Wiki needs improvements #25
Comments
|
@pahakalle : This guide is unfortunately obsolete. Can you clarify which section was harder to understand? If there is one guide I would merge, it would be the one from @merge and promote a simple external programmer for users to use and order which, with flashrom compiled can be used from a secondary computer with: |
|
The instructions mainly line 35 (Ok, now comes the time to write the 4MB...) are a bit hard to follow/read beacause its just a lot of text. The guide merge has on skulls is a actually really good and with small modifications could just replace the one here |
|
Well, I think the wiki still needs improvements, but for me the worst part is configuring TPM — there just isn't anything useful there. Are the appropriate sections from the outdated guide quoted by @pahakalle still applicable, maybe? |
|
@Freewolny : using a board config enforcing (see x230 board config or x230-hotp-verification, which later requires a Nitrokey Storage/Nitrokey Pro v2/ Librem Key to enforce HOTP verification ). Following last link: screenshots, instructions etc should take into consideration whiptail usage that is applicable with/without beautiful graphic enforced by FBWhiptail (which is unusable in remote terminal). For example, the kgpe-d16 PR enforces gui-init without fbwhiptail for servers while enforcing graphical interface with FBWhiptail for the workstation. So that even on compatible server platforms, gui-init can be used instead of currently documented generic-init under wiki, which became kinda deprecated. Meanwhile this beginner's page was created, which doesn't cover configuration and Heads daily usage. Any help welcome redoing the wiki pages.... Is there volunteers? |
|
Well, when I manage to do everything myself – reflashing the boards in X230, installing Heads and so on, I'll gladly edit the wiki to make it work for complete newbies like me… but I have a feeling that before this happens, I will need a ton of support myself, unfortunately. |
|
@Freewolny please read last link of my previous reply. Your concerns are answered there. |
|
One more question – is it currently possible to have an additional keyfile for LUKS encryption stored in TPM? |
|
@Freewolny yes. Its called a Disk Unlock Key and is enforced by setting a boot default under Heads on all boards having a TPM, but Purism ones, by default. TPM NVRAM space releases the key on good Disk Unlock Key passphrase if LUKS header and firmware measurements are valid. When setting a new boot default, the Disk Revovery Key (key slot 0) is required to be typed to renew/change Disk Unlock Key passphrase (slot 1). |
|
But from what I understand, in the solution described by you, the TPM is in possession of the whole decryption key, but releases it only after I authenticate myself to it. So if there was a way to extract the key from the TPM, the attacker would only need my laptop and would have the whole disk decrypted. Admittedly, if the attacker is able to do it, he can probably also employ an evil maid attack and sniff my decryption password, but it's still more effort, as I see it. I'm looking more for a solution described here:
|
|
The threat model adressed currently through Heads is the evil maid able to capture the passphrase typed at boot and expecting to be able to clone the disk while owner is away and be able to decrypt the content at their leisure. What you are looking for is some kind of 2fa or more specifically the part where you need an external device (something you own) to be able to boot the device. This is not currently implemented, while when QubesOS will upgrade their Dom0, changes having been merged into cryptsetup and some additional changes inside of Heads could permit what you are looking for. Another option would be to have to have the USB security dongle combined and make the user sign with the dongle prior of permitting boot. Those implementations have risks themselves.
The mitigation are to:
|
|
@Freewolny : basically, you are talking about something like this https://docs.puri.sm/PureBoot/LibremKeyLUKS.html If it is the case, please open an issue under Heads, not heads-wiki. |
|
I recently built and installed heads for the first time. Had I not been familiar with coreboot, I would have been very confused by the wiki. Some details are glossed over, some are found on other pages and others are duplicated in different sections, some are wrong (x220 does not have a 4mb chip, only an 8mb). With linuxboot/heads#703, portions of the wiki could theoretically be simplified. In the meantime, I attempted to unify the documentation but am in over my head.....over my heads?....nope, head, no puns here. I am too new to know where the project has been or where it is going nor arrogant enough to start rewriting large portions of the wiki. This is what I came up with when trying to reorganize it. Ignore the theme; I repurposed a flatdoc theme made a few years ago. I wanted to focus on the content and not waste time setting up Jekyll. Also, it really should not be one large page, but sections should be consolidated and easily navigable. A few things to note:
Again, I am new to this project so I may be way off base or out of line with some of these suggests. If so, just mock me and tell me off. |
|
@Thrilleratplay : I love the live version sitting at https://thrilleratplay.github.io/heads-wiki/ Consequently of #44. I would be agreeing with the reordering and removing trmm.net links, while most of the screen captures are linked to generic-init instead of #40, with some miseading information here and and there (Xen is not included in Heads since a while, there is no Read only FS under QubesOS, x220 flash is not 4mb... All those should be removed. Generic user guide should be taken out of https://docs.puri.sm/PureBoot.html (CC by SA) and manually republished upstream.
Agreed. Cannot take this decision myself though. @osresearch : docs should be self contained.
Coreboot pages should be referred instead?
The point here would then be: how to recreate those docker images.
Agreed. That was a really long debate. The solution proposed is linuxboot/heads#571
-v does exactly that. Looping it is not so good idea since if backup and verify fails, that would mean the clip needs to be manually replaced. |
That is a good option for the Lenovo's. I am not sure if that would be confusing to new users, * shrugs * probably could be fixed with it explicit saying it is going to the coreboot docs.
Not necessarily, the Raspberry Pi bus speed can introduce enough variance to alter a checksum. I ran into this a few times before switching to a Ch341A. My issue with
It depends on how you would want to approach it.
EDIT: Of course a few hours after I write this I run into an issue. The head-builder-scripts currently work with x230 and qemu-coreboot but there is an issue with the version of gawk when trying to build qemu-linuxboot. This may actually be another use case for using docker images as gawk is a fairly standard utility in Linux and is a specific version is needed. I noticed the open issues regarding CircleCi builds, using Guix and a few other build related things. If docker images were to compartmentalize build environment dependencies and referenced in the documentation, it may save a lot of headaches trying to help debug different issues across an infinite possible of users environments. It may also make it worse, I am not familiar enough the range of issues that occur. As for shared flashing documentation across different projects. That may just be a pipe dream. It is difficult enough with different devices and programmers but the same device can have different chips and there are so many variations of CH341A programmers as well as different RPi and BusPirate versions. This is bad enough when dealing with just answering questions of coreboot users on Reddit, then trying to mix this across with different projects whose user backgrounds and technical experience will vary. Just to add more wrenches, how about translations? This is an issue that should be addressed but is beyond the scope of this issue. |
Interesting. Looking into this to troubleshoot linuxboot/heads#608 Edit: refacing the problem of having docker inside of QubesOS. digging it as a first step, will update later. |
|
@tlaurion I knew I was forgetting to do something today. I made an edit in the comment above regarding gawk version issues, it likely won't impact the debugging you are doing but did want to call it out. |
|
@Thrilleratplay Docker inside of QubesOS instructions updated https://gist.github.com/tlaurion/9113983bbdead492735c8438cd14d6cd Running your script |
|
@tlaurion Yeah, I assumed linuxboot/heads#811 was the cause. I need to take steps to try to remove gawk from the heads builder docker image. It is only impacting the |
https://gist.github.com/tlaurion/9113983bbdead492735c8438cd14d6cd just reproduced and working. (still downloading coreboot/coreboot-sdk:1.53' locally which seems to be heavy for my damn slow internet link) |
|
I am reworking the Wiki pages to move OS specifics into subfolders, add recovery shell page, and a few other cleanups. Though I have a first pass (https://github.com/jtmoree-github-com/heads-wiki/tree/docs-refresh) in a fork I think there are syntax problems. I'm attempting to setup the environment to test locally based on this page: https://docs.github.com/en/github/working-with-github-pages/testing-your-github-pages-site-locally-with-jekyll Am I overthinking this? Is there an easier way to test the docs? |
|
I think there should be maybe more time invested into documenting how to dig code, then to write doc for code that is still changing. Not sure how to do that. More comment in code instead of external documentation seems more interesting to me. The maintainership problem once again. We see it already, the documentation is way behind the code base as of now. Way behind. And duplicating documentation out of code actually is the cause of that. Lazyness of reading code is one thing, having it too cryptic is another. But my recommendation seeing the new flow of questions coming in for the Heads project is that maybe a general flow of operations in flow chart should be created (more stable) with clickable links into code, where code is more commented and external documentation is maintained to be as minimalist as possible. Otherwise, I bang my head on the walls everytime I surf around and read comments on Reddit and elsewhere, pointing to old docs, bad understanding of what is happening, simply, in my opinion, because of lack of actual code documentation, and outdated external documentation. |
|
Silly idea here, but:
What you think? User/Dev/documentarist perspectives welcome. |
|
That is an absolutely awesome idea (as a user who might be able to dig into
code to some extent, but on a day-to-day basis codes something completely
different). If the code would really be well documented, that could be a
great help in order to grasp a better understanding of some of the
internals.
pt., 29 sty 2021, 17:44 użytkownik tlaurion <notifications@github.com>
napisał:
… Silly idea here, but:
- screenshots of menu, where clicking on it would point to commit
version of that code in blame mode would point to where the code lies. And
then code should document what happens there. High level, and where
functions being external (gui_functions, functions, mount_usb not being
mount-usb) should be clarified or simply recentralized for easier
comprehension.
What you think? User/Dev/documentarist perspectives welcome.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#25 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACFKALGLREWEXXFJ4ANTSQTS4LQXBANCNFSM4GRHYM3A>
.
|
|
@tlaurion I am not sure myself. This is part of the reason I made mostly structural changes to the wiki. I started to fall into the trap I think @jtmoree-github-com is approaching. This is personal perspective, Heads is tantalizing to people worried about security but usually attract those who think naive about encryption, security and open source development. The project itself is brilliant but fragmented. There is a lot of hostility from newbies who think this will be a drop in upgrade and are quickly overwhelmed with the complexity. The poor documentation is usually the biggest complaint. The idiom "those who can't do, teach", something I never understood until college, becomes the catch 22 with Heads documentation. If you don't know enough about Heads, you start to dive through the code to understand it, becoming to familiar with the code, it is difficult to explain it in a high enough level for those who are brand new can understand and abstract enough where it is not immediately obsolete. This is the trap I feel into, I became so familiar with the code, the wiki makes no sense to me. A few ideas:
|
|
I like the idea of linking wiki docs to source code to supplement high level documentation. I have been updating the docs as I figure out how heads works and waiting for feedback before creating PRs. I just posted 2 more. #67 is for new questions to the FAQ. These are questions I have as a new user to heads. Many are still unanswered. Hopefully we can fill more in during the review process. #66 is for a bit of re-org on the wiki and new pages for recovery shell and OS installs. |
I would create such a diagram but I don't understand enough to do so. Is there one I can use for reference anywhere? Or can someone create a crude text version of it in this thread that I can turn into an image? |
|
I can go iteratively and answer questions as we go.
Runtime:
@ jtmoree-github-com Please ask questions on precedent points. |
|
Started a glossary as I work through some diagrams. All can be reviewed here: https://drive.google.com/drive/folders/14TSM4U0fNYlQpzQEDnpZGCc8eAGDZhSl?usp=sharing Still early on the diagrams but if you start with HEADS OVERVIEW you will get the idea of where I am going with this. |
|
I would have lots of comments and corrections to propose for each diagram. Can those images be in a shared doc with shared writing access? A pad, or a PR, or a cryptpad.fr? |
|
You should be able to comment now. I can add individual gmail accounts as editors too. |
|
I will try to find time in the next coming days and post comments here in regard of filenames on google drive. |
|
@jtmoree-github-com A PR with those graphics that will change with Q&A flow would be helpful. Otherwise, I see involvement in all PRs and issues closed will really be time consuming correcting misconceptions... clarified in code. |
|
At this point, I belive you should just branch the current master of the PR, and ask question in code. Reviewing the diagrams and current state of https://docs.google.com/document/d/1F7SeHrgYFbbhdBT0fsvddIDvkv0DlnTvjtbTQA00wec/edit#heading=h.5h6usohk6neg as a start doesnt feel like a Frequently Asked Questions at all, but personal questions torward the code, in which I could probably invest 10 hours or more explaining everything. Who is the audience? |
|
First review directly on drawings and texts directly |
@jtmoree-github-com want to ask questions on the precedent points prior of going forward so I can modify precedent post and address questions? Edited with TPM_MEASURED_BOOT implementation change directly from coreboot merge. |
Documenting all in code is difficult because a specific file in source code is only one part of a larger system. The wiki and FAQ address higher level concepts which link to specific implementations in source. If I have questions after looking at docs AND code then other people might have the same questions. As the questions are answered I am curating the FAQ to small answers with links to wiki and--as discussed--our goal is that the wiki links to github source code. The diagrams are incomplete as we just started discussing this. It will take some time to flesh those out especially since I am still understanding the workflows and using the FAQ process to do so which takes time as well. I think I can grant public access to edit the diagrams but that seems like a bad idea given that I am posting the link to this public forum. I'm open to using a different diagramming tool to make collaboration easier. (cryptpad.fr seems lacking in drawing features. perhaps draw.io or lucidcharts?) |
|
I think we need to pause and look at some challenges with the documentation process. Please read this entire post before replying on specifics as the specifics may span multiple areas of discussion--like the docs we are working on. Please forgive me if any of this sounds critical. I am attempting an analysis of the documentation process--not blaming individuals for choices. As we have all said, the docs need a lot of work. I have 3 pull requests related to documentation that are at least a few weeks old. Ideally, a PR would get reviewed and merged or rejected in a short time frame so everyone can move on to other tasks. This post is to discuss changes in my approach to updating docs that may help remove or mitigate some of these bottlenecks. These changes are in response to what I think are root causes. I do not have enough understanding of the heads ecosystem to create 'perfect' docs. Others that do, may not have the time or lack tools and/or skills. This effort will take collaboration. This necessitates that we pass 'work in progress' back and forth before it is 'finished'. Here are the challenges identified so far:
constrained resources (free time)Since most if not all us are working on this in our free time there is a long lag in between work. We all work at different times and days. This encourages parallel work because I am waiting for at least a few days for responses on 'this section' and I only have 'right now' to work on this so I switch to the 'other section'. Of course the other section has questions that I also have to ask and work through responses. This contributes to the confusion. I have seen answers to a question in one PR end up in the other PR because they overlap in concept even though they target different specific changes. I belive all of this highlights the even greater need to reduce waste and improve communication and collaboration. scopeThe scope of changes I am working on is much larger than an agile practice would call for. This is wasting the limited time that others have by causing them to switch contexts and adding to confusion around the questions I am asking. The scope for 2 of 3 PRs is too large. In some cases the questions and answers need to stay very high level. While I appreciate the very detailed responses, there are times when a short sentence or confirmation is all that is needed. In addition, when the long answer is repeating content it frustrates everyone--especially the poster who feels like his time is being wasted. This is a significant challenge for documentation as it--by design--references multiple areas within the project in order to relate them to each other. In some cases the folders and pages need to be re-organized. e.g. allow room for growth, etc. We will need to work on keeping scope small for a specific PR to keep it manageable. documentation vs codeSince this project is based around executable code and we are using tools built to manage code we are also treating documentation as code. In a literal sense this may be true but the workflow and approach to documentation should probably be different. Concepts that are new to users may take only a paragraph to explain usage but might take many different components, processes, utilities, and user interfaces to implement. My focus has been on the 'new' experienced user since that is my use case. Having worked in I.T. for a few decades I have a broad understanding of the tech involved but also need to study and troubleshoot specific concepts and technical issues which requires finding information in a targeted way. I have been finding this information by reading websites, code, docs, and posts to github. This has been a slow process which illustrates the points I am making here. There have been a few times that I asked a question that was already explained clearly in the heads wiki or docs but most of the questions are hard to understand without more information. I created a list of questions when I started digging into this project and as I find answers to them I am integrating those answers into the Wiki. This adds to the scope creep mentioned above. 1. THIS IS NOT HOW CODE WORKSCode either works or doesn't--there is not much room for progressive elaboration. At most, we could compare this to changing code in response to feature requests but really, these are just different. 2. Embedded DocsI like adding documentation to code--in fact, any source code I have created in the last 5 years includes more lines of comments than executables (generally as a header at the top). I will continue to attempt to add documentation to heads utilities but there has been pushback on that for valid reasons. Any documentation has to be updated but the only alternative is No documentation which is not a good alternative. 3. Design DecisionsI often search other websites for the answers to my heads questions. Reading code doesn't tell me definitions for acronyms and other higher level stuff such as why does heads use a TPM for a disk key instead of just encrypting it and storing the file in /boot? These types of questions are going to come up for people who are getting familiar with the project. Especially, as multiple ways of handling a use case are added. e.g. verification with HOTP vs TOTP, disk key in TPM or not, etc. work in progress vs finished workGenerally, a PR is the end to a finished (or almost) finished process. In the case of 2 of my 3 PRs we are working through the final issues that are blocking them from being merged. I think these two are also getting blocked by the 3rd (FAQ) because they deal with the same issues of documentation. 1. more information neededGiven the nature of a normal PR, when I post questions to reviewers the responses seem to assume that the work is finished. In almost every case I need more information and I am asking for clarfication. I wait to commit the changes until the questions are answered but the responses seem agitated that I have not already 'fixed' the problem with another commit. This sometimes encourages the replies to repeat information because it seems like I have not read or understood the first post. This is especially bad when there is copy/paste code where two utilities work almost the same way and both need modification in the same way. I generally, will not post on the second until the first is resolved even though they are in the same PR. 2. process and labelsThe FAQ PR is a draft because it is on ongoing collaboration. I created it at the suggestion of others on this thread. There are other ways to collaborate though they also have challenges. We may find it helpful to change our approach to Work In Progress. I am open to suggestions. We have to be able to post W.I.P. and get feedback on that work. Ideally, multiple parties edit the work. Maybe that is where the PR breaks down. Instead of editing the work, reviewers are posting metadata about the work which then has to be interpreted by me and incorporated and reviewed again. If we all edit with revision history it might go faster. tools1. githubAs a github project GITHUB is our main collaboration tool. I am happy to use any tools the group feels are necessary and helpful. As I already mentioned, a Pull Request may not be the best tool for work in progress. Unfortunately, I don't see any other tools working better. Perhaps by marking the PR as a draft it will help. 2. alternativesWe could try to move the documentation to another system but that seems like a really big hurdle to cross and I'm wary of adding dependencies by moving the docs outside of the current systems. 3. diagramsThe diagramming work is new and requires new tooling in addition to all the same collaboration problems: it is NOT finished; it is highly technical but needs to start with broad concepts; it requires write access for multiple parties to be most effective. etc Again, open to suggestions. Action ItemsI resolve to follow these guidelines as I continue to work on heads. Though it will slow down the potential pace of development the development is slower anyway due to confusion. I may be able to revise these after we work as a team and understand each other better.
|
You could at least comment on the half that was necessary... Perhaps just concentrate on the Action Items. Do they seem useful? |
|
@GittCatt I would love to know what was irrelevant to you and what your audience is. Please select the irrelevant parts in code (selecting the lines as a block) at least, otherwise those kind of comments are discouraging people actually contributing, who are trying to make it better by answering their own questions. |
|
@jtmoree-github-com maybe a riseup pad would help getting input on content only? I can commit reviewing written stuff wherever it is hosted at the beginning of the week. My intuition is that PR might not be the best way to do this. But as said previously, I suck into bringing technical to non technical. My job here is to make sure what is published is true and technically sound. |
1 similar comment
|
@jtmoree-github-com maybe a riseup pad would help getting input on content only? I can commit reviewing written stuff wherever it is hosted at the beginning of the week. My intuition is that PR might not be the best way to do this. But as said previously, I suck into bringing technical to non technical. My job here is to make sure what is published is true and technically sound. |
|
@jtmoree-github-com Right now, it seems to me that the most difficult thing to grasp from the documentation is the fundamental differences between "standard" and maximized boards. I have been reading through the issues, but still have unresolved questions (probably because I am doing something wrong, after I flash skulls, then flash X230, everything OK, but when I flash x230-maximized (through heads graphical UI) a brick results). At first I thought it was related to MAC address, but does not seem that way. I checked that I unlocked IFD in skulls script: yes. tried flash x230-maximized from circleCI: no reward. tried to recreate gbe.bin with the machine MAC: brick. And still wandering if I am doing some silly mistake |
|
@qubicrm I have not had to deal with that issue as I use a Purism laptop that already works with heads. My focus has been on the installation of an Operating System and Troubleshooting boot. These are tasks that are performed after a working heads installation. I will post an update on the work I am doing which may help if you learn some things and decide to share that information and/or improve the wiki. As I mentioned in my action items above I am solely working on 1 pull request right now (docs refresh). The key point that everyone should know is that Pull Request workflow is not conducive to collaborating on documentation. In the future I will be using other tools like the ones mentioned in this post. That isn't new information for this thread but is important. An analysisA wiki is designed to be collaboratively edited inside a web site but that is best scoped at the context of a 'page'. As changes span across multiple 'pages' the wiki approach becomes less effective. Github allows all of the wiki 'code' to be edited outside of the wiki in a git repo. While this makes it easier to edit more than the 'page' context, it complicates collaboration. When we need to collaborate on the content going into multiple pages on the wiki we are encouraged by the wiki docs themselves and the features in github to fork. We then get a personal copy and can configure github to show our copy to others. This is great for review but does not allow for easy collaboration on edits. In my case I reorganized large sections of the wiki and am still learning and understanding the heads environment. This led to many rounds of commits, change requests, rewrites, and repeats. At this point we have 9 files changed and 20+ commits in my PR. In a typical PR situation this would be rejected as too complex. In fact, I may be breaking the PR into multiple smaller PRs for the final merge. It is the wiki that is collaborative--not the individual edits. While it is easy to say, "Make smaller changes" that is challenging when the smaller changes link to each other and move content around. I had to have a working wiki with all of the content arranged in order to do the work of updating. The other challenge is one of scope. Different opinions exist in the project about what is in or out of scope for the wiki. What will I do for the next changes I work on which span multiple pages that might improve collaboration?
This approach has the disadvantage of losing all of the organization and diff tools that github includes and we may find that this has a different set of challenges. Naturally, the smaller we can keep changes the less problems we will encounter but the point I am making is that not all changes are small. |
|
@qubicrm sorry about this confusion. As written in the notes of the maximized PR, coming from Skulls requires the initial additional step of unlocking IFD from their documentation and then a full flash, directly with flashrom from Heads recovery shell ( Otherwise, it requires an initial external flash, since ME and IFD are locked and only accessible in read only mode from the booted system. Maximized builds are basically to be flashed externally, once, by flashing the 4MB rom on the top SPI, and the 8MB rom on the bottom SPI flash chip, which contains neutered ME and unlocked IFD, which replaces flashrom options inside of the board config to not only flash the BIOS section of coreboot internally on future internal flash attempts. TL;DR: You are causing a brick because the IFD from Skulls is defining a smaller BIOS region then the one being flashed by the maximized rom, causing inconsistencies between regions defined under IFD and beginning and end regions really being on opaque combined 12MB SPI flash chips seen internally. Basically, flashing the bigger BIOS region from maximized builds invalidates expected structure from IFD, which is lost and fails. The solution here would be to flash both SPI chips with related ROM images (top and bottom). Externally. I am more then due to document this properly, and will try to do so ASAP to fix #55 |
|
@jtmoree-github-com this PR is near completion IMHO in terms of content. |
The entire install section should be redone as its really hard to follow and understand.
we could "merge" the content from the current guide with this as base https://github.com/mfc/flashing-docs/blob/master/walkthrough%20for%20flashing%20heads%20on%20an%20x230.md
The text was updated successfully, but these errors were encountered: