I'd just like to preface this by saying that I'm not a terrorist or a paedophile, I don't think being arrested is am actual risk.
Having it check with the phone was my original plan, the idea being that if I were arrested once the phone and the computer were separated form each other it would lock. But after thinking about it there were a lot of problems with this. For one this if the keys were on the phone, unless I had an opportunity to encrypt the phone then they would be able to unlock the disks. Plus I thought I'd run in to false positives and lose the ability to remotely access my storage.
So I went with having the keys on a VPS and having the servers ll check in with each other every minutes, thus way if contact is lost all the disks are locked and the key files are encrypted. It's unlikely that an attacker would have physical access to the vps unless they knew the configuration beforehand so once the keys are locked as long as the disks are also locked then it would be pretty hard to open them again.
Yeah the mercury switch idea I think is solid. The system really needs a physical hardware method of cutting power as soon as tampering is detected as not only are my scripts somewhat unreliable but you just can't rely on software once an attacker has physical access to the machine.
My scripts seem to work but there are a lot of steps in locking the disks and if one step fails the whole thing can fail and leave the disks unlocked. So I think I may actually give the mercury switch idea a go. I'll have to have a think about it.
For the paranoid a relay on the primary side of the PSU would be sufficient; For the not so brave, a relay shorting the reset pins should do.. or shorting the power-button infinite until released.
So either "movement -> cut wall-power from the PSU" or "movement -> force PC to reset, o. power off" are two ideas that come to my mind right now.
I would have to look up, which pin(s) on the 24pin need to be opened to immediately force a shutdown, as that also could work.
Resetting would probably work, if I wanted to cut power I would have to actually cut the power (not just short the power button) as the BIOS in this system is a bit buggy and the system will come straight back on after a shut down.
I don't really know enough about electronics but it seems straight forward enough. Could be a fun project though.
Thanks for that, I think using the reset is the easiest way and the keys will lock during the boot up so there's no chance of the disks unlocking again.
I think I'd also want to include a switch to arm and disarm it, something I can hide behind a vent or something and just stick a pin in to disarm. I could stick it on the reset side so when the pin is inserted the reset circuit will be broken.
You can use a opening contact either on the side that powers the relay, or on the reset side; If you use it on the "primary" side where the mercury switch is, it will inhibit the relay from engaging; If you put it onto the "secondary" side the relay will engage, but no reset will occur.
I can have the micro switches for the case intrusion detection and arming/disarming the system between the relay and the reset header. Or am I missing something?
Yeah I'm pretty impressed with BTRFS, I still like using snapraid for what I do but I came pretty close to converting the whole thing to BTRFS while I was doing this.
I was surprised how easily the encryption set up came together, I was expecting there to be much more hassle, especially in getting the disks to unlock on boot using keys on a network share.
Actually, if all the contacts that you are using are closing contacts (so they close the circuit when they are actuated) you dont need the relay.
Than you just put the case, movement switches parallel and the opening contact in series so you can inhibit the reset; that way you do not need external power.
Yeah that's what I was thinking. But a lot of the tilt switches seem to be normally closed, and I'm not sure if they are on/off or if they're more of a sensor with a change in resistance. I mean the mercury ones and ball bearing ones obviously are just on/off and work either way depending on how they're mounted.
All the stuff is pretty cheap so I could get a bunch of different things and mess around with them to find what works best.