(Not Solved) Creating A "Login Or Nuke" Option

[KilUma]

I would like to create/install a method of logging in which would give a user-defined number of attempts to login correctly, or cause the hard disk, and any other external media, to be wiped(preferably by writing all 1's or 0's or random 1's and 0's).

It would need to be able to wipe the disk(s) from the very beginning(boot sector) to the very end.

I'm not sure if this post is in the correct board, but I know admin will move it for me if it isn't.

This login would have to happen right after the BiOS, perhaps even be part of the BiOS.

Or, should I try to do this through GrUB?

If anybody has any experience with this, please help.

[Aging Technogeek]

I cannot tell you how to do it, but I can say that it must be done in BIOS. Once the operating system is loaded, even just enough to run Grub, wiping the entire drive is not possible.

I suppose you could use grub to force boot into a partition that has DBAN, Active Killdisk, or another disk wiping program installed that could be set to run at boot and nuke the entire drive except for the partition holding the disk wiper. I would assume a bash script could be written to do this, but I am not a good enough scripter to do it.

[KilUma]

I was thinking of trying to modify the chainloader to go into a login prompt right after the BiOS and before GrUB. I really don't want to mess with the BiOS since that's the only thing on my system I haven't molested yet.

Like you, I'm not much of a scripter. Your idea of using a separate partition is interesting, but I wonder if I can make the system load this partition and run the scripts before GrUB starts its magic. If so, how can you make DBAN run automatically after a failed login attempt?

This is obviously going to take some creative expertise.

[KilUma]

I've been researching the BiOS option, and that seems to be a method of last resort. Check out this link on BiOS modding on laptops: http://www.flashrom.org/Laptops

Now researching chainloader...

[DrHu]

I would like to create/install a method of logging in which would give a user-defined number of attempts to login correctly, or cause the hard disk, and any other external media, to be wiped(preferably by writing all 1's or 0's or random 1's and 0's).

I have to say, that I don't understand the value of that mode/method..
--if it is as part of an image setup or an unattended setup, that can be handled by Redhats' kickstart or other server based setup control programs..
http://www.faqs.org/docs/Linux-HOWTO/Ki ... HOWTO.html
http://ask.metafilter.com/110935/Linuxb ... age-server
http://www.thegeekstuff.com/2010/07/tftpboot-server/

• --image style or other setups..

For a local machine, you wouldn't be able to do that easily, you would need to unmount a disk or user space and wipe/delete the data

• And manage scripts to logoff/clean shutdown (if needed)..

If you were connecting to a server, you could more able run a controlled environment, which would allow users any control of data on the local machine, or deletes it on logoff..
http://users.telenet.be/mydotcom/howto/ ... untu01.htm
--some of the desktop/local environments have a kiosk mode, which might allow more control of the user!

This login would have to happen right after the BiOS, perhaps even be part of the BiOS.

If you want better control of the BIOS and loading sequence, then you may want to take a look at mainboard support for coreboot: previously called Linuxbios
http://www.coreboot.org/Welcome_to_coreboot

http://rogerx.freeshell.org/programming ... index.html

[KilUma]

This is for a local machine. Right now, my only security is the BiOS password(and the Mint admin/login password). But I want more security. Ideally, my machine would load the BiOS, then chainload into a login prompt, and if login fails, will begin wiping/overwriting the HDD starting at the beginning of the disk.

The problem with doing this after GrUB is that I have multiple OS's and being able to load even one OS would defeat the purpose of having this layer of security.

I used to have a friend who did this, but I've lost contact with him over the years.

Also, as a side note, if I can get this to work I want the HDD wipe to occur with as little monitor output as possible.

[KilUma]

What about using a dongle?

[KilUma]

And Coreboot doesn't support my chipset. I did some research on coreboot awhile back. It's an attractive option, but laptops(to the best of my understanding) are notoriously difficult to work with due to a lack of vendor support on the EC.

[KilUma]

I hate to pester, but it's been a few days and I am trying to put this challenge back on top.

[KilUma]

FYI: my BiOS does not support USB. The dongle option is only available if I create some sort of boot system through my optical drive. So, is it possible to set up a system where a dvd/cd MUST be inserted with the correct key and the failsafe wipe commands!?

If so, where can I get reliable guidance on this?

[KilUma]

So, I bought a new system, and I just about have it where I want it. I've been thinking about this 'login/nuke' thing for awhile. This seems to be the only way to do this, but I'm not sure about execution.(This is for a laptop)

1. Create a dongle that has the key and bootstrap(USB, CD, DVD, bluetooth via USB[?wet dream?].
2. Change Bios settings to accept boot on dongle only(It's a Dell, which has a rather impressive support system for Linux operators)
3. Remove all bootstraps from the HDD, and the MBR(perhaps a blank grub??? Not sure)

These are just some ideas. I'd like to be able to do something like this.
Any ideas?