Security Features, Its about damn time i documented them al Options

[Da_Blitz]

Well i thoght i might as well get them on paper, you never know when it could be handy to refer to it, also this fourm counts as "documentation" to me

Features that the hardware and bootloader provide
1. Secure boot
2. Signed kernels
3. SIM acsess
4. Removable Smart card acsess, i will tell you where to get it and ship with them as an option, part of the secure boot feature that will allow you to move your encrypted CF card between devices without changing keys (i finally worked out how to do that, horey for me!!!)
5. Full disk encryption from boot with no extra hardware!!!! use a flashdisk, password, or smartcard for key storage

OS level features that need to be implemented
1. "zones" "chroots" "compartments", basically some sort of fencing of an app from the main OS, not needed for us normally however a normal user might, and it would be good to have a way to "test" anon scripts i get from the net (perhaps copy on write and unionfs)
2. firewall, standard but still required
3. Verbose logging, this thing will have alot of flash and logging is a good thing for those who care about security
4. Smart card support, stuff is already avalible however a wrapper for crypt-setup to gets its keys from a smart card might be better than patching the source, whoever mabey others want that feature. gpg and such already support it
5. authentication forwding, ssh is good for this (log into B from A then log into C from B but have it authenticate against As keyring) i guess if the smart card is serial bassed then we could use the usb client serial mode and bridge it together, in fact that would work nicely
6. Kernel virtual HUB, as far as i see it it would be great if i could tell my xen stuff that everything hangging of port B belonged to the client OS. back to the point this facilitates that however where it would be good is if i can use usb client with the serial profile, hard drive profile and rindis at the same time, the only thing more i could wish for is a usb client keyboard so that i can share the hosts keyboard with the other PC. this may not be major but how can you trust an unknown PC's keyboard or OS. i would rather enter my passphrase for the smartcard on a trusted device

basically i had the idea of turning the PDA into a smartcard reader as well that can be plugged into a PC to share its smartcard features, no more duping and syncing RSA private keys between 2 smartcards (not that i expect any of you to have done so yet

anything i missed?

added

Random number generator
Keys on chip (not in flash) not changable
kernel module signing
kernel signing
virtulisation (heavy usage)

[stampsm]

you forgot about locking out jtag access. it is a one way operation since once you blow the fuse there is no way to undo it (ok let me rephrase this no way anyone in thier right mind would want to try), but it make even using external hardware hacking to get into the device nearly impossible if you got really sensitive info on it.

[stampsm]

here is a pdf file on the security features built into the i.mx31 processor

http://www.freescale.com/files/32bit/doc/w...1SECURITYWP.pdf

[speculatrix]

a permanently-writable area of flash - perhaps in the boot loader area - allowing the owner to put in their contact details. when the machine boots it will output the owner details to screen.

thus if the device is stolen, it will always be identifiable.

snag is, if you want to sell it... so maybe an owner registry, and the splash screen says "the owner of this device is registered at http://zaurusowners.dablitz.com?id=1234"

and if they enter in that URL, it says "owner is Speculatrix, Zaurus House, 123 Sharp Road, Linux City, PXA55 12AA, UK. Telephone +44 1234 567890"

[Da_Blitz]

hahah, that is so going in, i had that for my old XDA, it required you to blow a custom flash and would sms a number if the sim card was changed

[speculatrix]

hahah, that is so going in, i had that for my old XDA, it required you to blow a custom flash and would sms a number if the sim card was changed

it should also send the GPS location if it can... and if there's a wifi point, send an email as well as ping a specific IP address with an embedded help message with the GPS location too... it will do the latter at startup unless you run the right app and tell it it's in safe hands!

so if your PP is stolen, if will reveal where it is.

[Ferret-Simpson]

Looks good!

[Da_Blitz]

wel this was an xda2, so no gps

still with a bit of triciry with the mobile phone towers and the reception values to each you can tryangulate your postion providing you know the location of the towers

but in our case we can