[Pki-clean-room-devel] make-pgp-clean-room suggestions / patches

Rebecca N. Palmer rebecca_palmer at zoho.com
Wed Nov 27 22:14:24 GMT 2024 

(continued from 
https://lists.debian.org/debian-security/2017/11/msg00009.html )

I seem to be banned from contacting Daniel Pocock by his spam filter, so 
I decided to write my own scripts, which turned into a rather bigger 
project than I'd planned on.

Note that while this takes no code from his version, I am *not* trying 
to start an ongoing independent project: in addition to the generic 
fragmenting-effort-is-bad reasons, I don't want to be a repository owner 
of something this sensitive.

Features:
- Image creation first creates a local mirror of the needed packages 
then runs live-build without networking, to work around #718225 
(live-build not always authenticating its downloads) and allow building 
an image from within the liveCD.
- Key media can be USB sticks or CDs/DVDs (using the toram parameter to 
allow removing the boot liveCD).  They are kept in sync by 
startup/shutdown scripts (i.e. _not_ RAIDed).
- Plays an anti-acoustic-cryptanalysis sound during passphrase entry.
- RAM wiping, by either a "fill memory" option of the shutdown script, 
or memtest86+ (more thorough, but requires BIOS (not EFI) boot and 
remembering to reboot into it).
- Integrity check of the main system: check that file contents are what 
the packages say they should be.  (Unlike tiger's deb_checkmd5sums, if 
you have the package file in the APT cache this verifies the whole chain 
back to the liveCD's debian-archive-keyring.)

Known issues:
- Originally designed for my own use: has hardcoded assumptions that are 
not appropriate for general use.  (As it stands, it probably won't even 
build on systems other than mine, due to the usernames/paths in 
reproduce.sh / mirror_check_update.py )
- Less focused on ease of use than the original proposal: lacks a menu 
system.

Networking and Bluetooth are currently hard-disabled by simply omitting 
the relevant kernel modules from the liveCD (because I didn't fancy an 
hours-long kernel recompile): this seems to work, but it might be better 
to do this in a more official way.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpglive.tar.xz
Type: application/x-xz
Size: 25116 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pki-clean-room-devel/attachments/20241127/4e675860/attachment.xz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gpglive.tar.xz.sig
Type: application/pgp-signature
Size: 566 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pki-clean-room-devel/attachments/20241127/4e675860/attachment.sig>

More information about the PKI-Clean-Room-Devel mailing list