> We discussed using a simple RC timer to cut power to the device after a > certain amount of uptime, but if I pointed out that if we were spend the > time going to that trouble, we may as well go whole-hog and add built-in > encryption and make money off the thing. > > I think the grab-data-and-eject solution is probably the best for our > purposes.
What about wiping the key. I would investigate if a hdparm reset negates that security. A long shot that all systems especially likely small ones will have floppies (though there may be a usb one) but using a floppy eject would certainly be one way (ignoring any buffers) as it is 100% mechanical on the enable direction. However why not just use a usb with perms set to root. If an attacker can get root which should be the biggest barrier and you are not worried about physical access then even SELINUX/RBAC may not save you. -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) _______________________________________________________________________