[Cryptography] Open source encrypted file system for cheap IoT device?

[Henry Baker]

At 07:02 AM 12/27/2017, Bakul Shah wrote:
>On Tue, 26 Dec 2017 12:32:45 -0800 Henry Baker <hbaker1 at pipeline.com> wrote:
>> >On Tue, Dec 26, 2017 at 9:59 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
>> >At 11:35 PM 12/23/2017, grarpamp wrote:
>> >>No device info was included by OP.  Assuming BSD or Linux
>> >>kernel, they both offer tiny simple full extent kernel block
>> >>device encryptors upon which their standard filesystems can be
>> >>laid down.
>> >>
>> >>Insufficient info given by OP to fit others.
>> >
>> >I was hoping for an open source encrypted file system on an
>> >device that is so small and so limited that it doesn't even
>> >run a form of Linux.  It doesn't even need multiple processes
>> >or multiple threads.
>>
>> >Why would such a device even need an encrypted filesystem?
>> >And where would you store the key material safely to protect
>> >it against an adversary who would be able to get access to the
>> >storage medium, and thus to the device itself?
>> 
>> Why?  Confidential info being stored/logged.
>> 
>> Key?  Hopefully something like public-key, so only the public
>> key needs to be stored on the device -- but perhaps not even
>> then.  If symmetric-key, then the device never stores the key
>> at all, but it needs to be provided during bootup by some
>> other mechanism, and is never stored to the file system itself
>> (yet another reason for not using Linux -- way to much baggage
>> to ever understand and/or verify).
>> 
>> Once again, it doesn't have to be fast, but it needs to have a
>> small code footprint and be reasonably secure.
>
>May be you can try something like the $5 RaspberryPi Zero +
>plan9? The plan9 os 'image' also contains a small readonly
>bootfs containing programs needed to bootstrap further.  You
>can remove everything from this bootfs except a fileserver of
>your choice + something to use an AES encrypted partition.
>And you can remove all kernel devices you don't need.  You can
>then feed the aes key via its GPIO pins or UART something.
>The kernel is much simpler than BSD.
>
>Or may be an AESlib + arduino will fit your bill better (but
>not something I have played with). People have also interfaced
>ESP8266 to SDcards + AES.
>
>There are number of smaller devices but the specs are not
>always available (having a running linux is not enough) or
>they don't have a large enough community of users.

I forgot to say one of the reasons for open source: I
want to be able to recompile & run it on any OS (or not)
of my choosing: e.g., Windoze, MacOS, Linux, minix (!),
etc.