* [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
@ 2008-08-01 15:09 Ferris McCormick
2008-08-01 17:04 ` Tiziano Müller
0 siblings, 1 reply; 3+ messages in thread
From: Ferris McCormick @ 2008-08-01 15:09 UTC (permalink / raw
To: gentoo-pr; +Cc: gentoo-hardened, dante
[-- Attachment #1: Type: text/plain, Size: 2274 bytes --]
Most interesting. Perhaps of use to you?
-------- Forwarded Message --------
From: dante <dante@virtualblueness.net>
Reply-To: gentoo-hardened@lists.gentoo.org
To: gentoo-hardened@lists.gentoo.org
Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM
Date: Fri, 01 Aug 2008 08:24:01 -0400
Hi everyone,
My students and I have started a new gnome-based desktop linux distro
derived from hardened Gentoo. It may be of interest to people on this
list.
Tin Hat is pretty much Gentoo, but it runs purely in RAM. It boots from
CD or pen drive, but is not a liveCD in that it doesn't mount a file
system from the boot device. Rather it copies its squashfs from CD to
tmpfs in RAM. Booting is slow, it requres 4 GB of RAM or more, but it
is lightening fast once up. ("emerge --sync" takes about a minute
between a Tin Hat system offering portage, and one sync-ing from
scratch. Firefox starts in about 1 second.)
Tin Hat was started before the recent coldboot attacks. Within the
limit of such attacks, Tin Hat aims at "zero information loss" if
physical access is obtained to a system which is powered down. We add
Ruusu's loop-aes patch to the kernel so that any hard drives are mounted
using one of the best implimentations of block cipher encryptions we
know of. During power up, Tin Hat uses GRSEC/PaX hardening to hedge
against all the usual attacks. We are now thinking about our own patch
to obfuscate data in RAM to protect against coldboot --- but to be
honest, we think we can only make it harder, not impossible.
Tin Hat is stable. We run 6 systems persistently on clean power and
have typical up times of a couple of months.
We never intended on releasing Tin Hat, but the students love it so much
(the speed!) we thought of announcing it on freshmeat. I thought I'd
post to this list because of it is a successful implementation of
hardened Gentoo.
Home page: http://opensource.dyc.edu/tinhat
Freshmeat: http://freshmeat.net/projects/tinhat
Anthony G. Basile
Chair of Information Technology
D'Youville College
Buffalo NY 14201
(716) 829-8197
Regards,
Ferris
--
Ferris McCormick (P44646, MI) <fmccor@gentoo.org>
Developer, Gentoo Linux (Devrel, Sparc, Userrel, Trustees)
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
2008-08-01 15:09 [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM] Ferris McCormick
@ 2008-08-01 17:04 ` Tiziano Müller
2008-08-01 17:21 ` Ferris McCormick
0 siblings, 1 reply; 3+ messages in thread
From: Tiziano Müller @ 2008-08-01 17:04 UTC (permalink / raw
To: gentoo-pr
[-- Attachment #1: Type: text/plain, Size: 2953 bytes --]
Well, it's surely worth to take a look at it and maybe try to establish
a good relationship with them, porting things back, etc.
Btw, would it perhaps make sense to have a mailinglist for people using
Gentoo as part of their business? Just thought that providing such
people a "directer line" to us could be helpful for both sides.
Am Freitag, den 01.08.2008, 15:09 +0000 schrieb Ferris McCormick:
> Most interesting. Perhaps of use to you?
>
> -------- Forwarded Message --------
> From: dante <dante@virtualblueness.net>
> Reply-To: gentoo-hardened@lists.gentoo.org
> To: gentoo-hardened@lists.gentoo.org
> Subject: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM
> Date: Fri, 01 Aug 2008 08:24:01 -0400
>
> Hi everyone,
>
> My students and I have started a new gnome-based desktop linux distro
> derived from hardened Gentoo. It may be of interest to people on this
> list.
>
> Tin Hat is pretty much Gentoo, but it runs purely in RAM. It boots from
> CD or pen drive, but is not a liveCD in that it doesn't mount a file
> system from the boot device. Rather it copies its squashfs from CD to
> tmpfs in RAM. Booting is slow, it requres 4 GB of RAM or more, but it
> is lightening fast once up. ("emerge --sync" takes about a minute
> between a Tin Hat system offering portage, and one sync-ing from
> scratch. Firefox starts in about 1 second.)
>
> Tin Hat was started before the recent coldboot attacks. Within the
> limit of such attacks, Tin Hat aims at "zero information loss" if
> physical access is obtained to a system which is powered down. We add
> Ruusu's loop-aes patch to the kernel so that any hard drives are mounted
> using one of the best implimentations of block cipher encryptions we
> know of. During power up, Tin Hat uses GRSEC/PaX hardening to hedge
> against all the usual attacks. We are now thinking about our own patch
> to obfuscate data in RAM to protect against coldboot --- but to be
> honest, we think we can only make it harder, not impossible.
>
> Tin Hat is stable. We run 6 systems persistently on clean power and
> have typical up times of a couple of months.
>
> We never intended on releasing Tin Hat, but the students love it so much
> (the speed!) we thought of announcing it on freshmeat. I thought I'd
> post to this list because of it is a successful implementation of
> hardened Gentoo.
>
> Home page: http://opensource.dyc.edu/tinhat
> Freshmeat: http://freshmeat.net/projects/tinhat
>
> Anthony G. Basile
> Chair of Information Technology
> D'Youville College
> Buffalo NY 14201
>
> (716) 829-8197
>
>
> Regards,
> Ferris
>
--
-------------------------------------------------------
Tiziano Müller
Gentoo Linux Developer
Areas of responsibility:
Samba, PostgreSQL, CPP, Python, sysadmin
E-Mail : dev-zero@gentoo.org
GnuPG FP : F327 283A E769 2E36 18D5 4DE2 1B05 6A63 AE9C 1E30
[-- Attachment #2: Dies ist ein digital signierter Nachrichtenteil --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM]
2008-08-01 17:04 ` Tiziano Müller
@ 2008-08-01 17:21 ` Ferris McCormick
0 siblings, 0 replies; 3+ messages in thread
From: Ferris McCormick @ 2008-08-01 17:21 UTC (permalink / raw
To: gentoo-pr
[-- Attachment #1: Type: text/plain, Size: 587 bytes --]
On Fri, 2008-08-01 at 19:04 +0200, Tiziano Müller wrote:
> Well, it's surely worth to take a look at it and maybe try to establish
> a good relationship with them, porting things back, etc.
>
> Btw, would it perhaps make sense to have a mailinglist for people using
> Gentoo as part of their business? Just thought that providing such
> people a "directer line" to us could be helpful for both sides.
>
Sounds like a great idea to me.
Regards,
Ferris
--
Ferris McCormick (P44646, MI) <fmccor@gentoo.org>
Developer, Gentoo Linux (Devrel, Sparc, Userrel, Trustees)
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2008-08-01 17:21 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-08-01 15:09 [gentoo-pr] [Fwd: [gentoo-hardened] Tin Hat = hardened Gentoo distro in RAM] Ferris McCormick
2008-08-01 17:04 ` Tiziano Müller
2008-08-01 17:21 ` Ferris McCormick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox