[Arm-netbook] hardware encrypted flash drive idea with gpl3 license

Luke Kenneth Casson Leighton lkcl at lkcl.net
Thu Sep 21 12:10:55 BST 2017


On Thu, Sep 21, 2017 at 11:16 AM, Philip Hands <phil at hands.com> wrote:

> Most of the time, what you're calling hardware is liable to just be
> software running on a different processor, perhaps in a box that has
> been glued shut such that it's less convenient for bugs to be found,
> fixed and patched.

 glued shut, electric fences added which electrocute the user, or run
the instruction "HCF" [Halt and Catch Fire.  mythical iinstruction
which was supposed to be in the 68000 or perhaps the 8086, but was
actually down to running a loop of instructions that flipped IO and
internal logic so hard that the processor overheated).  :)

the latest freescale has an on-board Cortex M0 i think it is, which is
ultra-low-power enough to run permanently on battery, so you can do
tamper-detection.

 you'll like this: when i was working for NC3A i was asked to help
with a little ethernet network box that transferred data from a
low-security environment to a high-security one.  the rule was simple:
absolutely no physical connection, and absolutely no data must travel
- ever from the high security level to the low security one.

 that *includes* ICMP packet responses which are normally used to
acknowledge and set up even a *UDP* connection.

 so somebody wrote a *modified* TCP stack which took out  the need for
ICMP traffic... but it went way waaay further than that.

 the metal box was implemented as an ultra-low power receiver /
transmitter pair, with a metal firebreak and a tiny hole between for
the radio signal to get through on a Coax cable (so that there was no
data leakage by emitted radio waves).

power was SEPARATELY provided on both sides of the box.

 then.... when it was confirmed 100% working, the ENTIRE BOX WAS
FLOODED WITH RESIN.

 bit of a heat problem, that....

 baiscally what i'm saying, with this story is: the tricky part will
not be the software at all: the tricky bit will be getting a processor
into a tamper-resistant, tamper-detecting box.

l.



More information about the arm-netbook mailing list