Set up AirgapOS
Because without a Librem 14 there is no easy way to have a secure boot sequence,
instead the AirgapOS .iso
image is flashed to an SD card, locked using
sdtool
and then verified using any machine.
Setup Steps
-
Clone the latest AirgapOS version:
git clone git@distrust.co:public/airgap.git
-
Build the image:
cd airgap && make
-
Flash
airgap.iso
to an SD Card:dd if=out/airgap.iso of=/dev/<your_device> bs=4M status=progress oflag=direct
-
Use the
sdtool
to lock the SD Card:-
git clone git@github.com:BertoldVdb/sdtool.git
-
cd sdtool
-
make
-
./sdtool /dev/mmcblk permlock
-
Test that the card can't be written to:
dd if=out/airgap.iso of=/dev/sdb bs=1M conv=sync status=progress
-
-
Verify that the hash of
airgap.iso
matches what's flashed on the SD card:head -c $(stat -c '%s' out/airgap.iso) /dev/sdb | sha256sum
sha256sum out/airgap.iso