Setting up your Node OS
WORK IN PROGRESS The draft below is not complete and likely obsolete. Will update once new approach is known.
Your Node consists of 3 main parts:
- CPU: we are using an Odroid HC1, which are running an ARM-chipset. Power adapter usually sold separately
- OS: We are using an Armbian OS that is well suited for Odroid devices with ARM processors. This will be installed on an SD card.
- Harddrive: The actual harddrive onto which we will install the Bitcoin full node
The aim of this guide is to provide a fully encrypted version of a node that can neither be tampered with online, nor can be compromised in case somebody gains physical access to your node. There are 3 main components that need to be encrypted in order to ensure this:
- Armbian OS (SD Card)
- Bitcoin Node (Harddrive)
- Password Entry/Access (Trezor) To ensure a state-of the art encryption, this guide includes a full encryption of the Armbian OS, the Bitcoin Node and includes a password access controlled by the Trezor password manager. The Armbian OS has been rebuilt using the Debian Build process to allow full disc encryption using LUKS.
Get familiar with your hardware first.
These are your basic components:
(Ordoid HC1, SD Card, Harddrive- just for illustration purpose, this one would be too small)
Assembled Odroid HC1:
Make sure you secure the harddrive with the enclosed screw
- Download the rebuilt Armbian image file containing the LUKS encryption from our dropbox here. (This is a temporary location and will be ported to a github repository in the future.)
Follow these steps to re-encrypt the image file of the Debian download. Afterwards only you will be able to access the Debian/Armbian OS that will run your node
- Open Terminal and enter these commands
-
sudo losetup /dev/loop0 ~/Downloads/Armbian_5.37_Odroidxu4_Debian_stretch_next_4.9.71.img- The command losetup is setting up your Debian image file as a loop device, so that we can manipulate it further.
-
sudo partprobe /dev/loop0- This tells Ubuntu to re-read this loop devices, check out details for partprobe.
-
sudo cryptsetup-reencrypt -h sha512 -s 512 /dev/loop0p2- You will be asked to enter the keyphrase. Enter 'abcd' as the default keyphrase that was used in the build generic build process of the Debian OS. This process might not return. Wait a few minutes in case it is stuck and close and restart the Terminal
-
sudo cryptsetup -y luksAddKey /dev/loop0p2- Now you select your individiual passphrase for your Debian OS.
- Enter password for your Ubuntu user
- 'Enter any existing passphrase:' Here enter the 'abcd' and re-enter to verify
- 'Enter new passphrase for key slot:' Select a new passphrase and enter this. You will use this passphrase to unlock your Debian OS
-
sudo cryptsetup luksRemoveKey /dev/loop0p2- Now we delete the generic 'abcd' password to restrict access only to you
- Enter password for your Ubuntu user
- 'Enter passphrase to be deleted:' Enter 'abcd'
-
sudo losetup -d /dev/loop0- This detaches the loop device
After all these steps your terminal window should looks something like this:
- This detaches the loop device
After all these steps your terminal window should looks something like this:
Now we will copy the updated Debian OS image to your SD card using Etcher. To avoid SD drive detection issues between your machine and the VirtualBox I suggest copying your updated Armbian image file to your local machine into the shared folder 'sf_Downloads'.
- Insert your SD Card into your machines SD card Slot. Us the SD Adaptaper or an external SD card reader as applies to your machine hardware
- Open Etcher
- Select your image file
- Select the SD Card slot
- Select 'Flash'
- Upon completion select 'Eject'. Keep in mind that this is an encrypted image file, so your operation system will not be able to read it, that's expected
