On 25/04/16 21:51, Adam Borowski wrote: > On Mon, Apr 25, 2016 at 10:15:02AM +0200, Daniel Pocock wrote: >> There are various blogs guiding people to use a Debian Live CD for >> managing PGP master keys >> >> Has anybody thought of making a dedicated live CD image for this >> purpose, with some kind of PGP quick setup wizard and attempting to >> enforce a sane and secure workflow? >> [...] >> Some specific things that the live image could do: >> - verifying there is no network connection, no DHCP daemon, >> automatically shutting down if a network connection becomes active > > You can't verify that in software, at the very least not on Intel CPUs with > an Intel network chipset. The AMT has its separate CPU, whole network > stack, a separate MAC address and complete access to the network card / > memory / main CPU. Thus there's no way to be secure other than telling the > user to physically yank the network cable. > > The AMD equivalent has AFAIK no such tight coupling with network cards but > it can probably still be nasty enough. Fortunately pretty recent AMD CPUs > (Bulldozer/Piledriver?) are not yet backdoored, but as the time passes, > they'll become less and less recent. >
One of those ARM-based Chromebooks could be a useful solution to that. I've added a section on known risks now: https://wiki.debian.org/OpenPGP/CleanRoomLiveEnvironment#Known_risks
