From 7d9f87c9764ae2bd84c2ac458ba0c75dec126dde Mon Sep 17 00:00:00 2001 From: Spencer Judd Date: Sat, 9 Mar 2024 22:55:26 -0500 Subject: [PATCH 1/7] Enable kernel webcam support These four kernel config changes are sufficient to get the webcam working on the Librem 14. --- config/buildroot/board/x86_64/linux.config | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/config/buildroot/board/x86_64/linux.config b/config/buildroot/board/x86_64/linux.config index 9a98e3c..f774fdb 100644 --- a/config/buildroot/board/x86_64/linux.config +++ b/config/buildroot/board/x86_64/linux.config @@ -816,6 +816,10 @@ CONFIG_XEN_WDT=m CONFIG_PCIPCWATCHDOG=m CONFIG_WDTPCI=m CONFIG_USBPCWATCHDOG=m +CONFIG_MEDIA_SUPPORT=m +CONFIG_MEDIA_CAMERA_SUPPORT=y +CONFIG_MEDIA_USB_SUPPORT=y +CONFIG_USB_VIDEO_CLASS=m CONFIG_AGP=y CONFIG_AGP_AMD64=y CONFIG_AGP_INTEL=y From 38689b24b24337abadb52801c551b788c70e3b53 Mon Sep 17 00:00:00 2001 From: Spencer Judd Date: Wed, 13 Mar 2024 14:22:59 -0400 Subject: [PATCH 2/7] Release 2024.03.13 --- dist/airgap.iso | 4 ++-- dist/manifest.2BDE9CDB6D0FAD15.asc | 16 ---------------- dist/manifest.36C8AAA9.asc | 16 ---------------- dist/manifest.63F4039477D6CA8D.asc | 16 ++++++++++++++++ dist/manifest.txt | 2 +- 5 files changed, 19 insertions(+), 35 deletions(-) delete mode 100644 dist/manifest.2BDE9CDB6D0FAD15.asc delete mode 100644 dist/manifest.36C8AAA9.asc create mode 100644 dist/manifest.63F4039477D6CA8D.asc diff --git a/dist/airgap.iso b/dist/airgap.iso index cba2b36..f1dc7a2 100644 --- a/dist/airgap.iso +++ b/dist/airgap.iso @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:5b830f69691a96deb50caa68b69b7a6bb34a0af8c55a0d7dd21c1771683f96e1 -size 122417152 +oid sha256:55434c9496ab32ed21d244e1567f570442d59ee88cc9dafa13c2b75b31b8ade3 +size 123340800 diff --git a/dist/manifest.2BDE9CDB6D0FAD15.asc b/dist/manifest.2BDE9CDB6D0FAD15.asc deleted file mode 100644 index 4e55b15..0000000 --- a/dist/manifest.2BDE9CDB6D0FAD15.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEzAzToO3Ax9K7Run3B88Hlc0qV+sFAmP+XQ4ACgkQB88Hlc0q -V+v1lg/9HxgMu/SLVcDlLEi0uz21693OwEBjcxL1rRca7y4/t/upGnhu53c0gM7W -ws+voJWWi9d8wTeuwl9yxvajdAo8I3Jw78hjXZWvqTK0CmLSSfCBTH6e7uRpvzbC -cJrc3QiErI84TpJde4NmZpMz6oGPzp+qdoAPCvsSiS2xy97+ZGB9OIfffjmlN86L -ZIjKCB0K2+yijB3pa/faNHv3Jv4XKliUXP+AelT0Rsw2466Bndruh63mxNjqYZiC -54hVd46ASwhS4YDNFZVrcYJNETr52328QjhtNlPsG83E2KGp2rl9mFaiXxLQsFD0 -7j0VPIFPAqDvD7ZhAf5oTZDmo2BJYZpGTmTjBAdKDKCWySbwIEoGC65UoOY8ROXV -uGNqf9enFzWfnwLcDiujDo3e51Dag65FnEGkUDLUo/D/2B+r9vEzesVdTuGx3Szh -OTldUZp0ls9bCqhO4cCllZheswREbTTUUSYMYGNsRF+j6VaBR8jYa9yM4AX/Qk4N -9cokKyUD/ci49CH8R6THliD7FtF1G+LWvgHI4ZKzrEMJGyJVTiimHX4N2BJzZtUv -ObfCcskscf6DZxDpiFG256t2FYL3zQzNCaLj7mBpwe9NRuLwiSuHgS3udP9qossn -6Zew0D+a9wpst1MibKMx1G6eLn24Bjly81LDvIaKPn/yRIRrVzc= -=RJE0 ------END PGP SIGNATURE----- diff --git a/dist/manifest.36C8AAA9.asc b/dist/manifest.36C8AAA9.asc deleted file mode 100644 index ab1f78e..0000000 --- a/dist/manifest.36C8AAA9.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCgAdFiEEZ1U/vaRrtxq9LgsLjkeh7DWhVR0FAmP5OHwACgkQjkeh7DWh -VR08/w//ScO/qM0a8JAAsCuCXEeZIJAhkICrxOCjMl6z9KP3lU8yVU6NL/ULF9P4 -0nW5A1jnZo9PKcabV1RKFkQ/UuJdmUOuupg5JkN5X99rR/SDZ6hrsVy/tS6kjKaU -Z9qMGlsVRYVdbBb+VKtQB1gguj04QXVD9iAFIeAeaRRNMhtqo7gMHU1cdOkB86g2 -H4w25LuxkIfRtyGlUgtBMS3MqpRiNjUSunP357VlHFBEGv4yT7CcdLK68FFd6Qzp -U1KJja5DG68aVTHdT47LvFCKRPjyFvheA1Ok1feSnYrOqPAhzYEFuWoE+f/+/nsI -JLqGVvPO7g40p0YXZdPWjQON4ZpcRuWG9TRg85G4WV+sQfqnDpz1i2++pb2RrOMI -SNwUIz8zdTaWo1G+AoNfaveybk7BOlAstjDwA5SzukFNrPvBSOQpe53i+NGyTAPS -pbKnir6IAD1QwagZOzYac6tzE4ZX2F7zmjPrwCDHGYAYuaQV+1CWiIvnN5zCjHXe -pvl22LKwr8BDRHzmVpctdVojlkb4llrbdzq3cMZgdXasXKORD9+yuGAK5+hfekmi -vsUMROvIp27q/eFL5fLTIP3clOo5+foWdB4cqWoS0q+5qIG3Aa0YZp9HDeI9pdjH -W11QFp4tlrDwA0lgHdUiF4vITxDk/+qz0Hi3gKCll87cmXUufRg= -=wZZ6 ------END PGP SIGNATURE----- diff --git a/dist/manifest.63F4039477D6CA8D.asc b/dist/manifest.63F4039477D6CA8D.asc new file mode 100644 index 0000000..803557d --- /dev/null +++ b/dist/manifest.63F4039477D6CA8D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEdNt7Hf0dLXYj6ptEh0mIPqwJz1YFAmXx8RoACgkQh0mIPqwJ +z1Zx+A/9Hrvlpveo3EhjRCPG59PFsaK5TK9YUfWvT4FbZCqPoXPjjBQttJrVZ8CE ++imBekXNj4/Z2rk40dbNEBGUWlFl5u0M8p4drYUCXs7i6FzAAwMsUvQCoPzV78nU +nTZz5VhWrLVQg00Z2oFJXJGZ5BffuhuYt9PzygZptPA2rfXZYRx0PlJRVn3GqFtn +52+pc7J7ZzOZKaO8Yoy4W/7K6KQZZ5VHnZzB2TvcTYWlA1EJ8+/tvScG2nC7m7gO +dJHDKiRZeuSFbiZaq7slea4XsBUPPycPjzxhZi8RCOlDpbjx2jRjjCE4iNpi1yum +WtQYS+dDj2apMS1C8ACAKHQHMTF4Hl1wGJgJcyl5qmyTu4sbx2gWmamGkqIWOeDu +ZuuQsXT1XeivotH+UoOLLTWu2I+be33iWPP6G21wylEZVmlaMJ7jpjN3xLgehSuG +qKlS8vnd2lkoq5FhhUJ9n+saV22M1NWNG/K2Zd0shTup67M0JZfHBc4OQd4hbLd4 +KG6mz5IfBGFomVREzRwk/nc1xYlWJau24oMsE8rN237XoEj7Azu897iMYANje87a +MskZdH/L5NYKNRfa/2z15bwuHimXc/3i57HEMUe4bkCxKYslY+jfXKAn+8+Y6vgz +tU5ww3rkiumhQFAz5sX60dgKAA4lkJE4E0tgS3qOb2jbKDpdYcA= +=CCfu +-----END PGP SIGNATURE----- diff --git a/dist/manifest.txt b/dist/manifest.txt index fcae255..434d12b 100644 --- a/dist/manifest.txt +++ b/dist/manifest.txt @@ -1,2 +1,2 @@ -5b830f69691a96deb50caa68b69b7a6bb34a0af8c55a0d7dd21c1771683f96e1 airgap.iso +55434c9496ab32ed21d244e1567f570442d59ee88cc9dafa13c2b75b31b8ade3 airgap.iso 89695f9584b98adea86887de56774b8747c4f36092611c31da367a63f072954d release.env From 16479807f16e11d881d6d60541d3cc8e88605222 Mon Sep 17 00:00:00 2001 From: ryan Date: Wed, 13 Mar 2024 17:10:07 -0400 Subject: [PATCH 3/7] sign 2024.03.13 --- dist/manifest.8E401478A3FBEF72.asc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 dist/manifest.8E401478A3FBEF72.asc diff --git a/dist/manifest.8E401478A3FBEF72.asc b/dist/manifest.8E401478A3FBEF72.asc new file mode 100644 index 0000000..53e1114 --- /dev/null +++ b/dist/manifest.8E401478A3FBEF72.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEEiII6deyqeGsP84sUjkAUeKP773IFAmXyFhkACgkQjkAUeKP7 +73KoAxAAoHeQo609CYbGHsOjSfuYsXv/QRv2OOdm7KlWEEbHRUs6JOZ4wlpU/uCL +L52klhpgQkI1C47WaMrfukQwy6AfIuB227WZ4DPRZcKXr36VqAV0acwfXoDyMwIn +LozD7Y8jpBSnDpXh26X38KeVvfFYYK9Tn8466uRVpM9aOiZtay0MmAtRLk9YIuLJ +1+k6IkKZPAUySATjKGCxKEuOGseHZ30tCJsxL0ScIrO15f+cJ1P771tb973g1iIC +fc2nxmtvTS7LkCxd21qzNR8t/gP/foRtxWj77O6P8bzz9oe1urrOWEDRWAUIZWk6 +U/HIXVN8D8g4WSkJska5NzkGzYZ8TY6sPxt6c+mnWrRwu3lJUKPF35U9eGX+6FXh +8OLDYpFkRPchtFzF1E0FGi8WVxFWtZLIOatry9PoLimHariyvll5Yu+yhl+5unnw +o+bJ0m+pBtMhXRRIcfKkG/9UP/EATUEGCYSR+rpkTj//4edmCGZvK3nP10dn2weG +uO8WK6CZONvlhXAl5ck+eWEjEfM8+/5RHsxc94Tz+WByljhOhC5XWgyNJDgdnMsm +hNT0urk4XGqbHsWPev+F4hUlwYwFJ/T5Yg4SB+chXNGauFui1Qczx/RwbuzwGbz5 +L4fgwHhpWXm+JBi6XvSZJ9/wdgVUdITG5YHp0YhaNjXUz+TNwdo= +=lANt +-----END PGP SIGNATURE----- From dc60d53fcad09544b1fe58f7da71c0c06e96efe0 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Thu, 28 Mar 2024 11:28:27 -0400 Subject: [PATCH 4/7] fix: typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1faa12f..39bc42d 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ ## About ## -A live buildroot based Liux distribution designed for managing secrets offline. +A live buildroot based Linux distribution designed for managing secrets offline. Built for those of us that want to be -really- sure our most important secrets are managed in a clean environment with an "air gap" between us and the From 0af9d294a73137c2a5f8512f9419bdf305c16ee3 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Thu, 28 Mar 2024 11:38:56 -0400 Subject: [PATCH 5/7] chore: clean up build section --- README.md | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 39bc42d..d904e47 100644 --- a/README.md +++ b/README.md @@ -41,23 +41,29 @@ internet with high integrity on the supply chain of the firmware and OS used. ## Build ## +### Update git submodules + +``` +git submodule update --init --recursive +``` + ### Build a new release - ``` - make release - ``` +``` +make release +``` ### Reproduce an existing release - ``` - make attest - ``` +``` +make attest +``` ### Sign an existing release - ``` - make sign - ``` +``` +make sign +``` ## Setup ## From 1578b3c76dd9f6375dcc804325f018afa6c04d31 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Thu, 28 Mar 2024 18:56:12 -0400 Subject: [PATCH 6/7] chore: sign 2024.03.13 --- dist/manifest.DC4B7D1F52E0BA4D.asc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 dist/manifest.DC4B7D1F52E0BA4D.asc diff --git a/dist/manifest.DC4B7D1F52E0BA4D.asc b/dist/manifest.DC4B7D1F52E0BA4D.asc new file mode 100644 index 0000000..51239ad --- /dev/null +++ b/dist/manifest.DC4B7D1F52E0BA4D.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCgAdFiEE4QZ4HgB6uRyYnbMyRKhs/x/fDoUFAmYF9TcACgkQRKhs/x/f +DoWGxQ/+PUlyu0QVK6tZyKJDbND2zRZO+DO8gMaTdEElgieLyES/KsZlzbbflt+q +kCCTClq4OhVwe2Wgj4O2eGCyMBkovA1sFMaBq6yxuIToLEwsXuuqg68Xqo7rOsJh +DIyWxWkIgROnf7F6NTGVH/7XlH0PjzqehDgtZyH5xmbwZMnq1YxjlkOObI9on1Ut +H6q79StqRG7cFf4QylcdtnPnor+rOR8fl1/lpQ7GEWOJJTHpiN3Wk7syYN9c5jbD +Zw2pQilQW1w9BDUpSCZqoPhiY+tdcgM4VmH1JEbgQVaNXMF7pZlR8lKWRVwXDF9g +Aey8Ftv+7hNnRk2Sid56Q7guCKxBReKWtd1gHdC6xWAdaFjLJpyrugzJ+eamciH7 +h6RDC7WY0aQ0jlfHUD2l9Zc6JKRvHwSlMVlQMxiBnf60BcGui3XuXDrHaP7MekVP +1sAvDHoMgbON2RvfQ4u1xFr0EU4nXHo9IxLJgfmLPwmB5T1SMw7saVon8nmGKv18 +CwahOdXvehN2/seiKbfs2xGOIroZT5l25RA4eL+343QmEjrR4M3T/SubR7UC8y3P +LL++4gJOGhPXVfttEBAV1GfBVmN/vRxRKjvgyNylJCXoLsqYaTdaPRJGAqrdfPGW +Mo/oGUY4EsESfVdPwNAieljIXxpov+okJUX+sAT6w4s0dfRjwRo= +=JHKL +-----END PGP SIGNATURE----- From df223e6deb2833a8160c836f435ee01f7b776e87 Mon Sep 17 00:00:00 2001 From: Anton Livaja Date: Thu, 28 Mar 2024 19:55:28 -0400 Subject: [PATCH 7/7] fix: typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d904e47..03235eb 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ internet with high integrity on the supply chain of the firmware and OS used. * Store/Restore BIP39 seed to a hardware wallet such as a Trezor or Ledger ## Features ## - * Determinsitic iso generation for multi-party code->binary verification + * Deterministic iso generation for multi-party code->binary verification * Small footprint (< 100MB) * Immutable and Diskless: runs from initramfs * Network support and most drivers removed to minimize exfiltration vectors