Write-locked external storage

I don’t know whether the solution has to be SD card but if this is important to you then there are choices of USB flash drive where the drive firmware offers stronger protection.

For “write protect” switch, you can look at an appropriate Kanguru flash drive. As always, a (true) write protect switch protects against accidental writes and also should protect against insertion of the flash drive in a compromised computer. These are reasonably priced but, as a niche item, more expensive per GB than a vanilla flash drive. It most certainly does nothing for evil maid.

For something stronger, you can look at a more advanced Kanguru that has a built-in fingerprint reader. While I disapprove of biometrics for security, it should slow the evil maid down. Expect to pay many times the normal price per GB.

For something stronger, you can look at the Kingston IronKey - which has a keypad on the flash drive. Without the PIN, it shouldn’t be possible even to read the contents, much less write, and you can choose to make the contents available read-only. The contents are stored encrypted. Expect to pay many times the normal price per GB.

For something sexier, consider the Kingston IronKey Vault external SSD, which offer a built-in touchscreen on the SSD. You get basically the same kind of functionality but with a more user-friendly interface. Expect to pay serious coin. Far too much storage capacity for a simple bootable ISO.

Even though there is no need to use encryption for publicly available ISOs, encryption does provide the advantage that a technologically-sophisticated maid who takes the flash storage out of the enclosure in order to write it externally will most likely just corrupt the plaintext content. Corollary to that: while I don’t have the details, I don’t think these encryption schemes offer encryption-with-authentication - whereby any corruption of the data would be outright rejected.

All of these options should be operating system independent (transparent) i.e. should work with Linux.

Some disclaimers apply:

• It is considered unauditable as to whether disk-based security actually does anything (unless the firmware were open). So there is an element of faith. There is, for example, no guarantee that there isn’t some undocumented command that you can send to the drive that will bypass the security etc.
• I don’t own any such storage.

Edit to correct and expand.

I think this is an excellent summary of the best-in-class options, given that true SD writelock appears to be extinct. Nice work!

In case one day someone is pursuing this, I’ve looked into the USB flash drive with built-in fingerprint reader options a bit more. All the ones that I looked at appear to have a flaw in common, namely that while they work transparently on Linux after initial setup, the initial setup requires software that is only available for Windows (or is in any case not available for Linux).

The initial setup includes enrolling a fingerprint and optionally includes repartitioning the disk space between “public” and “private”. Subsequent setup could also include missing out on being able to erase the drive (by throwing away the internal encryption key? by revoking a fingerprint?) before disposal.

Exactly how important this is will depend on your situation, ranging through

• no drama, I (have to) run Windows a fair amount of the time anyway
• not great but OK I have a Windows computer that I occasionally use or can get access to
• this is a showstopper because I don’t have Windows at all

Regardless, it seems dubious that you would take your security seriously enough to invest in this kind of technology but then undermine your security by running blackbox software on a blackbox operating system. (Those more motivated than I might want to investigate whether said software can run inside a VM that is running Windows.)

Example fails: Kanguru Defender BioElite30, Lexar F35, Verbatim Fingerprint Secure.

Fingerprint is not legally protected under the fifth (I think it was fifth) amendment.

Although, the ironkey line is pretty solid.

Sure. I did note above that I am not a fan of biometrics for security (for that and other reasons). However it all depends on your threat model.

If you are just worried about accidentally leaving the flash drive around somewhere or you are just worried about your evil maid (as per the original original post) then fingerprint is solid.

Given that the original original post was just putting ISOs on the external storage, and worried about his evil maid, it seems unlikely that the evil government will be using legal compulsion to get him to unlock - and if they did, so what? In other words, for this application, integrity is far more important than confidentiality.

You have a valid point.

I tested live booting Ubuntu from a write-protected USB flash drive. This environment more or less expects a read-only boot medium anyway, perhaps harking back to the days of booting from CDROM, so I wasn’t expecting any problems - and it worked fine.

Because this boot environment offers an overlay file system, you can install software while live booted (write-protected or not) - but of course anything you install will be present only temporarily i.e. if you reboot then everything you installed has vanished. Depending on your threat model, it may be preferable to use a live boot distro that does not offer this functionality. Regardless though, the actual boot medium is protected.

Putting aside the live boot environment, the Linux kernel seems to recognise the possibility that a USB flash drive can be write-protected. If you insert a write-protected USB flash drive, the system log reports that “write protect is ON” and the flash drive is mounted read-only.