Consumer-Mass-Product Grade Laptop (with above average security) [was: Military-Grade Laptop Security for All]

[coderman]

On 3/5/07, rayservers support <support at rayservers.com> wrote:
> ...
> If you are after strong security, you want to ensure, at a minimum,
> encrypted swap and /tmp as well.

agreed.  full disk crypto with a tamper resistant pre-boot auth/loader
is the only way to go... :)


> ... The cost
> of the time you will spend putting all the pieces of the puzzle together
> is likely to exceed the premium you would pay us for a secured notebook.

absolutely.  i did a poor job pointing this out in my original post
when i mentioned how much almost every distro out there sucks in the
respect.  good key management and an easy pre-installed FDE setup
(with VMs!  and even dual boot, etc!) is hard and well worth the cost
of paying someone skilled at such things to do it for you...


> We are aware of the cheap VIA notebooks

most of the distro builds of openssl, openssh, entropy daemon (if
present), and other tools don't currently take advantage of padlock
acceleration.  this is one element that would be nice to see more
collaboration on implementation (in any camp, bsd, linux, etc)

my friend got his nc1500 today from a thurs morning order.  it runs
ubuntu edgy with a modified kernel and tools (see below) including
loop-aes and padlock accel for fde, ipsec, openssl, openssh, openvpn,
and entropy daemon for hw_random to /dev/random processing.


best regards,

the below part: if you'd like to help seed the c5/c7 dev tarball and
iso torrents (and same for janusvm dev torrents with some new features
to test) send me an email for early seeding of the torrents.  thanks!