Recent searches
Search options
Administered by:
Imagine SD card but the FORCE ERASE command also resets PERM_WRITE_PROTECT
Wait no, that's useless, since a rogue host can read the whole card before erasing it, and then write modified content back.
Damn.
Imagine SD card but with the ability to write-protect it in such a way, that un-write-protecting requires a password.
or I could just buy a bunch of those cards and use the permanent write-protect....
That's implemented by the reader, not the card, so you can just ignore than flag.
>the ability to write-protect it in such a way, that un-write-protecting requires a password.
SD cards contain a microprocessor running proprietary software, thus an attacker can really just reprogram the SD card and ask it to dump out all blocks.
You could write free software for a SD card that implements such functionality, but an attacker could still reprogram it.
You're better of encrypting the cards with LUKS2, as that would mean that any attacker that doesn't know the password isn't able to make specific edits to files (there are still some attacks against AES-XTS where you can overwrite a block and LUKS can't tell, although there is a optional journaling feature that can detect such modifications).
@Suiseiseki
> [PERM_WRITE_PROTECT] is implemented by the reader, not the card, so you can just ignore than flag.
Citation needed.
The SD spec says the physical write-protect switch on the side of the card is only implemented by the reader, but that's a separate thing from the PERM_WRITE_PROTECT bit in the CSD register.
1/
@Suiseiseki
> an attacker can [...] dump out all blocks.
not a concnern
> You're better of encrypting the cards with LUKS2
that misses the point.
I need an untrusted computer to be able to read the content of the card, without being able to modify it.
Also, can you stop being patronizing?
Not everyone has the same threat model as you, not everyone is trying to solve the same problem as you, and if LUKS was the answer I would've figured that out myself.
It came to me in a dream.
>I need an untrusted computer to be able to read the content of the card, without being able to modify it.
You need a storage medium that is physically impossible to modify.
I suggest a filled up DVD-R (can be plugged in via a USB DVD reader).
>Not everyone has the same threat model as you
Everyone deserves freedom, no matter who they are.
@Suiseiseki did you know that USB DVD readers have microcontrollers in them, running proprietary software?
@Suiseiseki but the attacker can reprogram the drive to return bytes different than the ones actually on the disc
@Suiseiseki flipping one byte in the right place is probably enough for the attacker to win
Out of curiosity, what's the exact use case that leads to this requirement? Sounds interesting.
@Mae not really...
the problem i'm trying to solve is as follows:
Imagine you have:
- N computers. The attacker has compromised up to N-1 of them, and you don't know which ones.
- A piece of paper with a URL to a file, and sha512 of that file
the goal is to end up with some storage medium that contains that file and be sure that the sha512 of if is the same as the one written on the paper.
It'd be relatively easy to do with DVDs, but most computers don't have DVD drives these days :/
@wolf480pl @Mae Use a (physically) write protected sd card.
@wolf480pl @Mae Ok, just looked it up and I didn't realize it's handled by the reader, not the SD card itself. I stand corrected.