[Soekris] read-only CF switch header on 4501?

"shaddack..soekristech"@shaddack.mauriceward.com "shaddack..soekristech" at shaddack.mauriceward.com
Mon Dec 29 20:39:20 UTC 2003


On Mon, 29 Dec 2003, Markus Friedl wrote:
>
> i'm booting openbsd ramdisk kernels without any IDE
> support, so the running system cannot modify the CF.
>
> in order to change files on the CF you need console
> access and boot a different kernel.

Or talk directly with the card over inportb/outportb instructions.
Difficult, but far from impossible. Will stop a casual nondetermined
adversary rather effectively, though.

I heard about a related problem, tamperproofing boot CDROM in a similar
installation but using standard PC instead of embedded hardware; the CDROM
was glued shut and secured with sealing tamperproofing tape, together with
the back of the case. Securing physical access to the machine is often
neglected.



More information about the Soekris-tech mailing list