bradfa

The list of debian/ubuntu prereq packages is incomplete, you at least need to add:

• python3-pip
• curl
• time
• cmake
• g++-mingw-w64

You also need both i386 and amd64 arches setup in dpkg so the proper packages for both arches are pulled in by apt, such as for wine and mingw.

bradfa

After setting up a Debian system which did not choose to use encryption during the installer, do these steps to encrypt sda3 partition so we have encrypted rootfs. Follow these steps when booted from another disk so we can off-line encrypt the rootfs:

1. Mount the btrfs rootfs to /mnt: mount /dev/sda3 /mnt
2. See the current size and devid of the btrfs filesystem (likely your filesystem will be devid 1): btrfs filesystem show --mbytes /mnt
3. Resize the filesystem to be 32MiB smaller so we can fit a LUKS header at the end of the partition: btrfs filesystem resize 1:-32M /mnt
4. Verify that the filesystem is actually smaller now: btrfs filesystem show --mbytes /mnt
5. Unmount the filesystem: umount /mnt
6. Check the filesystem to ensure no errors: btrfs check /dev/sda3
7. Encrypt the filesystem in-place (this will take a while): cryptsetup reencrypt --encrypt --verify-passphrase --reduce-device-size 32M /dev/sda3
8. Unlock the partition and name it "ssd" so we can mount it: `cryptsetup open /de

bradfa

PGP Bootable USB Flash Drive Creation and Operation

Create a bootable USB flash drive for generating and managing PGP keys. The keys will be generated and stored, encrypted, on the drive but then also transferred to Yubikeys for general use. Unless a Yubikey is lost or damaged, use of the flash drive should be extremely limited, if it is used at all.

A master certifying and signing (CS) key will be created, then sub-key signing (S), encrypting (E), and authenticating (A) keys will be created and signed by the C key. The C key will be archived with a password to the flash drive as well as transferred to a Yubikey 4. The SE&A sub keys will also be archived to the flash drive as part of the C key

bradfa

msp430-elf

The following are instructions for building a GCC cross-compiler for the MSP430. They are based in part on Peter Bigot's post to mspgcc-users and the gist this was forked from.

Setup

export PREFIX=/usr/local/msp430

bradfa

*PPD-Adobe: "4.3"

*%================================================
*%	Copyright(C) 2014 Brother Industries, Ltd.
*%	"Brother HL-L8350CDW series for CUPS"
*%================================================ 

*%==== General Information Keywords ========================
*FormatVersion: "4.3"
*FileVersion: "4.0.2"

bradfa

Installing Debian Stretch mips64el Using QEMU

We're going to emulate the mips64el "malta" machine and install Debian Stretch using QEMU on a amd64 Debian Buster host.

Likely you need your user to be in the "libvirt" group and have installed these packages (or a subset of such):

sudo apt install qemu-system-mips virt-manager libguestfs-tools

bradfa

I have 2 Yubikeys which support the OpenPGP card capability. I want to have a robust GnuPG solution which allows me to store one of the keys in a safe place and to carry the other key with me daily on my physical keychain. I want to be able to fairly easily survive having the daily carry Yubikey be stolen, lost, or simply fail, by revoking those keys. I also want to be able to survive having the safely stored key fail by revoking those keys.

My original plan was to create a main key pair and 2 sets of encryption and authentication subkeys (4 total, 2 enc and 2 auth). The main key pair and one set of the encryption and authentication keys would be transferred to each Yubikey, so each Yubikey would share the common main key pair but have a different set of encryption and authentication subkeys. This turns out to be quite difficult to implement in a secure way due to how GnuPG's key-to-card functionality works. GnuPG expects if you transfer a key to a card that you want that key to only live on that card an

bradfa

"Hardware" Notes

• Need OVMF UEFI firmware for 64 bit machines installed. Be sure guest is using UEFI firmware! You can't change this after you create a machine in virt-manager!
• Be sure using i440FX chipset.
• Enable a qemu-ga channel for guest. Make a VirtIO serial controller.
• Make sure your hard disk is using VirtIO, not IDE.
• Be sure you have the VirtIO floppy image for Windows 7 install, you'll need to load drivers so installer can see the VirtIO disk.
• Bridging to main Ethernet interface works fine, depsite the warnings. Use the VirtIO ethernet type.
• The VirtIO 0.1.141 drivers work well for me in Win 7 Pro 64 bit.
• To avoid the NVIDIA "Code 43" error, see the Arch Linux wiki about modifying the hypervisor name. Or somehow find older NVIDIA drivers prior to version 337 that work with your card.
• Remove the "sound" device, sound pass through sucks. Just pass through a USB sound card/device but this isn't needed at install time.

bradfa

QEMU Cheat Sheet

Kernel Config

• Decent x86_64 kernel, use the
• Decent x86_32 kernel, use the
• Decent ARMv5t (ARM9) kernel, use the versatile_defconfig
• Decent ARMv7a (ARM Cortex-A9) kernel, use the vexpress_defconfig
• Decent MIPS little endian o32 kernel, use the
• Decent PowerPC 601e kernel, use the

bradfa

# Exclude poky default build dir
git/poky/build
# Exclude our sstate, downloads, and build output dirs
mr-oe-*/sstate-cache
mr-oe-*/downloads
mr-oe-*/*-oe-build/tmp-*
git/poky-wrap/titan
git/poky-wrap/downloads
git/poky-wrap/sstate-cache
# Exclude virt-manager and downloads dirs