From owner-freebsd-current@FreeBSD.ORG  Sat Nov  3 16:23:32 2012
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id 495FA600;
 Sat,  3 Nov 2012 16:23:32 +0000 (UTC)
 (envelope-from yerenkow@gmail.com)
Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com
 [209.85.214.182])
 by mx1.freebsd.org (Postfix) with ESMTP id E2A738FC0C;
 Sat,  3 Nov 2012 16:23:31 +0000 (UTC)
Received: by mail-ob0-f182.google.com with SMTP id wc20so5647446obb.13
 for <multiple recipients>; Sat, 03 Nov 2012 09:23:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=lF7u0e8NecciH+PncMAs4FiCOyouTuZ+LJ1ovx4BQy0=;
 b=wC1QCcAnk6EKBbf96nymLkFKpE/59TajAt8dqem0UJWPb17pZMAlJZGMsDMUY0xRMm
 wVywXq5VdQyd3DcC/E87iF9raoOa4iKfln2QpU5boT8m5Rx+TwZ6OjVqPe572p7jKMcM
 dipxkScJUDgRgwc72JtCSIvYEUdK3dCn8iQ45S1/SG0p5jaTmgJAsFkM4nVeeAET9ZCE
 qgGLOtAnGkDg2dHRDah1uyZCKJf2ogmmDyJD5q6PZCTilcfqN0R0hrLwNVl596SSzpgB
 qpLJP/ZhxHW/zgxNNFt+tNff4cGFAd39FZ6KlB64eYbAlz6uffiru9WDepx6opU3Vrio
 kFaw==
MIME-Version: 1.0
Received: by 10.60.26.72 with SMTP id j8mr4088993oeg.68.1351959811384; Sat, 03
 Nov 2012 09:23:31 -0700 (PDT)
Received: by 10.60.58.165 with HTTP; Sat, 3 Nov 2012 09:23:31 -0700 (PDT)
In-Reply-To: <CAOgwaMu7uzKAue4GLd5xYHDdZi9ddoViHUqzF4NBavCPCY+wuw@mail.gmail.com>
References: <CAPJF9wmO-oO7cy4XUwnTMb5cpD14TaK430rWW2nqodBFWw54DQ@mail.gmail.com>
 <1167404891.20121103170049@serebryakov.spb.ru>
 <CAPJF9wmVPxMDBqyy=Dqdnb+Z33f_wLDx9CFbk_oSEx4inboK6A@mail.gmail.com>
 <CAOgwaMtnqCvA3_zyd1fqmEFyrTD4hZHoE5QZC0akmK0DTm8=yw@mail.gmail.com>
 <1351956625.1120.44.camel@revolution.hippie.lan>
 <CAOgwaMvzFJKE_s_W_NpOFSOD8aUdw7aJa5fVCG7rDo=qf=wS=w@mail.gmail.com>
 <CAPJF9wkPOL32PJvFjaGJ-=35CFwHgxZbKoU8_RCjWg-eMcFAPA@mail.gmail.com>
 <CAOgwaMu7uzKAue4GLd5xYHDdZi9ddoViHUqzF4NBavCPCY+wuw@mail.gmail.com>
Date: Sat, 3 Nov 2012 18:23:31 +0200
Message-ID: <CAPJF9wndCcv7UaCyu=bb7-PYnhYgfKC8WUahY8-Q9U-uTRSPUw@mail.gmail.com>
Subject: Re: FreeBSD as read-only firmware
From: Alexander Yerenkow <yerenkow@gmail.com>
To: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: Ian Lepore <freebsd@damnhippie.dyndns.org>, lev@freebsd.org,
 freebsd-current <freebsd-current@freebsd.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 03 Nov 2012 16:23:32 -0000

2012/11/3 Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com>

>
>
> On Sat, Nov 3, 2012 at 9:08 AM, Alexander Yerenkow <yerenkow@gmail.com>wrote:
>
>> Actually in my case, base system image r24243.vmdk, have exactly two
>> partitions (gpt's freebsd-boot, and roots = freebsd-ufs), and second one is
>> used only in read-only :)
>>
>> For virtual machines approach, base image can be even ISO, which will be
>> implied RO for system, and upgrade is just switch ISO.
>>
>> For real hardware, it can be done with such approach - make two
>> partitions with fixed size, and when you need upgrade - just `dd` new image
>> to other partition, mark it as [bootonce] (And if all is ok, as [bootme]),
>> reboot = and you have new OS very quick, with same configs (except for some
>> LARGE changes which could happen in /etc and touch your configs), and with
>> same packages.
>>
>> BTW, when you mount /etc-rw union over /etc, when you'll need upgrade,
>> mergemaster could take less time, less places for errors - since you had to
>> merge only changed files(which present on /etc-rw).
>> I think these days with current hw, no one will complain against lost 1Gb
>> to achieve clean and simple OS upgrade.
>>
>> I'm not saying about possible way to shrink it further (no debug, gzip,
>> etc) - get lesser partition, but still RO, and get ability to make
>> something dd if=/dev/gpt/rootfs bs=1M | sha256
>>
>>
>> --
>> Regards,
>> Alexander Yerenkow
>>
>
>
>
> I am assuming that ANY SOFTWARE read-only protection , whatever it is ,
> has security vulnerability .
> Therefore , the first approach should be to provide HARDWARE read only .
> If this is supplied , the next necessity is that , programs in
> write-protected part should not attempt to write anything onto
> write-protected part .
>

If you consider writing as a security issue, you better should look at
cd-r, and also for hash checking with public-private keys pair (you prepare
image, put there public key, calc hash, sign hash with your private key,
and make some script to check hash during boot, and probably over time).

And don't be over-concerned about security, it's danger one-way road.



>
>
>
> Thank you very much .
>
> Mehmet Erol Sanliturk
>
>
>
>
>
>


-- 
Regards,
Alexander Yerenkow