Use a raspberry-pi 2 as a firewall with FreeBSD

October 25, 2020 10 minute read

Updated @ Mon Nov 16 08:16:30 PM CET 2020: Corrected the version when OPNsense dropped 32 bits support.

I was using OPNsense on my pcengines alix firewall and was quite happy with it.

The alix 2d13 is a nice motherboard with a Geode CPU, it has a 32 bits x86 instruction set. I migrated to OPNsense from pfSense when pfSense dropped 32 bits support.

Unfortunately, OPNsense also dropped support for 32 bits CPU’s in the 19.1.7 release 20.7 release. I decided to install FreeBSD on the alix to use it as my firewall. But I need a temporary firewall solution so I can install FreeBSD on my alix board. I have a Raspberry PI 2 that I wasn’t using.

You’ll find my journey to use my RPI2 as my firewall below.

Open Hardware PowerPC notebook

August 9, 2020 less than 1 minute read

PowerPC Notebook

I prefer RISC as a CPU architecture over CISC. RISC is a simpler design that should deliver more CPU performance with fewer transistors and is more power-efficient. We have to recognize that Intel and AMD have made great progress in increasing the performance and efficiency of the x86 CISC architecture.

But the x86 architecture comes with a FreeDOM cost, Intel has the Intel Management Engine and closed Proprietary software is required to initialize the components. The same can be said about AMD; AMD has the AMD Platform Security Processor and binary blobs are required.

Power is currently the most powerful alternative that doesn’t require binary blobs; this is not only great for free/open source activists. A truly open-source firmware that can be reviewed / audited is also for nice security reasons.

Keep zfs running on the Raspberry PI

August 3, 2020 less than 1 minute read

I got a Raspberry PI 4 to play with and installed Manjaro GNU/Linux on it.

I use OpenZFS on my PI. The latest kernel update broke zfs on my PI due to a License conflict, the solution is to disable PREEMPT in the kernel config. This BUG was already resolved with OpenZFS with the main Linux kernel tree at least on X86_64/AMD64, not sure why the kernel on the raspberry pi is still affected.

I was looking for an excuse to build a custom kernel for my Pi anyway :-). I cloned the default manjaro RPI4 kernel and disabled PREEMPT in the kernel config.

The package is available at: https://gitlab.com/stafwag/manjaro-linux-rpi4-nopreempt. This package also doesn’t update /boot/config.txt and /boot/cmdline.txt to not overwrite custom settings.

Have fun!

Howto use cloud images on the Raspberry PI 4

July 23, 2020 7 minute read

I got a Raspberry PI 4 to play with and installed Manjaro GNU/Linux on it.

I wanted to verify how usable the latest PI is for desktop and home server usage.

• For desktop usage, it is “usable”.

  For video playback in the browser, I recommend disabling 60fps (https://greasyfork.org/en/scripts/23329-disable-youtube-60-fps-force-30-fps) and keep the video playback to 720p. Please note that if you want to use it for Netflix you will need Widevine for the DRM content. As far as I know, there isn’t an ARM64 version available. An ARM32 version exists but I didn’t try (yet).

• For (home) server usage ARM64 or AArch64 is getting more usable.

  Cloud providers are also offering ARM64 based systems. A container-based workload - like Docker, LXC, FreeBSD jails etc - is probably better suited for a small device like the Raspberry PI. Virtual machines are still important for server usage so let see how the PI4 can handle it.

Most GNU/Linux distributions RedHat, Centos, Ubuntu, Debian are offering cloud images for ARM64. To configure these images you’ll need cloud-init.

I already wrote a blog post on howto cloud-init for KVM/libvirt on GNU/Linux: Howto use centos cloud images with cloud-init on KVM/libvirtd. Let see if we can get it working on ARM64.

Manjaro on the RPI4 with full disk encryption

July 12, 2020 13 minute read

The Raspberry PI has become more and more powerful in the recent years, maybe too powerful to be a “maker board”. The higher CPU power and availability of more memory - up to 8GB - makes it more suitable for home server usage.

The latest firmware (EEPROM) enables booting from a USB device. To enable USB boot the EEPROM on the raspberry needs to be updated to the latest version and the bootloader that comes with the operating system - the start*.elf, etc files on the boot filesystem - needs to support it.

I always try to use filesystem encryption. You’ll find my journey to install GNU/Linux on an encrypted filesystem below.

64 Bits operating systems

The Raspberry PI 4 has a 64 bits CPU, the default operating system - Raspberry Pi OS (previously called Raspbian) - for the Rasberry PI is still 32 bits to take full advantage of the 64bits CPU a 64 bits operating system is required.

You’ll find an overview GNU/Linux distributions for RPI4 below.