Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
hardened kernel patching (TRESOR)
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Unsupported Software
View previous topic :: View next topic  
Author Message
jpc22
Apprentice
Apprentice


Joined: 29 Jan 2012
Posts: 190

PostPosted: Sat Mar 09, 2013 3:48 pm    Post subject: hardened kernel patching (TRESOR) Reply with quote

How hard would it be to add a patch designed for a 3.6.2 generic kernel to the 3.8.2 hardened-sources, and could it be done?

Basically this patch keeps cryptographic keys in cpu registers instead of ram to detter cold boot attacks.

http://www1.informatik.uni-erlangen.de/tresor
Back to top
View user's profile Send private message
_______0
Guru
Guru


Joined: 15 Oct 2012
Posts: 521

PostPosted: Sat Mar 09, 2013 5:50 pm    Post subject: Reply with quote

/me waits for cpu cold boot attack

then, where yus gonna hide them keys?
Back to top
View user's profile Send private message
jpc22
Apprentice
Apprentice


Joined: 29 Jan 2012
Posts: 190

PostPosted: Sun Mar 10, 2013 7:49 pm    Post subject: Reply with quote

:D Well with enough liquid nitrogen one could pull off a ''Cold'' cpu attack on a running computer , but cold boot attacks on cpu wont be possible unless they use resistive memory in the registers like in the reram currently being developped in laboratories.

For now we are mostly safe, since the register memory in cpu is pretty volatile, but that was not the point.
Back to top
View user's profile Send private message
khayyam
Advocate
Advocate


Joined: 07 Jun 2012
Posts: 2244

PostPosted: Tue Mar 12, 2013 11:32 am    Post subject: Reply with quote

jpc22 ...

Your best bet is to try:

Code:
# patch -p1 --dry-run -d /usr/src/linux-3.8.2-hardened </path/to/tresor.patch

Note: remove '--dry-run' for the patch to be applied.

If the patch looks like it would apply cleanly then you could add it to /etc/portage/patches/sys-kernel/hardend-sources/tresor.patch and create a 'patch_list' in that directory with 'tresor.patch' listed, and the patch will be applied on future updates.

best ... khay
Back to top
View user's profile Send private message
unitstep
n00b
n00b


Joined: 17 Oct 2012
Posts: 9

PostPosted: Tue Mar 12, 2013 7:06 pm    Post subject: Reply with quote

If the patch does not apply and you know how to use git you could try to merge the two patched sources.
You might need a bit of understanding of the code though, to get it together.

Now, I'm not familiar with hardened sources but I suppose that 3.8.2-hardened is a patch-set that goes on top of 3.8.2?

If so, then you could do something like
1) Clone the kernel repo
2) Check out the 3.6.2 kernel tag
3) Make a branch and apply the crypto patch and commit it
4) Check out 3.8.2 and branch off.
5) Apply the hardened patches and commit
6) Merge the 3.6.2-patched branch into your curren branch
7) Resolve merge conflicts
(8)) create a new patch for the crypto stuff from your merge

:D


Last edited by unitstep on Tue Mar 12, 2013 8:08 pm; edited 1 time in total
Back to top
View user's profile Send private message
jpc22
Apprentice
Apprentice


Joined: 29 Jan 2012
Posts: 190

PostPosted: Tue Mar 12, 2013 7:53 pm    Post subject: Reply with quote

Thanks for you input guys, i will try those suggestions soon, got a lot of work to do on my computers with clustering and multiscreen.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Unsupported Software All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum