Jeremy Impson
Fri, 22 Jun 2001 12:02:07 -0700
On Fri, 22 Jun 2001 [EMAIL PROTECTED] wrote: > On Fri, 22 Jun 2001, Jim Rees wrote: > > > But if you really are concerned about "very skilled hackers" you will need > > significant hardware protection, like a processor with integrated boot code > > or an epoxy potted processor and boot rom module. Even then you won't be > > able to completely protect the system against everyone. > > It seems to me, to do completely secure boot protection all one really > needs is an encrypting disk controller. > > Imagine a device that sits between the drive and IDE (or SCSI) disk > controller. This device encrypts every block of information going to > the disk, and decrypts every block leaving the disk. The keying > for this device can be done simply: a keypad is mounted in a > 5.25" drive faceplate and the key is entered directly to the encryption > device; the underlying computer architecture is not involved. I believe one of the requirements from the original poster was that users could not take the system (which is obviously "Linux-friendly") and use it as their own workstation. Correct me if I'm wrong (I've deleted the original email) but they plan on giving away the boxes as an "appliance" for which they'd sell the service. They want to prevent what happened to that one company (whose name I've forgotten, naturally) who was selling web appliance service. They gave you a box for free (I think it ran QNX) and expected you to buy monthly ISP service from them. Knowlegable Linux hackers would sign up for the service, get a free appliance, cancel the service, and install Linux on the box. Voila, free Xterm. What is needed is some way to physically require some sort of authentication, else the system is unusable. And it must be proof against hardware hacking. The military has stuff like this. And it's EXPENSIVE. We don't give it out for free. And nothing is tamper-proof. THere are only varying degrees of tamper-resistance. Then there's all the stuff about encrypting the data on disk, etc. --Jeremy Jeremy Impson Sr. Associate Network Engineer Advanced Technologies Department Lockheed Martin Systems Integration email: [EMAIL PROTECTED] phone: 607-751-5618 fax: 607-751-6025 *************************************************************** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***************************************************************