Login

Recent searches

No recent searches

Search options

Only available when logged in.
mstdn.io is one of the many independent Mastodon servers you can use to participate in the fediverse.

Administered by:

Server stats:

368
active users

mstdn.io: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
Wolf480pl

Imagine SD card but the FORCE ERASE command also resets PERM_WRITE_PROTECT

Public
Wolf480pl

Wait no, that's useless, since a rogue host can read the whole card before erasing it, and then write modified content back.

Damn.

Public
Wolf480pl

Imagine SD card but with the ability to write-protect it in such a way, that un-write-protecting requires a password.

Public
Wolf480pl

or I could just buy a bunch of those cards and use the permanent write-protect....

Public
翠星石
@wolf480pl >resets PERM_WRITE_PROTECT
That's implemented by the reader, not the card, so you can just ignore than flag.

>the ability to write-protect it in such a way, that un-write-protecting requires a password.
SD cards contain a microprocessor running proprietary software, thus an attacker can really just reprogram the SD card and ask it to dump out all blocks.

You could write free software for a SD card that implements such functionality, but an attacker could still reprogram it.


You're better of encrypting the cards with LUKS2, as that would mean that any attacker that doesn't know the password isn't able to make specific edits to files (there are still some attacks against AES-XTS where you can overwrite a block and LUKS can't tell, although there is a optional journaling feature that can detect such modifications).
Public
Wolf480pl

@Suiseiseki
> [PERM_WRITE_PROTECT] is implemented by the reader, not the card, so you can just ignore than flag.

Citation needed.

The SD spec says the physical write-protect switch on the side of the card is only implemented by the reader, but that's a separate thing from the PERM_WRITE_PROTECT bit in the CSD register.

1/

Wolf480pl

@Suiseiseki
> an attacker can [...] dump out all blocks.

not a concnern

> You're better of encrypting the cards with LUKS2

that misses the point.

I need an untrusted computer to be able to read the content of the card, without being able to modify it.

Also, can you stop being patronizing?
Not everyone has the same threat model as you, not everyone is trying to solve the same problem as you, and if LUKS was the answer I would've figured that out myself.

Jan 04, 2025, 12:33 PM·Public·Web
0boosts·1favorite
Public
翠星石
@wolf480pl >Citation needed.
It came to me in a dream.

>I need an untrusted computer to be able to read the content of the card, without being able to modify it.
You need a storage medium that is physically impossible to modify.

I suggest a filled up DVD-R (can be plugged in via a USB DVD reader).

>Not everyone has the same threat model as you
Everyone deserves freedom, no matter who they are.
Public
Wolf480pl

@Suiseiseki did you know that USB DVD readers have microcontrollers in them, running proprietary software?

Public
翠星石
@wolf480pl Yes, but they cannot write to a DVD-R due to how they lack a burning laser and also how you can't really write to a fully-written DVD-R.
Public
Wolf480pl

@Suiseiseki but the attacker can reprogram the drive to return bytes different than the ones actually on the disc

Public
翠星石
@wolf480pl Sure, but there is extremely limited amounts of storage available, thus any of such attacks would be very limited.
Public
Wolf480pl

@Suiseiseki flipping one byte in the right place is probably enough for the attacker to win

Public
Taylan (Kemalist Turkish Cat)
@wolf480pl

Out of curiosity, what's the exact use case that leads to this requirement? Sounds interesting.
Public
Taylan (Kemalist Turkish Cat)
@wolf480pl oh you just posted it in response to someone else :blobcat-thumbsup:
Explore
About