Gentoo Logo

About | Projects | Docs | Forums | Lists | Bugs | Store | GMN | Get Gentoo! | Support | Sponsors | Planet
Gentoo Spaceship

Installation:
Gentoo Handbook
Installation Docs

Documentation:
Home
Listing
About Gentoo
Philosophy
Social Contract

Resources:
Bug Tracker
Developer List
Discussion Forums
Gentoo BitTorrents
Gentoo Linux Enhancement Proposals
IRC Channels
Mailing Lists
Mirrors
Name and Logo Guidelines
Online Package Database
Security Announcements
Staffing Needs
Supporting Vendors
View our CVS

Graphics:
Logos and themes
Icons
ScreenShots

Miscellaneous Resources:
Gentoo Linux Store
Gentoo-hosted projects
IBM dW/Intel article archive
List Archive: gentoo-pr
Navigation:
Lists: gentoo-pr: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-pr@g.o
From: Ferris McCormick <fmccor@g.o>
Subject: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Date: Fri, 01 Aug 2008 15:09:30 +0000 
Most interesting.  Perhaps of use to you?

-------- Forwarded Message --------
From: dante <dante@...>
Reply-To: gentoo-hardened@g.o
To: gentoo-hardened@g.o
Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM
Date: Fri, 01 Aug 2008 08:24:01 -0400

Hi everyone,

My students and I have started a new gnome-based desktop linux distro
derived from hardened Gentoo.   It may be of interest to people on this
list.

Tin Hat is pretty much Gentoo, but it runs purely in RAM.  It boots from
CD or pen drive, but is not a liveCD in that it doesn't mount a file
system from the boot device.  Rather it copies its squashfs from CD to
tmpfs in RAM.  Booting is slow, it requres 4 GB of RAM or more, but it
is lightening fast once up.  ("emerge --sync" takes about a minute
between a Tin Hat system offering portage, and one sync-ing from
scratch.  Firefox starts in about 1 second.)

Tin Hat was started before the recent coldboot attacks.  Within the
limit of such attacks, Tin Hat aims at "zero information loss" if
physical access is obtained to a system which is powered down.  We add
Ruusu's loop-aes patch to the kernel so that any hard drives are mounted
using one of the best implimentations of block cipher encryptions we
know of.  During power up, Tin Hat uses GRSEC/PaX hardening to hedge
against all the usual attacks.  We are now thinking about our own patch
to obfuscate data in RAM to protect against coldboot --- but to be
honest, we think we can only make it harder, not impossible.

Tin Hat is stable.  We run 6 systems persistently on clean power and
have typical up times of a couple of months.

We never intended on releasing Tin Hat, but the students love it so much
(the speed!) we thought of announcing it on freshmeat.  I thought I'd
post to this list because of it is a successful implementation of
hardened Gentoo.

Home page: http://opensource.dyc.edu/tinhat
Freshmeat: http://freshmeat.net/projects/tinhat

Anthony G. Basile
Chair of Information Technology
D'Youville College
Buffalo NY 14201

(716) 829-8197


Regards,
Ferris

-- 
Ferris McCormick (P44646, MI) <fmccor@g.o>
Developer, Gentoo Linux (Devrel, Sparc, Userrel, Trustees)
Attachment:
signature.asc (This is a digitally signed message part)
Replies:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
-- Tiziano Müller
Navigation:
Lists: gentoo-pr: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Just testing, please disregard.
Next by thread:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Previous by date:
Just testing, please disregard.
Next by date:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]


Updated Jun 17, 2009

Donate to support our development efforts.

Gentoo Centric Hosting: vr.org

VR Hosted

Tek Alchemy

Tek Alchemy

SevenL.net

SevenL.net

php|architect

php|architect
Copyright 2001-2007 Gentoo Foundation, Inc. Questions, Comments? Email www@gentoo.org.