Plug rpi into power and it will connect automatically with the wpa-supplicant script made by the imager (/NetworkManager/systems connections/preconfigured -connection) and then run the following commands from your laptop connected to the same router.

ip addr

inet is ip of <router> (you can even use a cell hotspot) if you want to use nmap

sudo bettercap (add wifi module to PCI if you are using Qubes)

net.probe on

endpoint.new is ip of pi detected as <MAC>

Login successful!

Most IoT doesn’t need full disk encryption because it is protected physically and what is most important is the private-public key security of ssh for remote login. Rasbian has SELinux enabled and is as secure when connected to networking as most servers with not much additional hardening required (especially if you are flashing firmware and not running an infinite uptime you have to protect from attacks).

https://en.m.wikipedia.org/wiki/Identicon

this cryptography is immune to timing attacks https://en.m.wikipedia.org/wiki/Curve25519

With Raspbian OS on this sbc, you can’t just use dd because of how the OS defaults are set which prevent any interfacing with the pi except via ssh wirelessly (maybe eth0 other models). The openssh scripts are made by Canonical but generated locally (usr/lib/openssh FIRSTUSER) which also means you can’t just configure ssh/sshd.conf. But you can copy a self-generated ssh public key to the imager settings (their default is rsa but your own ed25519 will also work).

I recommended configuring your router resolve DNS to cloudflare (with malware filter) or something besides Google8 and also editing the sources list and raspi list to add the S to http.

Then, after you have sshed in, you can update, git clone lbmk, and change the raspi-config to enable UART. After that, you can proceed hardwired with minicom and rfkill all wireless for extra security.

libreboot lbmk acquired successfully!