Gentoo Archives: gentoo-pr

From: "Tiziano Müller" <dev-zero@g.o>
To: gentoo-pr@l.g.o
Subject: Re: [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Date: Fri, 01 Aug 2008 17:04:15
Message-Id: 1217610250.8001.16.camel@localhost
In Reply to: [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM] by Ferris McCormick
Well, it's surely worth to take a look at it and maybe try to establish
a good relationship with them, porting things back, etc.

Btw, would it perhaps make sense to have a mailinglist for people using
Gentoo as part of their business? Just thought that providing such
people a "directer line" to us could be helpful for both sides.

Am Freitag, den 01.08.2008, 15:09 +0000 schrieb Ferris McCormick:
> Most interesting. Perhaps of use to you? > > -------- Forwarded Message -------- > From: dante <dante@×××××××××××××××.net> > Reply-To: gentoo-hardened@l.g.o > To: gentoo-hardened@l.g.o > Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM > Date: Fri, 01 Aug 2008 08:24:01 -0400 > > Hi everyone, > > My students and I have started a new gnome-based desktop linux distro > derived from hardened Gentoo. It may be of interest to people on this > list. > > Tin Hat is pretty much Gentoo, but it runs purely in RAM. It boots from > CD or pen drive, but is not a liveCD in that it doesn't mount a file > system from the boot device. Rather it copies its squashfs from CD to > tmpfs in RAM. Booting is slow, it requres 4 GB of RAM or more, but it > is lightening fast once up. ("emerge --sync" takes about a minute > between a Tin Hat system offering portage, and one sync-ing from > scratch. Firefox starts in about 1 second.) > > Tin Hat was started before the recent coldboot attacks. Within the > limit of such attacks, Tin Hat aims at "zero information loss" if > physical access is obtained to a system which is powered down. We add > Ruusu's loop-aes patch to the kernel so that any hard drives are mounted > using one of the best implimentations of block cipher encryptions we > know of. During power up, Tin Hat uses GRSEC/PaX hardening to hedge > against all the usual attacks. We are now thinking about our own patch > to obfuscate data in RAM to protect against coldboot --- but to be > honest, we think we can only make it harder, not impossible. > > Tin Hat is stable. We run 6 systems persistently on clean power and > have typical up times of a couple of months. > > We never intended on releasing Tin Hat, but the students love it so much > (the speed!) we thought of announcing it on freshmeat. I thought I'd > post to this list because of it is a successful implementation of > hardened Gentoo. > > Home page: > Freshmeat: > > Anthony G. Basile > Chair of Information Technology > D'Youville College > Buffalo NY 14201 > > (716) 829-8197 > > > Regards, > Ferris >
-- ------------------------------------------------------- Tiziano Müller Gentoo Linux Developer Areas of responsibility: Samba, PostgreSQL, CPP, Python, sysadmin E-Mail : dev-zero@g.o GnuPG FP : F327 283A E769 2E36 18D5 4DE2 1B05 6A63 AE9C 1E30


File name MIME type
signature.asc application/pgp-signature