1 |
Most interesting. Perhaps of use to you? |
2 |
|
3 |
-------- Forwarded Message -------- |
4 |
From: dante <dante@×××××××××××××××.net> |
5 |
Reply-To: gentoo-hardened@l.g.o |
6 |
To: gentoo-hardened@l.g.o |
7 |
Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM |
8 |
Date: Fri, 01 Aug 2008 08:24:01 -0400 |
9 |
|
10 |
Hi everyone, |
11 |
|
12 |
My students and I have started a new gnome-based desktop linux distro |
13 |
derived from hardened Gentoo. It may be of interest to people on this |
14 |
list. |
15 |
|
16 |
Tin Hat is pretty much Gentoo, but it runs purely in RAM. It boots from |
17 |
CD or pen drive, but is not a liveCD in that it doesn't mount a file |
18 |
system from the boot device. Rather it copies its squashfs from CD to |
19 |
tmpfs in RAM. Booting is slow, it requres 4 GB of RAM or more, but it |
20 |
is lightening fast once up. ("emerge --sync" takes about a minute |
21 |
between a Tin Hat system offering portage, and one sync-ing from |
22 |
scratch. Firefox starts in about 1 second.) |
23 |
|
24 |
Tin Hat was started before the recent coldboot attacks. Within the |
25 |
limit of such attacks, Tin Hat aims at "zero information loss" if |
26 |
physical access is obtained to a system which is powered down. We add |
27 |
Ruusu's loop-aes patch to the kernel so that any hard drives are mounted |
28 |
using one of the best implimentations of block cipher encryptions we |
29 |
know of. During power up, Tin Hat uses GRSEC/PaX hardening to hedge |
30 |
against all the usual attacks. We are now thinking about our own patch |
31 |
to obfuscate data in RAM to protect against coldboot --- but to be |
32 |
honest, we think we can only make it harder, not impossible. |
33 |
|
34 |
Tin Hat is stable. We run 6 systems persistently on clean power and |
35 |
have typical up times of a couple of months. |
36 |
|
37 |
We never intended on releasing Tin Hat, but the students love it so much |
38 |
(the speed!) we thought of announcing it on freshmeat. I thought I'd |
39 |
post to this list because of it is a successful implementation of |
40 |
hardened Gentoo. |
41 |
|
42 |
Home page: http://opensource.dyc.edu/tinhat |
43 |
Freshmeat: http://freshmeat.net/projects/tinhat |
44 |
|
45 |
Anthony G. Basile |
46 |
Chair of Information Technology |
47 |
D'Youville College |
48 |
Buffalo NY 14201 |
49 |
|
50 |
(716) 829-8197 |
51 |
|
52 |
|
53 |
Regards, |
54 |
Ferris |
55 |
|
56 |
-- |
57 |
Ferris McCormick (P44646, MI) <fmccor@g.o> |
58 |
Developer, Gentoo Linux (Devrel, Sparc, Userrel, Trustees) |