Compare commits
2 Commits
main
...
anton/sd-c
Author | SHA1 | Date |
---|---|---|
Anton Livaja | 996a924537 | |
Anton Livaja | 5920ce2db1 |
35
README.md
35
README.md
|
@ -129,6 +129,41 @@ make vm
|
|||
make shell
|
||||
```
|
||||
|
||||
## Writing to SD Card ##
|
||||
|
||||
1. Flash `airgap.iso` to an SD Card:
|
||||
|
||||
* Use `lsblk` to find device name
|
||||
|
||||
* `dd if=out/airgap.iso of=/dev/<your_device> bs=4M status=progress conv=fsync`
|
||||
|
||||
2. Use the `sdtool` to lock the SD Card:
|
||||
|
||||
a. Get deterministically built binary of `sdtool` from StageX:
|
||||
* `docker pull stagex/sdtool:latest`
|
||||
|
||||
b. Extracting binary:
|
||||
* Run docker container: `docker create -p 4000:80 --name sdtool stagex/sdtool`
|
||||
* Copy image to tar: `docker export <container_id> -o sdtool.tar`
|
||||
* Extract binary from tar: `mkdir -p sdtool-dir | tar -xvf sdtool.tar -C sdtool-dir | cp sdtool-dir/usr/bin/sdtool ./sdtool`
|
||||
* You can verify the container hash:
|
||||
* To get container hash: `docker inspect --format='{{json .RepoDigests}}' stagex/sdtool`
|
||||
* Check the [signatures dir](https://codeberg.org/stagex/stagex/src/branch/main/signatures/stagex) in stagex project for latest signed hashes
|
||||
|
||||
c. Permanently lock the card:
|
||||
|
||||
* `./sdtool /dev/mmcblk permlock`
|
||||
|
||||
d. Test that the card can't be written to:
|
||||
|
||||
* `dd if=out/airgap.iso of=/dev/sdb bs=1M status=progress conv=fsync`
|
||||
|
||||
3. Verify that the hash of `airgap.iso` matches what's flashed on the SD card:
|
||||
|
||||
* `head -c $(stat -c '%s' out/airgap.iso) /dev/<your_device> | sha256sum`
|
||||
|
||||
* `sha256sum out/airgap.iso`
|
||||
|
||||
## Hardware Compatibility ##
|
||||
|
||||
### Tested Models
|
||||
|
|
Loading…
Reference in New Issue