Ways to protect the intellectual property of an advanced configuration that reveals proprietary software functionality
-
Thinking of developing some software that relies on an advanced pfsense configuration. The software would run alongside pfsense as a BSD binary and both would run in a virtual machine. To use the software, the user of an application such as firefox in the host would set it up with 192.168.0.1:12345 as the socks proxy, where 192.168.0.1 is the IP of pfsense's LAN side. The software must be hard to reverse-engineer. Much of the functionality can be guessed by looking at the pfsense configuration so we want the configuration to be unreadable or hard to read/reverse-engineer. And the squid proxy configuration too. What are some ways to prevent the reading of configurations and the software binary?
-
Short of locking the user out of the system, there are no ways to prevent reading that entirely. If you are very careful with privileges and access in the GUI they may not be able to read the files, but they could always reboot the box and get access to the console.
-
Isn't there any package that does full system disk encryption that can be modified to automatically give itself a fixed passphrase or something that is hard to discover by getting access to the console?
-
You can do ZFS full disk encryption in the stock installer. But someone has to enter the passphrase at each boot.
-
Is this feature fully open-source?
-
The ZFS disk encryption is all from FreeBSD, and is open source.