From e8756da13af024145701e686c59e407a0dfad1cf Mon Sep 17 00:00:00 2001 From: tadeubas Date: Thu, 28 Nov 2024 18:54:13 -0300 Subject: [PATCH] few docs changes and additions --- .../features/encrypted-mnemonics.en.md | 2 +- .../features/tamper-detection.en.md | 2 +- .../installing/from-gui/usage.en.md | 2 +- .../installing/from-pre-built-release.en.md | 9 +++++++++ docs/getting-started/installing/from-source.en.md | 14 ++++++++++---- docs/snippets/after-install-installer.en.md | 1 - docs/snippets/sd-card-info-faq.en.txt | 2 +- docs/support.en.md | 2 +- 8 files changed, 24 insertions(+), 10 deletions(-) delete mode 100644 docs/snippets/after-install-installer.en.md diff --git a/docs/getting-started/features/encrypted-mnemonics.en.md b/docs/getting-started/features/encrypted-mnemonics.en.md index 05af6d8b..2c99a39b 100644 --- a/docs/getting-started/features/encrypted-mnemonics.en.md +++ b/docs/getting-started/features/encrypted-mnemonics.en.md @@ -42,4 +42,4 @@ In search of efficiency and smaller QR codes, all data is converted to bytes and ## Considerations Storage of encrypted mnemonics on the device or SD cards are meant for convenience only and should not be considered a form of backup. Always make a physical backup of your keys that is independent from electronic devices and test recovering your wallet from this backup before you send funds to it. -Remember that the stored encrypted mnemonic is protected by the key you defined to encrypt it. If the defined [key is weak](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), your encrypted mnemonic will not be protected. If you have stored a mnemonic with funds in the device's internal flash memory using a [weak key](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), the best way to undo this is to [wipe the device](./tools.md/#wipe-device). \ No newline at end of file +Remember that the stored encrypted mnemonic is protected by the key you defined to encrypt it. If the defined [key is weak](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), your encrypted mnemonic will not be protected. If you have stored a mnemonic with funds in the device's internal flash memory using a [weak key](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), the best way to undo this is to [erase user's data](tools.md/#erase-users-data). \ No newline at end of file diff --git a/docs/getting-started/features/tamper-detection.en.md b/docs/getting-started/features/tamper-detection.en.md index e1d85f4d..076693e2 100644 --- a/docs/getting-started/features/tamper-detection.en.md +++ b/docs/getting-started/features/tamper-detection.en.md @@ -17,7 +17,7 @@ To secure your Krux device, always verify firmware authenticity before installat - **Learn Verification Tools:** Familiarize yourself with verification methods and tools to maintain control over your device's security. -- **Build from Source:** Consider building the firmware from source code and verifying its reproducibility for maximum assurance. +- **Build from Source:** Consider building the firmware from source code and verifying its [reproducibility](../installing/from-source.md#reproducibility) for maximum assurance. - **Use SD Card for Updates:** After the initial flash through USB, perform subsequent updates via the SD card. This keeps your device air-gapped and allows the existing firmware to verify new updates before installation. diff --git a/docs/getting-started/installing/from-gui/usage.en.md b/docs/getting-started/installing/from-gui/usage.en.md index 824e1fe2..73de4006 100644 --- a/docs/getting-started/installing/from-gui/usage.en.md +++ b/docs/getting-started/installing/from-gui/usage.en.md @@ -174,7 +174,7 @@ Now you will be able to select if you do a flash process or need to do an airgap KruxInstaller unzip -Click on [Flash with](#flash) to install via USB or [Air-gapped update with](#air-gapped-update-with) to perform upgrades via a SD card. +Click on [Flash with](#flash-with) to install via USB or [Air-gapped update with](#air-gapped-update-with) to perform upgrades via a SD card. #### Flash with diff --git a/docs/getting-started/installing/from-pre-built-release.en.md b/docs/getting-started/installing/from-pre-built-release.en.md index 9fa180ad..541f600d 100644 --- a/docs/getting-started/installing/from-pre-built-release.en.md +++ b/docs/getting-started/installing/from-pre-built-release.en.md @@ -11,8 +11,17 @@ Before installing the release, it's a good idea to check that: You can either do this manually or with the `krux` shell script, which contains helper commands for this: ```bash +### Using krux script ### +# Hash checksum ./krux sha256 {{latest_krux}}.zip +# Signature ./krux verify {{latest_krux}}.zip selfcustody.pem + +### Manually ### +# Hash checksum +sha256sum {{latest_krux}}.zip.sha256.txt -c +#Signature +openssl sha256 <{{latest_krux}}.zip -binary | openssl pkeyutl -verify -pubin -inkey selfcustody.pem -sigfile {{latest_krux}}.zip.sig ``` On Mac you may need to install `coreutils` to be able to use `sha256sum` diff --git a/docs/getting-started/installing/from-source.en.md b/docs/getting-started/installing/from-source.en.md index 6ea5269a..47267d63 100644 --- a/docs/getting-started/installing/from-source.en.md +++ b/docs/getting-started/installing/from-source.en.md @@ -50,9 +50,15 @@ Failed to clone ... ``` #### Reproducibility -If you build from the `main` branch of the source code, you should be able to reproduce the build process used to generate the last release binaries and obtain exact copies of the `firmware.bin` and `kboot.kfpkg` files, with matching hash checksums. +If you build from the `main` branch of the source code, you should be able to reproduce the build process used to generate the latest release binaries and obtain exactly the same copies of the `firmware.bin` and `kboot.kfpkg` files, with matching hash checksums (to check for an older version, use the `tag` instead). -To extract and verify the firmware.bin contained in kboot.kfpkg, you can use the following command: +To check, use the compiled files for the target device. Each command should output the same hash for the two provided files: +```bash +sha256sum build/firmware.bin {{latest_krux}}/maixpy_DEVICE/firmware.bin +sha256sum build/kboot.kfpkg {{latest_krux}}/maixpy_DEVICE/kboot.kfpkg +``` + +If you want to extract and verify the `firmware.bin`file contained in `kboot.kfpkg`, use the following: ```bash unzip kboot.kfpkg -d ./kboot/ @@ -61,10 +67,10 @@ unzip kboot.kfpkg -d ./kboot/ ### Flash the firmware onto the device Connect the device to your computer via USB (for Maix Amigo, make sure you’re using bottom port), power it on, and run the following, replacing `DEVICE` with either `m5stickv`, `amigo`, `bit`, `cube`, `dock` or `yahboom`: ```bash -# build firmware for DEVICE +# flash firmware to DEVICE ./krux flash maixpy_DEVICE ``` -If the flashing fails try one of the following common solutions listed on FAQ +If flashing fails try reading [Troubleshooting](../../troubleshooting.md) ----8<---- flash-krux-logo.en.txt diff --git a/docs/snippets/after-install-installer.en.md b/docs/snippets/after-install-installer.en.md deleted file mode 100644 index fc81b67d..00000000 --- a/docs/snippets/after-install-installer.en.md +++ /dev/null @@ -1 +0,0 @@ -Once installed, you can proceed to [firmware installation](/krux/getting-started/installing/from-gui/usage). diff --git a/docs/snippets/sd-card-info-faq.en.txt b/docs/snippets/sd-card-info-faq.en.txt index 8545fd8c..9dbaef25 100644 --- a/docs/snippets/sd-card-info-faq.en.txt +++ b/docs/snippets/sd-card-info-faq.en.txt @@ -1 +1 @@ -We cannot guarantee that a microSD card is compatible and will work in your device; you'll need to test it on the device to be sure, read the [Troubleshooting](troubleshooting.md/#why-isnt-krux-detecting-my-microsd-card-or-presenting-an-error) for more info. \ No newline at end of file +We cannot guarantee that a microSD card is compatible and will work in your device; you'll need to test it on the device to be sure, read the [Troubleshooting](/krux/troubleshooting/#why-isnt-krux-detecting-my-microsd-card-or-presenting-an-error) for more info. \ No newline at end of file diff --git a/docs/support.en.md b/docs/support.en.md index b4c06f89..c460136f 100644 --- a/docs/support.en.md +++ b/docs/support.en.md @@ -28,7 +28,7 @@ The purpose of this ethos is not to virtue signal, but to introduce newcomers to To implement ideas that make self-custody more powerful, accessible, and user-friendly. ### Don't Trust, Verify -Do not trust developers’ intentions or competence. Krux is a DIY, use-at-your-own-risk project. We are committed to continuously improving security, but will not make claims or create marketing narratives about it. It is up to the users verify their hardware, the [firmware](../getting-started/installing/from-pre-built-release/#Verify-the-files) and [Krux-Installer](../getting-started/installing/from-gui/debian-like/#Verify-the-integrity) +Do not trust developers’ intentions or competence. Krux is a DIY, use-at-your-own-risk project. We are committed to continuously improving security, but will not make claims or create marketing narratives about it. It is up to the users verify their hardware, the [firmware](getting-started/installing/from-pre-built-release.md/#verify-the-files) and [Krux-Installer](getting-started/installing/from-gui/debian-like.md/#verify-the-integrity) ### Donations Krux will not solicit, receive, manage, or distribute donations. Therefore, Krux has no budget for publicity, audits, or similar activities. Contributors to Krux will fund their own work—whether by promoting their efforts, applying for grants, or seeking direct individual donations.