Comment by yingw787
7 years ago
Great blog post Jess! I think this is an extension of Kerckhoff's Principle that a secure cryptosystem should be able to keep your data secure even if everything (except the key) is compromised: https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
Is there a Dockerfile or bash script anywhere that demonstrates how to install all these tools on bare metal? I operate at a higher level in the tech stack and I'm unfamiliar with these tools and how they work. A Dockerfile would be nice because then you could create a virtualish environment where you could play with the new stuff in docker exec before blowing away the old stuff.
Hey, also look into post compromise security eg see https://eprint.iacr.org/2016/221.pdf
This stuff is way off Dockerfile level, sorry.
Not a dockerfile, but it may be worth looking at buildroot [0] and qemu [1]. I'd like to say that I started 5 years ago with these tools and ended up working on embedded systems, but it's more like I started 5 years ago and ended up with drawers full of unsupported ARM boards.
0: https://buildroot.org
1: https://www.qemu.org/
I would start with qemu and uefi coreboot. Docker is too high level for this.