2019-07-01 21:35:06 +00:00
|
|
|
+++
|
|
|
|
|
title = "Concept autonom tamperresistant Pi"
|
|
|
|
|
date = 2019-07-01T23:19:17+02:00
|
|
|
|
|
author = "MH"
|
|
|
|
|
cover = ""
|
|
|
|
|
tags = ["Raspberry", "Pi", "Concept", "Tamperproof"]
|
|
|
|
|
description = "Idears about building a tamperproof server with Praspbery Pi"
|
|
|
|
|
showFullContent = false
|
|
|
|
|
draft = false
|
|
|
|
|
+++
|
|
|
|
|
|
2019-07-02 17:21:46 +00:00
|
|
|
* Split the SD card into two partitions. A small one with bootloader, kernel and initrd and one with the encrypted root file system.
|
2019-07-01 21:35:06 +00:00
|
|
|
* Integrate Tor into initrd
|
2019-07-02 17:21:46 +00:00
|
|
|
* Calculate a hash with sensors that measure the environment (pressure against a housing for example).
|
2019-07-01 21:35:06 +00:00
|
|
|
|
2019-07-02 17:21:46 +00:00
|
|
|
If the Pi is connected to the power supply and has a network connection ...
|
2019-07-01 21:35:06 +00:00
|
|
|
|
|
|
|
|
- it can calculate the hash
|
|
|
|
|
- start the tor client
|
2019-07-02 17:21:46 +00:00
|
|
|
- ask a certain hidden service with the hash for a key
|
|
|
|
|
- if the hash is corekt, it returns the key that decrypts the rootfs
|
2019-07-01 21:35:06 +00:00
|
|
|
|
2019-07-02 17:21:46 +00:00
|
|
|
... normal boot process follows
|
2019-07-01 21:35:06 +00:00
|
|
|
|
2019-07-02 17:21:46 +00:00
|
|
|
> Your pi can start without intervention
|
2019-07-01 21:35:06 +00:00
|
|
|
|
2019-07-02 17:21:46 +00:00
|
|
|
> NO SECRET is stored insecurely on the device
|
2019-07-01 21:35:06 +00:00
|
|
|
|
2019-07-02 17:21:46 +00:00
|
|
|
> An external party that cannot be localized checks whether the device has been touched or not
|
