homepage/content/post/concept-tamperresistance-pi.md

30 lines
1.0 KiB
Markdown

+++
title = "Concept autonom tamperresistant Pi"
date = 2019-07-01T23:19:17+02:00
author = "MH"
cover = ""
tags = ["Raspberry", "Pi", "Concept", "Tamperproof"]
description = "Idears about building a tamperproof server with Praspbery Pi"
showFullContent = false
draft = false
+++
* Split the SD card into two partitions. A small one with bootloader, kernel and initrd and one with the encrypted root file system.
* Integrate Tor into initrd
* Calculate a hash with sensors that measure the environment (pressure against a housing for example).
If the Pi is connected to the power supply and has a network connection ...
- it can calculate the hash
- start the tor client
- ask a certain hidden service with the hash for a key
- if the hash is corekt, it returns the key that decrypts the rootfs
... normal boot process follows
> Your pi can start without intervention
> NO SECRET is stored insecurely on the device
> An external party that cannot be localized checks whether the device has been touched or not