1 |
On Jun 2, 2014, at 18:29, "J. Roeleveld" <joost@××××××××.org> wrote: |
2 |
|
3 |
> On Monday, June 02, 2014 04:23:07 PM Matti Nykyri wrote: |
4 |
>> On Jun 2, 2014, at 17:52, "J. Roeleveld" <joost@××××××××.org> wrote: |
5 |
>>> On Monday, June 02, 2014 03:23:03 PM Matti Nykyri wrote: |
6 |
>>>> On Jun 2, 2014, at 16:40, "J. Roeleveld" <joost@××××××××.org> wrote: |
7 |
>>>>> On Monday, June 02, 2014 07:28:53 AM Rich Freeman wrote: |
8 |
>>>>>> On Mon, Jun 2, 2014 at 6:56 AM, Neil Bothwick <neil@××××××××××.uk> |
9 |
> wrote: |
10 |
>>>>>>> On Mon, 02 Jun 2014 05:27:44 -0500, Dale wrote: |
11 |
>>>>>>>> The second option does sound what I am looking for. Basically, if I |
12 |
>>>>>>>> log |
13 |
>>>>>>>> out but leave my computer on, leave home, some crook/NSA type breaks |
14 |
>>>>>>>> in |
15 |
>>>>>>>> and tries to access something or steals my whole puter, they would |
16 |
>>>>>>>> just |
17 |
>>>>>>>> get garbage for data. That seems to fit the second option best. |
18 |
>>>>>>> |
19 |
>>>>>>> If they steal your computer they will have to power it off, unless you |
20 |
>>>>>>> are kind enough to leave them a large enough UPS to steal along with |
21 |
>>>>>>> it, |
22 |
>>>>>>> so any encryption will be equally effective. |
23 |
>>>>>> |
24 |
>>>>>> If you're worried about casual thieves then just about any kind of |
25 |
>>>>>> properly-implemented encryption will stop them. |
26 |
>>>>>> |
27 |
>>>>>> If you're worried about a government official specifically tasked with |
28 |
>>>>>> retrieving your computer, my understanding is that it is SOP these |
29 |
>>>>>> days to retrieve your computer without powering it off for just this |
30 |
>>>>>> reason. They won't use your UPS to do it. Typically they remove the |
31 |
>>>>>> plug just far enough to expose the prongs, slide in a connector that |
32 |
>>>>>> connects it to a UPS, and then they pull it out the rest of the way |
33 |
>>>>>> now powered by the UPS. |
34 |
>>>>>> |
35 |
>>>>>> See something like: |
36 |
>>>>>> http://www.cru-inc.com/products/wiebetech/hotplug_field_kit/ |
37 |
>>>>> |
38 |
>>>>> Hmm... Those are nice, but can be easily built yourself with an |
39 |
>>>>> off-the-shelf UPS. |
40 |
>>>>> |
41 |
>>>>>> Presumably somebody who is determined will also have the means to |
42 |
>>>>>> retrieve the contents of RAM once they seize your computer. Besides |
43 |
>>>>>> directlly accessing the memory bus I think most motherboards are not |
44 |
>>>>>> designed to be secure against attacks from PCI/firewire/etc. |
45 |
>>>>> |
46 |
>>>>> Hmm... add something to auto-shutdown the computer when a hotplug event |
47 |
>>>>> occurs on any of the internal ports and remove support for unused ports |
48 |
>>>>> from the kernel. |
49 |
>>>>> |
50 |
>>>>> I wonder how they'd keep a computer from initiating a shutdown procedure |
51 |
>>>>> or |
52 |
>>>>> causing a kernel panic when it looses (wireless) connection to another |
53 |
>>>>> device that is unlikely to be moved when powered up? |
54 |
>>>> |
55 |
>>>> Well i have a switch in the door of the server room. It opens when you |
56 |
>>>> open |
57 |
>>>> the door. That signals the kernel to wipe all the encryption keys from |
58 |
>>>> kernel memory. Without the keys there is no access to the disks. After |
59 |
>>>> that |
60 |
>>>> another kernel is executed which wipes the memory of the old kernel. If |
61 |
>>>> you |
62 |
>>>> just pull the plug memory will stay in its state for an unspecified time. |
63 |
>>> |
64 |
>>> You don't happen to have a howto on how to set that up? |
65 |
>> |
66 |
>> Well i have a deamon running and a self made logic device in COM-port. Very |
67 |
>> simple. It has a single serial-parallel converter to do simple IO. |
68 |
>> Currently it just controls one relay that powers the network-devices. |
69 |
> |
70 |
> I actually meant the software side: |
71 |
> - How to wipe the keys and then wipe the whole memory. |
72 |
|
73 |
The dm-crypt module inside kernel provides a crypt_wipe_key function that wipes the memory portion that holds the key. It also invalidates the key, so that no further writes to the drive can occur. Suspending the device prior is recommended: |
74 |
|
75 |
dmsetup suspend /dev/to-device |
76 |
dmsetup message /dev/to-device 0 key wipe |
77 |
|
78 |
When you boot into your kernel you can setup a crash kernel inside your memory. The running kernel will not touch this area so you can be certain that there is no confidential data inside. Then you just wipe the area of the memory of the original kernel after you have executed your crash kernel. |
79 |
|
80 |
So I do this by opening /dev/mem in the crash kernel and then mmap every page you need to wipe. I use the memset to wipe the page. Begin from physical address where your original kernel is located and walk the way up. Skip the portion where you crash kernel is! Crash kernel location is in your kernel cmdline and the location of the original kernel in your kernel config. |
81 |
|
82 |
>>>> I consoder this setup quite secure. |
83 |
>>> |
84 |
>>> Makes me wonder what it is you are protecting your server from. :) |
85 |
>> |
86 |
>> Well just a hobby. I wanted to play with electronics. The server controls my |
87 |
>> heating, locks of the house, lights, airconditioning, fire-alarm and |
88 |
>> burglar-alarm. Gentoo-powered house... |
89 |
> |
90 |
> I would keep the system controlling all that off the internet with only a |
91 |
> null-modem cable to an internet-connected server using a custom protocol. |
92 |
> |
93 |
> Anything that doesn't match the protocol initiates a full lock-down of the |
94 |
> house. ;) |
95 |
|
96 |
But it is much more convenient to control everything from you phone via internet. Just have everything setup in a secure manner. Anyways it's easier for a common burglar to break the window then to hack the server! And you can not steal the stereos by hacking the server ;) |
97 |
|
98 |
-- |
99 |
-Matti |