From: Steven Baltakatei Sandoval Date: Tue, 30 Jun 2020 19:46:30 +0000 (+0000) Subject: doc(loc/README): Show how to disable swap file X-Git-Url: https://zdv2.bktei.com/gitweb/EVA-2020-02.git/commitdiff_plain/dac703dda941e1fd4ad0f6c0934a1f937fe5d45f doc(loc/README): Show how to disable swap file Disabling swap file is important for reducing probability that unencrypted data is written to disk. --- diff --git a/doc/location/README.html b/doc/location/README.html index 11a6516..69a4789 100644 --- a/doc/location/README.html +++ b/doc/location/README.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + Ninfacyzga-01 Manual @@ -234,24 +234,24 @@ for the JavaScript code in this tag.

Table of Contents

-
-

1 Location Logging

+
+

1 Location Logging

This document was created by Steven Baltakatei Sandoval on 2020-06-29T12:14Z under a Creative Commons BY-SA 4.0 license. It -was updated by Steven Baltakatei Sandoval on 2020-06-30T17:13Z +was updated by Steven Baltakatei Sandoval on 2020-06-30T19:44Z

-
-

1.1 Narrative

+
+

1.1 Narrative

Ninfacyzga-01 records (logs) its position in time and space using a @@ -282,23 +282,23 @@ before being processed and written to disk.

-
-

1.2 Description

+
+

1.2 Description

-
-

1.2.1 Hardware

+
+

1.2.1 Hardware

    -
  1. Raspberry Pi Zero W
    +
  2. Raspberry Pi Zero W

    See the OEM webpage for this product.

    3. -
  3. PiZ UpTime 2.0
    +
  4. PiZ UpTime 2.0

    See the OEM webpage for this product. @@ -307,8 +307,8 @@ See the OEM webpage for

-
-

1.2.2 Software

+
+

1.2.2 Software

bkgpslog : The bash script that performs the location data @@ -349,7 +349,7 @@ should be copied to $HOME/.local/bin.

    -
  1. Narrative
    +
  2. Narrative

    bkgpslog populates a 60-second buffer with NMEA data from gpsd via @@ -362,28 +362,28 @@ encrypted with age, and then written to disk.

-
-

1.2.3 Output

+
+

1.2.3 Output

    -
  1. File Formats
    +
  2. File Formats
      -
    1. NMEA
      +
    2. NMEA

      See the Wikipedia page for this.

      3. -
    3. GPX
      +
    4. GPX

      See the Wikipedia page for this. WGS84 is the datum used.

      5. -
    5. KML
      +
    6. KML

      See the Wikipedia page for this. WGS84 is the datum used. @@ -392,7 +392,7 @@ See the Wikipedi

    3. -
  3. Encryption Method
    +
  4. Encryption Method

    Files produced by the bkgpslog script are encrypted against a set of @@ -421,7 +421,7 @@ Help information for age is available by running $ age --help

      -
    1. Encryption Commands
      +
    2. Encryption Commands

      Files may be encrypted to several recipients using a command similar to: @@ -442,7 +442,7 @@ bech32-formatted public key strings.

      3. -
    3. Decryption Commands
      +
    4. Decryption Commands

      Files may be decrypted using a command similar to: @@ -462,12 +462,12 @@ The version of age used to perform the encryption

-
-

1.3 Operating Procedures

+
+

1.3 Operating Procedures

-
-

1.3.1 Initial Startup

+
+

1.3.1 Initial Startup

See OEM (Ozzmaker) quickstart guide for the BerryGPS-IMU. @@ -475,7 +475,7 @@ See OEM (Ozzmaker) -

  • Physical Setup
    +
  • Physical Setup

    BerryGPS-IMU must be electrically connected to the correct pins on the @@ -490,9 +490,9 @@ possible.

    • -
  • Software Setup
    +
  • Software Setup
      -
    1. Install Executables
      +
    2. Install Executables

      Install Raspbian 10 Buster onto an SD card image. See the Raspberry Pi @@ -523,44 +523,53 @@ Linux) in $HOME/.local/bin.

      3. -
    3. Disable Swap File
      +
    4. Disable Swap File

      -Since standard Raspbian 10 install involves copying unencrypted file -system image to SD card which is mounted by the Raspberry Pi, system -memory may be written to disk in the form of a Swap file as described -here. In order to reduce the chance that location log data is ever -written to disk, swap file functionality must be disabled. +Since standard Raspbian 10 (Buster) install involves copying +unencrypted file system image to SD card which is mounted by the +Raspberry Pi, system memory may be written to disk in the form of a +Swap file as described here. In order to reduce the chance that +location log data is ever written to disk, swap file functionality +must be disabled1.

      +

      +Raspbian 10 uses dphys-swapfile to manage a swap file. It may be +disabled persistently2 by running +the following command: +

      + +
      +sudo systemctl disable dphys-swapfile.service
+
+
      +

      To view the status of the swap file in Raspbian 10, run free -m: 

       pi@ninfacyzga-01:~$ free -m
-              total        used        free      shared  buff/cache   available
-Mem:            432          86          36          21         309         268
-Swap:            99           0          99
+          total    used    free  shared  buff/cache   available
+Mem:        432      86      36      21         309         268
+Swap:        99       0      99

      -The swap file may be disabled by: +After disabling the swap file and rebooting: 

      -pi@ninfacyzga-01:~$ sudo dphys-swapfile swapoff
-pi@ninfacyzga-01:~$ sudo dphys-swapfile uninstall
-pi@ninfacyzga-01:~$ sudo update-rc.d dphys-swapfile remove
 pi@ninfacyzga-01:~$ free -m
-              total        used        free      shared  buff/cache   available
-Mem:            432          96          33          22         302         258
-Swap:             0           0           0
+          total    used    free  shared  buff/cache   available
+Mem:        432      89     214       3         128         289
+Swap:         0       0       0
      5. -
    5. Automatic Start Configuration
      +
    6. Automatic Start Configuration

      Edit the user cron job list with $ crontab -e to add the following @@ -600,7 +609,7 @@ may resemble:

      The age1z2...qkv6p is an age public key string. Please see the -Key Generation section for an explanation. +Key Generation section for an explanation.

      @@ -618,7 +627,7 @@ The options are:

      7. -
    7. Log Transfer Configuration
      +
    8. Log Transfer Configuration

      Log files may be shared to other machines via syncthing. See this @@ -635,7 +644,7 @@ of this document.

      9. -
    9. Key Generation
      +
    10. Key Generation

      An age encryption key may be generated like so: @@ -643,7 +652,7 @@ An age encryption key may be generated like so: 

       $ umask          # Gets current umask
 0022             # Note: This is the default umask for Raspbian 10
-$ umask 066      # Sets umask so key.txt will have no permissions except for owner (you)
+$ umask 066      # So key.txt will have no perms except for owner (you)
 $ umask          # Confirm umask set to 066
 0066
 $ age-keygen > key.txt
@@ -679,8 +688,8 @@ be readable, writeable, or executable to anyone except the owner
    • -
    -

    1.3.2 Normal Startup

    +
    +

    1.3.2 Normal Startup

    Turn on Ninfacyzga-01 by supplying 5VDC power to the Raspberry Pi. No @@ -688,8 +697,8 @@ further interaction should be required.

    -
    -

    1.3.3 Normal Operation

    +
    +

    1.3.3 Normal Operation

    No interaction beyond continually supplying approximately 100mA of @@ -698,14 +707,14 @@ is required.

      -
    1. Log Transfer
      +
    2. Log Transfer

      Log files may be transferred by use of syncthing shared folders.

      3. -
    3. Automatic Updates
      +
    4. Automatic Updates

      The automatic-upgrades package, if installed, should automatically @@ -715,8 +724,8 @@ install security patches to packages installed via apt.

    -
    -

    1.3.4 Normal Shutdown

    +
    +

    1.3.4 Normal Shutdown

    The system may be shutdown via SSH by running: @@ -729,8 +738,8 @@ $ sudo shutdown -r 0

    -
    -

    1.3.5 Unscheduled Shutdown

    +
    +

    1.3.5 Unscheduled Shutdown

    Ninfacyzga-01 as described and setup should tolerate unscheduled power @@ -739,8 +748,8 @@ seconds worth of location data may be lost.

    -
    -

    1.3.6 End of Life Disposal

    +
    +

    1.3.6 End of Life Disposal

    LiPo batteries used by the PiZ Uptime 2.0 module should be disposed of @@ -763,10 +772,27 @@ lead-free solder.

    +

    Author: Steven Baltakatei Sandoval

    -

    Created: 2020-06-30 Tue 17:14

    +

    Created: 2020-06-30 Tue 19:45

    Validate

    diff --git a/doc/location/README.odt b/doc/location/README.odt index 5bcd124..4348316 100644 Binary files a/doc/location/README.odt and b/doc/location/README.odt differ diff --git a/doc/location/README.org b/doc/location/README.org index ebabe81..397968f 100644 --- a/doc/location/README.org +++ b/doc/location/README.org @@ -1,7 +1,7 @@ * Location Logging This document was created by Steven Baltakatei Sandoval on ~2020-06-29T12:14Z~ under a [[https://creativecommons.org/licenses/by-sa/4.0/][Creative Commons BY-SA 4.0 license]]. It -was updated by Steven Baltakatei Sandoval on ~2020-06-30T17:13Z~ +was updated by Steven Baltakatei Sandoval on ~2020-06-30T19:44Z~ #+TITLE: Ninfacyzga-01 Manual #+AUTHOR: Steven Baltakatei Sandoval #+EMAIL: baltakatei@gmail.com @@ -131,33 +131,44 @@ Place ~age~ binary (the one compiled for ARM CPU architecture for Linux) in ~$HOME/.local/bin~. ***** Disable Swap File -Since standard Raspbian 10 install involves copying unencrypted file -system image to SD card which is mounted by the Raspberry Pi, system -memory may be written to disk in the form of a Swap file as described -[[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that location log data is ever -written to disk, swap file functionality must be disabled. +Since standard Raspbian 10 (Buster) install involves copying +unencrypted file system image to SD card which is mounted by the +Raspberry Pi, system memory may be written to disk in the form of a +Swap file as described [[https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/][here]]. In order to reduce the chance that +location log data is ever written to disk, swap file functionality +must be disabled[fn:ideaheap_20130731_disableswap]. + +Raspbian 10 uses dphys-swapfile to manage a swap file. It may be +disabled persistently[fn:rpf_20190702_disableswappersist] by running +the following command: + +: sudo systemctl disable dphys-swapfile.service To view the status of the swap file in Raspbian 10, run ~free -m~: #+BEGIN_EXAMPLE pi@ninfacyzga-01:~$ free -m - total used free shared buff/cache available -Mem: 432 86 36 21 309 268 -Swap: 99 0 99 + total used free shared buff/cache available +Mem: 432 86 36 21 309 268 +Swap: 99 0 99 #+END_EXAMPLE -The swap file may be disabled by: +After disabling the swap file and rebooting: #+BEGIN_EXAMPLE -pi@ninfacyzga-01:~$ sudo dphys-swapfile swapoff -pi@ninfacyzga-01:~$ sudo dphys-swapfile uninstall -pi@ninfacyzga-01:~$ sudo update-rc.d dphys-swapfile remove pi@ninfacyzga-01:~$ free -m - total used free shared buff/cache available -Mem: 432 96 33 22 302 258 -Swap: 0 0 0 + total used free shared buff/cache available +Mem: 432 89 214 3 128 289 +Swap: 0 0 0 #+END_EXAMPLE +[fn:ideaheap_20130731_disableswap] Explanation: +https://ideaheap.com/2013/07/stopping-sd-card-corruption-on-a-raspberry-pi/ + +[fn:rpf_20190702_disableswappersist] Persistant disabling of swap in +Raspbian 10 Buster: +https://www.raspberrypi.org/forums/viewtopic.php?p=1490692&sid=5c596a124b7805d6b10dab8d3d7caf16#p1490692 + ***** Automatic Start Configuration Edit the user cron job list with ~$ crontab -e~ to add the following @@ -212,7 +223,7 @@ An ~age~ encryption key may be generated like so: #+BEGIN_EXAMPLE $ umask # Gets current umask 0022 # Note: This is the default umask for Raspbian 10 -$ umask 066 # Sets umask so key.txt will have no permissions except for owner (you) +$ umask 066 # So key.txt will have no perms except for owner (you) $ umask # Confirm umask set to 066 0066 $ age-keygen > key.txt