1. Overview

The structure of the MARK source should be quite clear. Nevertheless we want to give a short overview of the source tree and some explanations about the different parts:

MARK Source Tree
bitvisor

The full source of the hypervisor we use for MARK. It has been patched to support the TRESOR encryption routines (tresor-xts), which are coldboot resistant, and to boot from any hard disk that is found.

debirf

We use debirf to build our ramdisk. Inside this directory you find the configuration for debirf and a number of custom scripts that run during the creation of our ramdisk. Basically it is just some magic around debootstrap.

doc

The documentation that you currently read.

kernel

The minimalistic Linux kernel that is loaded by the hypervisor.

prepstick

Tools to prepare the USB drive.

teensy

The software that runs on the active USB drive. Currently only at90usb162 chips are supported.

tools

Two small tools, that are needed by the MARK UI: minios_boot is responsible of passing the DEK to the hypervisor and initiating the boot process and minios_crypt is used during the installation of a new system to encrypt the installation image according to the routines used in the hypervisor later on.

ui

The MARK UI, which is started inside the ramdisk. It is responsible of controlling the active USB drive, the TPM and interacting with the user.

2. Building MARK

Although MARK consists of many components, building MARK is not very difficult. It basically boils down to running make a few times.

2.1 Requirements

To build MARK you need a x86 or x86_64 processor and any Linux distribution. It has been only tested with Debian so far but should work with other distributions as well. Besides the usual tools, that you also would need to build your kernel, you need debootstrap. If you want to build the software for the active USB stick as well, you need gcc-avr and avr-libc. Everything you need for building is available as Debian package.

2.2 How to build

As being said already the building boils down to running make a few times, but the order is important. Just follow this instructions:

  1. Build BitVisor by running make within bitvisor.

  2. Build the minimal Linux kernel by running make within kernel.

  3. Build minios_boot and minios_crypt by running make within this two directories inside of tools.

  4. If you want to build the software for the active USB drive yourself do this by running make inside teensy. There is already a prebuilt version however.

  5. Now you are able to build the ramdisk by running make within debirf. You have to do this as root, however, because we need to run debootstrap which uses chroot a lot.

You are done with building MARK and can now proceed with preparing the USB drive. You do not need to build the UI, because it is written in python. You can of course, however, build the documentation yourself if you want to.

3. Preparing the USB drive

3.1 Flashing the active USB drive

You do not need to flash the firmware onto the active USB drive, because this is done during the installation of a operating system with MARK, but if you want to do it for testing purposes press and release the button on the drive and run make flash within teensy. You have to make sure, however, that you have the right permissions. If not either run it as root or fix your udev rules.

3.2 Preparing the mass storage

This is the last step in preparing your own MARK drive. Assuming your USB mass storage occurs under /dev/sdf you just have to run the following command as root:

$ prepstick/prep.sh /dev/sdf

This simple script does everything that is needed, i.e. partitions the mass storage, creates file systems, copies all the files you previously built to the correct locations and finally installs Trusted Grub onto the stick. This whole process may take some time. Please be patient.

Important Make sure to use the right device name for the preparation script. Otherwise you might wipe your hard disk.