forked from kerchen/cryptex
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pi-zero-gadget-notes.txt
156 lines (140 loc) · 6.84 KB
/
pi-zero-gadget-notes.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
Configuring gadgets:
http://isticktoit.net/?p=1383
Sorting Windows driver issues:
http://irq5.io/2016/12/22/raspberry-pi-zero-as-multiple-usb-gadgets/
https://hackaday.io/project/10387-gadget/log/34463-on-windows-drivers-and-usb-gadgets
Setting up pi to use Avahi/zeroconf:
https://gist.github.com/gbaman/975e2db164b3ca2b51ae11e45e8fd40a
http://blog.gbaman.info/?p=791
https://elinux.org/RPi_Advanced_Setup
(Optional) Some ISPs don't properly handle failed DNS lookups; Google's do.
If your Windows box is unable to connect to .local addresses or they take
a long time to serve up HTTP requests, or you can't use the normal HTTP port
(80) without your ISP trying to "help" you, you might need to set your network
adapter settings so that they use Google's:
* For IPv4: 8.8.8.8 and/or 8.8.4.4.
* For IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844.
(More details here: https://developers.google.com/speed/public-dns/docs/using?csw=1)
Steps for using Adafruit 2.2" TFT (non-touch)
1. Grab Adadruit Jessie-based PiTFT 2.2" HAT image from https://s3.amazonaws.com/adafruit-raspberry-pi/2016-10-18-pitft-22.zip
Detailed instructions at https://learn.adafruit.com/adafruit-2-2-pitft-hat-320-240-primary-display-for-raspberry-pi/easy-install
2. Burn image to SD card. Put wpa_supplicant.conf in root dir if you want to
be able to use a WiFi adapter for the configuration steps.
3. Connect hardware:
a. Connect TFT to Pi
b. Connect USB hub to non-power USB connector on Pi. Connect keyboard,
mouse, and WiFi dongle (unless you want the frustration of trying to edit
files, etc on a tiny display).
4. Connect USB cable to power USB port on Pi; connect other end to PC.
This should cause the Pi to boot.
5. Once Pi is up, configure avahi per https://elinux.org/RPi_Advanced_Setup#Setting_up_for_remote_access_.2F_headless_operation
6. Change locale, etc to US: sudo raspi-config
a. Select "5. Internationalisation Options" -> Change Locale
i. Select en_US.UTF-8 UTF-8
ii. Un-select en_GB.UTF-8 UTF-8
iii. Select <Ok>
iv. When prompted, select "en_US.UTF-8" as default locale for system environment
b. Select "5. Internationalisation Options" -> Change Locale
i. Select "Generic 101-key PC"
ii. Select <Ok>
iii. Select "Other" for keyboard layout
iv. Find "English (US)" in list, select it, and then select <Ok>
v. Use plain English keyboard (no dvorak, etc)
vi. Use defaults for remaining options
7. Escape from config program. Verify that typing shift-3 gives you a '#'
character and not the British pound symbol.
8. Set up USB gadget support:
a. Edit /boot/config.txt and add this line to the end of the file:
dtoverlay=dwc2
b. Edit /etc/modules and add these lines to the end of the file:
dwc2
libcomposite
c. Add this line to rc.local:
/home/pi/switch-mode.sh rndis
8.5. Install things that need a connection to the internet:
a. sudo apt-get update
b. sudo pip3 install pycryptodome
c. sudo pip3 install cheroot
9. At this point, you're ready to ditch the WiFi dongle. n.B. Avahi doesn't
seem to work with WiFi(?). You should probably install anything else that
requires hitting an external server now.
a. Shut down the Pi and disconnect the USB hub.
b. Remove wpa_supplicant.conf from root of SD card.
c. Reconnect the USB cable to the non-power USB connector on the Pi (the
other end is still connected to host PC).
10. Change console font size (optional) and turn off screen blanking:
a. Edit /boot/cmdline.txt.
i. Add 'consoleblank=0' to the end of the line
ii. Change boot font to desired value (e.g., Terminus10x20)
b. Change font size for post-boot:
i. Run 'sudo dpkg-reconfigure console-setup'
ii. Select font and size as desired
Font name Display Size (in characters)
Terminus6x12 53x20
Terminus8x14 40x17
Terminus8x16 40x15
Terminus10x20 32x12
Terminus11x22 29x10
Terminus12x24 26x10
Terminus14x28 22x8
Terminus16x32 20x7
TerminusBold10x20 32x12
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SSL Cert setup: (from
https://datacenteroverlords.com/2012/03/01/creating-your-own-ssl-certificate-authority/)
Modify per-device cert creation steps:
1. Generate private device key:
openssl genrsa -out device.key 2048
2. Generate cert signing request:
openssl req -config device-ssl-cert.cfg -new -key device.key -out device.csr
3. Sign CSR with CA root key:
openssl x509 -req -in device.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out device.crt -days 500 -sha256 -extfile v3.ext
4. Install root certificate in Windows certificate repository so that browsers
don't throw up scary warnings when you try to navigate to
https://cryptex.local. To do this from Chrome:
i. Navigate to Settings->Advanced->Manage Certificates
ii. Import rootCA.pem (generated in previous steps), putting it in
"Trusted Root Certification Authorities"
TODO: Firefox apparently has its own store, so might need to do it there
instead or in addition to the Windows store.
Contents of device-ssl-cert.cfg:
===============================================================================
[ req ]
default_bits = 4096
#default_md = sha512
#default_keyfile = device.key
prompt = no
#encrypt_key = no
# base request
distinguished_name = req_distinguished_name
# extensions
req_extensions = v3_req
# distinguished_name
[ req_distinguished_name ]
countryName = "US" # C=
stateOrProvinceName = "Michigan" # ST=
localityName = "Almont" # L=
postalCode = "48003" # L/postalcode=
organizationName = "Paul Kerchen" # O=
organizationalUnitName = "Me" # OU=
commonName = "cryptex.local" # CN=
# req_extensions
[ v3_req ]
# The subject alternative name extension allows various literal values to be
# included in the configuration file
# http://www.openssl.org/docs/apps/x509v3_config.html
subjectAltName = DNS.1:cryptex.local
===============================================================================
Contents of v3.ext:
===============================================================================
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = cryptex.local
===============================================================================
Bottle notes
* If a post fails with the error 'method not allowed', try importing into the
module which is doing the template expansion, the module which contains the
@post function.