diff --git a/Linux/Debian.md b/Linux/Debian.md index b5193a1..7becff0 100644 --- a/Linux/Debian.md +++ b/Linux/Debian.md @@ -46,22 +46,157 @@ Both can be installed simultaneously. ## Goal: Run Debian 12 on a Lenovo ThinkPad X1 Carbon (12th gen) -### Debian 12 Stable Vanilla +This laptop is too new to run Debian 12 vanilla in an acceptable way without modification. +Some of the issues encountered: -An initial attempt ino +* The kernel was not up to date enough, and `6.9` is needed (Intel docs suggest `6.10` is needed?) +* Firmware to use the Wi-Fi 6E AX211 card was not present (and was asking for microcode files), so installing `firmware-iwlwifi` at version `20240709` was needed. + https://www.intel.com/content/www/us/en/products/sku/204837/intel-wifi-6e-ax211-gig/specifications.html +* No sound was available, as an update to `firmware-sof-signed` to `xxx` was needed. https://forums.debian.net/viewtopic.php?t=158270 -#### Intel WiFi Microcode +Remember to install linux headers! -#### Sof-sound +``` +sudo apt -t bookworm-backports install linux-headers-amd64 +``` + +#### Kernel (`linux-image-6.9.7+bpo-amd64`) + +#### Intel WiFi Microcode (`firmware-iwlwifi_20240709-1`) + +Maybe not needed if kernel update is provided? + +#### Sof-sound (`firmware-sof-signed_`) ### Kernel Support +### Kernel Modules + +Tools: + +* modprobe +* lsmod +* insmod +* rmmod + ### Compiling an ISO image (Live Builds?) +Initial guide followed: https://ianlecorbeau.github.io/blog/debian-live-build.html + +```sh +#!/bin/sh +lb config -d bookworm --backports true --debian-installer live \ + --debian-installer-distribution bookworm \ + --archive-areas "main contrib non-free non-free-firmware" \ + --debootstrap-options "--variant=minbase" \ + --linux-packages "linux-image-6.9.7+bpo" + +# Define where to fetch the kernel from +# https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html#429 +echo "deb http://deb.debian.org/debian/ bookworm-backports main" > config/archives/bookworm-backports.list.chroot + +# TODO: +# Ensure that recommended packages we actually want to install are present +# Not probably needed if apt-recommends is true +# https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html +# echo "user-setup sudo" > config/package-lists/recommends.list.chroot + +# Define packages to install +cat <> config/package-lists/pkgs.list.chroot + firefox-esr + firmware-iwlwifi + firmware-sof-signed + git + iputils-ping + network-manager + network-manager-gnome + vim + xfce + xfce-goodies + yt-dlp +EOF + +# TODO: +# Define the Pin-Priority of the packages we want. +# We need this to ensure packages are installed with the correct version. +# https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-package-installation.en.html#389 +cat <> TODO: +EOF + +# Compiling `tirdad` kernel module by merging in the single change from the upstream `0xsirus` remote that wasn't included in Kicksecure. +# TODO: Need to set git config +git clone --depth 1 https://github.com/Kicksecure/tirdad.git +git remote add original https://github.com/0xsirus/tirdad.git +git fetch original +git merge original/master + +# Need to provide dummy `tirdad` and `tirdad-dkms` package so kicksecure does not attempt to install. +sudo apt install equiv (whatever its called) + +# `xfce4` auto-configuration +mdkir -p config/includes.chroot/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/ +cat <> config/includes.chroot/etc/skel/.config/xfce4/xfconf/xfce-perchannel-xml/xsettings.xml + + + + +EOF +``` + +Speed up live builds by using `apt-cacher-ng` + +TODO: how to test? +Answer: live boot USB? Guide about how to use KVM in live build manual + +#### `tirdad` stuff +I had to symlink in the linux-headers directory into `/lib/modules/$(uname -r)/build` as well? + +``` +ln -sf /usr/lib/$(uname -r)/* /lib/modules/$(uname -r)/build +``` + +Once built, install via: + +``` +install -D -m 644 tirdad.ko /lib/modules/$(uname -r)/extra/tirdad.ko +depmod -a $(uname -r) +``` + +then verify the module exists: + +``` +modprobe tirdad +``` + +insmod tirdad gives a segmentation fault at `cet.c` + +Maybe try setting ibt=off? + +##### `xfce4` configuration + +Configuring XFCE4 window appearance: + +Copy files into `config/includes.chroot` into the right subdirectory from there. + +TODO: + +Try setting: `firmware=never live-installer/enable=false` as boot parameters +https://wiki.debian.org/Firmware +https://live-team.pages.debian.net/live-manual/html/live-manual/customizing-installer.en.html + https://live-team.pages.debian.net/live-manual/html/live-manual/index.en.html +## Whonix installation + +Install in KVM + +https://old.reddit.com/r/Whonix/comments/1721pnw/how_can_i_combine_the_antiforensics_benefits_from/ +https://unix.stackexchange.com/questions/779663/how-to-load-firmware-for-wifi-ax211-in-debian-trixie/779664#779664 +https://unix.stackexchange.com/questions/676105/missing-non-free-firmware-during-debian-installation +https://community.intel.com/t5/Wireless/AX211-160MHz-wifi-problem-on-proxmox-pve-debian/m-p/1562446 + [1]: https://www.debian.org/intro/free [2]: https://www.gnu.org/philosophy/free-sw.html [3]: https://www.debian.org/intro/why_debian