README: update for burning to SD card and locking with sdtool #24
			
				
			
		
		
		
	
							
								
								
									
										35
									
								
								README.md
								
								
								
								
							
							
						
						
									
										35
									
								
								README.md
								
								
								
								
							|  | @ -129,6 +129,41 @@ make vm | |||
| make shell | ||||
| ``` | ||||
| 
 | ||||
| ## Writing to SD Card ## | ||||
| 
 | ||||
| 1. Flash `airgap.iso` to an SD Card: | ||||
| 
 | ||||
|    * Use `lsblk` to find device name    | ||||
| 
 | ||||
|    * `dd if=out/airgap.iso of=/dev/<your_device> bs=4M status=progress conv=fsync` | ||||
| 
 | ||||
| 2. Use the `sdtool` to lock the SD Card: | ||||
| 
 | ||||
|    a. Get deterministically built binary of `sdtool` from StageX:  | ||||
|       * `docker pull stagex/sdtool:latest` | ||||
| 
 | ||||
|    b. Extracting binary: | ||||
|       * Run docker container: `docker create -p 4000:80 --name sdtool stagex/sdtool` | ||||
|          * Copy image to tar: `docker export <container_id> -o sdtool.tar` | ||||
|          * Extract binary from tar: `mkdir -p sdtool-dir | tar -xvf sdtool.tar -C sdtool-dir | cp sdtool-dir/usr/bin/sdtool ./sdtool` | ||||
|          * You can verify the container hash: | ||||
|             * To get container hash: `docker inspect --format='{{json .RepoDigests}}'  stagex/sdtool` | ||||
|             * Check the [signatures dir](https://codeberg.org/stagex/stagex/src/branch/main/signatures/stagex) in stagex project for latest signed hashes | ||||
| 
 | ||||
|    c. Permanently lock the card:  | ||||
|     | ||||
|       * `./sdtool /dev/mmcblk permlock` | ||||
| 
 | ||||
|    d. Test that the card can't be written to: | ||||
| 
 | ||||
|       * `dd if=out/airgap.iso of=/dev/sdb bs=1M status=progress conv=fsync` | ||||
| 
 | ||||
| 3. Verify that the hash of `airgap.iso` matches what's flashed on the SD card: | ||||
| 
 | ||||
|     * `head -c $(stat -c '%s' out/airgap.iso) /dev/<your_device> | sha256sum` | ||||
| 
 | ||||
|     * `sha256sum out/airgap.iso` | ||||
| 
 | ||||
| ## Hardware Compatibility ## | ||||
| 
 | ||||
| ### Tested Models | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue