On 2013-09-28, at 15:42 , Jer <[email protected]> wrote: > On 13-09-28 02:40 PM, Henry Olders wrote: >> Hello, all, >> >> I want to run my raspi as a device for digital signage, the idea being to >> display images fullscreen in a slideshow, without any user intervention. >> I've got that running very well, using the raspbian distro, openbox window >> manager, and either qiv or feh as the image viewer. The slideshow starts >> automatically on boot, and runs forever, which is what I want. >> >> Here is the problem: my client wants to prevent his images from being >> copied, including being copied off of the SD card when physically removed >> from the raspi. Encryption would accomplish this, so I'm looking at getting >> truecrypt running on the raspi. >> >> The difficulty I foresee is that if someone plugs a keyboard and mouse into >> the raspi when it's running, they can access a terminal emulator which is >> already logged in as user pi, and (I think) copy the image files out of the >> truecrypt container into an unencrypted directory. >> >> There may also be other security issues that people with more experience >> know about. >> >> Any ideas or suggestions much appreciated! >> >> Henry >> > > Use FBI instead which can run without anyone logged in. I use it for > slideshows on the pi. You can also use the video player, I forget the name, > but it is optimized for the pi. You don't need X at all, the framebuffer is > all you need. > > Another option is to use a screen locker program that will show the > slideshow. ie: Xscreensaver and use the GLSlideshow option. > > You could set permissions on the files so they are owned by root (or another > user) and only readable by root/user, then run the slideshow program with > sudo. > > The problem with encrypting the files is that if a reboot happens someone has > to go type a password in. > > The client is aware that they are displaying the images on a screen and that > anyone could record that screen? This is how I would steal them :) > > Jeremy
Great suggestion for FBI, Jeremy! Thank you! Very helpful not to have any user logged in. Re encrypting the files, I had in mind to use an authentication server. If the SD card remains in the original raspi, the encrypted files would mount; if the SD card were removed and run in another device, then authentication would fail, although I suppose that isn't foolproof for a determined attempt to break in. Henry _______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
