
Ask HN: Where can I find tamper resistant server hardware? - vsenko
Hi HN!<p>I&#x27;m looking for a manufacturer of tamper resistant server hardware for a side project.<p>The main requirement: in case of an attempt to access server internals the server has to be either shut down by its firmware or this event has to be obtainable from our software.<p>Access to server internals is something like this:<p>- attempt to open server chassis lid;<p>- attempt to drill a hole in server chassis;<p>- any other mechanical brute force attempt to access internal hardware like HDD or RAM.<p>Also it has to be tamper proof: after the tamper event the server should not boot in normal mode (looks like it has to be implemented in firmware) so it would be evident for the operator that tamper event took place.<p>And the last one: tamper detection should be active even while it&#x27;s powered off.<p>Could anyone please suggest a manufacturer of such hardware?
======
__d
I don't know a suitable manufacturer.

But I'm curious: do you care about the physical form-factor of the server
enclosure? When you say "chassis lid", it makes me think you're envisaging a
19" rack-mount server chassis?

I had some exposure to an environment where all networking was fiber in a
pressurized conduit with transparent faceplates, etc. There's some FIPS 140-2
L4 suitable plastic wrap/lining that's available for tamper detection, but
that doesn't work without power applied, as far as I know.

How far do you want to go here? It sounds like you just want the attempt
logged, but don't want to wipe keys, or trigger the embedded thermite?

~~~
vsenko
Yes, 19" rack-mount server chassis would be a perfect solution, but it is not
mandatory. The previous best bet were ORWL devices but I never managed to use
them because of several nasty bugs.

An idea to wrap equipment in some kind of a sealant is interesting, but I
suppose that we'll face overheating problems in this case.

There is no need to automagically wipe data or to explode anything: sensitive
data is protected by encryption, during system startup key are loaded from
external removable storage. But I have to be sure that software was not
tampered with while server was offline.

~~~
__d
Did you find this firm?
[https://privatemachines.com/enforcer/](https://privatemachines.com/enforcer/)

~~~
vsenko
Never did, thank you!

I'll try to contact them!

