Gentoo Archives: gentoo-hardened

From: Ferris McCormick <fmccor@g.o>
To: gentoo-pr@g.o
Cc: gentoo-hardened@l.g.o, dante <dante@×××××××××××××××.net>
Subject: [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
Date: Fri, 01 Aug 2008 15:09:37
Message-Id: 1217603370.1820.242.camel@liasis.inforead.com
1 Most interesting. Perhaps of use to you?
2
3 -------- Forwarded Message --------
4 From: dante <dante@×××××××××××××××.net>
5 Reply-To: gentoo-hardened@l.g.o
6 To: gentoo-hardened@l.g.o
7 Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM
8 Date: Fri, 01 Aug 2008 08:24:01 -0400
9
10 Hi everyone,
11
12 My students and I have started a new gnome-based desktop linux distro
13 derived from hardened Gentoo. It may be of interest to people on this
14 list.
15
16 Tin Hat is pretty much Gentoo, but it runs purely in RAM. It boots from
17 CD or pen drive, but is not a liveCD in that it doesn't mount a file
18 system from the boot device. Rather it copies its squashfs from CD to
19 tmpfs in RAM. Booting is slow, it requres 4 GB of RAM or more, but it
20 is lightening fast once up. ("emerge --sync" takes about a minute
21 between a Tin Hat system offering portage, and one sync-ing from
22 scratch. Firefox starts in about 1 second.)
23
24 Tin Hat was started before the recent coldboot attacks. Within the
25 limit of such attacks, Tin Hat aims at "zero information loss" if
26 physical access is obtained to a system which is powered down. We add
27 Ruusu's loop-aes patch to the kernel so that any hard drives are mounted
28 using one of the best implimentations of block cipher encryptions we
29 know of. During power up, Tin Hat uses GRSEC/PaX hardening to hedge
30 against all the usual attacks. We are now thinking about our own patch
31 to obfuscate data in RAM to protect against coldboot --- but to be
32 honest, we think we can only make it harder, not impossible.
33
34 Tin Hat is stable. We run 6 systems persistently on clean power and
35 have typical up times of a couple of months.
36
37 We never intended on releasing Tin Hat, but the students love it so much
38 (the speed!) we thought of announcing it on freshmeat. I thought I'd
39 post to this list because of it is a successful implementation of
40 hardened Gentoo.
41
42 Home page: http://opensource.dyc.edu/tinhat
43 Freshmeat: http://freshmeat.net/projects/tinhat
44
45 Anthony G. Basile
46 Chair of Information Technology
47 D'Youville College
48 Buffalo NY 14201
49
50 (716) 829-8197
51
52
53 Regards,
54 Ferris
55
56 --
57 Ferris McCormick (P44646, MI) <fmccor@g.o>
58 Developer, Gentoo Linux (Devrel, Sparc, Userrel, Trustees)

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
[gentoo-hardened] Tin Hat memory requirements? Jan Klod <janklodvan@×××××.com>