Updated on February 29, 2024
The Raspberry Pi OS is based on the Debian distro of Linux. Every 2 years Debian released a new Long Term Support (LTS) version, which is supported for 5 years. On August 24, 2021, Debian released Debian 11, codenamed "Bullseye". On October 30, 2021, the Raspberry Pi OS was upgraded to "Bullseye".
References:Raspberrypi.com/news: "Bullseye - the new version of the Raspberry PI OS" - with lots of comments
forms.raspberrypi.com: Bullseye - Comments and bug reports thread
Bullseye bonus: 1.8GHz Raspberry Pi 4
However, it was not until 2022-02-02, that the 64-bit version of the Rasp Pi OS came out of beta. It is now fully supported in the imager.
You can also download it at:
https://downloads.raspberrypi.org/raspios_arm64/images/
The Raspberry Pi Imager is a tool for putting an OS image onto an SD card. By default, it sends telemetry data back to the Raspberry Pi Organization.
To turn telemetry off:
Open the Imager, and hit Ctrl+Shift+X
This will bring up the hidden advance options dialog box.
Uncheck enable telemetry (the last checkbox).
Afterwards, there will be a hidden file, ~/.config/Raspberry Pi/Imager.conf. Check this file to make sure telemetry=false.
One of the advance options is to configure a wireless LAN. This option has my wireless LAN SSID in it, and I have not figured out how to remove my SSID. I am very leary of this program.
I need to investigate downloading the OS image and using a different imager.
To protect my privacy and anonymity I only install the minimum that is required to install "Nordvpn".
The Raspberry Pi setup has changed again!
The first splash screen is "Set Country":
Dropdown Boxes:
Country - United States
Language - American English
Time Zone - Chicago
Check Boxes:
Use English Language
Use US Keyboard
The second splash screen is to create a user. Because of a new British law, you no longer have products with a default user name and password. However, I am still using the pi username because I believe VNC expects a pi account. Later, I will lock the pi account, which is different than deleting it.
The third splash screen is to setup a wireless network. For now, I skip this.
The forth splash screen is to update the operating system. Again, for now, I skip this.
The fifth splash screen is to reboot.
Go to Menu/Preferences/Appearance Settings/Defaults:
Set Default for Large Screens
Open Terminal (Alt-Ctrl-T)
Go to Edit/Preferences:
Change dark blue to light blue // the dark blue
in the command prompt is unreadable.
Change text size to 20 pt.
sudo adduser web_suffer_user
sudo raspi-config
System Options/(S6)-Network at Boot - Yes
System Options/(S5)-Boot/Auto Login - Select: Desktop GUI, requiring user to login.
System Options/(S4)-Hostname
Display Options/(D5)-VNC Resolution/Headless - Select 1280 x 1024.
Interface Options/(I2)-Enable SSH
Interface Options/(I3)-Enable VNC
sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)
Add users to the Nordvpn group:
gpasswd -a pi nordvpn
gpasswd -a web_suffer_user nordvpn
Reboot
sudo reboot
Loggin:
nordvpn login --token your_token
Whitelist:
nordvpn whitelist add subnet 192.168.0.0/24
Autoconnect:
nordvpn set autoconnect enabled US
Killswitch
nordvpn set killswitch enabled
Update Raspberry Pi OS:
sudo apt update && sudo apt upgrade -y
sudo apt install vim
sudo apt install firefox-esr
sudo apt purge chromium-browser
Wi-Fi setup
The Raspberry Pi's built in SD Card Copier can be used to clone another SD card to be used in another Raspberry Pi. However, there are somethings that should be unique such as the private and public keys for ssh. To generate new keys:
To generate new keys:
cd /etc/ssh
sudo rm *key* // remove the old keys
// generate new keys - When prompted,
Do Not enter a phrase to generate the keys !
sudo ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
sudo ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key
sudo ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key
sudo ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
You may also have to remove keys that are stored
on the machine that is logging into the Raspberry Pi:
rm ~/.ssh/known_hosts
-- -- -- -- -- -- -- -- -- -- -- -- --
You can now create a new user and add the user to the adm and sudo groups: sudo adduser user_name sudo gpasswd -a user_name adm sudo gpasswd -a user_name sudo
After testing the new user is working correctly, you
can lock the pi account:
sudo passwd -l pi
To unlock the pi account:
sudo passwd -u pi
To use the imaging tool, I had to unlock the pi account. For some reason, the diaglog box for user_name (belonging to the adm and sudo groups) would not accept input from the keyboard.
Note that pi, in addition to belonging to the adm and sudo groups, also belongs to the folowing groups: dialout, cdrom audio, video, plugdev, games, users, input, render, netdev, spi, 12c, gpio, and lpadmin. It may be necessary to add some or all of these groups to the new super_user.
You need to cut off Configurations/auto login
On Debian 11 (bullseye) and the Raspberry Pi OS based on bullseye, vi is symlinked to vim.tiny; it takes only 1.4 MBytes of space. It does not support syntax highlighting, and its help files are dummy blank files. To get these features, you need vim.basic, which includes vim-runtime, and requires around 36 MBytes of space.
To get vim.basic:
sudo apt update
sudo apt install vim
You can add or modify the .vimrc file in your home directory. My ".vimrc" file is:
set showmode
set number
set shiftwidth=3
set expandtab
set autoindent
set wrap
set linebreak
set mouse=a
filetype plugin indent on
let g:html_indent_inctags="html,head,body,style,p"
syntax on
Add a firewall:
sudo apt install firewalld
sudo firewall-cmd --zone=internal --add-source=192.168.0.1/24 --permanent
// the ssh service is enabled by default for the internal zone. Howeven, VNC is not enabled
sudo firewall-cmd --zone=internal --add-service=vnc-server --permanent
Add fail2ban
sudo apt install fail2ban
and make a jail.local file in /etc.
To make Logitech's Anywhere 3 mouse discoverable, press and hold the select button on the bottom of the mouse for 4 seconds. I do not know if there is a difference in the Anywhere 3 for Windows and the Mac. I did not have a problems with either, but the Mac version does show up as Anywhere 3 for Mac. Logitech's Anywhere 3 mouse cannot be used as a wired mouse.
To make Apple's Magic keyboard discoverable, cut it 'off' and 'on'. Apple's magic keyboard can be also be used as a wired keyboard. On the model A1644 the fn+delete key performs a forward delete.
However, on the newer model A2450 (March 2021) the fn+delete
just does the same as delete key (backwards delete). There,
are claims that the newer keyboard A2450 is supported in Linux Kernel
5.7. As of 1/28/2022, the Raspberry Pi and Debian are still using
Kernel 5.1. We will have to wait and see. Also, there does not
appear to be any Windows drivers (yet) where the fn+delete works
correctly.
Tha the Raspberry Pi does not have a BIOS. Instead it reads the /boot/config.txt file and then it loads the Linux Kernel. The /boot/config.txt file takes the place of the BIOS.
In order to drive my 4K monitor at 60Hz, I had the add the following to /boot/config.txt:
enable_uart=1 / I do not know what this line does, but it is still required as of 2022/04/15
hdmi_enable_4kp60=1
The screen resolution and depth in the new Raspberry Pi Bullseye OS is set by the kernel (Kernel Mode Setting (KMS)). In the /boot/config.txt file:
#Enable DRM VC4 V3D Driver
dtoverlay=vc4-kms-v3d
max_framebuffers=2
At the top level is a Display Server: X session or Wayland. Wayland is newer, simpler and has a more narrow scope. Currently, the Raspberry Pi does not support Wayland. Below them is the DRM (Direct Rendering Manager). KMS (Kernel Mode Setting) is a subpart of DRM.
tvservice is not supported when using the "vc4-kms-v3d" driver.
You can set and change the resolution and orientation of the display with the "xrandr" command. Maintained by the X-org.
xrandr: x windows system - randr: resize and rotate.
arandr is a graphical front end for xrandr.
The new Raspberry Pi Bullseye OS uses the windows manager, "mutter".
-- old --
After the Raspberry Pi boots, the first thing you should do is enable ssh via Preferences/Raspberry Pi Configuration/Interfaces. Next, find the ip address of the Pi via ip address or ifconfig (deprecated). It is also a good idea to assign a dedicated ip address to the Pi via your router. This is so you can login to the Pi and make changes incase the screen is not displaying properly and/or other troubleshooting.
I tried to use Sylvania, SP262, bluetooth speaker, but after a period of time, it would go to sleep. After doing some research on the Internet, I learned that this is a common problem with bluetooth battery powered speakers.
AUpdate: This is now working without the speaker going to sleep with the input from the speaker being HDMI auto.
Linux has two firewall management tools: firewalld and iptables. ufw (uncomplicated firewall) is a frontend for iptables. And there is nftables. Firewalld and iptables are incompatible and only one should be used. Neither are installed by default with the Raspberry Pi OS.
Firewalld has replaced iptables on most distros. It is part of the systemd family.
To install firewalld:
sudo apt update
sudo apt install firewalld
Add interfaces to the public zone:
sudo firewall-cmd --zone=public --permanent --add-interface=eth0
sudo firewall-cmd --zone=public --permanent --add-interface=wlan0
An interface can only be added to a single zone:
Usefull firewalld commands:
sudo firewall-cmd --get-zones
sudo firewall-cmd --get-default--zone
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --list-all-zones
sudo firewall-cmd --zone=public --list-all
Fail2ban monitors the log files for malicious activities and bans the user. It does this by adding a firewall rule that blocks the user for a certain period of time. It will stop brute fore attacks.
You need to have either "firewalld" or "iptables" set up before fail2ban is installed. It download difference packages depending on which firewall is present.
To install fail2ban:
sudo apt update
sudp apt install fail2ban
When fail2ban is installed it creates a directory /etc/fail2ban. Inside this directory is "jail.conf". This informs you how to setup jails, but do NOT modify it because it might get overwritten when fail2ban is updated. Instead create a new file (via sudo) "jail.local" in the /etc/fail2ban directory. Anything in "jail.local" will overide what is in "jail.conf".
To create a jail for ssh, put the following in /etc/fail2ban/jail.local:
[DEFAULT]
bantime = 600
action = %(action_)s
[sshd]
enable = true
maxretry = 3
To see a list of jails:
sudo fail2ban-client status
To scan for Bluetooth devices, that you can connect to:
bluetoothctl scan on # continuous scan
bluetoothctl devices # list Bluetooth devices
bluetoothctl paired-devices # list paired devices
bluetoothctl discoverable on #make this device discoverable
The scan on command does not list devices
that are already paired to this computer or other computers.
bluetoothctl info xx:xx:xx:xx:xx
bluetoothctl pair xx:xx:xx:xx:xx
bluetoothctl connect xx:xx:xx:xx:xx
bluetoothctl trust xx:xx:xx:xx:xx
bluetoothctl remove xx:xx:xx:xx:xx # unpair
bluetoothctl disconnect xx:xx:xx:xx:xx
bluetoothctl untrust xx:xx:xx:xx:xx
bluetoothctl block xx:xx:xx:xx:xx
bluetoothctl unblock xx:xx:xx:xx:xx
If you remove the pulseaudio package
and reinstall it, "Volume Control (PulseAudio)"
will Not be in the Add/Rmove Panel Items List.
There will be a Volume Control in the list without
PulseAudio in parentheses, but this is not
the right one. To get the "Volume Control (PulseAudio)"
back in the list:
sudo apt install lxplug_volumepulse
and reboot.
After rebooting, you can now manually add
the panel applet "Volume Control (PulseAudio)" back to the task bar.
According to Tom's Hardware, when using an HDMI cable at QHD resolution (2560 x 1440), the RPi 4 will emit noise in the same range as Wi-Fi channel 1 - causing the Pi 4 to jam its own WiFi: the Article.
The article, dated November 30, 2019, states that the Raspberry Pi Foundation has acknowledged the problem. They are trying to address the issue with firmware. In the interim, users experiencing this issue should adjust their routers to use the 2.4 GHz channel 4 or above or the 5 GHz band.