homepage/content/post/concept-tamperresistance-pi.md

1.0 KiB

+++ title = "Concept autonom tamperresistant Pi" date = 2019-07-01T23:19:17+02:00 author = "MH" cover = "" tags = ["Raspberry", "Pi", "Concept", "Tamperproof"] description = "Idears about building a tamperproof server with Praspbery Pi" showFullContent = false draft = false +++

  • Split the SD card into two partitions. A small one with bootloader, kernel and initrd and one with the encrypted root file system.
  • Integrate Tor into initrd
  • Calculate a hash with sensors that measure the environment (pressure against a housing for example).

If the Pi is connected to the power supply and has a network connection ...

  • it can calculate the hash
  • start the tor client
  • ask a certain hidden service with the hash for a key
  • if the hash is corekt, it returns the key that decrypts the rootfs

... normal boot process follows

Your pi can start without intervention

NO SECRET is stored insecurely on the device

An external party that cannot be localized checks whether the device has been touched or not