[Freedombox-discuss] Key Splitting to Protect Client Data on Boxes

Jack Wilborn jkwilborn at gmail.com
Thu Feb 7 08:08:39 UTC 2013


Nick, I've been reading your search for a secure way to deal with
boxes knowing each other.  I as yet, have not found a hardware
schematic or gone over the CPU itself to see if there are in intrinsic
internals that might cure that problem.  What we all need to look for
is something unique to the hardware that would key tot he other DP's
that this is a related hardware platform.  This wouldn't guarantee
that the accessing hardware is not villainous, but might help in
identifying a 'friend or foe' situation.

I've always been somewhere where there is some kind of 'secure area'
that we can trust, but the FB violates that basic principle and we may
need to look at some kind of hardware arrangement.  As I stated the
CPU may have 'inside' information that we could use, discreetly to
help us identify friends and reject foes.  It seems like any software
only approach needs some kind of 'friendly' environment to ensure the
corrected things happen to ensure success with a new contact.  This
may be impossible without some kinds of 'assumptions'  and you know
what that leads to.

Another thought is the obfuscation of the whole thing being encrypted
with a partial key and shipping the whole key, but using some kind of
algorithm to determine the 'part' we do use to decrypt the object.

Just a thought, but I'll take some time this weekend and see if
anything obvious in the CPU architecture would be of value.

On another note: Put the DP down for a few days and maybe I'll have
another epiphany!  Never heard from anyone on how the monitor ROM in
the DP commands work. Trying to get my WiFi to work on my Debian box
as it would solve many problems.  Unfortunately I can't find out how
it detects and loads for WiFi cards.

Jack



More information about the Freedombox-discuss mailing list