Dale <rdalek1967 <at> gmail.com> writes:
> > Blueness has created a 'tin hat' [1] mini secure linux distro that runs > > in all ram for the truely paranoid (or those with valid security features). > > You can just boot up with tinhat or Pentoo and use the live version > > for sensitive transactional types of events...... There is also, bluedragon > > and lilblue, all excellent, reasonably secure systems to testdrive. > > Also, you may want to see if 'www-client/xombrero' meets your needs. > > I have not had time to implement it, so it's on my todo list to evaluate. > > [1] http://opensource.dyc.edu/tinhat > Only thing is, I access my bank pretty much daily. To use that would > require a reboot and booting from USB/DVD etc. I rarely reboot. > Generally, I reboot when I lose power and have to shutdown. So far, I > haven't rebooted in 182 days. In a little over a week, I'll have a new > record. Well, documented record for this rig anyway. OK, then the solution, which is not in my current expertise, is to run something secure in a VM or a container from your workstation. Since tinhat is an "in-ram' solution that would work. I sure there are secure, gentoo-hardeded images for a VM or container, just look around. One of the gentoo security/container/vm channels may provide faster expertise on this route. Or get an embedded board (should be less than $50) with hdmi, usb (mouse/keyboard) and ethernet, that has a secure distro avalilable for it. Perhaps some of Rasp. Pi3 or this one [1]. With gentoo-hardened, I'd cobble together a second system, before munging up your current gentoo workstation. Be sure that the secure OS you want to run, is already well supported before you choose an embedded board. Apline linux shines here too, as it uses musl (libc) and is security oriented. Did you read up on Xombrero? There are many choices, finding the least time-consuming option that meets your needs requires lots of time. ;-) hth, James [1] http://www.cnx-software.com/2016/02/29/odroid-c2-64-bit-arm-development-board-is-now-available-for-purchase-for-40/
