On 03/02/2017 06:26 PM, Andrew Savchenko wrote:
On Thu, 2 Mar 2017 03:42:24 -0500 taii...@gmx.com wrote:
It is possible to have a reasonably secure system where the hard drive
firmware (or any other devices) can't fuck around with the stuff on
disk, although I highly doubt that the gentoo infrastructure (and
kernel.org, and all the source repos for all the other software) does this
Hard drive's firmware is a drive's micro OS, it can manipulate data
on the disk as it pleases. The only way to protect privacy of the
data is to write it already encrypted, so it still can be mangled
and become unusable, but privacy will be kept. But see below about
DMA.
Of course, as I stated you have to bootstrap the crypto from the
motherboard EEPROM chip.
One way is to use a blob-free coreboot IOMMU supporting board and
bootstrap the crypto/kernel off of the board firmware EEPROM chip to
load the initial kernel thus no plaintext touches the disk and thus
nothing can mess with it.
The IOMMU (theoretically) protects the CPU and memory from rogue
devices, such as the hard drive.
No. Any DMA capable device can bypass IOMMU. IOMMU was not
designed to protect OS from device.
That isn't true, it was designed for exactly that and of course for
assigning devices to VM's.
I get an AMD-Vi IOMMU IO_PAGE_FAULT alert in dmesg whenever a device
tries to do something it shouldn't and the remapping hardware blocks it.
In linux the kernel/drivers configure which memory locations the devices
are allowed to access.
In terms of ethics IBM *for now* is a way better company than Intel/AMD,
their POWER servers are owner controlled as there isn't any boot
guard/secure boot/management engine/platform "security" processor (amd's
ME) to stop you from re-writing the firmware as you please. They also
have an getting-there-almost-reasonable open source effort (OpenPOWER)
Indeed they are. But that boxes are quite expensive and hard to get.
Hard to get? You can buy them from IBM's website like any other computer.
http://www-03.ibm.com/systems/power/hardware/linux-lc.html
If you call them you may get a better price, but a credit card, 5
minutes (and $4.5K) will get you an entry level POWER8 server (although
the almost open source firmware "Firestone" model costs around 10K) If
you want a Palmetto you can get one for around $3K.
They are a good deal vs intel/amd when it comes to performance/price,
and of course the security and owner control aspects are absolutely swell.
If you insert a graphics card you could use one as a workstation.
