + <ul> + <li><a href="encrypted_trisquel.html">Installing Trisquel GNU/Linux with full disk encryption (including /boot)</a></li> + </ul> + + <h1> References </h1> <h2 id="ref1">[1] physical access</h2> @@ -284,8 +285,15 @@ <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> diff --git a/docs/howtos/x60_unbrick.html b/docs/howtos/x60_unbrick.html index 8427c5ac..945712d8 100644 --- a/docs/howtos/x60_unbrick.html +++ b/docs/howtos/x60_unbrick.html @@ -295,8 +295,15 @@ <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> diff --git a/docs/howtos/x60tablet_unbrick.html b/docs/howtos/x60tablet_unbrick.html index 975c7643..da60227f 100644 --- a/docs/howtos/x60tablet_unbrick.html +++ b/docs/howtos/x60tablet_unbrick.html @@ -204,8 +204,15 @@ <hr/> <p> - Copyright © 2014 Francis Rowe, All Rights Reserved.<br/> - See <a href="../license.html">../license.html</a> for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. </p> </body> |