This repo will hold the basic information and documentation around the digital and physical assets and projects for the AniNIX network.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

82 lines
5.3 KiB

<b>WARNING: Holocrons should not hold copies of sensitive information.</b><br />
The Holocron is a mobile USB designed to take over any computer hardware and run as an element of the AniNIX.
# Etymology
Named for the [ Sith Holocron] from the Star Wars universe, the Holocron is a method for AniNIX admins to craft and record all their personal code and knowledge, including [[Aether|AniNIX::Aether]] backups, [[Foundation|Git]] repo checkouts, etc. It should be secured and difficult to crack to protect the secrets within, just as its namesake -- the better the traps, the better the knowledge it can hold.
# Capacity and Components
Holocrons have no defined capacity since they are not bound to any set of hardware. The portable storage space is bound to the drive on which it's written.
# Hosted Services and Entities
No services or entities are hosted.
# Connections
Holocron can dial to any host desired. It should have VPN, SSH, remote-desktop, browser, code version control, and file transfer clients available.
# Additional Reference
Implementation details for Holocron are below.
## Host drive
We currently recommend a [ Corsair Survivor Stealth] for Holocrons. This offers 64GB of flash storage with the following layout, in a form that is both impact- and water-resistant, making it a resilient tool.[[Category:Corsair]]
fd0 2:0 1 4K 0 disk
sda 8:0 0 1G 0 disk
sdb 8:16 1 59.6G 0 disk
|-sdb1 8:17 1 40G 0 part /mnt/xplatfrm
|-sdb2 8:18 1 9.3G 0 part /boot
`-sdb3 8:19 1 9.3G 0 part
`-spartacus 254:0 0 9.3G 0 crypt /
sr0 11:0 1 544K 0 rom
<b>WARNING: Do not store sensitive information on Holocrons!</b><br/> Though a Holocron has its root encrypted, /boot is not and the device is portable. Physical access is death! The storage can be cloned and cracked with sufficient computing resources. The encryption is a delay but not a hard-stop protecting your information. If you have access to an encrypted machine like [[Core|AniNIX::Core]] there is no reason to keep sensitive information on this, a client device. If you have nothing else, this encryption is better than none.
The Israelis and such have been working out ways to listen with directional mics to crack encryption, and I have no guarantee they didn't use some similar hardware assault to crack the encryption. The algorithm might be smart enough, but the hardware may give rise to a more direct way. Moreover, with the hardware being mobile, the firmware and bootloader could be assaulted to broadcast key signatures from memory, or someone could record you entering the decryption password. Some example vectors are below:
* [ Accoustic attacks on RSA]
* [ A sample LUKS crack]
* [ Another potential LUKS crack]
## Installation
1. Install [[ShadowArch]] to the / partition. Remember to remove the first four lines so that your mount options are used with your storage layout.
1. Create a folder /boot/iso in the / partition.
1. Edit /etc/grub.d/40_custom:
1. See [ Arch's multiboot] for individual GRUB entries.
1. Also see [ Arch's netboot] for a GRUB entry to use for netboot.
1. Load ISOs and pack for travel.
Example 40_custom file:
1. !/bin/bash
exec tail -n +3 $0
probe -u $root --set=rootuuid
set imgdevpath="/dev/disk/by-uuid/$rootuuid"
menuentry 'ArchLinux ISO' {
set isofile='/iso/archlinux.iso'
loopback loop $isofile
linux (loop)/arch/boot/x86_64/vmlinuz archisodevice=/dev/loop0 img_dev=$imgdevpath img_loop=$isofile earlymodules=loop
initrd (loop)/arch/boot/x86_64/archiso.img
menuentry "Kali Linux ISO" {
set isofile='/iso/kali-linux.iso'
loopback loop $isofile
linux (loop)/live/vmlinuz boot=live findiso=$isofile noconfig=sudo username=root hostname=kali earlymodules=loop
initrd (loop)/live/initrd.img
menuentry "CentOS ISO" {
set isofile='/boot/iso/CentOS.iso'
loopback loop $isofile
linux (loop)/isolinux/vmlinuz noeject inst.stage2=hd:/dev/sdb2:/$isofile
initrd (loop)/isolinux/initrd.img
## Recommended uses
* ArchLinux ISO: This ISO can be used to have a clean point from which to start -- its signature and size can be compared against [ the ArchLinux page] for integrity.
* Kali Linux ISO: This ISO is a hack suite, porting the latest tools with the user.
* CentOS ISO: This allows a user to access an enterprise network using a trusted OS with a known signature.
* ArchLinux local install: This is a portable workspace for the carrier -- packages installed here will be persistent, and allow the user to boot their own toolset without any or much network traffic.
* Cross-platform storage: This allows Spartacus to perform as a usual flash-drive.