The following hardware is required.
Installing Ubuntu for desktops on datAshur PRO² USB flash drive is recommended to enforce access control, data persistence and tamper resistance hardening.
Go to https://www.raspberrypi.com/software/, download and install Raspberry Pi Imager.
Heads-up: depends on Qt.
$ sudo add-apt-repository -y universe
$ sudo apt install -y rpi-imager
$ defaults write org.raspberrypi.Imager.plist telemetry -bool NO
$ mkdir -p ~/.config/Raspberry\ Pi
$ cat << "EOF" > ~/.config/Raspberry\ Pi/Imager.conf
[General]
telemetry=false
EOF
Heads-up: for additional security, verify Ubuntu for desktops download.
Go to https://ubuntu.com/download/raspberry-pi and download Ubuntu Desktop 22.04.1 LTS.
Open “Raspberry Pi Imager”, click “CHOOSE OS”, then “Use custom”, select Ubuntu for desktops .img.xz
, click “CHOOSE STORAGE”, select USB flash drive and, finally, click “WRITE”.
👍
👍
update-manager
and click “Install Now”$ gsettings set org.gnome.mutter center-new-windows true
$ gsettings set org.gnome.desktop.interface color-scheme prefer-dark
$ gsettings set org.gnome.desktop.interface gtk-theme Yaru-dark
$ gsettings set org.gnome.desktop.media-handling automount false
universe
APT repository$ sudo add-apt-repository -y universe
curl
, libfuse2
, overlayroot
, zbar-tools
and zlib1g-dev
$ sudo apt install -y curl libfuse2 overlayroot zbar-tools zlib1g-dev
superbacked.AppImage
as programHeads-up: replace
ABCDEFGH
with your license code.
Heads-up: for additional security, verify Superbacked download.
$ curl --fail --location --output ~/Desktop/superbacked.AppImage "https://superbacked.com/api/downloads/superbacked-std-arm64-latest.AppImage?license=ABCDEFGH"
superbacked.AppImage
as programRight-click “superbacked.AppImage”, click “Properties”, click “Permissions” and, finally, select “Allow executing file as program”.
$ cat << "EOF" | sudo tee -a /boot/firmware/config.txt
dtoverlay=disable-bt
dtoverlay=disable-wifi
EOF
ext4
and vfat
filesystems to read-only$ sudo sed -i 's/discard,x-systemd.growfs/discard,noload,ro/g' /etc/fstab
$ sudo sed -i 's/defaults/defaults,ro/g' /etc/fstab
fsck.repair
$ sudo sed -i 's/splash/splash fsck.repair=no/g' /boot/firmware/cmdline.txt
overlayroot
to tmpfs
$ sudo sed -i 's/overlayroot=""/overlayroot="tmpfs"/g' /etc/overlayroot.conf
$ history -cw
Heads-up: filesystem will be mounted as read-only following reboot.
$ sudo systemctl reboot
Heads-up: filesystem is ready for optional hardware read-only hardening.
$ sudo systemctl poweroff
👍