DOCSLIB.ORG

Security and Linux on Z Systems

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Security and Linux on Z Systems Front cover Security and Linux on IBM Z Lydia Parziale Klaus Egeler Manoj S. Pattabhiraman Redpaper International Technical Support Organization Security and Linux on IBM Z December 2017 REDP-5464-00 Note: Before using this information and the product it supports, read the information in “Notices” on page v. First Edition (December 2017) This edition applies to the IBM Z platform, Red Hat Enterprise Linux Servers v7.4, and z/VM v6.4. This document was created or updated on January 8, 2018. © Copyright International Business Machines Corporation 2017. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . .v Trademarks . vi Preface . vii Authors. vii Now you can become a published author, too! . vii Comments welcome. viii Stay connected to IBM Redbooks . viii Chapter 1. Why security and encryption. 1 1.1 Why security matters. 2 1.2 Why use encryption. 2 1.3 Pervasive encryption with the IBM z14 . 3 1.3.1 CP Assist for Cryptographic Function . 4 1.3.2 Crypto Express6S . 5 1.4 Benefits of Hardware Crypto . 6 1.5 Verification of installed LIC 3863 using the SE . 7 Chapter 2. Data security and Linux on IBM Z. 9 2.1 Data security . 10 2.1.1 Encryption . 10 2.2 Pervasive encryption. 11 2.3 LinuxONE and IBM Z Cryptographic Hardware features . 12 2.3.1 CP Assist for Cryptographic Function . 13 2.3.2 Crypto Express6S . 13 2.4 Overview of enabling cryptographic adapters . 14 2.4.1 Hardware configuration: Setting up an LPAR to use Crypto. 14 2.4.2 Configuring Cryptographic adapters in z/VM . 15 2.4.3 Setting up Cryptographic adapter for use from Linux on IBM Z . 15 2.5 Verification of installed LIC 3863 using the SE . 15 2.6 The hardware and software test environment. 16 2.7 Cryptographic software support: z/VM . 17 2.7.1 Defining Cryptographic feature in z/VM . 17 2.7.2 Configuring Cryptographic feature in z/VM . 18 2.7.3 Hardware cryptography exploitation in Linux on IBM Z. 20 Chapter 3. Pervasive encryption: Data-at- rest encryption . 29 3.1 Introduction . 30 3.2 LinuxONE Hardware-accelerated in-kernel cryptography. 30 3.2.1 Verification of support for Hardware Cryptographic operation . 30 3.2.2 The dm-crypt module . 31 3.3 Data-at-Rest using dm-crypt LUKS encryption . 33 3.3.1 Setting up cryptsetup . 34 3.3.2 Creating a LUKS partition . 35 3.3.3 Test for demonstrating encryption performance with hardware optimization . 38 Chapter 4. Pervasive encryption: Data in flight encryption . 41 4.1 Preparing to use OpenSSL . 42 4.2 Configuring OpenSSL . 43 © Copyright IBM Corp. 2017. All rights reserved. iii 4.3 Testing Hardware Crypto functions. 45 4.3.1 Crypto Express6S card support for OpenSSL . 46 4.3.2 CPACF support for OpenSSL . 47 4.3.3 Testing the encryption using SSH. 49 Chapter 5. IBM Secure Service Container . 51 5.1 Introduction to IBM Secure Service Container . 52 5.2 IBM Secure Service Container internals . 52 5.2.1 Secure Service Container boot environment . 53 5.2.2 Boot sequence . 53 5.3 Installing and managing the appliance . 53 5.3.1 Installation and configuration . 53 5.3.2 Managing the appliance . 54 5.4 Key features of Secure Service Container . 55 Related publications . 57 IBM Redbooks . 57 Online resources . 57 Help from IBM . 57 iv Security and Linux on IBM Z Notices This information was developed for products and services offered in the US. This material might be available from IBM in other languages. However, you may be required to own a copy of the product or product version in that language in order to access it. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user’s responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive, MD-NC119, Armonk, NY 10504-1785, US INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM websites are provided for convenience only and do not in any manner serve as an endorsement of those websites. The materials at those websites are not part of the materials for this IBM product and use of those websites is at your own risk. IBM may use or distribute any of the information you provide in any way it believes appropriate without incurring any obligation to you. The performance data and client examples cited are presented for illustrative purposes only. Actual performance results may vary depending on specific configurations and operating conditions. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. Statements regarding IBM’s future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to actual people or business enterprises is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided “AS IS”, without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. © Copyright IBM Corp. 2017. All rights reserved. v Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service.
Load more

Recommended publications
  • Operating System Boot from Fully Encrypted Device
    Masaryk University Faculty of Informatics Operating system boot from fully encrypted device Bachelor’s Thesis Daniel Chromik Brno, Fall 2016 Replace this page with a copy of the official signed thesis assignment and the copy of the Statement of an Author. Declaration Hereby I declare that this paper is my original authorial work, which I have worked out by my own. All sources, references and literature used or excerpted during elaboration of this work are properly cited and listed in complete reference to the due source. Daniel Chromik Advisor: ing. Milan Brož i Acknowledgement I would like to thank my advisor, Ing. Milan Brož, for his guidance and his patience of a saint. Another round of thanks I would like to send towards my family and friends for their support. ii Abstract The goal of this work is description of existing solutions for boot- ing Linux and Windows from fully encrypted devices with Secure Boot. Before that, though, early boot process and bootloaders are de- scribed. A simple Linux distribution is then set up to boot from a fully encrypted device. And lastly, existing Windows encryption solutions are described. iii Keywords boot process, Linux, Windows, disk encryption, GRUB 2, LUKS iv Contents 1 Introduction ............................1 1.1 Thesis goals ..........................1 1.2 Thesis structure ........................2 2 Boot Process Description ....................3 2.1 Early Boot Process ......................3 2.2 Firmware interfaces ......................4 2.2.1 BIOS – Basic Input/Output System . .4 2.2.2 UEFI – Unified Extended Firmware Interface .5 2.3 Partitioning tables ......................5 2.3.1 MBR – Master Boot Record .
    [Show full text]
  • White Paper: Indestructible Firewall in a Box V1.0 Nick Mccubbins
    White Paper: Indestructible Firewall In A Box v1.0 Nick McCubbins 1.1 Credits • Nathan Yawn ([email protected]) 1.2 Acknowledgements • Firewall-HOWTO • Linux Router Project • LEM 1.3 Revision History • Version 1.0 First public release 1.4 Feedback • Send all information and/or criticisms to [email protected] 1.5 Distribution Policy 2 Abstract In this document, the procedure for creating an embedded firewall whose root filesystem is loaded from a flash disk and then executed from a RAMdisk will be illustrated. A machine such as this has uses in many environments, from corporate internet access to sharing of a cable modem or xDSL connection among many computers. It has the advantages of being very light and fast, being impervious to filesystem corruption due to power loss, and being largely impervious to malicious crackers. The type of firewall illustrated herein is a simple packet-filtering, masquerading setup. Facilities for this already exist in the Linux kernel, keeping the system's memory footprint small. As such the device lends itself to embedding very well. For a more detailed description of firewall particulars, see the Linux Firewall-HOWTO. 3 Equipment This project has minimal hardware requirements. An excellent configuration consists of: For a 100-baseT network: • SBC-554 Pentium SBC with PISA bus and on-board PCI NIC (http://www.emacinc.com/pc.htm#pentiumsbc), approx. $373 • PISA backplane, chassis, power supply (http://www.emacinc.com/sbcpc_addons/mbpc641.htm), approx. $305 • Second PCI NIC • 32 MB RAM • 4 MB M-Systems Flash Disk (minimum), approx. $45 For a 10-baseT network: • EMAC's Standard Server-in-a-Box product (http://www.emacinc.com/server_in_a_box.htm), approx.
    [Show full text]
  • Chapter 3. Booting Operating Systems
    Chapter 3. Booting Operating Systems Abstract: Chapter 3 provides a complete coverage on operating systems booting. It explains the booting principle and the booting sequence of various kinds of bootable devices. These include booting from floppy disk, hard disk, CDROM and USB drives. Instead of writing a customized booter to boot up only MTX, it shows how to develop booter programs to boot up real operating systems, such as Linux, from a variety of bootable devices. In particular, it shows how to boot up generic Linux bzImage kernels with initial ramdisk support. It is shown that the hard disk and CDROM booters developed in this book are comparable to GRUB and isolinux in performance. In addition, it demonstrates the booter programs by sample systems. 3.1. Booting Booting, which is short for bootstrap, refers to the process of loading an operating system image into computer memory and starting up the operating system. As such, it is the first step to run an operating system. Despite its importance and widespread interests among computer users, the subject of booting is rarely discussed in operating system books. Information on booting are usually scattered and, in most cases, incomplete. A systematic treatment of the booting process has been lacking. The purpose of this chapter is to try to fill this void. In this chapter, we shall discuss the booting principle and show how to write booter programs to boot up real operating systems. As one might expect, the booting process is highly machine dependent. To be more specific, we shall only consider the booting process of Intel x86 based PCs.
    [Show full text]
  • Self-Encrypting Deception: Weaknesses in the Encryption of Solid State Drives
    Self-encrypting deception: weaknesses in the encryption of solid state drives Carlo Meijer Bernard van Gastel Institute for Computing and Information Sciences School of Computer Science Radboud University Nijmegen Open University of the Netherlands [email protected] and Institute for Computing and Information Sciences Radboud University Nijmegen Bernard.vanGastel@{ou.nl,ru.nl} Abstract—We have analyzed the hardware full-disk encryption full-disk encryption. Full-disk encryption software, especially of several solid state drives (SSDs) by reverse engineering their those integrated in modern operating systems, may decide to firmware. These drives were produced by three manufacturers rely solely on hardware encryption in case it detects support between 2014 and 2018, and are both internal models using the SATA and NVMe interfaces (in a M.2 or 2.5" traditional form by the storage device. In case the decision is made to rely on factor) and external models using the USB interface. hardware encryption, typically software encryption is disabled. In theory, the security guarantees offered by hardware encryp- As a primary example, BitLocker, the full-disk encryption tion are similar to or better than software implementations. In software built into Microsoft Windows, switches off software reality, we found that many models using hardware encryption encryption and completely relies on hardware encryption by have critical security weaknesses due to specification, design, and implementation issues. For many models, these security default if the drive advertises support. weaknesses allow for complete recovery of the data without Contribution. This paper evaluates both internal and external knowledge of any secret (such as the password).
    [Show full text]
  • Zenworks 2017 Update 4 Troubleshooting Full Disk Encryption January 2019
    ZENworks 2017 Update 4 Troubleshooting Full Disk Encryption January 2019 This document provides troubleshooting guidelines for common problems related to ZENworks Full Disk Encryption. If, after completing the troubleshooting steps, the problem is not resolved, you should contact Technical Support (https://www.novell.com/support/) for additional help. 1 Windows PE Emergency Recovery Disk (ERD) is not working Make sure you have installed the correct WAIK architecture (32-bit vs 64-bit) (Windows 7 only) If you manually created the ERD, use the PowerShell script provided in the Cool Solutions “Windows Powershell script to create a Windows PE emergency recovery disk for ZENworks Full Disk Encryption” article. Try creating the ERD using the ADK for Windows instead of Windows AIK. See “Creating a Windows PE Emergency Recovery Disk” in the ZENworks Full Disk Encryption Emergency Recovery Reference. Try burning the ERD to a DVD rather than a CD. 2 Issues with PBA login or boot sequence After pre-boot authentication occurs, the BIOS or UEFI settings must be correctly set for Windows. With unusual DMI hardware configurations, the standard ZENworks PBA boot method and Linux kernel configuration used to provide the BIOS settings, might not work, resulting in hardware that does not function correctly or is not recognized by Windows. Beginning in ZENworks 2017 Update 2, the Full Disk Encryption Agent includes DMI menu options to repair the boot sequence for issues relating to these DMI configurations. This menu is accessible by using the Ctrl + G keyboard command at a brief point when Full Disk Encryption is shown during a device restart.
    [Show full text]
  • Disk Encryption with 100Gbe Crypto Accelerator
    Disk Encryption with 100GbE Crypto Accelerator Chelsio T6 vs. Intel AES-NI vs. Software Enabled Encryption Executive Summary Chelsio Crypto Accelerator is a co-processor designed specifically to perform computationally intensive cryptographic operations more efficiently than general-purpose CPUs. Servers with system load, comprising of cryptographic operations, see great performance improvement by offloading crypto operations on to the Chelsio Unified Wire adapter. Chelsio’s solution uses the standard crypto API framework provided by the operating system and enables the offloading of crypto operations to the adapter. This paper showcases the disk encryption acceleration capabilities of Chelsio T6 adapters by comparing its performance with Intel AES-NI and software encryption. Chelsio solution excels with 100Gbps Crypto rate performance for both encryption and decryption with less than 50% CPU usage. Chelsio’s T6 encryption solution assures complete data protection to datacenters, while providing substantial savings on CPU and memory. Chelsio Disk Encryption Offload The Terminator 6 (T6) ASIC from Chelsio Communications, Inc. is a sixth generation, high performance 1/10/25/40/50/100Gbps unified wire engine which offers crypto offload capability for AES and SHA variants. Chelsio’s disk encryption solution is a special case of data at rest protection where the storage media is a sector-addressable device. Chelsio offloads the AES-XTS mode, which is designed for encrypting data stored on hard disks where there is no additional space for an integrity field. AES-XTS builds on the security of AES by protecting the storage device from many dictionary and copy/paste attacks. Chelsio crypto driver registers with the kernel crypto framework with high priority and ensures that any disk encryption request is offloaded and processed by T6 adapter.
    [Show full text]
  • Speeding up Linux Disk Encryption Ignat Korchagin @Ignatkn $ Whoami
    Speeding Up Linux Disk Encryption Ignat Korchagin @ignatkn $ whoami ● Performance and security at Cloudflare ● Passionate about security and crypto ● Enjoy low level programming @ignatkn Encrypting data at rest The storage stack applications @ignatkn The storage stack applications filesystems @ignatkn The storage stack applications filesystems block subsystem @ignatkn The storage stack applications filesystems block subsystem storage hardware @ignatkn Encryption at rest layers applications filesystems block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers applications filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers applications ecryptfs, ext4 encryption or fscrypt filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Encryption at rest layers DBMS, PGP, OpenSSL, Themis applications ecryptfs, ext4 encryption or fscrypt filesystems LUKS/dm-crypt, BitLocker, FileVault block subsystem SED, OPAL storage hardware @ignatkn Storage hardware encryption Pros: ● it’s there ● little configuration needed ● fully transparent to applications ● usually faster than other layers @ignatkn Storage hardware encryption Pros: ● it’s there ● little configuration needed ● fully transparent to applications ● usually faster than other layers Cons: ● no visibility into the implementation ● no auditability ● sometimes poor security https://support.microsoft.com/en-us/help/4516071/windows-10-update-kb4516071 @ignatkn Block
    [Show full text]
  • Network Boot and Exotic Root HOWTO
    Network Boot and Exotic Root HOWTO Brieuc Jeunhomme frtest [email protected] Logilab S.A. Revision History Revision 0.3 2002−04−28 Revised by: bej Many feedback inclusions, added links to several projects Revision 0.2.2 2001−12−08 Revised by: dcm Licensed GFDL Revision 0.2.1 2001−05−21 Revised by: logilab Fixed bibliography and artheader Revision 0.2 2001−05−19 Revised by: bej Many improvements and included Ken Yap's feedback. Revision 0.1.1 2001−04−09 Revised by: logilab First public draft. Revision 0.1 2000−12−09 Revised by: bej Initial draft. This document explains how to quickly setup a linux server to provide what diskless linux clients require to get up and running, using an IP network. It includes data and partly rewritten text from the Diskless−HOWTO, the Diskless−root−NFS−HOWTO, the linux kernel documentation, the etherboot project's documentation, the linux terminal server project's homepage, and the author's personal experience, acquired when working for Logilab. Eventually this document may end up deprecating the Diskless−HOWTO and Diskless−root−NFS−HOWTO. Please note that you'll also find useful information in the From−PowerUp−to−bash−prompt−HOWTO and the Thin−Client−HOWTO, and the Claus−Justus Heine's page about NFS swapping. Network Boot and Exotic Root HOWTO Table of Contents 1. Introduction.....................................................................................................................................................1 1.1. What is this all about?.......................................................................................................................1 1.2. Thanks...............................................................................................................................................1 1.3. Diskless booting advocacy................................................................................................................1 1.3.1. Buying is cheaper than building.......................................................................................1 1.3.2.
    [Show full text]
  • The Growing Impact of Full Disk Encryption on Digital Forensics
    digital investigation 8 (2011) 129e134 Available online at www.sciencedirect.com journal homepage: www.elsevier.com/locate/diin The growing impact of full disk encryption on digital forensics Eoghan Casey a,*, Geoff Fellows b, Matthew Geiger c, Gerasimos Stellatos d a cmdLabs, 1101 E. 33rd Street, Suite C301, Baltimore, MD 21218, United States b LG Training Partnership, United Kingdom c CERT, United States d CACI International, United States article info abstract Article history: The increasing use of full disk encryption (FDE) can significantly hamper digital investi- Received 16 March 2011 gations, potentially preventing access to all digital evidence in a case. The practice of Received in revised form shutting down an evidential computer is not an acceptable technique when dealing with 17 September 2011 FDE or even volume encryption because it may result in all data on the device being Accepted 24 September 2011 rendered inaccessible for forensic examination. To address this challenge, there is a pressing need for more effective on-scene capabilities to detect and preserve encryption Keywords: prior to pulling the plug. In addition, to give digital investigators the best chance of Digital forensics obtaining decrypted data in the field, prosecutors need to prepare search warrants with Full disk encryption FDE in mind. This paper describes how FDE has hampered past investigations, and how Hard drive encryption circumventing FDE has benefited certain cases. This paper goes on to provide guidance for Volatile data gathering items at the crime scene that may be useful for accessing encrypted data, and for Memory forensics performing on-scene forensic acquisitions of live computer systems.
    [Show full text]
  • The Future of Digital Forensics
    Royal Holloway Information Security Thesis Series | The future of digital forensics The future of digital forensics Investigators have three avenues of attack to use when tackling the complexities of full disk encryption by Nia Catlin, MSc in information security (Royal Holloway) and Lorenzo Cavallaro, ISG, Royal Holloway THINKSTOCK Royal Holloway Information Security Thesis Series | The future of digital forensics The future of digital forensics in the era of full disk encryption Full disk encryption presents a theoretically insurmountable challenge for digital forensics, but authorities still have three avenues of attack for attempting to analyse protected devices. Anti-forensic countermeasures pose a developing challenge, however by Nia Catlin and Lorenzo Cavallaro In the past, forensics relied on artifacts left behind on a suspect’s computer, an intimate knowledge of all the nooks and crannies in which incriminating evidence may be hidden, the tendency of criminals to fail even to attempt to assume they will not be caught, and the failure of criminals to cover their tracks. Unfortunately for digital forensic investigators, their work constitutes a physical security breach, and the use of full disk encryption can be as effective at preventing them carrying out that work as it is at preventing a laptop thief from stealing passwords. The severe consequences of the exposure of corporate and customer data have led to the development of user-friendly and very secure full disk encryption. Moreover, the fear of device theft has led to its widening adoption. Most of the encryption algorithms – when used correctly – are considered unbroken for practical purposes, so authorities trying to analyse such a protected device are left with three avenues of attack: key search, live forensic acquisition and forced key disclosure.
    [Show full text]
  • Leveraging Integrated Cryptographic Service Facility
    Front cover Leveraging Integrated Cryptographic Service Facility Lydia Parziale Redpaper International Technical Support Organization Leveraging Integrated Cryptographic Service Facility January 2018 REDP-5431-00 Note: Before using this information and the product it supports, read the information in “Notices” on page v. First Edition (January 2018) This edition applies to Version 2 Release 3 of IBM z/OS (product number 5650-ZOS). © Copyright International Business Machines Corporation 2018. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . .v Trademarks . vi Preface . vii Authors. vii Now you can become a published author, too! . vii Comments welcome. viii Stay connected to IBM Redbooks . viii Chapter 1. Overview . 1 1.1 The need for cryptography . 2 1.2 Cryptographic architectures . 3 1.2.1 PKCS #11 . 3 1.2.2 IBM Common Cryptographic Architecture. 3 1.3 System Authorization Facility . 4 1.4 What ICSF is . 5 1.4.1 ICSF services . 5 1.4.2 ICSF options . 6 1.4.3 SAF-protecting ICSF services and IBM CCA Keys. 8 Chapter 2. IBM Z hardware cryptography implementation . 9 2.1 CP Assist for Cryptographic Functions . 10 2.2 The IBM Cryptographic Coprocessor . 10 2.3 The Trusted Key Entry workstation . 12 2.3.1 Clear key versus secure key versus protected key. 12 2.3.2 TKE and the benefits of using ICSF and protected keys . 14 Chapter 3. Auditing . 15 3.1 ICSF: Enhanced logging for PCI audit requirements . 16 3.2 ICSF and SMF .
    [Show full text]
  • Sbadmin for Linux System Recovery Guide Is a Supplement to the Sbadmin User Guide, Providing Details on Reinstalling a Linux System from a Sbadmin System Backup
    Linux System Recovery Guide Version 8.2 Trademarks and Copyrights © Copyright Storix, Inc. 1999-2021 SBAdmin is a registered trademark of Storix, Inc. SBAdmin is a trademark of Storix, Inc in the USA and other countries Intel is a registered trademark of Intel, Inc. Linux is a registered trademark of Linus Torvalds. Intel, Pentium, IA32, Itanium, Celeron and IA64 are registered trademarks of Intel Corporation. AMD, Opteron, and Athlon are registered trademarks of Advanced Micro Devices. HP Integrity servers are registered trademarks of Hewlett-Packard Development Company. Publicly Available Software This product either includes or is developed using source code that is publicly available: AESCrypt* Rijndael and Cipher Block Feedback Copyright 1999, 2000 Enhanced Software Technologies Inc. mode (CFB-128) encryption/decryption http://aescrypt.sourceforge.net/ algorithms BusyBox Single executable containing tiny Copyright 1989, 1991 Free Software Foundation, Inc. versions of common UNIX utilities http://busybox.net/cgi-bin/cvsweb/busybox/ LILO LInux boot Loader Copyright 1999-2003 John Coffman. Copyright 1992-1998 Werner Almesberger. http://freshmeat.net/projects/lilo/ Tcl Open source scripting language Copyright Regents of the University of California, Sun Microsystems, Inc. http://tcl.sourceforge.net Tk Tk graphics toolkit Copyright Regents of the University of California, Sun Microsystems, Inc. http://tcl.sourceforge.net DropBear A Smallish SSH 2 Server and Client Copyright 2002, 2003 Matt Johnston http://www.matt.ucc.asn.au/dropbear/dropbear.html GRUB Grand Unified Bootloader (GNU GRUB) Copyright 1989, 1991 Free Software Foundation, Inc. http://www.gnu.org/software/grub/grub.html Lighttpd Secure, fast, compliant and flexible Copyright 2004 Jan Kneschkle, incremental web-server http://www.lighttpd.net OpenSSL Toolkit implementing Secure Socket Copyright 1998-2008 The OpenSSL Project Layer Copyright 1995-1998 Eric A.
    [Show full text]