Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Few docs changes and additions #482

Merged
merged 1 commit into from
Nov 29, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/getting-started/features/encrypted-mnemonics.en.md
Original file line number Diff line number Diff line change
Expand Up @@ -42,4 +42,4 @@ In search of efficiency and smaller QR codes, all data is converted to bytes and
## Considerations
Storage of encrypted mnemonics on the device or SD cards are meant for convenience only and should not be considered a form of backup. Always make a physical backup of your keys that is independent from electronic devices and test recovering your wallet from this backup before you send funds to it.

Remember that the stored encrypted mnemonic is protected by the key you defined to encrypt it. If the defined [key is weak](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), your encrypted mnemonic will not be protected. If you have stored a mnemonic with funds in the device's internal flash memory using a [weak key](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), the best way to undo this is to [wipe the device](./tools.md/#wipe-device).
Remember that the stored encrypted mnemonic is protected by the key you defined to encrypt it. If the defined [key is weak](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), your encrypted mnemonic will not be protected. If you have stored a mnemonic with funds in the device's internal flash memory using a [weak key](https://www.hivesystems.com/blog/are-your-passwords-in-the-green), the best way to undo this is to [erase user's data](tools.md/#erase-users-data).
2 changes: 1 addition & 1 deletion docs/getting-started/features/tamper-detection.en.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ To secure your Krux device, always verify firmware authenticity before installat

- **Learn Verification Tools:** Familiarize yourself with verification methods and tools to maintain control over your device's security.

- **Build from Source:** Consider building the firmware from source code and verifying its reproducibility for maximum assurance.
- **Build from Source:** Consider building the firmware from source code and verifying its [reproducibility](../installing/from-source.md#reproducibility) for maximum assurance.

- **Use SD Card for Updates:** After the initial flash through USB, perform subsequent updates via the SD card. This keeps your device air-gapped and allows the existing firmware to verify new updates before installation.

Expand Down
2 changes: 1 addition & 1 deletion docs/getting-started/installing/from-gui/usage.en.md
Original file line number Diff line number Diff line change
Expand Up @@ -174,7 +174,7 @@ Now you will be able to select if you do a flash process or need to do an airgap

<img width="640" src="/krux/img/krux-installer/unzip.png" alt="KruxInstaller unzip" />

Click on [Flash with](#flash) to install via USB or [Air-gapped update with](#air-gapped-update-with) to perform upgrades via a SD card.
Click on [Flash with](#flash-with) to install via USB or [Air-gapped update with](#air-gapped-update-with) to perform upgrades via a SD card.

#### Flash with

Expand Down
9 changes: 9 additions & 0 deletions docs/getting-started/installing/from-pre-built-release.en.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,17 @@ Before installing the release, it's a good idea to check that:

You can either do this manually or with the `krux` shell script, which contains helper commands for this:
```bash
### Using krux script ###
# Hash checksum
./krux sha256 {{latest_krux}}.zip
# Signature
./krux verify {{latest_krux}}.zip selfcustody.pem

### Manually ###
# Hash checksum
sha256sum {{latest_krux}}.zip.sha256.txt -c
#Signature
openssl sha256 <{{latest_krux}}.zip -binary | openssl pkeyutl -verify -pubin -inkey selfcustody.pem -sigfile {{latest_krux}}.zip.sig
```

On Mac you may need to install `coreutils` to be able to use `sha256sum`
Expand Down
14 changes: 10 additions & 4 deletions docs/getting-started/installing/from-source.en.md
Original file line number Diff line number Diff line change
Expand Up @@ -50,9 +50,15 @@ Failed to clone ...
```

#### Reproducibility
If you build from the `main` branch of the source code, you should be able to reproduce the build process used to generate the last release binaries and obtain exact copies of the `firmware.bin` and `kboot.kfpkg` files, with matching hash checksums.
If you build from the `main` branch of the source code, you should be able to reproduce the build process used to generate the latest release binaries and obtain exactly the same copies of the `firmware.bin` and `kboot.kfpkg` files, with matching hash checksums (to check for an older version, use the `tag` instead).

To extract and verify the firmware.bin contained in kboot.kfpkg, you can use the following command:
To check, use the compiled files for the target device. Each command should output the same hash for the two provided files:
```bash
sha256sum build/firmware.bin {{latest_krux}}/maixpy_DEVICE/firmware.bin
sha256sum build/kboot.kfpkg {{latest_krux}}/maixpy_DEVICE/kboot.kfpkg
```

If you want to extract and verify the `firmware.bin`file contained in `kboot.kfpkg`, use the following:

```bash
unzip kboot.kfpkg -d ./kboot/
Expand All @@ -61,10 +67,10 @@ unzip kboot.kfpkg -d ./kboot/
### Flash the firmware onto the device
Connect the device to your computer via USB (for Maix Amigo, make sure you’re using bottom port), power it on, and run the following, replacing `DEVICE` with either `m5stickv`, `amigo`, `bit`, `cube`, `dock` or `yahboom`:
```bash
# build firmware for DEVICE
# flash firmware to DEVICE
./krux flash maixpy_DEVICE
```
If the flashing fails try one of the following common solutions listed on FAQ
If flashing fails try reading [Troubleshooting](../../troubleshooting.md)

----8<----
flash-krux-logo.en.txt
Expand Down
1 change: 0 additions & 1 deletion docs/snippets/after-install-installer.en.md

This file was deleted.

2 changes: 1 addition & 1 deletion docs/snippets/sd-card-info-faq.en.txt
Original file line number Diff line number Diff line change
@@ -1 +1 @@
We cannot guarantee that a microSD card is compatible and will work in your device; you'll need to test it on the device to be sure, read the [Troubleshooting](troubleshooting.md/#why-isnt-krux-detecting-my-microsd-card-or-presenting-an-error) for more info.
We cannot guarantee that a microSD card is compatible and will work in your device; you'll need to test it on the device to be sure, read the [Troubleshooting](/krux/troubleshooting/#why-isnt-krux-detecting-my-microsd-card-or-presenting-an-error) for more info.
2 changes: 1 addition & 1 deletion docs/support.en.md
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ The purpose of this ethos is not to virtue signal, but to introduce newcomers to
To implement ideas that make self-custody more powerful, accessible, and user-friendly.
### Don't Trust, Verify

Do not trust developers’ intentions or competence. Krux is a DIY, use-at-your-own-risk project. We are committed to continuously improving security, but will not make claims or create marketing narratives about it. It is up to the users verify their hardware, the [firmware](../getting-started/installing/from-pre-built-release/#Verify-the-files) and [Krux-Installer](../getting-started/installing/from-gui/debian-like/#Verify-the-integrity)
Do not trust developers’ intentions or competence. Krux is a DIY, use-at-your-own-risk project. We are committed to continuously improving security, but will not make claims or create marketing narratives about it. It is up to the users verify their hardware, the [firmware](getting-started/installing/from-pre-built-release.md/#verify-the-files) and [Krux-Installer](getting-started/installing/from-gui/debian-like.md/#verify-the-integrity)
### Donations

Krux will not solicit, receive, manage, or distribute donations. Therefore, Krux has no budget for publicity, audits, or similar activities. Contributors to Krux will fund their own work—whether by promoting their efforts, applying for grants, or seeking direct individual donations.
Expand Down