Get Started

LapEE boots HyperBEAM from a signed USB appliance image and exposes evidence that lets another machine verify what booted and which node identity is serving traffic.

The normal launch path:

Get a release image and its verification material.
Verify the image before writing it.
Add public operator config or WiFi credentials if needed.
Write the image to USB.
Boot the target laptop.
Use the exact URL or QR code shown on the splash screen.
Verify the node from another machine.

Requirements

Default image:

x86_64 UEFI laptop.
TPM 2.0.
Intel TME or AMD SME for the production memory-encryption gate.
Network path from verifier machine to the laptop.
USB stick large enough for the release image.

Verifier machine:

Same network as the LapEE node.
Erlang, rebar3, and Python for the source-tree dashboard workflow.
No TPM required on the verifier machine.

Verify The Image

Use the hash or signature published with the release. For a plain SHA-256 file:

sha256sum -c lapee-vanilla-secure-VERSION-x86_64.img.zst.sha256

On macOS:

shasum -a 256 -c lapee-vanilla-secure-VERSION-x86_64.img.zst.sha256

Do not write an image whose release hash does not match.

Add Boot-Time Inputs

Operator inputs live on the EFI System Partition and are read once during boot.

File	Purpose	Secret?
`wifi.conf`	Optional SSID and WPA2-PSK.	Yes. Do not commit it or paste it into chat.
`config.json`	Optional public HyperBEAM config.	No. Treat it as public evidence.

For source-tree workflows:

make wifi-creds
make operator-config-apply IMAGE=build/images/lapee-usb.img

operator-config-apply copies wifi.conf and/or config.json into EFI/boot/ without re-signing the UKI.

Write The USB Stick

Using release artifacts directly:

zstdcat lapee-vanilla-secure-VERSION-x86_64.img.zst \
  | sudo dd of=/dev/sdX bs=16M status=progress conv=fsync

Using the source tree:

make write-image DEV=/dev/diskN IMAGE=build/images/lapee-usb.img

The target device is erased. Confirm the device path before running either command.

Boot

Boot the laptop from the USB stick. The production splash shows status while network and HyperBEAM start. When ready, it shows:

Running at http://HOST:8734/

Use that exact URL. Do not infer the host from an image name or from another machine's previous boot.

Verify

From the verifier machine:

export LAPEE_URL=http://HOST:8734

curl -fsSL \
  -H 'accept: application/json' \
  -H 'accept-bundle: true' \
  "$LAPEE_URL/~tpm@2.0a/boot-attestation" \
  -o boot-attestation.json

Source-tree dashboard:

make hb-fetch
./scripts/interpret-local-capture.sh \
  --url "$LAPEE_URL" \
  --label "operator-check"

Dashboard output:

build/hyperbeam/src-edge/out/local-capture/operator-check/dashboard.html

Useful Live Endpoints

$LAPEE_URL/~tpm@2.0a/info
$LAPEE_URL/~tpm@2.0a/pcr-read&pcr=0
$LAPEE_URL/~tpm@2.0a/boot-attestation
$LAPEE_URL/~system@1.0/all
$LAPEE_URL/~hyperbuddy@1.0/index

Requirements​

Verify The Image​

Add Boot-Time Inputs​

Write The USB Stick​

Boot​

Verify​

Useful Live Endpoints​