[e12e]

> UNIX or UNIX-like systems.

Thank you. I usually use, see *nix. Arguably Android sans Google apps, over-the-air updates fit into that box.

The idea of three nodes, trivially separated and air-gapped is interesting.

One should be able to do the input with an adruino or something (most obvious choice, a keyboard, but could also tack on a mic/camera for audio/video).

Link that with a "one-way" cable to a rpi2 (the "compromised"/networked node), and a cheap android tablet w/o baseband/gsm chips -- and perhaps solder off the antennas/kill the wlan/bluetooth. Preferably one w/o NFC. Use the tablet as the screen, and the "out" node.

Use lobotomized usb-cable for power from the Android-devices battery, and run everything off that.

I do like the idea of having the separation be obvious and simple -- easy to audit.

Suppose one might as well run freedos on the two nodes -- but Linux/BSD is probably less painful.

[nickpsecurity]

Now you're thinking on the right lines! All of that should be fine. Didn't think about using USB for power: just had a strip in the design. Will have to think on it. Standardizing on Linux/BSD is wise, too, as it lets us easily adapt it to new software applications.

And, in case I forgot, you can modify this architecture for voice or video but will need to replace serial cable with higher bandwidth line. Risk starts to go up there. You either need a real data diode or must physically modify Ethernet/Fiber cables and/or cards to do one-way transmission. Might take custom, microcontroller board to be sure it's done right.

It's a bigger project to say the least. There's examples online but the security is debatable. That's why the defense sector builds and certifies the big guns [1]. That it takes them that much hardware & they mention TEMPEST hints at how much work goes into this one, tiny problem.

[1] http://www.nexor.com/sites/default/files/Nexor%20Datasheet%2...