Category Archiveapple
apple & linux Ralf on 27 Jan 2006
Getting Linux booted on the Apple iMac Core Duo
All this rambling about not being able to boot WinXP on the new is beginning to really get onto my nerves.
I think it might actually be much easier to get other OS’s booting on the box not by relying on EFI but rather making use of OSX. After all, porting kexec from Linux to Darwin shouldn’t be too hard if I see things clearly enough. We can even do that without having the 10.4.4 source code for Intel (only the ppc tree is out, no new Intel specific bits have been released to this date): Device drivers have power management functions that get invoked when the system is put to sleep, shutdown or rebooted.
I am definitely planning to get a new 20″ iMac once I return from California in late February - however, I first want to see one in real life first. The plan is to visit the Apple Store in San Francisco on February 9th - before CodeCon. If nobody has made any progress on EFI till then I shall commence hacking on a kext to make my idea reality. Stay tuned.
apple & cryptology & linux Ralf on 03 Jan 2006
OSS disk encryption
Of course I couldn’t keep my trap shut when Jacob Appelbaum recently dissed Rubberhose in a recent talk at the 22C3. So I decided to do some research into the current state of disk encryption myself. I haven’t been really following that topic since about the 2000 or 2001. I’m currently using FileVault, LUKS and GBDE on my boxen, but to be honest - even though I’m a cryptologist, I haven’t had time to research their security yet - save some failed attempts at reverse-engineering the DiskImages framework of MacOS X to figure out what exactly Apple is up to with FileVault.
The following links are without meant to be notes to self for future research.
Research papers:
I. Damgård and K. Dupont:
Universially Composable Disk Encryption Schemes (IACR ePrint, PDF)
K. Gjøsteen:
Security notions for disk encryption (IACR ePrint, PDF)
M.J. Saarinen:
Encrypted Watermarks and Linux Laptop Security (WISA 2004 proceedings, backup can be here)
Implementation reports:
Dowdeswell and Ioannidis: The CryptoGraphic Disk Driver (NetBSD)
P.H. Kamp: GBDE - Geom Based Disk Encryption (FreeBSD)
C. Fruhwirt: LUKS On-Disk Format Specification Version 1.0 (Linux, dm-crypt based)
Deniable encryption:
Phonebook (Linux)
Rubberhose (NetBSD/Linux) mirror only
TrueCrypt (Windows XP/2000/2003, Linux)
apple & rants Ralf on 25 Dec 2005
OSX resolver idiocy
Being a frequent OpenVPN/TunnelBlick user these days, I want to change my DNS resolver configuration after having established a tunnel. Until very recently I was under the impression any decent Un*x-like OS has its resolver configuration in /etc/resolv.conf. Well, this doesn’t apply for OSX. The resolv.conf in /etc is only a read-only mirror of the resolver configuration; changes in this file will not be propagated back to the resolver. No, this setting needs to be manipulated in a “dynamic store maintainted by configd(8)” [AFP548: Using scutil to set DNS server]. Thank you very much, Apple.
UPDATE: The above apparently only applies to Tiger; the issue has been discussed in several other places before
