[Pki-clean-room-devel] Fwd: Re: make-pgp-clean-room suggestions / patches

Rebecca N. Palmer rebecca_palmer at zoho.com
Fri Mar 2 19:07:35 UTC 2018 

These are the messages I previously had rejected; I then posted them to 
debian-security instead, where they got no response other than one that 
I need not be so worried.

-------- Forwarded Message --------
Subject: Re: make-pgp-clean-room suggestions / patches
Date: Tue, 27 Feb 2018 19:28:39 +0000
From: Rebecca N. Palmer <rebecca_palmer at zoho.com>
To: debian-security at lists.debian.org, 
pki-clean-room-devel at lists.alioth.debian.org

(continued from 
https://lists.debian.org/debian-security/2017/11/msg00009.html )

I seem to be banned from contacting Daniel Pocock by his spam filter, so 
I decided to write my own scripts, which turned into a rather bigger 
project than I'd planned on.

Note that while this takes no code from his version, I am *not* trying 
to start an ongoing independent project: in addition to the generic 
fragmenting-effort-is-bad reasons, I don't want to be a repository owner 
of something this sensitive.

Features:
- Image creation first creates a local mirror of the needed packages 
then runs live-build without networking, to work around #718225 
(live-build not always authenticating its downloads) and allow building 
an image from within the liveCD.
- Key media can be USB sticks or CDs/DVDs (using the toram parameter to 
allow removing the boot liveCD).  They are kept in sync by 
startup/shutdown scripts (i.e. _not_ RAIDed).
- Plays an anti-acoustic-cryptanalysis sound during passphrase entry.
- RAM wiping, by either a "fill memory" option of the shutdown script, 
or memtest86+ (more thorough, but requires BIOS (not EFI) boot and 
remembering to reboot into it).
- Integrity check of the main system: check that file contents are what 
the packages say they should be.  (Unlike tiger's deb_checkmd5sums, if 
you have the package file in the APT cache this verifies the whole chain 
back to the liveCD's debian-archive-keyring.)

Known issues:
- Originally designed for my own use: has hardcoded assumptions that are 
not appropriate for general use.  (As it stands, it probably won't even 
build on systems other than mine, due to the usernames/paths in 
reproduce.sh / mirror_check_update.py )
- Less focused on ease of use than the original proposal: lacks a menu 
system.

Networking and Bluetooth are currently hard-disabled by simply omitting 
the relevant kernel modules from the liveCD (because I didn't fancy an 
hours-long kernel recompile): this seems to work, but it might be better 
to do this in a more official way.

[This message had the code in question attached - if this list blocks 
it, it can be found in the debian-security version, 
https://lists.debian.org/debian-security/2018/02/msg00012.html ]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpglive.tar.xz
Type: application/x-xz
Size: 25116 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pki-clean-room-devel/attachments/20180302/eb813385/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpglive.tar.xz.sig
Type: application/pgp-signature
Size: 566 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pki-clean-room-devel/attachments/20180302/eb813385/attachment-0001.sig>

More information about the PKI-Clean-Room-Devel mailing list