44 lines
1.2 KiB
Markdown
44 lines
1.2 KiB
Markdown
# Set up AirgapOS
|
|
|
|
Because without a Librem 14 there is no easy way to have a secure boot sequence,
|
|
instead the AirgapOS `.iso` image is flashed to an SD card, locked using
|
|
`sdtool` and then verified using any machine.
|
|
|
|
## Setup Steps
|
|
|
|
* Clone the latest AirgapOS version:
|
|
|
|
* `git clone git@distrust.co:public/airgap.git`
|
|
|
|
* Build the image:
|
|
|
|
* `cd airgap && make`
|
|
|
|
* Verify `sha256sum` of airgap matches hashes in `/dist`
|
|
|
|
* Verify signatures on the hashes in `/dist`. The maintainer pgp keys can be found on the [Distrust contact page](https://distrust.co/contact.html) page.
|
|
|
|
|
|
* Flash `airgap.iso` to an SD Card:
|
|
|
|
* `dd if=out/airgap.iso of=/dev/<your_device> bs=4M status=progress oflag=direct`
|
|
|
|
* Use the `sdtool` to lock the SD Card:
|
|
|
|
* `git clone git@github.com:BertoldVdb/sdtool.git`
|
|
|
|
* `cd sdtool`
|
|
|
|
* `make`
|
|
|
|
* `./sdtool /dev/mmcblk permlock`
|
|
|
|
* Test that the card can't be written to:
|
|
|
|
* `dd if=out/airgap.iso of=/dev/sdb bs=1M conv=sync status=progress`
|
|
|
|
* Verify that the hash of `airgap.iso` matches what's flashed on the SD card:
|
|
|
|
* `head -c $(stat -c '%s' out/airgap.iso) /dev/sdb | sha256sum`
|
|
* `sha256sum out/airgap.iso`
|