Consider using write-once optical media instead of USBs for booting OSs about glacierprotocol.github.io HOT 4 OPEN

I agree this would be a security improvement, however it means both setup computers and both quarantined laptops must have optical drives, which are becoming increasingly rare, especially in lower-cost hardware.

You would still need two disks, because the purpose of using two setup computers is to mitigate the risk that one of them is compromised. And you might even need 4 disks unless we figure out a reliable way to partition the disc to have a bootable live partition and a second data partition to replace the Q1 APP USB.

Why do you say you'd still require 1 USB per quarantined computer?

from glacierprotocol.github.io.

increasingly rare

True, tho external ones can be bought. I wonder tho if using a USB optical drive essentially removes any advantages of using optical disks, if the USB firmware of the drive can be compromised. Which would mean you'd need 1 optical drive per computer, which kind of defeats the purpose I guess.

You would still need two disks, because the purpose of using two setup computers is to mitigate the risk that one of them is compromised.

I would assume there's a way to deterministically verify the disc's contents, meaning you could write on one setup machine and verify on the other.

a reliable way to partition the disc to have a bootable live partition and a second data partition to replace the Q1 APP USB.

That's fair. If partitioning the disc is hard, then you'd need a second disc.

Why do you say you'd still require 1 USB per quarantined computer?

I thought there were 6 USBs in total - 1 boot USB, 1 app USB, and 1 transfer USB per machine. Maybe I'm wrong about that - I'm not sure about the transfer USB.

from glacierprotocol.github.io.

True, tho external ones can be bought. I wonder tho if using a USB optical drive essentially removes any advantages of using optical disks, if the USB firmware of the drive can be compromised. Which would mean you'd need 1 optical drive per computer, which kind of defeats the purpose I guess.

Yes, good point. Glacier is all about paranoia, and I'd worry about the security implications of external USB optical drives.

I would assume there's a way to deterministically verify the disc's contents, meaning you could write on one setup machine and verify on the other.

Probably could work. This would be dangerous with today's USB keys because a compromised verification computer could modify the (previously clean) USB data. But with read-only media, it would work well.

That's fair. If partitioning the disc is hard, then you'd need a second disc.

I don't know about optical media, but for USB I did some research on partitioning. It's possible, and sometimes works, but it's reported that some laptop BIOSs would not boot from a USB drive so configured.

I thought there were 6 USBs in total - 1 boot USB, 1 app USB, and 1 transfer USB per machine. Maybe I'm wrong about that - I'm not sure about the transfer USB.

QR codes are used for all data transfer. Only 4 USBs total.

Question: if we used USB keys with a write-enable switch (like the Kanguru Flashblu 30), would that have the same benefits?

from glacierprotocol.github.io.

if we used USB keys with a write-enable switch (like the Kanguru Flashblu 30)

Well, if the switch really and truly disallows any possible writing, then it should provide similar benefits to a read-only optical disk. However, part of the protocol is to mitigate malicious USB hardware. If the USB drive is malicious, the read-only protection could be fake or backdoored. With read-only optical media, there's very little malicious behavior that's possible.

from glacierprotocol.github.io.