Flashing a BIOS the Linux Way (tm) using flashrom

There are a gazillion HOWTOs out there for flashing a BIOS image without having to resort to ugly "boot DOS from floppy" or "run Windows *.exe file from BIOS vendor" and other ugly stuff. Unfortunately, the proposed solutions are equally ugly (e.g. creating custom CD-ROMs which contain the "floppy" with DOS/Windows flash tools).

Folks, this is so much simpler than you think:

The flashrom tool (GPL'd, written for LinuxBIOS purposes, but works perfectly fine with proprietary BIOSes, too) will easily do what you want, on a running Linux system. No floppy crap, no CD-ROM crap, no DOS/Windows crap, no rebooting crap.

Install it:

  $ apt-get install flashrom

Detect whether flashrom knows about your chipset/mainboard/BIOS chip:

  $ flashrom

Read the BIOS image into a file:

  $ flashrom -r backup.bin

Write a BIOS image (proprietary or LinuxBIOS) on the ROM chip:

  $ flashrom -wv newbios.bin

WARNING: This will overwrite your current BIOS! Make sure you know what you're doing!

For the Debian-challenged, flashrom is available in source form too, of course:

  $ svn co svn://
  $ cd flashrom
  $ make

The list of supported chipsets, mainboards, and ROM chips is limited of course, but it's constantly expanding. Contact us on the LinuxBIOS mailing list if you want other hardware supported (or even better: if you have patches!). In many cases adding support for new hardware is pretty easy...

Manipulating PDFs from the command line - joining, merging, rotating [Update]

One of the single most useful packages when it comes to PDFs in Linux is pdfjam.

From the website:

  • pdfnup, which allows PDF files to be "n-upped" in roughly the way that psnup does for PostScript files.
  • pdfjoin, which concatenates the pages of multiple PDF files together into a single file.
  • pdf90, which rotates the pages of one or more PDF files through 90 degrees (anti-clockwise).

The installation is easy as always: apt-get install pdfjam

PDF is not exactly the most easily editable format out there, but these tools can save you lots of time and trouble. Just recently I needed to merge two PDFs into one (and I didn't have any source format of the files). A simple pdfjoin foo1.pdf foo2.pdf --outfile bar.pdf does the job in a few seconds.

Equally useful when you need to print huge documents is pdfnup --nup 2x2 foo.pdf, which sticks four PDF pages into one (thus drastically reducing the amount of pages you have to print)...

Update 2006-09-20: As was noted by several people, pdftk is very cool, too. It can do some other things such as split PDFs, encrypt/decrypt them, manipulate metadata and more...

HOWTO: Disk encryption with dm-crypt / LUKS and Debian [Update]

A few weeks ago I published a small HOWTO for using loop-aes to encrypt your hard drive, usb thumb drive etc.

As I have bought a new 300 GB external USB disk drive on Friday, I have tried something new this time: disk encryption using dm-crypt / LUKS. It has been suggested to me multiple times that dm-crypt is superior to loop-aes, however I didn't get a real reason. Yes, it doesn't require any kernel patches and is easier to setup. But has any serious cryptographer looked at it sharply, yet? Did it withhold his eye contact?

Anyways, here's how I encrypted my 300 GB drive. I largely followed the guide at the EncryptedDeviceUsingLUKS wiki page...

  1. Make sure you run Linux 2.6.16 or better. Previous versions suffer from an implementation problem which affects the security of dm-crypt, see Linux Kernel dm-crypt Local Cryptographic Key Disclosure.
  2. Enable the following options in your kernel:

    • Code maturity level options
      • Prompt for development and/or incomplete code/drivers
    • Device Drivers -> Multi-device support (RAID and LVM)
      • Device mapper support
      • Crypt target support
    • Cryptographic options
      • AES cipher algorithms
  3. Overwrite the whole drive with random data in order to slow down attacks on the encryption. At the same time perform a bad blocks scan to make sure the hard drive is not going to die too soon:
    badblocks -c 10240 -s -w -t random -v /dev/sdb
    Replace /dev/sdb with whatever is correct on your system. If you're really paranoid, and are willing to wait one or two days, do this:
    dd if=/dev/urandom of=/dev/sdb
  4. Install the required packages:
    apt-get install cryptsetup
    The current cryptsetup in Debian unstable already supports LUKS, which was not the case a while ago, if I'm not mistaken. So Debian testing or stable will most probably not work!
  5. Create one or more partitions on the drive:
    cfdisk /dev/sdb
    I created one big 300 GB partition, /dev/sdb1.
  6. Setup LUKS:
    cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb1
    Enter a good passphrase here. Don't spoil the whole endeavour by chosing a stupid or short passphrase.
  7. Open the encrypted device and assign it to a virtual /dev/mapper/samsung300gb device:
    cryptsetup luksOpen /dev/sdb1 samsung300gb
  8. Create a filesystem on the encrypted device:
    mkfs.ext3 -j -m 1 -O dir_index,filetype,sparse_super /dev/mapper/samsung300gb
    I used ext3 with some optimizations, see mke2fs(8).
  9. Mount the encrypted partition:
    mkdir /mnt/samsung300gb
    mount /dev/mapper/samsung300gb /mnt/samsung300gb
    That's it. Everything you write to /mnt/samsung300gb will be encrypted transparently.
  10. For unmounting use:
    umount /mnt/samsung300gb
    cryptsetup luksClose /dev/mapper/samsung300gb

After unmounting, nobody will be able to see your data without knowing the correct passphrase. Drive is stolen? No problem. Drive is broken, and you want to send it in for repair without the guys there poking in your data? No problem. You leave the USB drive at home and some jerk breaks into your house, steals your drive, rapes your wife, and kills your kids? No problem. Well, sort of, but you get the idea ;-)

There's more things you can do, thanks to LUKS: have multiple passphrases which unlock your data, change/add/remove passphrases as you see fit, etc.


Update 2006-04-17: You have to use cryptsetup from unstable if you want LUKS support. cryptsetup in testing does not support this (thanks Ariel).

Greenpeace, E-waste, Linux Ecology-HOWTO

Greenpeace has asked companies to minimize the usage of toxic substances (English article) in computers and other electronic devices at this year's Cebit.

Hewlett Packard, LGE, Motorola, Nokia, Samsung, Sony and Sony Ericsson have assured Greenpeace to reduce toxic substances in their products in the nearer future. However, many other companies have ignored Greenpeace so far. For example: Acer, Apple, Dell, Fujitsu-Siemens, IBM, Lenovo, Panasonic, Siemens and Toshiba. I'm listing the names of these companies here in the hope to increase public pressure on them a bit ;-)

Although I'm not a member of Greenpeace (yet?), I do support the ideas and work of Greenpeace, and especially the above E-waste article made me think. We're all using more and more computers, PDAs and other gadgets — especially the geeks among us. I think we all should (at least to a certain degree) care about how this affects the environment.

I have fired up a search engine and looked for some hints about what you can do as a computer geek in order to help save the environment — guess what... there's a HOWTO for that, the Linux Ecology-HOWTO! (I'm beginning to think that there's no topic out there anymore, which hasn't been covered in a HOWTO by some Linux geek ;-)


Data Mining 101: Finding Subversives with Amazon Wishlists

I'm back from a short vacation without Internet access and thus working hard on catching up with reading emails, RSS feeds etc. etc.

Most notable finding so far (which is on my "read ASAP" list): Data Mining 101: Finding Subversives with Amazon Wishlists.

(via Boing Boing)

Syndicate content