Date: Sat, 3 Nov 2012 18:23:31 +0200 From: Alexander Yerenkow <yerenkow@gmail.com> To: Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> Cc: Ian Lepore <freebsd@damnhippie.dyndns.org>, lev@freebsd.org, freebsd-current <freebsd-current@freebsd.org> Subject: Re: FreeBSD as read-only firmware Message-ID: <CAPJF9wndCcv7UaCyu=bb7-PYnhYgfKC8WUahY8-Q9U-uTRSPUw@mail.gmail.com> In-Reply-To: <CAOgwaMu7uzKAue4GLd5xYHDdZi9ddoViHUqzF4NBavCPCY%2Bwuw@mail.gmail.com> References: <CAPJF9wmO-oO7cy4XUwnTMb5cpD14TaK430rWW2nqodBFWw54DQ@mail.gmail.com> <1167404891.20121103170049@serebryakov.spb.ru> <CAPJF9wmVPxMDBqyy=Dqdnb%2BZ33f_wLDx9CFbk_oSEx4inboK6A@mail.gmail.com> <CAOgwaMtnqCvA3_zyd1fqmEFyrTD4hZHoE5QZC0akmK0DTm8=yw@mail.gmail.com> <1351956625.1120.44.camel@revolution.hippie.lan> <CAOgwaMvzFJKE_s_W_NpOFSOD8aUdw7aJa5fVCG7rDo=qf=wS=w@mail.gmail.com> <CAPJF9wkPOL32PJvFjaGJ-=35CFwHgxZbKoU8_RCjWg-eMcFAPA@mail.gmail.com> <CAOgwaMu7uzKAue4GLd5xYHDdZi9ddoViHUqzF4NBavCPCY%2Bwuw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
2012/11/3 Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> > > > On Sat, Nov 3, 2012 at 9:08 AM, Alexander Yerenkow <yerenkow@gmail.com>wrote: > >> Actually in my case, base system image r24243.vmdk, have exactly two >> partitions (gpt's freebsd-boot, and roots = freebsd-ufs), and second one is >> used only in read-only :) >> >> For virtual machines approach, base image can be even ISO, which will be >> implied RO for system, and upgrade is just switch ISO. >> >> For real hardware, it can be done with such approach - make two >> partitions with fixed size, and when you need upgrade - just `dd` new image >> to other partition, mark it as [bootonce] (And if all is ok, as [bootme]), >> reboot = and you have new OS very quick, with same configs (except for some >> LARGE changes which could happen in /etc and touch your configs), and with >> same packages. >> >> BTW, when you mount /etc-rw union over /etc, when you'll need upgrade, >> mergemaster could take less time, less places for errors - since you had to >> merge only changed files(which present on /etc-rw). >> I think these days with current hw, no one will complain against lost 1Gb >> to achieve clean and simple OS upgrade. >> >> I'm not saying about possible way to shrink it further (no debug, gzip, >> etc) - get lesser partition, but still RO, and get ability to make >> something dd if=/dev/gpt/rootfs bs=1M | sha256 >> >> >> -- >> Regards, >> Alexander Yerenkow >> > > > > I am assuming that ANY SOFTWARE read-only protection , whatever it is , > has security vulnerability . > Therefore , the first approach should be to provide HARDWARE read only . > If this is supplied , the next necessity is that , programs in > write-protected part should not attempt to write anything onto > write-protected part . > If you consider writing as a security issue, you better should look at cd-r, and also for hash checking with public-private keys pair (you prepare image, put there public key, calc hash, sign hash with your private key, and make some script to check hash during boot, and probably over time). And don't be over-concerned about security, it's danger one-way road. > > > > Thank you very much . > > Mehmet Erol Sanliturk > > > > > > -- Regards, Alexander Yerenkow
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPJF9wndCcv7UaCyu=bb7-PYnhYgfKC8WUahY8-Q9U-uTRSPUw>