Picosafe is an encrypted USB-device running debian-linux on an ARM processor. It is developed by embedded-projects in Augsburg and the Universität der Bundeswehr München.

At the time of writing the project needs to be placed under /opt/picosafe (This is a bug and will be fixed later).

Before you can use this project you need to copy the eldk-5.2.1-folder (toolchain) to /opt using the command:

mv /opt/picosafe/toolchain/opt/eldk-5.2.1/ /opt/

Afterwards you need to install the programs under tools using:

make
make install

This installs some aes-related programs that are needed in the subscripts.

To create the SD-Card for the Picosafe call as root (not sudo):

1. Create and Compile Busybox

   • cd /opt/picosafe/initramfs/busybox/
   • cp ../config_busybox .config (to reset configuration to standard)
   • make menuconfig
   • make

2. Create InitRAMFS

   • ./opt/picosafe/initramfs/geninitramfs.sh

3. Setup and Compile Kernel

   • cd /opt/picosafe/kernel/linux-3.3.0-lpc313x/
   • cp ../config-picosafe-3.3 .config (to reset configuration to standard)
   • make menuconfig
   • make

4. Create zImage.crypt

   • ./opt/picosafe/kernel/build.sh -k <path_to_keyfile>

5. Partition and Fill SD-Card

   • ./opt/picosafe/rootfs/genrootfs.sh <sdcard> <path_to_keyfile> <path_to_bootloader> [<path_to_pemfile>]

Up to now you need to have at least following programs installed:

• gcc
• linux-headers (linux-headers-$(uname -r))
• make
• git
• parted
• realpath
• libncurses5-dev
• ntfs-3g
• cryptsetup

1. Fork this project to your account.
2. Create a new branch for the improvements, you intend to make.
3. Make the changements in your fork.
4. Send a pull-request from your fork’s branch to my master branch.

You can always use the web-interface to make the changes you want. It helps you automizing the workflow from above.