+++
title = "Concept autonom tamperresistant Pi"
date = 2019-07-01T23:19:17+02:00
author = "MH"
cover = ""
tags = ["Raspberry", "Pi", "Concept", "Tamperproof"]
description = "Idears about building a tamperproof server with Praspbery Pi"
showFullContent = false
draft = false
+++

* Split the SD card into two partitions. A small one with bootloader, kernel and initrd and one with the encrypted root file system.
* Integrate Tor into initrd
* Calculate a hash with sensors that measure the environment (pressure against a housing for example).

If the Pi is connected to the power supply and has a network connection ...

 - it can calculate the hash
 - start the tor client
 - ask a certain hidden service with the hash for a key
 - if the hash is corekt, it returns the key that decrypts the rootfs

 ... normal boot process follows

 > Your pi can start without intervention

 > NO SECRET is stored insecurely on the device

 > An external party that cannot be localized checks whether the device has been touched or not