Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-pr
Navigation:
Lists: gentoo-pr: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-pr@g.o
From: Ferris McCormick <fmccor@g.o>
Subject: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Date: Fri, 01 Aug 2008 15:09:30 +0000
Most interesting.  Perhaps of use to you?

-------- Forwarded Message --------
From: dante <dante@...>
Reply-To: gentoo-hardened@g.o
To: gentoo-hardened@g.o
Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM
Date: Fri, 01 Aug 2008 08:24:01 -0400

Hi everyone,

My students and I have started a new gnome-based desktop linux distro
derived from hardened Gentoo.   It may be of interest to people on this
list.

Tin Hat is pretty much Gentoo, but it runs purely in RAM.  It boots from
CD or pen drive, but is not a liveCD in that it doesn't mount a file
system from the boot device.  Rather it copies its squashfs from CD to
tmpfs in RAM.  Booting is slow, it requres 4 GB of RAM or more, but it
is lightening fast once up.  ("emerge --sync" takes about a minute
between a Tin Hat system offering portage, and one sync-ing from
scratch.  Firefox starts in about 1 second.)

Tin Hat was started before the recent coldboot attacks.  Within the
limit of such attacks, Tin Hat aims at "zero information loss" if
physical access is obtained to a system which is powered down.  We add
Ruusu's loop-aes patch to the kernel so that any hard drives are mounted
using one of the best implimentations of block cipher encryptions we
know of.  During power up, Tin Hat uses GRSEC/PaX hardening to hedge
against all the usual attacks.  We are now thinking about our own patch
to obfuscate data in RAM to protect against coldboot --- but to be
honest, we think we can only make it harder, not impossible.

Tin Hat is stable.  We run 6 systems persistently on clean power and
have typical up times of a couple of months.

We never intended on releasing Tin Hat, but the students love it so much
(the speed!) we thought of announcing it on freshmeat.  I thought I'd
post to this list because of it is a successful implementation of
hardened Gentoo.

Home page: http://opensource.dyc.edu/tinhat
Freshmeat: http://freshmeat.net/projects/tinhat

Anthony G. Basile
Chair of Information Technology
D'Youville College
Buffalo NY 14201

(716) 829-8197


Regards,
Ferris

-- 
Ferris McCormick (P44646, MI) <fmccor@g.o>
Developer, Gentoo Linux (Devrel, Sparc, Userrel, Trustees)
Attachment:
signature.asc (This is a digitally signed message part)
Replies:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
-- Tiziano Müller
Navigation:
Lists: gentoo-pr: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Just testing, please disregard.
Next by thread:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Previous by date:
Just testing, please disregard.
Next by date:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]


Updated Jun 17, 2009

Summary: Archive of the gentoo-pr mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.