Re: Fw: StrongBox Linux and OVC?

From: David Mertz <voting-project_at_gnosis_dot_cx>
Date: Thu Apr 22 2004 - 21:35:32 CDT

Hi Liam,

This is a wonderful offer you have made, and a great opportunity for

First thing, I think we should move this discussion to the more
technical OVC-Demo-Team list. A lot of subscribers to the
Voting-Project list are not necessarily technical people. Both list,
in any case, are archived and publicly viewable at:

To post to the OVC-Demo-Team list, Arthur Keller
( needs to add you to the list; would
you write him, Liam, if you are interested in being added.

There are a number of requirements we will have for an "EVMix"
live-CD--most of them what we DON'T want included more than what we
want. For example, if we leave out all networking code, that makes us
feel even more confident remote attacks won't accidentally be enabled.

But let's continue this on the technical list.

All the best, David...

> ----- Original Message -----
> From: "Liam Helmer" <>
> To: <>
> Sent: Thursday, April 22, 2004 6:24 PM
> Subject: StrongBox Linux and OVC?
>> Hi,
>> I'm the lead developer on the StrongBox Linux project
>> (, a rather new project (started last fall) out
>> of Vancouver, Canada. What we're creating is a version of linux that
>> is
>> meant to be secure from the ground up. It seemed like a perfect fit
>> for
>> you project. So, what I thought I'd do, if you're interested in giving
>> me some specifications on creating an install of your software, is
>> offer
>> to build a StrongBox bundle that I'd be able to give to you on a
>> CD-Rom.
>> You'd then be able to plunk it the into any computer that runs
>> something
>> like Knoppix, and run your software in a nearly tamperproof way.
>> I've included some quick details below, as well as a feature overview.
>> If you want to direct them to the right people, that'd be awsome.
>> ----
>> Boot security in StrongBox:
>> During the bootup process, StrongBox looks for it's OS and
>> configuration, which it will load into RAM. In the secure version of
>> this procedure, a root certificate is included in the initrd, and all
>> OS
>> images and configuration files are verified before boot to have a
>> signature that's valid within that Certificate Authority.
>> Then, the OS boots up, with additional components being loaded, as
>> required. These components can also all be verified according to a
>> complete CA if desired (and configured in the bootup configuration).
>> Additionally, there's failover support in all aspects of the OS,
>> allowing backup copies to be used when a primary copy failed a
>> signature
>> or doesn't exist.
>> If you combine this with a read-only boot medium, which only needs to
>> hold the kernel and the initrd, you have nearly unbreakeable
>> boot-level
>> security. That, combined with OS contexts as you have in the
>> linux-vserver project (www.linux-vserver-org), you have a very secure
>> OS
>> as your platform.
>> ----
>> Anyways, if you guys have any interest, feel free to contact me.
>> Cheers,
>> Liam
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Fri Apr 30 23:17:17 2004

This archive was generated by hypermail 2.1.8 : Fri Apr 30 2004 - 23:17:29 CDT