W
WannabePolyHistor
Guest
Caveat: I'm a noob to this and only know enough to be dangerous
Where do I get information on the steps of a secure boot sequence for a minimalist Linux Gentoo kernel ?
How can a kernel be produced where it's primary role is to provide a secure kernel space so that other modules can be adequately tested before being loaded. The boot process might take (say) ten minutes but the end result might be a very secure system. How would POST, BIOS and any PXE be handled in a transparent and secure fashion ?
I haven't been able to find any detail on this anywhere ... but I may be looking in the wrong places.
Next - thinking about a secure hardware boot test (think DETEKT), if a motherboard had amount for a small (less than 10 kb) user defined EEPROM, when and how could a hardware hash (perhaps HDD driver or RAM serial numbers) be made from the EEPROM in a way that displays the raw EEPROM data and the resulting hash on screen for capture by a camera. Could public and private keys be used in some way -- note that the implementation method may well be more important than the strenght of any hash. Later OCR of video frames could be used to test for unauthorised tampering if the user desired.
I'm after a secure kernel that loads into a capped RAM kernelspace and displays hashes of the kernelspace so that a privacy-oriented user would know that at least the boot process was secure. The memory model is old.
Is it time for some innovative thinking in the OpenSource community producing crowdsourced motherboards and chips designed to be secure but optimise paralellism. This way work can go into building lowcost chips that work in parallel really well. The power doesn't come from the chip itself but from how many chips you can run in parallel. Additionally, if the only significant changes to the chip and motherboard are made to manage security, the hardware should be reasonably stable and reliable. Performance upgrades might occur every 5 years to enhance chip performance and parallelism.
This model might result in a motherboard, chips and kernel that are resistant to tampering because the hardware is very well tested. If there are concerns about the way third party devices (HDD, RAM, LAN ports) fitted to the motherboard are built and the potential for subversion to yield private data, perhaps clever people
in the open security arena could code protocols or modules to test for heuristic breaches.
Comments welcome. Has this been done before ? If so where ? Is there a better way to do this ? If so. where ?
Man thanks in advance,
Wannabe PolyHistor
Where do I get information on the steps of a secure boot sequence for a minimalist Linux Gentoo kernel ?
How can a kernel be produced where it's primary role is to provide a secure kernel space so that other modules can be adequately tested before being loaded. The boot process might take (say) ten minutes but the end result might be a very secure system. How would POST, BIOS and any PXE be handled in a transparent and secure fashion ?
I haven't been able to find any detail on this anywhere ... but I may be looking in the wrong places.
Next - thinking about a secure hardware boot test (think DETEKT), if a motherboard had amount for a small (less than 10 kb) user defined EEPROM, when and how could a hardware hash (perhaps HDD driver or RAM serial numbers) be made from the EEPROM in a way that displays the raw EEPROM data and the resulting hash on screen for capture by a camera. Could public and private keys be used in some way -- note that the implementation method may well be more important than the strenght of any hash. Later OCR of video frames could be used to test for unauthorised tampering if the user desired.
I'm after a secure kernel that loads into a capped RAM kernelspace and displays hashes of the kernelspace so that a privacy-oriented user would know that at least the boot process was secure. The memory model is old.
Is it time for some innovative thinking in the OpenSource community producing crowdsourced motherboards and chips designed to be secure but optimise paralellism. This way work can go into building lowcost chips that work in parallel really well. The power doesn't come from the chip itself but from how many chips you can run in parallel. Additionally, if the only significant changes to the chip and motherboard are made to manage security, the hardware should be reasonably stable and reliable. Performance upgrades might occur every 5 years to enhance chip performance and parallelism.
This model might result in a motherboard, chips and kernel that are resistant to tampering because the hardware is very well tested. If there are concerns about the way third party devices (HDD, RAM, LAN ports) fitted to the motherboard are built and the potential for subversion to yield private data, perhaps clever people
in the open security arena could code protocols or modules to test for heuristic breaches.
Comments welcome. Has this been done before ? If so where ? Is there a better way to do this ? If so. where ?
Man thanks in advance,
Wannabe PolyHistor