Consider using write-once optical media instead of USBs for booting OSs

[fresheneesz]

After written, the disk will be read-only, which means you can use it for any computer you need to boot. This means you only need 1 disk rather than 4 USB drives (leaving only 1 USB required for each quarantined computer. There's also much less opportunity for malware to infect things. There's no possibility for malware to bring data back over from an airgapped machine if the user accidentally re-uses the USB drive or gets them mixed up.

[bitcoinhodler]

I agree this would be a security improvement, however it means both setup computers and both quarantined laptops must have optical drives, which are becoming increasingly rare, especially in lower-cost hardware.

You would still need two disks, because the purpose of using two setup computers is to mitigate the risk that one of them is compromised. And you might even need 4 disks unless we figure out a reliable way to partition the disc to have a bootable live partition and a second data partition to replace the Q1 APP USB.

Why do you say you'd still require 1 USB per quarantined computer?

[fresheneesz]

increasingly rare

True, tho external ones can be bought. I wonder tho if using a USB optical drive essentially removes any advantages of using optical disks, if the USB firmware of the drive can be compromised. Which would mean you'd need 1 optical drive per computer, which kind of defeats the purpose I guess.

You would still need two disks, because the purpose of using two setup computers is to mitigate the risk that one of them is compromised.

I would assume there's a way to deterministically verify the disc's contents, meaning you could write on one setup machine and verify on the other.

a reliable way to partition the disc to have a bootable live partition and a second data partition to replace the Q1 APP USB.

That's fair. If partitioning the disc is hard, then you'd need a second disc.

Why do you say you'd still require 1 USB per quarantined computer?

I thought there were 6 USBs in total - 1 boot USB, 1 app USB, and 1 transfer USB per machine. Maybe I'm wrong about that - I'm not sure about the transfer USB.

[bitcoinhodler]

True, tho external ones can be bought. I wonder tho if using a USB optical drive essentially removes any advantages of using optical disks, if the USB firmware of the drive can be compromised. Which would mean you'd need 1 optical drive per computer, which kind of defeats the purpose I guess.

Yes, good point. Glacier is all about paranoia, and I'd worry about the security implications of external USB optical drives.

I would assume there's a way to deterministically verify the disc's contents, meaning you could write on one setup machine and verify on the other.

Probably could work. This would be dangerous with today's USB keys because a compromised verification computer could modify the (previously clean) USB data. But with read-only media, it would work well.

That's fair. If partitioning the disc is hard, then you'd need a second disc.

I don't know about optical media, but for USB I did some research on partitioning. It's possible, and sometimes works, but it's reported that some laptop BIOSs would not boot from a USB drive so configured.

I thought there were 6 USBs in total - 1 boot USB, 1 app USB, and 1 transfer USB per machine. Maybe I'm wrong about that - I'm not sure about the transfer USB.

QR codes are used for all data transfer. Only 4 USBs total.

Question: if we used USB keys with a write-enable switch (like the Kanguru Flashblu 30), would that have the same benefits?

[fresheneesz]

if we used USB keys with a write-enable switch (like the Kanguru Flashblu 30)

Well, if the switch really and truly disallows any possible writing, then it should provide similar benefits to a read-only optical disk. However, part of the protocol is to mitigate malicious USB hardware. If the USB drive is malicious, the read-only protection could be fake or backdoored. With read-only optical media, there's very little malicious behavior that's possible.