"J. Roeleveld" <jo...@antarean.org> wrote: >Michael Orlitzky <mich...@orlitzky.com> wrote: > >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>On 03/19/2013 11:28 PM, Michael Mol wrote: >>> >>> Not so much. The idea would be that you could power cycle the >>> device to get access to it again. The device would be read for the >>> keys at system bootup, but then would shut itself off after a few >>> minutes to prevent the keys from being read from disk. (There's >>> still the risk of them being read from the memory of the process >>> using them, but that's slightly more difficult, and security is all >>> about raising the bar.) >>> >> >>Eject the USB drive after five minutes? This raises the bar >>significantly, to "has tried to send the 'close CD tray' command to a >>USB stick before." >> >>-----BEGIN PGP SIGNATURE----- >>Version: GnuPG v2.0.19 (GNU/Linux) >> >>iQIcBAEBAgAGBQJRSTmpAAoJEBxJck0inpOiKusP/1sVI0A5hbT1pE8yRu+Ydn5W >>j+O6o9j+r2Tqzkay0/tXPWs8HJlM7c8yQcaRvQoCiau2mQzitSk+nLxCPh/GLpis >>2d49ihFKmVFk7qrIzMkrHoV4XRc2jVfgiEq+n8W5dYpODPCX9N4MQidgiYePnZ52 >>YEtxijEkfPk73j5jPoJh6SNWtzrdLUC6DH4mmghqgmZcn4glkhWpqIU6U/tj4hJT >>iN67F5g0g8YSIQNTBsTO/TLrQmrHdb/iT2v9hTxeL+Ly+xjHKJmSikP+f0rOOrQn >>vXbJHGk2IAgajDHcdG3jDJvoQDgA0vl+uJ/i4tj++rwMNNXxX7MmFq9qGqGGjBp4 >>nwFVJn9QGMHq2boDXISXlz+zNcjLWcaxNrXQiqSB5sqnbvjg27/NCDaQG8+ZgWzX >>a/JGLqu3l7LoribH54E51PGdpKiiooDgYjgQkB9ZrSM6/X14JftqWavEALrLQXfM >>ud32XTgMGiBVqyjtGQ4VDS2KtQnZAWhORMQJvOx3nwApUiXOlyX8xoyazYetnTaC >>pZFgYRgmNYQodweJNrpz28EekEhwr1A/HHYhe5ANqUSO44xZBhsfEhtz0ycVd0ok >>2JnCC4WwmQtqifD4S3hEsn4BN1XvxCH8YhXV6S+ApD9bo22ybZFw7f54tMSV0L/d >>brkafk2u3Bhnh2yFr+6k >>=pX91 >>-----END PGP SIGNATURE----- > >I don't think it is possible to un-eject a usb-drive without >powercycling it. > >And why wait 5 minutes to eject it? Simply do that as soon as the keys >are read? > >Extra option: >Stick the usbdisk driver as a module in a ramdisk and then rmmod it. >Remove the module from disk >And use module signing. From what I understand. The keys for that are >generated at compile time? And you can delete them from the kernel >sources after compiling. > >-- >Joost >-- >Sent from my Android phone with K-9 Mail. Please excuse my brevity.
One more idea: Boot from the same usbdisk. This moves the kernel and ramdisk away from the disk and into a location where, after rmmodding the drivers, the system no longer knows how to read from even if someone did figure out how to uneject a usbdisk. -- Joost -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.