diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/gnulinux/encrypted_parabola.md | 22 | ||||
| -rw-r--r-- | docs/gnulinux/grub_hardening.md | 3 | ||||
| -rw-r--r-- | docs/install/x60_unbrick.md | 13 | ||||
| -rw-r--r-- | docs/install/x60tablet_unbrick.md | 13 |
4 files changed, 31 insertions, 20 deletions
diff --git a/docs/gnulinux/encrypted_parabola.md b/docs/gnulinux/encrypted_parabola.md index a4d7dd16..99a6fe0d 100644 --- a/docs/gnulinux/encrypted_parabola.md +++ b/docs/gnulinux/encrypted_parabola.md @@ -83,7 +83,9 @@ if it's not new, then there are two ways to handle it: you can either choose to fill it with zeroes or random data; I chose random data (e.g., `urandom`), because it's more secure. Depending on the size of the drive, this could take a while to complete: - `# dd if=/dev/urandom of=/dev/sdX; sync` + ~~~ + # dd if=/dev/urandom of=/dev/sdX; sync + ~~~ 2. If the drive were previously encrypted, all you need to do is wipe the LUKS header. The size of the header depends upon the specific model of the hard drive; @@ -91,7 +93,9 @@ you can find this information by doing some research online. Refer to this [article](https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/), for more information about LUKS headers. You can either fill the header with zeroes, or with random data; again, I chose random data, using `urandom`: - `# head -c 3145728 /dev/urandom > /dev/sdX; sync` + ~~~ + # head -c 3145728 /dev/urandom > /dev/sdX; sync + ~~~ Also, if you're using an SSD, there are a two things you should keep in mind: @@ -192,11 +196,15 @@ equally cleverly named as **rootvol**. Also, make sure to [choose an appropriate swap size](http://www.linux.com/news/software/applications/8208-all-about-linux-swap-space) (e.g., **2G** refers to two gigabytes; change this however you see fit): - `# lvcreate -L 2G matrix -n swapvol` + ~~~ + # lvcreate -L 2G matrix -n swapvol + ~~~ 2. Now, we will create a single, large partition in the rest of the space, for **rootvol**: - `# lvcreate -l +100%FREE matrix -n rootvol` + ~~~ + # lvcreate -l +100%FREE matrix -n rootvol + ~~~ You can also be flexible here, for example you can specify a **/boot**, a **/**, a **/home**, a **/var**, or a **/usr** volume. For example, if you will be running a @@ -313,7 +321,11 @@ There are several modifications that we need to make to the file: Make sure to separate each module by one space. 2. Change the value of the uncommented `HOOKS` line to the following: - “`base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown`”; + + ~~~ + base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown + ~~~ + here's what each module does: * `keymap` adds to *initramfs* the keymap that you specified in **/etc/vconsole.conf** diff --git a/docs/gnulinux/grub_hardening.md b/docs/gnulinux/grub_hardening.md index c32a0534..9eb7237e 100644 --- a/docs/gnulinux/grub_hardening.md +++ b/docs/gnulinux/grub_hardening.md @@ -81,7 +81,8 @@ installing GRUB version 2. Generate a key by giving it a password: grub-mkpasswd-pbkdf2 Its output will be a string of the following form: -grub.pbkdf2.sha512.10000.HEXDIGITS.MOREHEXDIGITS + + grub.pbkdf2.sha512.10000.HEXDIGITS.MOREHEXDIGITS Now open my.grubtest.cfg and put the following before the menu entries (prefered above the functions and after other directives). Of course use diff --git a/docs/install/x60_unbrick.md b/docs/install/x60_unbrick.md index 0f215302..d7cb17a8 100644 --- a/docs/install/x60_unbrick.md +++ b/docs/install/x60_unbrick.md @@ -20,13 +20,12 @@ two:\ \*Those dd commands should be applied to all newly compiled X60 ROM images (the ROM images in libreboot binary archives already have this -applied!):\ -dd if=coreboot.rom of=top64k.bin bs=1 skip=\$\[\$(stat -c %s -coreboot.rom) - 0x10000\] count=64k\ -dd if=coreboot.rom bs=1 skip=\$\[\$(stat -c %s coreboot.rom) - 0x20000\] -count=64k | hexdump\ -dd if=top64k.bin of=coreboot.rom bs=1 seek=\$\[\$(stat -c %s -coreboot.rom) - 0x20000\] count=64k conv=notrunc\ +applied!): + + dd if=coreboot.rom of=top64k.bin bs=1 skip=\$\[\$(stat -c %s coreboot.rom) - 0x10000\] count=64k + dd if=coreboot.rom bs=1 skip=\$\[\$(stat -c %s coreboot.rom) - 0x20000\] count=64k | hexdump + dd if=top64k.bin of=coreboot.rom bs=1 seek=\$\[\$(stat -c %s coreboot.rom) - 0x20000\] count=64k conv=notrunc + (doing this makes the ROM suitable for use when flashing a system that still has Lenovo BIOS running, using those instructions: <http://www.coreboot.org/Board:lenovo/x60/Installation>. diff --git a/docs/install/x60tablet_unbrick.md b/docs/install/x60tablet_unbrick.md index f4baebf4..fe4352bc 100644 --- a/docs/install/x60tablet_unbrick.md +++ b/docs/install/x60tablet_unbrick.md @@ -20,13 +20,12 @@ two:\ \*Those dd commands should be applied to all newly compiled X60 ROM images (the ROM images in libreboot binary archives already have this -applied!):\ -dd if=coreboot.rom of=top64k.bin bs=1 skip=\$\[\$(stat -c %s -coreboot.rom) - 0x10000\] count=64k\ -dd if=coreboot.rom bs=1 skip=\$\[\$(stat -c %s coreboot.rom) - 0x20000\] -count=64k | hexdump\ -dd if=top64k.bin of=coreboot.rom bs=1 seek=\$\[\$(stat -c %s -coreboot.rom) - 0x20000\] count=64k conv=notrunc\ +applied!): + + dd if=coreboot.rom of=top64k.bin bs=1 skip=\$\[\$(stat -c %s coreboot.rom) - 0x10000\] count=64k + dd if=coreboot.rom bs=1 skip=\$\[\$(stat -c %s coreboot.rom) - 0x20000\] count=64k | hexdump + dd if=top64k.bin of=coreboot.rom bs=1 seek=\$\[\$(stat -c %s coreboot.rom) - 0x20000\] count=64k conv=notrunc + (doing this makes the ROM suitable for use when flashing a system that still has Lenovo BIOS running, using those instructions: <http://www.coreboot.org/Board:lenovo/x60/Installation>. |