diff --git a/how-to-install-and-use-trezor-suite-on-tails/README.md b/how-to-install-and-use-trezor-suite-on-tails/README.md new file mode 100644 index 0000000..541b217 --- /dev/null +++ b/how-to-install-and-use-trezor-suite-on-tails/README.md @@ -0,0 +1,148 @@ + + +# How to install and use Trezor Suite on Tails + +## Requirements + +- [Tails USB flash drive or SD card](../how-to-install-tails-on-usb-flash-drive-or-sd-card-on-macos) + +## Caveats + +- When copy/pasting commands that start with `$`, strip out `$` as this character is not part of the command + +## Setup guide + +### Step 1: boot to Tails and set admin password (required to [create optional exFAT partition](#step-2-optional-create-exfat-partition-on-tails-usb-flash-drive-or-sd-card)) + +> Heads-up: if keyboard layout of computer isn’t “English (US)”, set “Keyboard Layout”. + +Click “+” under ”Additional Settings”, then “Administration Password”, set password, click “Add” and finally “Start Tails”. + +### Step 2 (optional): create exFAT partition on Tails USB flash drive or SD card + +> Heads-up: partition used to move files between Tails and other operating systems such as macOS. + +Click “Applications”, then “Utilities”, then “Disks”, select USB flash drive or SD card, click “Free Space”, then “+”, set “Partition Size”, click “Next”, set “Volume Name”, select “Other”, click “Next”, select “exFAT” and finally click “Create”. + +### Step 3: enable persistence + +Click “Applications”, then “Favorites”, then “Configure persistent volume”, set passphrase, click “Create”, make sure “Personal Data” is enabled, click “Save” and finally “Restart Now”. + +### Step 4: boot to Tails, unlock persistent storage and set admin password (required to [configure firewall](#step-1-configure-firewall)) + +> Heads-up: if keyboard layout of computer isn’t “English (US)”, set “Keyboard Layout”. + +Click “+” under ”Additional Settings”, then “Administration Password”, set password, click “Add” and finally “Start Tails”. + +### Step 5: establish network connection using ethernet cable or Wi-Fi and wait for Tor to be ready + +Connected to Tor successfully + +👍 + +### Step 6: import “SatoshiLabs 2021 Signing Key” PGP public key + +> Heads-up: if [step 10](#step-10-verify-trezor-suite-release-learn-how-here) fails, replace `2021` by current year. + +```console +$ torsocks curl https://trezor.io/security/satoshilabs-2021-signing-key.asc | gpg --import + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed +100 2407 100 2407 0 0 2060 0 0:00:01 0:00:01 --:--:-- 2060 +gpg: key 0xE21B6950A2ECB65C: 1 signature not checked due to a missing key +gpg: key 0xE21B6950A2ECB65C: public key "SatoshiLabs 2021 Signing Key" imported +gpg: Total number processed: 1 +gpg: imported: 1 +gpg: no ultimately trusted keys found +``` + +imported: 1 + +👍 + +### Step 7: set [Trezor Suite](https://suite.trezor.io/) release semver environment variable + +Replace `21.12.2` with [latest release](https://suite.trezor.io/) semver. + +```shell +TREZOR_SUITE_RELEASE_SEMVER=21.12.2 +``` + +### Step 8: download “Trezor Suite” release + +```console +$ torsocks curl --fail --output ~/Downloads/trezor-suite.AppImage https://suite.trezor.io/web/static/desktop/Trezor-Suite-${TREZOR_SUITE_RELEASE_SEMVER}-linux-x86_64.AppImage + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed +100 176M 100 176M 0 0 1565k 0 0:01:55 0:01:55 --:--:-- 1598k +``` + +### Step 9: download “Trezor Suite” release PGP signature + +```console +$ torsocks curl --fail --output ~/Downloads/trezor-suite.AppImage.asc https://suite.trezor.io/web/static/desktop/Trezor-Suite-${TREZOR_SUITE_RELEASE_SEMVER}-linux-x86_64.AppImage.asc + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed +100 833 100 833 0 0 933 0 --:--:-- --:--:-- --:--:-- 932 +``` + +### Step 10: verify “Trezor Suite” release (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos)) + +```console +$ gpg --verify ~/Downloads/trezor-suite.AppImage.asc +gpg: assuming signed data in '/home/amnesia/Downloads/trezor-suite.AppImage' +gpg: Signature made Wed 08 Dec 2021 05:45:00 PM UTC +gpg: using RSA key EB483B26B078A4AA1B6F425EE21B6950A2ECB65C +gpg: Good signature from "SatoshiLabs 2021 Signing Key" [unknown] +gpg: WARNING: This key is not certified with a trusted signature! +gpg: There is no indication that the signature belongs to the owner. +Primary key fingerprint: EB48 3B26 B078 A4AA 1B6F 425E E21B 6950 A2EC B65C +``` + +Good signature + +👍 + +### Step 11: make trezor-suite.AppImage persistent + +```shell +cp ~/Downloads/trezor-suite.AppImage ~/Persistent/trezor-suite.AppImage +chmod +x ~/Persistent/trezor-suite.AppImage +``` + +👍 + +--- + +## Usage guide + +> Heads-up: following steps are not persistent. + +### Step 1: configure firewall + +```console +$ sudo iptables -I OUTPUT 3 -o lo -s 127.0.0.1/32 -d 127.0.0.1/32 -p tcp --dport 21325 --syn -m owner --uid-owner amnesia -m conntrack --ctstate NEW -j ACCEPT +[sudo] password for amnesia: +``` + +### Step 2: open “Trezor Suite” and insert device + +Click “Places”, then “Persistent” and double-click “trezor-suite.AppImage”. + +### Step 3: enable Tor + +Click gear icon, then “Application” and enable “Tor“ and “Open trezor.io links as .onion links”. + +### Step 4: enable other coins (Bitcoin enabled by default) + +Click gear icon, then “Crypto” and enable coins. + +👍 diff --git a/how-to-use-trezor-wallet-on-tails/README.md b/how-to-use-trezor-wallet-on-tails/README.md deleted file mode 100644 index f1126e1..0000000 --- a/how-to-use-trezor-wallet-on-tails/README.md +++ /dev/null @@ -1,122 +0,0 @@ - - -# How to use Trezor Wallet on Tails - -> Heads-up: guide is not persistent meaning steps have to be completed each time one needs to use Trezor Wallet on Tails. - -## Requirements - -- [Tails USB flash drive or SD card](../how-to-install-tails-on-usb-flash-drive-or-sd-card-on-macos) - -## Caveats - -- When copy/pasting commands that start with `$`, strip out `$` as this character is not part of the command - -## Setup guide - -### Step 1: boot to Tails and set admin password (required to run commands using `sudo`) - -> Heads-up: if keyboard layout of computer isn’t “English (US)”, set “Keyboard Layout”. - -Click “+” under ”Additional Settings”, then “Administration Password”, set password, click “Add” and finally “Start Tails”. - -### Step 2: establish network connection using ethernet cable or Wi-Fi and wait for Tor to be ready - -Connected to Tor successfully - -👍 - -### Step 3: set Trezor Bridge release year environment variable - -Replace `2020` with [latest release](https://github.com/trezor/trezord-go/blob/master/CHANGELOG.md) year. - -```shell -TREZOR_BRIDGE_RELEASE_YEAR=2020 -``` - -### Step 4: import “SatoshiLabs Signing Key” PGP public key (used to verify downloads below) - -```console -$ torsocks curl https://trezor.io/security/satoshilabs-${TREZOR_BRIDGE_RELEASE_YEAR}-signing-key.asc | gpg --import - % Total % Received % Xferd Average Speed Time Time Time Current - Dload Upload Total Spent Left Speed -100 2415 100 2415 0 0 1500 0 0:00:01 0:00:01 --:--:-- 1499 -gpg: key 0x26A3A56662F0E7E2: 1 signature not checked due to a missing key -gpg: key 0x26A3A56662F0E7E2: public key "SatoshiLabs 2020 Signing Key" imported -gpg: Total number processed: 1 -gpg: imported: 1 -gpg: no ultimately trusted keys found -``` - -imported: 1 - -👍 - -### Step 5: set [Trezor Bridge](https://wiki.trezor.io/Trezor_Bridge) release semver environment variable - -Replace `2.0.30` with [latest release](https://github.com/trezor/trezord-go/blob/master/CHANGELOG.md) semver. - -```shell -TREZOR_BRIDGE_RELEASE_SEMVER=2.0.30 -``` - -### Step 6: download Trezor Bridge release - -```shell -torsocks curl -O https://wallet.trezor.io/data/bridge/${TREZOR_BRIDGE_RELEASE_SEMVER}/trezor-bridge_${TREZOR_BRIDGE_RELEASE_SEMVER}_amd64.deb -``` - -### Step 7: verify Trezor Bridge release (learn how [here](../how-to-verify-pgp-digital-signatures-using-gnupg-on-macos)) - -```console -$ gpg --verify trezor-bridge_${TREZOR_BRIDGE_RELEASE_SEMVER}_amd64.deb -gpg: Signature made Sat 07 Nov 2020 11:43:05 AM UTC -gpg: using RSA key 54067D8BBF00554181B5AB8F26A3A56662F0E7E2 -gpg: Good signature from "SatoshiLabs 2020 Signing Key" [expired] -gpg: Note: This key has expired! -Primary key fingerprint: 5406 7D8B BF00 5541 81B5 AB8F 26A3 A566 62F0 E7E2 -``` - -Good signature - -👍 - -### Step 8: install Trezor Bridge - -```console -$ sudo dpkg -i trezor-bridge_${TREZOR_BRIDGE_RELEASE_SEMVER}_amd64.deb -[sudo] password for amnesia: -Selecting previously unselected package trezor-bridge. -(Reading database ... 130446 files and directories currently installed.) -Preparing to unpack trezor-bridge_2.0.30_amd64.deb ... -Unpacking trezor-bridge (2.0.30) ... -Setting up trezor-bridge (2.0.30) ... -Created symlink /etc/systemd/system/multi-user.target.wants/trezord.service → /usr/lib/systemd/system/trezord.service. -``` - -### Step 9: configure firewall - -```console -$ sudo iptables -I OUTPUT 3 -o lo -s 127.0.0.1/32 -d 127.0.0.1/32 -p tcp --dport 21325 --syn -m owner --uid-owner amnesia -m conntrack --ctstate NEW -j ACCEPT -[sudo] password for amnesia: -``` - -### Step 10: configure Tor Browser - -Click “Applications”, then “Tor Browser”, go to `about:config`, click “Accept the Risk and Continue”, and set following properties. - -`network.proxy.no_proxies_on` 👉 `127.0.0.1:21325` - -`network.http.referer.hideOnionSource` 👉 `false` - -### Step 11: open [Trezor Wallet](https://wallet.trezor.io/) - -👍