Well i thoght i might as well get them on paper, you never know when it could be handy to refer to it, also this fourm counts as "documentation" to me
Features that the hardware and bootloader provide
1. Secure boot
2. Signed kernels
3. SIM acsess
4. Removable Smart card acsess, i will tell you where to get it and ship with them as an option, part of the secure boot feature that will allow you to move your encrypted CF card between devices without changing keys (i finally worked out how to do that, horey for me!!!)
5. Full disk encryption from boot with no extra hardware!!!! use a flashdisk, password, or smartcard for key storage
OS level features that need to be implemented
1. "zones" "chroots" "compartments", basically some sort of fencing of an app from the main OS, not needed for us normally however a normal user might, and it would be good to have a way to "test" anon scripts i get from the net (perhaps copy on write and unionfs)
2. firewall, standard but still required
3. Verbose logging, this thing will have alot of flash and logging is a good thing for those who care about security
4. Smart card support, stuff is already avalible however a wrapper for crypt-setup to gets its keys from a smart card might be better than patching the source, whoever mabey others want that feature. gpg and such already support it
5. authentication forwding, ssh is good for this (log into B from A then log into C from B but have it authenticate against As keyring) i guess if the smart card is serial bassed then we could use the usb client serial mode and bridge it together, in fact that would work nicely
6. Kernel virtual HUB, as far as i see it it would be great if i could tell my xen stuff that everything hangging of port B belonged to the client OS. back to the point this facilitates that however where it would be good is if i can use usb client with the serial profile, hard drive profile and rindis at the same time, the only thing more i could wish for is a usb client keyboard so that i can share the hosts keyboard with the other PC. this may not be major but how can you trust an unknown PC's keyboard or OS. i would rather enter my passphrase for the smartcard on a trusted device
basically i had the idea of turning the PDA into a smartcard reader as well that can be plugged into a PC to share its smartcard features, no more duping and syncing RSA private keys between 2 smartcards (not that i expect any of you to have done so yet
anything i missed?
added
Random number generator
Keys on chip (not in flash) not changable
kernel module signing
kernel signing
virtulisation (heavy usage)