Giter Club home page Giter Club logo

lioness's Introduction

Warning: this project is experimental, work-in-progress and completely unsupported.

Lioness

The aim of the Lioness project is to provide a system image for a linux-powered USB security key, which can run on commonly available hardware, such as the NanoPi NEO2. The image should be minimal in size and use mainline Linux kernel + u-boot sources, powered by the Buildroot build system.

Getting started

Build a NanoPi NEO2 image by running:

git clone --recurse-submodules <this-repo-uri> lioness
mkdir lioness/out
cd lioness/out
make O=$PWD -C ../buildroot defconfig BR2_DEFCONFIG=../board-nanopi-neo2/buildroot_config BR2_EXTERNAL=../buildroot-external/
make

This should generate an SD card image under images/sdcard.img, which can be written via:

dd if=images/sdcard.img of=<sd-card-device> bs=1M

The SD card can then be placed in a NanoPi NEO2 and booted. The image will boot to expose a USB mass-storage device, which contains a static file-backed configuration website. Once configured, the website allows the user to save the settings to a file. With the /usr/bin/lioness binary running on the board (it's not started by default), the configuration file will be automatically detected and validated, when saved to lioness.txt.

Work in progress

Functionality to initialize and unlock the dm-crypt storage area has not yet been finalized. In addition to that, there is a long list of desired features:

  • store salt in GPT uuid: done, although logic needs to come out of bootloader
  • mkfs.btrfs dm-crypt area: done
  • mkfs.exfat file-on-btrfs: done
  • on open: handle snapshots (reflink file): done, but can't use snaps yet
  • expose file-on-btrfs via USB: done
  • raw dm-crypt option for those who don't want thin provisioning / snapshots
  • FIDO2 / webauthn using openSK
  • OS image update from static website
  • test, test, test!
  • support for other boards

Debugging

By default, the image provides boot logs via UART. A DHCP client starts on boot alongside an ssh server which can be accessed with root/root credentials.

Thanks

Thanks to SUSE for allowing me to work on this project as part of Hack Week 22. Thanks to sunxi mainline Linux and u-boot contributors. Thanks to FriendlyArm for donating some NanoPi hardware.

lioness's People

Contributors

ddiss avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.