diff --git a/content/notes/Arch Secure Boot.md b/content/notes/Arch Secure Boot.md new file mode 100644 index 0000000..270f730 --- /dev/null +++ b/content/notes/Arch Secure Boot.md @@ -0,0 +1,20 @@ +--- +title: Arch Linux Secure Boot +tags: + - Linux +--- +I needed to enable Secure Boot so that I could play League of Legends with Riot's Vanguard Anti Cheat. It seemed complex at first but was actually easier than I expected. The Arch Wiki is both helpful and confusing here, it provides a bunch of different ways to do this, but doesn't always do a great job of differentiating them as logically separate processes. + +My basic understanding of Secure Boot is that when your computer first loads up, it loads the motherboard firmware, which then boots a bootloader. I remember from my OS classes that historically, the bootloader is 512 bytes, specifically the first 512 bytes on the boot disk. The bootloader can be anything, the computer will just run it because of its location in storage, which means malicious actors could run any arbitrary code there and compromise the system. Secure boot mitigates this by only allowing cryptographically signed bootloaders to run. The process outlined here is to sign our bootloaders so that Secure Boot will allow them to run. We are doing this by using our own keys (see [Assisted process with sbctl](https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Assisted_process_with_sbctl)), rather than using a pre-signed boot loader. Note that "firmware" here refers to the motherboard firmware, commonly referred to as "the BIOS" + +0. Reboot into firmware and set secure boot mode to Setup mode. What this really means is clearing any keys that currently exist. +1. Install `sbctl` and run `sbtcl status` to verify Setup mode is enabled +2. Create custom keys `sbctl create-keys` +3. Enroll your keys `sbctl enroll-keys -m`. the `-m` means to enroll Microsoft's keys as well. You almost always want this, even if you're not dual-booting with Windows because some firmware is still signed with Microsoft's keys +4. Check boot files that need signing `sbctl verify` +5. Sign the files `sbctl sign -s /boot/vmlinuz-linux` + 1. If you have a lot of files, the command given in the wiki works great `sbctl verify | sed 's/✗ /sbctl sign -s /e'`, this assumes that every file listed in `sbctl verify` starts with `/boot` +6. Make sure all files are signed `sbctl verify` +7. Reboot into firmware and turn on Secure Boot + 1. In my Asus ROG motherboard's firmware, the setting is in Boot -> Secure Boot and the options are "Windows UEFI" or "Other OS" which are unclear. Windows UEFI turns Secure Boot on. +8. Reboot again and run `sbctl status` to verify Secure Boot is on diff --git a/content/notes/Create a systemd service.md b/content/notes/Create a systemd service.md new file mode 100644 index 0000000..75a4eb5 --- /dev/null +++ b/content/notes/Create a systemd service.md @@ -0,0 +1,26 @@ +--- +title: Example Systemd Service +slug: systemd-example +tags: + - Linux +--- + +System units go in `/etc/systemd/system` +User units go in `$HOME/.config/systemd/user` + +``` +[Unit] +Description=Webring test service +After=network.target +StartLimitIntervalSec=0 + +[Service] +Type=simple +Restart=always +RestartSec=1 +WorkingDir=/code/webring +ExecStart=/code/webring/webring --dsn /code/webring/webring.db --addr :8000 + +[Install] +WantedBy=multi-user.target +``` diff --git a/content/notes/Desktop files.md b/content/notes/Desktop files.md new file mode 100644 index 0000000..856e8bf --- /dev/null +++ b/content/notes/Desktop files.md @@ -0,0 +1,38 @@ +--- +title: Example .desktop File +slug: desktop-file-example +tags: + - Linux +--- +Example + +``` +[Desktop Entry] + +# The type as listed above +Type=Application + +# The version of the desktop entry specification to which this file complies +Version=1.0 + +# The name of the application +Name=jMemorize + +# A comment which can/will be used as a tooltip +Comment=Flash card based learning tool + +# The path to the folder in which the executable is run +Path=/opt/jmemorise + +# The executable of the application, possibly with arguments. +Exec=jmemorize + +# The name of the icon that will be used to display this entry +Icon=jmemorize + +# Describes whether this application needs to be run in a terminal or not +Terminal=false + +# Describes the categories in which this entry should be shown +Categories=Education;Languages;Java; +``` diff --git a/content/notes/Implementing Status.Cafe Updates as a Buildstep.md b/content/notes/Implementing Status.Cafe Updates as a Buildstep.md new file mode 100644 index 0000000..9e39d32 --- /dev/null +++ b/content/notes/Implementing Status.Cafe Updates as a Buildstep.md @@ -0,0 +1,54 @@ +--- +title: Retrieving status.cafe Updates During Hugo Builds +slug: hugo-build-status-cafe +tags: + - Hugo + - Web Development +--- + +status.cafe provides you with a JavaScript snippet to include your status on your site. I don't update my status super often, so I don't need to be hitting m15o's servers on every page load. To get around this, I wanted to see if I could update my status as a build step in Hugo. + +This is the script status.cafe provides: +```js +document.writeln('