30 lines
937 B
Markdown
30 lines
937 B
Markdown
|
+++
|
||
|
|
title = "Concept autonom tamperresistant Pi"
|
||
|
|
date = 2019-07-01T23:19:17+02:00
|
||
|
|
author = "MH"
|
||
|
|
cover = ""
|
||
|
|
tags = ["Raspberry", "Pi", "Concept", "Tamperproof"]
|
||
|
|
description = "Idears about building a tamperproof server with Praspbery Pi"
|
||
|
|
showFullContent = false
|
||
|
|
draft = false
|
||
|
|
+++
|
||
|
|
|
||
|
|
* Split the sdcard into two partitions one smal wich contains the bootloader, kernel and initrd and an encrypted root filesystem.
|
||
|
|
* Integrate Tor into initrd
|
||
|
|
* calculate a hash with sensors wich messure the enviroment (pressure against a case, eg.)
|
||
|
|
|
||
|
|
If the Pi hast power and a network conetcion ...
|
||
|
|
|
||
|
|
- it can calculate the hash
|
||
|
|
- start the tor client
|
||
|
|
- ask a specific hidden service with the hash for a key
|
||
|
|
- if the hash is korect it return the key wich unlook the rootfs
|
||
|
|
|
||
|
|
... normla bootprocess follows
|
||
|
|
|
||
|
|
> Your Pi can start automatical
|
||
|
|
|
||
|
|
> NO SECRET is stored unsecure on the device
|
||
|
|
|
||
|
|
> An external unlocatable party checks if the device was touched
|