(Not Solved) Creating A "Login Or Nuke" Option

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read this

(Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Sat Jun 16, 2012 3:46 am

I would like to create/install a method of logging in which would give a user-defined number of attempts to login correctly, or cause the hard disk, and any other external media, to be wiped(preferably by writing all 1's or 0's or random 1's and 0's).

It would need to be able to wipe the disk(s) from the very beginning(boot sector) to the very end.

I'm not sure if this post is in the correct board, but I know admin will move it for me if it isn't. :wink:

This login would have to happen right after the BiOS, perhaps even be part of the BiOS.

Or, should I try to do this through GrUB?

If anybody has any experience with this, please help.
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Linux Mint is funded by ads and donations.
 

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby Aging Technogeek on Sat Jun 16, 2012 4:38 am

I cannot tell you how to do it, but I can say that it must be done in BIOS. Once the operating system is loaded, even just enough to run Grub, wiping the entire drive is not possible.

I suppose you could use grub to force boot into a partition that has DBAN, Active Killdisk, or another disk wiping program installed that could be set to run at boot and nuke the entire drive except for the partition holding the disk wiper. I would assume a bash script could be written to do this, but I am not a good enough scripter to do it.
Image

Registered Linux User 483387
User avatar
Aging Technogeek
Level 13
Level 13
 
Posts: 4605
Joined: Sun Jan 11, 2009 9:54 am
Location: Right about here

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Sat Jun 16, 2012 1:25 pm

I was thinking of trying to modify the chainloader to go into a login prompt right after the BiOS and before GrUB. I really don't want to mess with the BiOS since that's the only thing on my system I haven't molested yet.

Like you, I'm not much of a scripter. Your idea of using a separate partition is interesting, but I wonder if I can make the system load this partition and run the scripts before GrUB starts its magic. If so, how can you make DBAN run automatically after a failed login attempt?

This is obviously going to take some creative expertise.
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Sat Jun 16, 2012 2:12 pm

I've been researching the BiOS option, and that seems to be a method of last resort. Check out this link on BiOS modding on laptops: http://www.flashrom.org/Laptops

Now researching chainloader...
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby DrHu on Sat Jun 16, 2012 2:20 pm

KilUma wrote:I would like to create/install a method of logging in which would give a user-defined number of attempts to login correctly, or cause the hard disk, and any other external media, to be wiped(preferably by writing all 1's or 0's or random 1's and 0's).

I have to say, that I don't understand the value of that mode/method..
--if it is as part of an image setup or an unattended setup, that can be handled by Redhats' kickstart or other server based setup control programs..
http://www.faqs.org/docs/Linux-HOWTO/Ki ... HOWTO.html
http://ask.metafilter.com/110935/Linuxb ... age-server
http://www.thegeekstuff.com/2010/07/tftpboot-server/
    --image style or other setups..

For a local machine, you wouldn't be able to do that easily, you would need to unmount a disk or user space and wipe/delete the data
    And manage scripts to logoff/clean shutdown (if needed)..

If you were connecting to a server, you could more able run a controlled environment, which would allow users any control of data on the local machine, or deletes it on logoff..
http://users.telenet.be/mydotcom/howto/ ... untu01.htm
--some of the desktop/local environments have a kiosk mode, which might allow more control of the user!

KilUma wrote:This login would have to happen right after the BiOS, perhaps even be part of the BiOS.

If you want better control of the BIOS and loading sequence, then you may want to take a look at mainboard support for coreboot: previously called Linuxbios
http://www.coreboot.org/Welcome_to_coreboot

http://rogerx.freeshell.org/programming ... index.html
User avatar
DrHu
Level 16
Level 16
 
Posts: 6694
Joined: Wed Jun 17, 2009 8:20 pm

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Sat Jun 16, 2012 2:37 pm

This is for a local machine. Right now, my only security is the BiOS password(and the Mint admin/login password). But I want more security. Ideally, my machine would load the BiOS, then chainload into a login prompt, and if login fails, will begin wiping/overwriting the HDD starting at the beginning of the disk.

The problem with doing this after GrUB is that I have multiple OS's and being able to load even one OS would defeat the purpose of having this layer of security.

I used to have a friend who did this, but I've lost contact with him over the years.

Also, as a side note, if I can get this to work I want the HDD wipe to occur with as little monitor output as possible.
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Sat Jun 16, 2012 2:38 pm

What about using a dongle?
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Sat Jun 16, 2012 2:50 pm

And Coreboot doesn't support my chipset. I did some research on coreboot awhile back. It's an attractive option, but laptops(to the best of my understanding) are notoriously difficult to work with due to a lack of vendor support on the EC.
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Thu Jun 21, 2012 12:12 am

I hate to pester, but it's been a few days and I am trying to put this challenge back on top.
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Thu Jun 21, 2012 12:26 am

FYI: my BiOS does not support USB. The dongle option is only available if I create some sort of boot system through my optical drive. So, is it possible to set up a system where a dvd/cd MUST be inserted with the correct key and the failsafe wipe commands!?

If so, where can I get reliable guidance on this?
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Re: (Not Solved) Creating A "Login Or Nuke" Option

Postby KilUma on Tue Mar 12, 2013 12:25 am

So, I bought a new system, and I just about have it where I want it. I've been thinking about this 'login/nuke' thing for awhile. This seems to be the only way to do this, but I'm not sure about execution.(This is for a laptop)

1. Create a dongle that has the key and bootstrap(USB, CD, DVD, bluetooth via USB[?wet dream?].
2. Change Bios settings to accept boot on dongle only(It's a Dell, which has a rather impressive support system for Linux operators)
3. Remove all bootstraps from the HDD, and the MBR(perhaps a blank grub??? Not sure)

These are just some ideas. I'd like to be able to do something like this.
Any ideas?
Inspiron n5110; 4 X Intel Core i5-2450 2.5ghz; 8G ddr3; Intel Sandybridge Mobile; Intel 2nd gen integrated graphics controller; Dual-boot Mint14KDE; Win7.

Image
KilUma
Level 2
Level 2
 
Posts: 63
Joined: Sat Feb 12, 2011 9:08 pm

Linux Mint is funded by ads and donations.
 

Return to Installation & Boot

Who is online

Users browsing this forum: No registered users and 12 guests