aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/README.md
diff options
context:
space:
mode:
authordrduh <github@duh.to>2024-07-21 21:01:10 +0000
committerGitHub <noreply@github.com>2024-07-21 21:01:10 +0000
commit82366dfcd8be65a2ebdb675a600cbcc6bacf48c2 (patch)
tree6e09e4879d02c6d9ec72cde796d1c82b0d2d6685 /README.md
parentMerge pull request #450 from motiejus/nixos-24.05 (diff)
parentRemove trailing whitespace in README.md (diff)
downloadYubiKey-Guide-82366dfcd8be65a2ebdb675a600cbcc6bacf48c2.tar.gz
Merge pull request #452 from jwpconsulting/cosmetic-fixes
Add instructions how to run NixOS YubiKey live image with QEMU
Diffstat (limited to 'README.md')
-rw-r--r--README.md17
1 files changed, 15 insertions, 2 deletions
diff --git a/README.md b/README.md
index 57d9584..28b25dd 100644
--- a/README.md
+++ b/README.md
@@ -225,6 +225,19 @@ sudo cp -v result/iso/yubikeyLive.iso /dev/sdc ; sync
Skip steps to create a temporary working directory and a hardened configuration, as they are already part of the image.
+If you want to test your build before copying it into a USB stick, you can try it out on your machine using a tool like QEMU.
+Please keep in mind that a virtualized environment does not provide the same amount of security as an ephemeral system (see *Prepare environment* above).
+Here is an example QEMU invocation after placing `yubikeyLive` in `result/iso` using the above `nix build` command:
+
+```console
+# Launch with 4G memory, 2 CPUs and KVM enabled
+qemu-system-x86_64 \
+ -enable-kvm \
+ -m 4G \
+ -smp 2 \
+ -drive readonly=on,media=cdrom,format=raw,file=result/iso/yubikeyLive.iso
+```
+
**Arch**
```console
@@ -2019,7 +2032,7 @@ sudo nft -f ./nftables.conf
**Review the System State**
-`NetworkManager` should be the only listening service on port 68/udp to obtain a DHCP lease (and 58/icmp6 if you have IPv6).
+`NetworkManager` should be the only listening service on port 68/udp to obtain a DHCP lease (and 58/icmp6 if you have IPv6).
If you want to look at every process's command line arguments you can use `ps axjf`. This prints a process tree which may have a large number of lines but should be easy to read on a live image or fresh install.
@@ -2029,7 +2042,7 @@ ps axjf # List all processes in a process tree
ps aux # BSD syntax, list all processes but no process tree
```
-If you find any additional processes listening on the network that aren't needed, take note and disable them with one of the following:
+If you find any additional processes listening on the network that aren't needed, take note and disable them with one of the following:
```bash
sudo systemctl stop <process-name> # Stops services managed by systemctl