[Cryptography] trojans in your printers

[Henry Baker]

At 01:38 PM 2/27/2015, Henry Baker wrote:
>At 12:53 PM 2/27/2015, Tom Mitchell wrote:
>>On Fri, Feb 27, 2015 at 6:31 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
>>Perhaps the safest configuration would be to buy a
>>cheap ($25) travel router & attach the printer to
>>this router via USB. Reflash the router code with
>>OpenWRT, and have the router manage the printer.
>>
>>OpenWRT today wants a better than cheap travel router.
>
>OpenWRT runs just fine on my $25 TP-Link travel router with an external USB flash drive to "pivot" with.

OpenWRT now supports "pivot root", which basically allows booting from the (small) boot flash, and then "pivoting" in such a way that the USB flash or SATA drive becomes the real root file system.  This almost completely solves the software storage capacity problem, and also relieves a lot of pressure on the RAM, which in small travel routers may only be 32MBytes.

Thus, a travel router with a USB flash drive can support an enormous amount of software, so long as it doesn't all want to run at the same time.

http://wiki.openwrt.org/doc/howto/extroot

Rootfs on External Storage (extroot)

More often then not, there is a limited amount of storage space available on embedded devices.  While the available flash memory will usually accomodate a bare OpenWrt installation, more room for applications and data can tremendously expand a device's potential.  Luckily, many of these devices have these expansion capabilities built-in, for example in the form of USB ports, SATA ports, PCIexpress slots, or even storage in a network location.  However, many of the applications you want to install are developed with the idea that they should be installed in the root file system (rootfs).  By employing OpenWrt's extroot, you can expand the storage capacity of your root file system using the additional space of an added storage device.  At a certain point in the boot process the external storage space is mounted as the root file system or in an overlay configuration over the original file system. To understand the technical details of OpenWrt extroot, please read extroot.theory.  Thi
s article explains how to get it to work. 

http://wiki.openwrt.org/doc/howto/extroot/extroot.theory

ExtRoot: How it works

Most routers do not have hard drives.  They use flash memory for similar purposes: storing programs and data, even when the system is off (non-volatile memory). 

In most systems, flash memory does not appear like RAM and so data and instructions must be copied to RAM to be used.  So, for example, the bootloader copies the kernel from flash to RAM and then starts that copy running. 

Obviously there are two possible ways to do things:
* we can pivot the /overlay to the USB disk (you could call this external overlay or pivot-overlay)
* we can pivot the entire / (read: root) to the USB disk (you could call this external root or pivot-root)

Note: extroot started as the external overlay thus the external root was called pivot-root only in order to distinguish between the two implementations.  To avoid misunderstandings you should always use pivot-overlay and pivot-root respectively. extroot comprises both methods.