LinuxCNC on non-backdoored hardware - what are the options?
21 Oct 2021 08:27 - 21 Oct 2021 08:52 #223795
by Octoplex
Replied by Octoplex on topic LinuxCNC on non-backdoored hardware - what are the options?
Thanks for all the suggestions and advice so far.
After more research into this problem today, we have determined that we cannot reliably secure a 'modern' computer. It appears that the entire microprocessor industry has turned their CPUs into surveillance devices. This makes them obsolete for any serious industrial work - if they are connected to the internet.
We have therefore decided to completely air-gap our LinuxCNC manufacturing systems, and to physically remove their networking hardware.
The problem extends beyond the chip-on-chip surveillance processors embedded in AMD and Intel CPUs: We additionally ran into the problem of auditing a version of Linux itself, which is a massive undertaking that we don't have the resources to undertake.
The best solution appears to be to air-gap the Linux computers we use for manufacturing and then use seperate machines running OpenBSD on Libreboot compatible systems for internet comms.
I'm still interested in hearing from others who have addressed this issue, but my conclusion is that air-gapping the manufacturing process is the only way to be sure we are secure.
After more research into this problem today, we have determined that we cannot reliably secure a 'modern' computer. It appears that the entire microprocessor industry has turned their CPUs into surveillance devices. This makes them obsolete for any serious industrial work - if they are connected to the internet.
We have therefore decided to completely air-gap our LinuxCNC manufacturing systems, and to physically remove their networking hardware.
The problem extends beyond the chip-on-chip surveillance processors embedded in AMD and Intel CPUs: We additionally ran into the problem of auditing a version of Linux itself, which is a massive undertaking that we don't have the resources to undertake.
The best solution appears to be to air-gap the Linux computers we use for manufacturing and then use seperate machines running OpenBSD on Libreboot compatible systems for internet comms.
I'm still interested in hearing from others who have addressed this issue, but my conclusion is that air-gapping the manufacturing process is the only way to be sure we are secure.
Last edit: 21 Oct 2021 08:52 by Octoplex. Reason: typo
Please Log in or Create an account to join the conversation.
21 Oct 2021 08:56 #223799
by rodw
Replied by rodw on topic LinuxCNC on non-backdoored hardware - what are the options?
Arguably Opensource Linux with thousands of users auditing and checking the code would be more secure than OpenBSD with 6-12 security auditors.
Please Log in or Create an account to join the conversation.
21 Oct 2021 10:08 - 21 Oct 2021 10:14 #223803
by Octoplex
I'd like to hear more about this.
My understanding was that although there are fewer auditors for OpenBSD, there is substantially less code, less features enabled by default, and a primary focus on security.
Please note that, at this stage, I don't have any allegiance to any particular OS, so I'm open to hearing how others here are securing their systems. As I understand it, however, although there are plausibly more people auditing Linux in general, there are many different distributions across which these audits occur, and a general inclination (in the most popular Linux distributions) to push functionality and third-party software-bundling over security. This makes audits hard.
For example, we have used the Debian edition of Linux Mint on some machines here, and while I admire the OS, there is a lot of complexity there on the standard installation, and a lot of features automatically enabled.
Conversely, with OpenBSD, on other test machines here, we have to turn on features as we need them, rather than disable features when we don't.
It seems like the most popular Linux distributions (and therefore the most audited) are also the most difficult to audit, as they are designed for mainstream use where functionality and bundled software is prioritized over security.
Obviously, we could opt for a more 'secure' Linux distribution, but then these distributions are less widely used and therefore less audited.
I hope this makes sense. In summary: The most audited Linux distributions are also the most sprawling; making audits much harder to rely on.
OpenBSD seems to strike a balance between the size and skill of the audit team, combined with a smaller codebase to audit.
In other words: There may be more Linux being audited, but I feel there is also more Linux to audit. This makes the equation a difficult one...
Replied by Octoplex on topic LinuxCNC on non-backdoored hardware - what are the options?
Arguably Opensource Linux with thousands of users auditing and checking the code would be more secure than OpenBSD with 6-12 security auditors.
I'd like to hear more about this.
My understanding was that although there are fewer auditors for OpenBSD, there is substantially less code, less features enabled by default, and a primary focus on security.
Please note that, at this stage, I don't have any allegiance to any particular OS, so I'm open to hearing how others here are securing their systems. As I understand it, however, although there are plausibly more people auditing Linux in general, there are many different distributions across which these audits occur, and a general inclination (in the most popular Linux distributions) to push functionality and third-party software-bundling over security. This makes audits hard.
For example, we have used the Debian edition of Linux Mint on some machines here, and while I admire the OS, there is a lot of complexity there on the standard installation, and a lot of features automatically enabled.
Conversely, with OpenBSD, on other test machines here, we have to turn on features as we need them, rather than disable features when we don't.
It seems like the most popular Linux distributions (and therefore the most audited) are also the most difficult to audit, as they are designed for mainstream use where functionality and bundled software is prioritized over security.
Obviously, we could opt for a more 'secure' Linux distribution, but then these distributions are less widely used and therefore less audited.
I hope this makes sense. In summary: The most audited Linux distributions are also the most sprawling; making audits much harder to rely on.
OpenBSD seems to strike a balance between the size and skill of the audit team, combined with a smaller codebase to audit.
In other words: There may be more Linux being audited, but I feel there is also more Linux to audit. This makes the equation a difficult one...
Last edit: 21 Oct 2021 10:14 by Octoplex. Reason: typo
Please Log in or Create an account to join the conversation.
- tommylight
-
- Away
- Moderator
-
Less
More
- Posts: 17796
- Thank you received: 5918
21 Oct 2021 10:17 #223804
by tommylight
Replied by tommylight on topic LinuxCNC on non-backdoored hardware - what are the options?
Seems you are forgeting something, it is not just the processor spying, everything is, turn off your PC and look at the back, the LED's on the RJ45 connector are still on and sending data.
And you will have phones around, they spy on everything all the time, TV's do also, well everything does.
And you will have phones around, they spy on everything all the time, TV's do also, well everything does.
Please Log in or Create an account to join the conversation.
21 Oct 2021 10:34 #223805
by Octoplex
Replied by Octoplex on topic LinuxCNC on non-backdoored hardware - what are the options?
Thank you for making more people aware of these problems.
As well as using non-backdoored CPUs and ethernet cards, we are also in the process of designing a router that will checksum incoming and outgoing data at a low-level. We are also switching to the Gemini protocol for our library systems and gradually phasing out http use for our company. I know a few others are also making this change, for the reason you highlight.
We've equipped our engineering team with Motorola V3s (2004), which we have audited for security. These are unable to geolocate or stream audio/video data at any usable rate for surveillance. They're also great phones. Engineers are instructed not to discuss projects on open lines, but they work well for basic comms.
Thank you again for bringing awareness to this issue. We are not using any backdoored equipment, as far as we know. This includes these so-called 'smart TVs' and other devices with concealed surveillance tech.
We're very serious about running a secure manufacturing facility, and this has largely involved going back to technology that was thought to be obsolete, but which it is now becoming clear still represents the best the industry currently has to offer.
the LED's on the RJ45 connector are still on and sending data.
As well as using non-backdoored CPUs and ethernet cards, we are also in the process of designing a router that will checksum incoming and outgoing data at a low-level. We are also switching to the Gemini protocol for our library systems and gradually phasing out http use for our company. I know a few others are also making this change, for the reason you highlight.
And you will have phones around, they spy on everything all the time.
We've equipped our engineering team with Motorola V3s (2004), which we have audited for security. These are unable to geolocate or stream audio/video data at any usable rate for surveillance. They're also great phones. Engineers are instructed not to discuss projects on open lines, but they work well for basic comms.
TV's do also
Thank you again for bringing awareness to this issue. We are not using any backdoored equipment, as far as we know. This includes these so-called 'smart TVs' and other devices with concealed surveillance tech.
We're very serious about running a secure manufacturing facility, and this has largely involved going back to technology that was thought to be obsolete, but which it is now becoming clear still represents the best the industry currently has to offer.
Please Log in or Create an account to join the conversation.
- tommylight
-
- Away
- Moderator
-
Less
More
- Posts: 17796
- Thank you received: 5918
21 Oct 2021 11:06 #223809
by tommylight
Replied by tommylight on topic LinuxCNC on non-backdoored hardware - what are the options?
Maybe i did not say it clearly as i am not good at explaining things, another try:
-Linux is very good for security, forget the internet cr@p saying it is same as windoze, that is a blatant lie fueled by Millions of $ shoveled by MS to every media outlet over the last 18 years.
-!!! RANT !!! MS literally stole the networking parts from Linux and glued/stitched into win2K - IBM wins against SCO - Nowell buys Suse Linux to avoid lawsuits from IBM - MS pays a hefty sum to Nowell for the right to use any Linux code on windows legally but never ever acknowledges that till "Windows subsystem for Linux" !!! What a sham! That is a Linux subsystem for windows as by win10 there is so much Linux code in it that it's become a mess over a mess that already was a mess. End of rant, hopefully.
-As for PC's, older DELL and HP and Fujitsu-Siemens workstations are very good, plenty of them around still as they never fail. IBM were also very, very good, but some series had internal timer issues causing some strange failures when used with Linux tasks requiring precise scheduling.
-Also servers from that era are very good and very cheap, but they are loud. Do not underestimate the amount of noise they are capable of generating!
-SuperMicro servers were very good, had several of them, with LinuxCNC! Even survived lightning a strike that fried almost everything else there.
-Forget the "industrial" PC, that was important pre 1999-ish, now there is no difference, well there is but inverted.
-Linux is very good for security, forget the internet cr@p saying it is same as windoze, that is a blatant lie fueled by Millions of $ shoveled by MS to every media outlet over the last 18 years.
-!!! RANT !!! MS literally stole the networking parts from Linux and glued/stitched into win2K - IBM wins against SCO - Nowell buys Suse Linux to avoid lawsuits from IBM - MS pays a hefty sum to Nowell for the right to use any Linux code on windows legally but never ever acknowledges that till "Windows subsystem for Linux" !!! What a sham! That is a Linux subsystem for windows as by win10 there is so much Linux code in it that it's become a mess over a mess that already was a mess. End of rant, hopefully.
-As for PC's, older DELL and HP and Fujitsu-Siemens workstations are very good, plenty of them around still as they never fail. IBM were also very, very good, but some series had internal timer issues causing some strange failures when used with Linux tasks requiring precise scheduling.
-Also servers from that era are very good and very cheap, but they are loud. Do not underestimate the amount of noise they are capable of generating!
-SuperMicro servers were very good, had several of them, with LinuxCNC! Even survived lightning a strike that fried almost everything else there.
-Forget the "industrial" PC, that was important pre 1999-ish, now there is no difference, well there is but inverted.
Please Log in or Create an account to join the conversation.
21 Oct 2021 14:47 #223820
by rodw
Replied by rodw on topic LinuxCNC on non-backdoored hardware - what are the options?
Its not the Linux applications that are the security risk. Focus on the Linux kernel which is common to all distros. Just get rid of Xwindows. Command line only like CentOS or Ubuntu server. Ubuntu Server guarantee the OS security to 2025.
Linuxcnc will run on my Chromebook Linux without any xwindows installed.
Then there is Android maybe running on the New Tensor chipset from Google which also uses a dedicated 2nd generationTitan M2 security chip. The chip’s primary function is to verify the boot conditions for starting up Android, ensuring that it hasn’t been tampered with at a low level. The Titan M verifies the signature of its flash-based firmware using a public key built into the chip’s silicon.
Linuxcnc will run on my Chromebook Linux without any xwindows installed.
Then there is Android maybe running on the New Tensor chipset from Google which also uses a dedicated 2nd generationTitan M2 security chip. The chip’s primary function is to verify the boot conditions for starting up Android, ensuring that it hasn’t been tampered with at a low level. The Titan M verifies the signature of its flash-based firmware using a public key built into the chip’s silicon.
Please Log in or Create an account to join the conversation.
Time to create page: 0.108 seconds