SUSE Hack Week: Ceph RBD backed USB mass storage gadget

Create a USB device that, when configured and connected, exposes one or more Ceph RBD images for use as USB storage, allowing for:

Ceph storage consumption by almost any system with a USB port
- Including dumb devices such as TVs, MP3 players and mobile phones
Boot from RBD image
- By any system capable of booting from a USB mass storage device
Minimal configuration
- Network, ceph.conf, Ceph access key and image pool should be all that's needed for configuration
- Might be worth looking at SaltStack or WebYaST/Cockpit for configuration

The USB device will run an embedded Linux kernel, utilising the USB gadget stack and Ceph RBD client module. I plan on writing a minimal rbd-image-map helper, that allows for kernel RBD image mapping without requiring the user space Ceph libraries.

The USB device hardware should offer the following characteristics:

Small and portable
Sufficient CPU, RAM and storage resources to run Linux
- Preferably multi-core, 1Ghz+, 1GB+ RAM, SD card or eMMC
Reasonable network and USB throughput
- 802.11n and micro USB2 at a minimum
- Ideally 802.11ac/GbE and micro USB3+
Powered via USB, ideally the same port as for data transfer
Affordable
- Preferably less than $50USD

I plan on using my Cubietruck board as a hackweek prototype, which has a dual-core Allwinner A20 chip, with 2GB RAM, GbE and USB2. This should however also be achievable using C.H.I.P ($9 single-core board), NanoPi2 (quad-core $32 board), or UP (Intel Atom board with GbE and USB3).

Join this project Leave this project

Looking for hackers with the skills:

ceph rbd arm usb

This project is part of:

Hack Week 13

Activity

about 10 years ago: a_faerber liked this project.

about 10 years ago: dmdiss added keyword "ceph" to this project.

about 10 years ago: dmdiss added keyword "rbd" to this project.

about 10 years ago: dmdiss added keyword "arm" to this project.

about 10 years ago: dmdiss added keyword "usb" to this project.

about 10 years ago: dmdiss started this project.

about 10 years ago: dmdiss originated this project.

Comments

almost 10 years ago by dmdiss | Reply

A full write-up of the results of this project can be found at: http://blog.elastocloud.org/2015/12/ceph-usb-storage-gateway.html

Code snippets can be found at: https://github.com/ddiss/cephusbgateway

Similar Projects

usb

OSHW USB token for Passkeys (FIDO2, U2F, WebAuthn) and PGP by duwe

Description

The idea to carry your precious key material along in a specially secured hardware item is almost as old as public keys themselves, starting with the OpenPGP card. Nowadays, an USB plug or NFC are the hardware interfaces of choice, and password-less log-ins are fortunately becoming more popular and standardised.

Meanwhile there are a few products available in that field, for example

yubikey - the "market leader", who continues to sell off buggy, allegedly unfixable firmware ROMs from old stock. Needless to say, it's all but open source, so assume backdoors.
nitrokey - the "start" variant is open source, but the hardware was found to leak its flash ROM content via the SWD debugging interface (even when the flash is read protected !)
solokey(2) - quite neat hardware, with a secure enclave called "TrustZone-M". Unfortunately, the OSS firmware development is stuck in a rusty dead end and cannot use it.

I plan to base this project on the not-so-tiny USB stack, which is extremely easy to retarget, and to rewrite / refactor the crypto protocols to use the keys only via handles, so the actual key material can be stored securely. My Initial testbed is the devkit for the solokey2, the NXP LPCXpresso55S69.

Goals

Create a proof-of-concept item that can provide a second factor for logins and/or decrypt a PGP mail with your private key without disclosing the key itself. Implement or at least show a migration path to store the private key in a location with elevated hardware security.

Resources

LPCXpresso55S69, tropicsquare tropic01, arm-none cross toolchain