I'll respond in more detail when I'm on the computer. I strongly agree, at the very minimum:
1. Secure bootloader
2. Lock flash, or better blow JTAG fuse
3. Keep CA certs on device and issue certs using CA to cloud servers
4. use signed OTA payloads, you'll need this if you're doing 1. (edited)
[10:03]
I learnt the hard way comprising security for usability/product requirements. :disappointed:
Mark Wolfe wolfeidau
🐺
wolfeidau
/ cloudbookmarks.sam.yaml
Created
January 21, 2017 09:50
Road testing https://github.com/eawsy/aws-lambda-go-net
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| AWSTemplateFormatVersion: '2010-09-09' | |
| Transform: AWS::Serverless-2016-10-31 | |
| Resources: | |
| Function: | |
| Type: AWS::Serverless::Function | |
| Properties: | |
| Handler: handler.Handle | |
| Runtime: python2.7 | |
| CodeUri: ../cloudbookmarks.zip | |
| Events: |
wolfeidau
/ cloudwatch_alarms_cloudtrail.rb
Created
January 6, 2017 03:46
Ruby DSL version of the cloudwatch alarms for cloudtrail template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| require 'bundler/setup' | |
| require 'cloudformation-ruby-dsl/cfntemplate' | |
| require 'cloudformation-ruby-dsl/spotprice' | |
| require 'cloudformation-ruby-dsl/table' | |
| template do | |
| value AWSTemplateFormatVersion: '2010-09-09' |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -e | |
| echo "--- Clearing old build contents" | |
| rm -rf build/* | |
| echo "--- Getting yarn image" | |
| docker pull kkarczmarczyk/node-yarn:6.7-slim |
Get centos, this will grab down centos:latest from docker hub.
docker pull centos
Run a container.
docker run -v $(pwd):/src -it centos /bin/bash
wolfeidau
/ clouformation_stack_facts.py
Created
August 26, 2016 03:23
cloudformation plugin for ansible
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python | |
| DOCUMENTATION = ''' | |
| --- | |
| module: cloudformation_stack_facts | |
| short_description: list or describe stacks in cloudformation | |
| notes: | |
| - for details of the parameters and returns see U(http://boto3.readthedocs.org/en/latest/reference/services/cloudformation.html) | |
| description: | |
| - Lists or describes stacks in cloudformation. |
wolfeidau
/ keybase.md
Created
August 15, 2016 17:52
I hereby claim:
- I am wolfeidau on github.
- I am wolfeidau (https://keybase.io/wolfeidau) on keybase.
- I have a public key ASA_a8J3oBKsvIhbZjD8LHZS9t87vPf4yqrwubsxLioJtgo
To claim this, I am signing this object:
Build golang deb file.
tar xvzf go1.7rc5.linux-amd64.tar.gz
mkdir -p root/usr/local root/etc/profile.d
mv go root/usr/local
cat /etc/profile.d/golang.sh << EOF
PATH=$PATH:/usr/local/go/bin
export PATH
EOF
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (/usr/sbin/blkid -t TYPE=ext4 | grep /dev/xvdk) || (/usr/sbin/wipefs -fa /dev/xvdk && /usr/sbin/mkfs.ext4 /dev/xvdk) | |
| mkdir /mnt/ebs-docker | |
| mount /dev/xvdk /mnt/ebs-docker -t ext4 | |
| mkdir /mnt/ebs-docker/docker | |
| ln -s /mnt/ebs-docker/docker /var/lib/docker | |