1 |
On 03/02/2017 06:26 PM, Andrew Savchenko wrote: |
2 |
|
3 |
> On Thu, 2 Mar 2017 03:42:24 -0500 Taiidan@×××.com wrote: |
4 |
>> It is possible to have a reasonably secure system where the hard drive |
5 |
>> firmware (or any other devices) can't fuck around with the stuff on |
6 |
>> disk, although I highly doubt that the gentoo infrastructure (and |
7 |
>> kernel.org, and all the source repos for all the other software) does this |
8 |
> Hard drive's firmware is a drive's micro OS, it can manipulate data |
9 |
> on the disk as it pleases. The only way to protect privacy of the |
10 |
> data is to write it already encrypted, so it still can be mangled |
11 |
> and become unusable, but privacy will be kept. But see below about |
12 |
> DMA. |
13 |
> |
14 |
Of course, as I stated you have to bootstrap the crypto from the |
15 |
motherboard EEPROM chip. |
16 |
>> One way is to use a blob-free coreboot IOMMU supporting board and |
17 |
>> bootstrap the crypto/kernel off of the board firmware EEPROM chip to |
18 |
>> load the initial kernel thus no plaintext touches the disk and thus |
19 |
>> nothing can mess with it. |
20 |
>> |
21 |
>> The IOMMU (theoretically) protects the CPU and memory from rogue |
22 |
>> devices, such as the hard drive. |
23 |
> No. Any DMA capable device can bypass IOMMU. IOMMU was not |
24 |
> designed to protect OS from device. |
25 |
That isn't true, it was designed for exactly that and of course for |
26 |
assigning devices to VM's. |
27 |
|
28 |
I get an AMD-Vi IOMMU IO_PAGE_FAULT alert in dmesg whenever a device |
29 |
tries to do something it shouldn't and the remapping hardware blocks it. |
30 |
|
31 |
In linux the kernel/drivers configure which memory locations the devices |
32 |
are allowed to access. |
33 |
>> In terms of ethics IBM *for now* is a way better company than Intel/AMD, |
34 |
>> their POWER servers are owner controlled as there isn't any boot |
35 |
>> guard/secure boot/management engine/platform "security" processor (amd's |
36 |
>> ME) to stop you from re-writing the firmware as you please. They also |
37 |
>> have an getting-there-almost-reasonable open source effort (OpenPOWER) |
38 |
> Indeed they are. But that boxes are quite expensive and hard to get. |
39 |
Hard to get? You can buy them from IBM's website like any other computer. |
40 |
http://www-03.ibm.com/systems/power/hardware/linux-lc.html |
41 |
|
42 |
If you call them you may get a better price, but a credit card, 5 |
43 |
minutes (and $4.5K) will get you an entry level POWER8 server (although |
44 |
the almost open source firmware "Firestone" model costs around 10K) If |
45 |
you want a Palmetto you can get one for around $3K. |
46 |
They are a good deal vs intel/amd when it comes to performance/price, |
47 |
and of course the security and owner control aspects are absolutely swell. |
48 |
|
49 |
If you insert a graphics card you could use one as a workstation. |