Create the initial Raspbian image
cd Downloads unzip 2017-04-10-raspbian-jessie-lite.zip # Output Archive: 2017-04-10-raspbian-jessie-lite.zip inflating: 2017-04-10-raspbian-jessie-lite.img
Find the SD card
Plug the SD card and use
dmesg to find it:
dmesg | tail # Output [ 138.753330] CIFS VFS: Error connecting to socket. Aborting operation. [ 138.753386] CIFS VFS: Error connecting to socket. Aborting operation. [ 138.753690] CIFS VFS: cifs_mount failed w/return code = -113 [ 138.753717] CIFS VFS: cifs_mount failed w/return code = -113 [ 138.753725] CIFS VFS: cifs_mount failed w/return code = -113 [ 138.753769] CIFS VFS: cifs_mount failed w/return code = -113 [ 4170.871943] sd 6:0:0:0: [sde] 125042688 512-byte logical blocks: (64.0 GB/59.6 GiB) [ 4170.876516] sde: sde1
The card is sde1.
Copy the image to the SD card
cd ~/Downloads sudo dd bs=4M if=2017-04-10-raspbian-jessie-lite.img of=/dev/sde status=progress
Check the image
sudo dd bs=4M if=/dev/sde of=from-sd-card.img status=progress truncate --reference 2017-04-10-raspbian-jessie.img from-sd-card.img diff -s from-sd-card.img 2017-04-10-raspbian-jessie.img
Run sync. This will ensure the write cache is flushed and that it is safe to unmount your SD card.
Start your Raspberry Pi with your newly created Raspbian image.
Install the dependencies :
sudo apt-get install -y gnupg2 gnupg-agent pinentry-curses scdaemon pcscd yubikey-personalization libusb-1.0-0-dev qrencode zbar-tools paperkey
Now you can disconnect your Raspberry Pi from the network and create the keys. Ideally you should then destroy the SD card.
Alternatively, before creating the keys you can create an image of this raspberry pi to ease the creation of later air-gapped systems.
You can also add a useful configuration file to create GPG keys:
cat << EOF > ~/gpg.conf use-agent personal-cipher-preferences AES256 AES192 AES CAST5 personal-digest-preferences SHA512 SHA384 SHA256 SHA224 default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed cert-digest-algo SHA512 s2k-digest-algo SHA512 s2k-cipher-algo AES256 charset utf-8 fixed-list-mode no-comments no-emit-version keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint EOF
Create an image of the raspberry pi (optional)
Source : thepihut
Find the SD card name
Before inserting the SD card into the reader on your Linux PC, run the following command to find out which devices are currently available:
Which will return something like this:
Filesystem 1K-blocks Used Available Use% Mounted on rootfs 29834204 15679020 12892692 55% / /dev/root 29834204 15679020 12892692 55% / devtmpfs 437856 0 437856 0% /dev tmpfs 88432 284 88148 1% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 176860 0 176860 0% /run/shm /dev/mmcblk0p1 57288 14752 42536 26% /boot
Insert the SD card into a card reader and use the same df -h command to find out what is now available:
Filesystem 1K-blocks Used Available Use% Mounted on rootfs 29834204 15679020 12892692 55% / /dev/root 29834204 15679020 12892692 55% / devtmpfs 437856 0 437856 0% /dev tmpfs 88432 284 88148 1% /run tmpfs 5120 0 5120 0% /run/lock tmpfs 176860 0 176860 0% /run/shm /dev/mmcblk0p1 57288 14752 42536 26% /boot /dev/sda5 57288 9920 47368 18% /media/boot /dev/sda6 6420000 2549088 3526652 42% /media/41cd5baa-7a62-4706-b8e8-02c43ccee8d9
The new device that wasn’t there last time is your SD card.
The left column gives the device name of your SD card, and will look like
/dev/sdb1. The last part (‘p1’ or ‘1’) is the partition number, but you want to use the whole SD card, so you need to remove that part from the name leaving
/dev/sdb as the disk you want to read from.
Open a terminal window and use the following to backup your SD card:
sudo dd if=/dev/sdb of=~/SDCardBackup.img
sync to ensure the computer has finished writing when the command prompts
reappears. You can then use the generated image to create your future air-gapped systems.