umbernhard

Building a Secure Arch Linux Device

Locking down a linux machine is getting easier by the day. Recent advancements in systemd-boot have enabled a host of features to help users ensure that their machines have not been tampered with. This guide provides a walkthrough of how to turn on many of these features during installation, as well as reasoning for why certain features help improve security.

The steps laid out below draw on a wide variety of existing resources, and in places I'll point to them rather than attempt to regurgitate full explanations of the various security components. The most significant one, which I highly encourage everyone to read, is Rod Smith's site about secure boot, which is the most comprehensive and cogent explanation of UEFI, boot managers and boot loaders, and secure boot. Another incredibly useful resources is Safeboot, which encapsulates many of the setup steps below in a Debian application.

Un1Gfn

// https://cmcenroe.me/2018/01/30/fbclock.html

// gcc -std=gnu11 -Wall -Wextra -O0 -g framebuffer.c

// fbgrab -d /dev/fb0 -s 5 -v -z 9 framebuffer.png

#include <assert.h>
#include <fcntl.h>
#include <linux/fb.h>
#include <stdint.h>

Informatic

<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  <!-- ... -->
  <qemu:commandline>
    <qemu:arg value='-acpitable'/>
    <qemu:arg value='file=/some/path/slic.bin'/>
    <qemu:arg value='-acpitable'/>
    <qemu:arg value='file=/some/path/msdm.bin'/>
    <qemu:arg value='-smbios'/>
    <qemu:arg value='file=/some/path/smbios_type_0.bin'/>
    <qemu:arg value='-smbios'/>

MawKKe

#!/usr/bin/env bash
# 
#    Author: Markus (MawKKe) ekkwam@gmail.com
#    Date: 2018-03-19
#
#
# What?
#
#    Linux dm-crypt + dm-integrity + dm-raid (RAID1) 
#

Misairu-G

Reddit post (Archived)

Table of Content

• What to expect?
  • Some TLDR about the idea behind
• Prerequisites
  • Hardware
  • System & Software
• Update: Attention for MUXless laptop

geekman

#!/bin/bash -e

modprobe libcomposite

cd /sys/kernel/config/usb_gadget/
mkdir g && cd g

echo 0x1d6b > idVendor  # Linux Foundation
echo 0x0104 > idProduct # Multifunction Composite Gadget
echo 0x0100 > bcdDevice # v1.0.0

gbaman

Raspberry Pi Zero OTG Mode

Simple guide for setting up OTG modes on the Raspberry Pi Zero - By Andrew Mulholland (gbaman).

The Raspberry Pi Zero (and model A and A+) support USB On The Go, given the processor is connected directly to the USB port, unlike on the B, B+ or Pi 2 B, which goes via a USB hub.
Because of this, if setup to, the Pi can act as a USB slave instead, providing virtual serial (a terminal), virtual ethernet, virtual mass storage device (pendrive) or even other virtual devices like HID, MIDI, or act as a virtual webcam!
It is important to note that, although the model A and A+ can support being a USB slave, they are missing the ID pin (is tied to ground internally) so are unable to dynamically switch between USB master/slave mode. As such, they default to USB master mode. There is no easy way to change this right now.
It is also important to note, that a USB to UART serial adapter is not needed for any of these guides, as may be documented elsewhere across the int

paulirish

What forces layout / reflow

All of the below properties or methods, when requested/called in JavaScript, will trigger the browser to synchronously calculate the style and layout*. This is also called reflow or layout thrashing, and is common performance bottleneck.

Generally, all APIs that synchronously provide layout metrics will trigger forced reflow / layout. Read on for additional cases and details.

Element APIs

Getting box metrics

• elem.offsetLeft, elem.offsetTop, elem.offsetWidth, elem.offsetHeight, elem.offsetParent