Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-pr
Navigation:
Lists: gentoo-pr: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-pr@g.o
From: Tiziano Müller <dev-zero@g.o>
Subject: Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Date: Fri, 01 Aug 2008 19:04:10 +0200
Well, it's surely worth to take a look at it and maybe try to establish
a good relationship with them, porting things back, etc.

Btw, would it perhaps make sense to have a mailinglist for people using
Gentoo as part of their business? Just thought that providing such
people a "directer line" to us could be helpful for both sides.

Am Freitag, den 01.08.2008, 15:09 +0000 schrieb Ferris McCormick:
> Most interesting.  Perhaps of use to you?
> 
> -------- Forwarded Message --------
> From: dante <dante@...>
> Reply-To: gentoo-hardened@g.o
> To: gentoo-hardened@g.o
> Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM
> Date: Fri, 01 Aug 2008 08:24:01 -0400
> 
> Hi everyone,
> 
> My students and I have started a new gnome-based desktop linux distro
> derived from hardened Gentoo.   It may be of interest to people on this
> list.
> 
> Tin Hat is pretty much Gentoo, but it runs purely in RAM.  It boots from
> CD or pen drive, but is not a liveCD in that it doesn't mount a file
> system from the boot device.  Rather it copies its squashfs from CD to
> tmpfs in RAM.  Booting is slow, it requres 4 GB of RAM or more, but it
> is lightening fast once up.  ("emerge --sync" takes about a minute
> between a Tin Hat system offering portage, and one sync-ing from
> scratch.  Firefox starts in about 1 second.)
> 
> Tin Hat was started before the recent coldboot attacks.  Within the
> limit of such attacks, Tin Hat aims at "zero information loss" if
> physical access is obtained to a system which is powered down.  We add
> Ruusu's loop-aes patch to the kernel so that any hard drives are mounted
> using one of the best implimentations of block cipher encryptions we
> know of.  During power up, Tin Hat uses GRSEC/PaX hardening to hedge
> against all the usual attacks.  We are now thinking about our own patch
> to obfuscate data in RAM to protect against coldboot --- but to be
> honest, we think we can only make it harder, not impossible.
> 
> Tin Hat is stable.  We run 6 systems persistently on clean power and
> have typical up times of a couple of months.
> 
> We never intended on releasing Tin Hat, but the students love it so much
> (the speed!) we thought of announcing it on freshmeat.  I thought I'd
> post to this list because of it is a successful implementation of
> hardened Gentoo.
> 
> Home page: http://opensource.dyc.edu/tinhat
> Freshmeat: http://freshmeat.net/projects/tinhat
> 
> Anthony G. Basile
> Chair of Information Technology
> D'Youville College
> Buffalo NY 14201
> 
> (716) 829-8197
> 
> 
> Regards,
> Ferris
> 
-- 
-------------------------------------------------------
Tiziano Müller
Gentoo Linux Developer
Areas of responsibility:
  Samba, PostgreSQL, CPP, Python, sysadmin
E-Mail     : dev-zero@g.o
GnuPG FP   : F327 283A E769 2E36 18D5  4DE2 1B05 6A63 AE9C 1E30
Attachment:
signature.asc (Dies ist ein digital signierter Nachrichtenteil)
Replies:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
-- Ferris McCormick
References:
[Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
-- Ferris McCormick
Navigation:
Lists: gentoo-pr: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Next by thread:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Previous by date:
[Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Next by date:
Re: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]


Updated Jun 17, 2009

Summary: Archive of the gentoo-pr mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.