Hi group,

This is a general question about how to build a 'Bullet Proof' server.
What I would like to do is emulate a CDR on a flash drive. I don't want to have a CD attached to the system but I want the functionality of a CD. That being read-only, bootable medium.I know I can mount it read-only but if a hacker gets in, then he can remount it and have his way with my system.

I am looking for a USB device that I can removed and updated. I could live with a write-once flash, maybe. Maybe a PIC?? I am not concerned about physical security, if you lose that, it is all over anyway. And of course, cost is a factor.

Any ideas?? Thanks for your time.

An SD WORM cost way to much!

So I think the way aroung this is to create a special driver to handle the new feature?? Say, create a read-only flash driver for the kernel?

Any thoughts?

You could encrypt a USB device, then mount it read-only. The encryption would prevent other people from mounting the device in any mode. I use True Crypt because it has been ported to Linux and Windows so you can use the same encrypted disk on both systems with 100% compatibility.

http://www.truecrypt.org/

If the drive was encrypted, could I then boot from it??

You would have to have an unencrypted boot partition that holds the contents of the /boot directory. The rest of the system could be in the encrypted partition.

However if you want to boot from the device then you should use a native Linux encryption product. You can find instructions to do this all over the Internet. Google for something like linux boot encrypted partition. You will probably have to combine instructions to boot from a USB stick with other instructions to boot from an encrypted system partition.

Good luck. Sounds like a good idea to me.

What about booting from an SD card with a rw/ro switch. You wouldn't need to emulate a CD. It simply can't be written to.

After doing some googling ( which I should have done first ), it looks like a write-protected SD or pen drive is my solution. The question is, which type of flash is more dependable?? I have had many pen drive that have failed in a short time.

Your experiences, comments?

Don't know if that's what your hunting for but IronKey is pretty good to me
Of course, I don't experiment on it like my other usb's, but it works like it says...

https://www.ironkey.com/

You may want to limit which directories you use. Flash can be fast for reads but slow for writes. Also there are a limited number of writes. So you want to use ext2 instead of ext3, to reduce the number of writes due to journaling. As you will be mounting it read-only (when mot making changes), look in the Linux Filesystem Hierarchy Guide in the tldp.org website. Some directories can be static. Those are the candidates for your R/O drive. I'm not certain, but I think that the performance of a higher quality SD card will be better. Perhaps one designed to perform well recording & playing back video. If you have an mmc card slot, this may work better than one that uses a usb interface. However a cheaper SD card may be limited to 11 MB/sec, according to testing a Sandisk card on my laptop using hdparm.