| 1 |
On 03/02/2017 06:26 PM, Andrew Savchenko wrote: |
| 2 |
|
| 3 |
> On Thu, 2 Mar 2017 03:42:24 -0500 Taiidan@×××.com wrote: |
| 4 |
>> It is possible to have a reasonably secure system where the hard drive |
| 5 |
>> firmware (or any other devices) can't fuck around with the stuff on |
| 6 |
>> disk, although I highly doubt that the gentoo infrastructure (and |
| 7 |
>> kernel.org, and all the source repos for all the other software) does this |
| 8 |
> Hard drive's firmware is a drive's micro OS, it can manipulate data |
| 9 |
> on the disk as it pleases. The only way to protect privacy of the |
| 10 |
> data is to write it already encrypted, so it still can be mangled |
| 11 |
> and become unusable, but privacy will be kept. But see below about |
| 12 |
> DMA. |
| 13 |
> |
| 14 |
Of course, as I stated you have to bootstrap the crypto from the |
| 15 |
motherboard EEPROM chip. |
| 16 |
>> One way is to use a blob-free coreboot IOMMU supporting board and |
| 17 |
>> bootstrap the crypto/kernel off of the board firmware EEPROM chip to |
| 18 |
>> load the initial kernel thus no plaintext touches the disk and thus |
| 19 |
>> nothing can mess with it. |
| 20 |
>> |
| 21 |
>> The IOMMU (theoretically) protects the CPU and memory from rogue |
| 22 |
>> devices, such as the hard drive. |
| 23 |
> No. Any DMA capable device can bypass IOMMU. IOMMU was not |
| 24 |
> designed to protect OS from device. |
| 25 |
That isn't true, it was designed for exactly that and of course for |
| 26 |
assigning devices to VM's. |
| 27 |
|
| 28 |
I get an AMD-Vi IOMMU IO_PAGE_FAULT alert in dmesg whenever a device |
| 29 |
tries to do something it shouldn't and the remapping hardware blocks it. |
| 30 |
|
| 31 |
In linux the kernel/drivers configure which memory locations the devices |
| 32 |
are allowed to access. |
| 33 |
>> In terms of ethics IBM *for now* is a way better company than Intel/AMD, |
| 34 |
>> their POWER servers are owner controlled as there isn't any boot |
| 35 |
>> guard/secure boot/management engine/platform "security" processor (amd's |
| 36 |
>> ME) to stop you from re-writing the firmware as you please. They also |
| 37 |
>> have an getting-there-almost-reasonable open source effort (OpenPOWER) |
| 38 |
> Indeed they are. But that boxes are quite expensive and hard to get. |
| 39 |
Hard to get? You can buy them from IBM's website like any other computer. |
| 40 |
http://www-03.ibm.com/systems/power/hardware/linux-lc.html |
| 41 |
|
| 42 |
If you call them you may get a better price, but a credit card, 5 |
| 43 |
minutes (and $4.5K) will get you an entry level POWER8 server (although |
| 44 |
the almost open source firmware "Firestone" model costs around 10K) If |
| 45 |
you want a Palmetto you can get one for around $3K. |
| 46 |
They are a good deal vs intel/amd when it comes to performance/price, |
| 47 |
and of course the security and owner control aspects are absolutely swell. |
| 48 |
|
| 49 |
If you insert a graphics card you could use one as a workstation. |
Archives