Photo credit: Alex Proimos Crepuscular Rays ..., CC BY 2.0
Status
DeityGuard
is no longer being
maintained. The source code is still available, of course.Does it work?
Yes, DeityGuard
has now reached a reasonable state of completion and
is periodically tested to be runnable on each of the four supported
platforms. Of course, there’s no telling when changes to Gentoo
might trip up a build. The DeityGuard
project will of course do its
best to provide fixes when upstream software changes.
What is it?
DeityGuard
is an all-in-one builder for a secure Linux
-based
operating system (with some GNU
in it as well). Put simply,
DeityGuard
is a collection of Bash
scripts that coordinate
building a firmware BIOS and bootloader (either Coreboot
or
U-Boot
), the Linux
operating system kernel, and a Gentoo
or
Buildroot
operating system and applications. DeityGuard
also
includes various patches to existing programs, and some of its own
programs written from scratch.
The resulting system uses strong cryptographic checksums to verify
all the code it runs, except for the part stored in the BIOS
flash memory (which is where the root of trust begins). Additionally,
all of the code is compiled from source (except for the base Gentoo
system – at some point, some binaries have to be trusted because you
can’t just create a GCC
toolchain out of thin air).
In short, DeityGuard
is about achieving practical security by:
- trusting hardware as little as possible, and:
- using only software that:
- is auditable, meaning at least availability of full source code, and:
- is freely modifiable (or patchable), so that problems can be fixed by anyone.
Additionally, DeityGuard
is meant to be as simple to use as possible
(that is, without compromising its core security tenets). This goal
has been achieved pretty satisfactorily – apart from the inevitable
hardware muckery inherent in flashing BIOS
chips, it’s now arguably
simpler to get started with DeityGuard
than it is to get started
with Gentoo
.
DeityGuard
is not an end-user product and probably will never
be. Some tuning will be required to get DeityGuard
to do what you
want to do with it. Rather than just explaining how to use
DeityGuard
, this guide is also intended to explain enough about the
internals of DeityGuard
so that you can modify it to suit your
needs. But you must be prepared to make your own modifications (at
least simple ones), or you won’t get much mileage out of
DeityGuard
. At minimum, you have to be able to modify the scripts
that configure Gentoo
’s portage
tool to customize the list of
installed software packages and their enabled features. It will help
if you already have experience with Gentoo
; if not, this guide also
contains a primer on portage
.
Which hardware platforms are supported?
Because the concept of DeityGuard
is to not run any untrusted code,
a platform must typically first be supported without binary blobs by
the Coreboot project. This rules out most
modern desktop computers and laptops. This is because both major
vendors of x86_64
CPUs (Intel and AMD) now only fabricate processors
that require mysterious binaries to be loaded at boot (and if you
don’t load them, the chips shut down).
DeityGuard
currently supports an x86_64
desktop system, an
x86_64
laptop, a 32-bit ARM
single-board computer, and a 32-bit
ARM
laptop.
d16
desktop:Asus KGPE-D16
(actually a server motherboard, but works great in a large desktop case)t400
laptop:Lenovo T400
bpi
single-board computer:Banana Pi
veysp
laptop:Asus C201 Chromebook
(also known as “Veyron Speedy”)
With these platforms, you can, for example, structure a computer
network to contain a computing powerhouse (the d16
) and multiple
kiosks (t400
s, bpi
s, veysp
s) that can give multiple users direct
access the computing powerhouse through VNC
. Additionally,
DeityGuard
supports finaling system configuration and flashing from
either x86_64
or ARM
hosts, allowing, for example, the use of a
veysp
laptop for administering a network.
Asus KGPE-D16
The most powerful mainboard supported by Coreboot without blobs is the
Asus KGPE-D16
server mainboard, which can accept up to two Opteron
6200
-series CPU
s (up to 32 cores) and up to 256GiB
of RAM
(though only up to 192GiB
is reported working in
Coreboot
). Virtualization is supported. It is recommended to have
one of these for building new versions of DeityGuard
, as building
DeityGuard
on the t400
laptop could take a while.
The onboard VGA
is poorly supported by Linux
(very slow
refresh). An external NVIDIA GeForce 210
card is recommended (and
supported in DeityGuard
).
Can be found on eBay occasionally. Can still be bought new (as of 2017).
Lenovo T400
An aging laptop supported by Coreboot
without blobs.
Can be found on eBay; no shortage of supply yet (as of 2017). Can no longer be bought new.
Banana Pi
Not actually supported by Coreboot
(and doesn’t have a BIOS
chip
either). To avoid trusting the SD card
, DeityGuard
is designed to
boot the Banana Pi
through USB
via FEL mode
.
Can be found on eBay usually. Can also be bought new from https://www.tinyonesystems.com/products/banana-pi in U.S.; see also http://www.banana-pi.org/shop.html for a complete list of vendors by geographic region.
Asus C201 Chromebook
Supported by Coreboot
. DeityGuard
includes a patch to Coreboot
that allows booting Linux
directly from the BIOS
chip, and without
the depthcharge
payload that is normally used on these systems.
Can be bought new (as of 2017).
How does DeityGuard
work at runtime?
On platforms with BIOS
chips (currently all platforms except bpi
),
the boot proceeds thusly:
-
The processor’s boot sequence maps the
BIOS
chip into memory and begins executingCoreboot
’sbootblock
. -
Coreboot
runs, initializing the hardware and booting aLinux
kernel andinitramfs
that have been placed on theBIOS
chip.DeityGuard
compiles theLinux
kernel with as many features set to modules as possible so that the kernel binary remains as small as possible. Theinitramfs
contains modules needed to access block storage devices and wired ethernet (either the on-board ethernet or through aUSB
ethernet adapter on theveysp
platform). Theinitramfs
also contains a program specific toDeityGuard
called theinstigator
. -
The
instigator
loads all the kernel modules on theinitramfs
and then scans all attached media for astage1
archive. Thestage1
archive must exactly match a secure checksum stored in theinitramfs
. If a validstage1
cannot be found on an attached medium, theinstigator
attempts to bring up the first ethernet interface and loadstage1
over the network. Control then passes to thestage1
code, which is not subject to the size restrictions of theBIOS
chip. -
The
stage1
code brings up the display and keyboard input and searches for a validstage2
archive, first on disk and then over the network. If found, thestage1
code verifies that thestage2
archive is signed by public key cryptography. The user is offered to boot any validstage2
archive found. -
The
stage2
archive contains astage3
kernel and initramfs, which arekexec
ed. The use ofkexec
allows the kernel to be upgraded without reprogramming theBIOS
chip. On theveysp
target,kexec
does not work andDeityGuard
uses a workaround involving a soft reboot. -
The
stage3
initramfs presents adialog
interface allowing the user to boot into the mainOS
(eitherGentoo
orBuildroot
) or carry out other management actions. -
The
OS
squashfs
image is verified at runtime by a program specific toDeityGuard
callednbd-hyperbolic
. When a disk sector must be loaded,nbd-hyperbolic
first tries to load it from a local cache. If the sector’s secure checksum does not match a corresponding entry in a table securely loaded from thestage3
archive, attempts are made to load the sector overHTTP
using a range request; on success, the network loaded data is written back to the local cache. To improve performance,nbd-hyperbolic
expands requests to a large sector size (128KiB
by default). There is support instage3
for startingnbd-hyperbolic
either with an on-disk cache or with an in-memory cache - the latter case allowing operation completely without local storage. -
When the
OS
is loaded with an on-disk cache,stage3
also supports updating the on-disk cache with thestage1
andstage2
that archives that were discovered during the boot process in a way that allows subsequent boots to discover them from disk. This allows subsequent boots to succeed offline.
On bpi
, the sole supported platform without a BIOS
chip, booting
happens by feeding U-Boot
, the Linux
kernel, and an initramfs
to
the board through USB
FEL mode
(which the bpi
enters by default
if no SD card
is present). The OS
can be loaded over the network,
or it can be dropped in through the FEL
link as well, enabling
non-networked use cases, or network bootstrap use cases (e.g., running
your LAN
dhcp
server or HTTP
image server for OS
images).
Can DeityGuard
run my favorite program?
On x86_64
platforms, all user programs in a DeityGuard
system come
from Gentoo
. Check packages.gentoo.org
for the available Gentoo
packages.
On ARM
, most user programs in a DeityGuard
system come from
Buildroot
. Check
https://git.busybox.net/buildroot/tree/package
for the available Buildroot
packages. Also, DeityGuard
patches
Buildroot
to add some additional packages.
Do the ARM
parts of DeityGuard
have to be built on ARM
?
No. DeityGuard
builds everything on an x86_64
host.
Can I try DeityGuard
without building everything myself?
No. DeityGuard
is supplied as sources only. The DeityGuard
build
scripts are capable of building a binary distribution, but the
DeityGuard
project has a policy of not distributing binaries in
order to limit legal liability.
Ethernet?! Why isn’t wireless supported?
Basically, because it’s not secure. Also, it would take a lot of work to implement.
More information
-
Download - This page lets you obtain the
DeityGuard
sources and pre-built binary images. -
Recipe - This page explains how to build the default configuration of
DeityGuard
(before you start changing everything!). -
Deploy - This page explains how to build the default configuration of
DeityGuard
in a reproducible and moderately secure build environment (start here!) -
Support - This page explains how to get support for
DeityGuard
. -
Internals - This page explains how
DeityGuard
works; this is what you read before you start modifyingDeityGuard
(or after you started but you got stuck, or after you have things working and you are curious to see if you did it correctly). -
Flashing - This page explains how to flash your system’s
BIOS
withDeityGuard
. -
Future - This page lists various directions that
DeityGuard
development might be going in in the future. -
Third Idea - This page explains how to make a “data diode” on the cheap.