Beginning of Hashlet install

beaglebone.txt

@@ -457,8 +457,75 @@ rngtest: input channel speed: (min=3.104; avg=26.015; max=18.626)Gibits/s
 rngtest: FIPS tests speed: (min=160.281; avg=165.696; max=168.792)Mibits/s
 rngtest: Program run time: 115987 microseconds
 #+END_SRC
-*** Additional addons
-At the time of writing there is also some hardware called [[http://beagleboard.org/project/CryptoCape/][cryptocape]] being developed, with the intention of adding extra random number generation capabilities to the BBB.
+*** Cryptotronix Hashlet
+#+BEGIN_VERSE
+/One must acknowledge with cryptography no amount of violence will ever solve a math problem./
+
+-- Jacob Appelbaum
+#+END_VERSE
+
+An optional extra is the [[http://cryptotronix.com/products/hashlet/][Cryptotronix Hashlet]] which also has hardware random number generation capability via the [[Atmel-8740-CryptoAuth-ATSHA204-Datasheet.pdf][Atmel ATSHA204]] chip.
+
+Install the hashlet [[images/hashlet_installed.jpg][like this]] on the BBB, then download the source code.
+
+#+BEGIN_SRC: bash
+cd /tmp
+wget http://freedombone.uk.to/hashlet-1.0.0.tar.gz
+wget http://freedombone.uk.to/hashlet-1.0.0.tar.gz.sig
+#+END_SRC
+
+Install some dependencies.
+
+#+BEGIN_SRC: bash
+apt-get install gnupg build-essential libgcrypt11-dev
+#+END_SRC
+
+Verify it.
+
+#+BEGIN_SRC: bash
+gpg --verify hashlet-1.0.0.tar.gz.sig
+#+END_SRC
+
+The main parts of the verification to check are:
+
+#+BEGIN_SRC: bash
+gpg: Signature made Fri 07 Feb 2014 23:22:37 GMT using RSA key ID 81CD647A
+gpg: requesting key 81CD647A from hkp server keys.gnupg.net
+gpg: key BD2EDEA6: public key "Joshua Brian Datko <jbd@cryptotronix.com>" imported
+
+gpg: Good signature from "Joshua Brian Datko <jbd@cryptotronix.com>"
+#+END_SRC
+
+Now install the driver.
+
+#+BEGIN_SRC: bash
+tar -xzvf hashlet-1.0.0.tar.gz
+cd hashlet-1.0.0
+chmod o+rw /dev/i2c*
+./configure
+make
+make check
+make install
+#+END_SRC
+
+To check the initial state of the device:
+
+#+BEGIN_SRC: bash
+hashlet --bus=/dev/i2c-2 state
+#+END_SRC
+
+It should return the message "/Factory/".  This is an indication that the hardware hasn't been tampered with by [[https://en.wikipedia.org/wiki/Tailored_Access_Operations][TAO]] or other shady outfits in transit.  If /i2c-2/ fails then try /i2c-1/ or /i2c-0/.
+
+#+BEGIN_SRC: bash
+hashlet --bus=/dev/i2c-2 personalize
+#+END_SRC
+
+Nothing should be returned by this command, but a file called ~/.hashlet will be generate which is the private key of the device.  To make sure it's only accessible by the root user:
+
+#+BEGIN_SRC: bash
+chmod 400 ~/.hashlet
+#+END_SRC
+
 ** Alter ssh configuration
 
 Altering the ssh configuration will make it a little more secure than the standard Debian settings.
@@ -5664,7 +5731,7 @@ For a mediagoblin site it is recommended to use a separate domain/subdomain, so
 Install some dependencies.
 
 #+BEGIN_SRC: bash
-apt-get install git-core python python-dev python-lxml python-imaging python-virtualenv python-gst0.10 libjpeg8-dev sqlite3 libapache2-mod-fcgid
+apt-get install git-core python python-dev python-lxml python-imaging python-virtualenv python-gst0.10 libjpeg8-dev sqlite3 libapache2-mod-fcgid gstreamer0.10-plugins-base gstreamer0.10-plugins-bad gstreamer0.10-plugins-good gstreamer0.10-plugins-ugly gstreamer0.10-ffmpeg python-numpy python-scipy libsndfile1-dev
 #+END_SRC
 
 Create a user, replacing /mymediagoblindomain/ with the domain name for your mediagoblin site.
@@ -5705,6 +5772,7 @@ Change *email_sender_address* to your email address and set *email_debug_mode* t
 Then save and exit.
 
 #+BEGIN_SRC: bash
+./bin/pip install scikits.audiolab
 ./bin/gmg dbupdate
 exit # to go back to the root user
 emacs /etc/init.d/mediagoblin