From rebecca_palmer at zoho.com Wed Nov 27 22:14:24 2024 From: rebecca_palmer at zoho.com (Rebecca N. Palmer) Date: Wed, 27 Nov 2024 22:14:24 -0000 Subject: [Pki-clean-room-devel] make-pgp-clean-room suggestions / patches In-Reply-To: References: <1c0a1915-bea0-0842-1577-bd1369148042@zoho.com> Message-ID: (continued from https://lists.debian.org/debian-security/2017/11/msg00009.html ) I seem to be banned from contacting Daniel Pocock by his spam filter, so I decided to write my own scripts, which turned into a rather bigger project than I'd planned on. Note that while this takes no code from his version, I am *not* trying to start an ongoing independent project: in addition to the generic fragmenting-effort-is-bad reasons, I don't want to be a repository owner of something this sensitive. Features: - Image creation first creates a local mirror of the needed packages then runs live-build without networking, to work around #718225 (live-build not always authenticating its downloads) and allow building an image from within the liveCD. - Key media can be USB sticks or CDs/DVDs (using the toram parameter to allow removing the boot liveCD). They are kept in sync by startup/shutdown scripts (i.e. _not_ RAIDed). - Plays an anti-acoustic-cryptanalysis sound during passphrase entry. - RAM wiping, by either a "fill memory" option of the shutdown script, or memtest86+ (more thorough, but requires BIOS (not EFI) boot and remembering to reboot into it). - Integrity check of the main system: check that file contents are what the packages say they should be. (Unlike tiger's deb_checkmd5sums, if you have the package file in the APT cache this verifies the whole chain back to the liveCD's debian-archive-keyring.) Known issues: - Originally designed for my own use: has hardcoded assumptions that are not appropriate for general use. (As it stands, it probably won't even build on systems other than mine, due to the usernames/paths in reproduce.sh / mirror_check_update.py ) - Less focused on ease of use than the original proposal: lacks a menu system. Networking and Bluetooth are currently hard-disabled by simply omitting the relevant kernel modules from the liveCD (because I didn't fancy an hours-long kernel recompile): this seems to work, but it might be better to do this in a more official way. -------------- next part -------------- A non-text attachment was scrubbed... Name: gpglive.tar.xz Type: application/x-xz Size: 25116 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: gpglive.tar.xz.sig Type: application/pgp-signature Size: 566 bytes Desc: not available URL: