root labs rdist

Introduction to rdist

I’m Nate Lawson of Root Labs (contact info), and I’m writing about embedded and kernel security, cryptography, software protection, FreeBSD, and the occasional trip into retrocomputing. During the day, I assist companies with the design and review of security aspects of their products. My personal site,, provides copies of my latest articles, talks, code, and other resources. I post more time-sensitive material here, on the following topics.

  • Embedded security: authenticated boot, tamper resistance, emulation detection, and side-channel attacks and defenses.
  • Software protection: the cat-and-mouse game of reversing and hiding code behavior, mostly on the x86 platform.
  • Cryptography: cryptosystem design and attacks, cohesiveness, evaluation of common approaches.
  • Kernel security: low-level programming techniques, rootkits, and virtualization.
  • FreeBSD: power management development and kernel improvements
  • C64: copy protection and lessons in system design from the past

I’ve been working with the security industry since 1994. You may know me from developing the first network IDS, RealSecure. I have been a FreeBSD committer since 2002, doing major work on power management, SCSI, and USB.

My current company is Root Labs. I consult with various customers for designs involving embedded, kernel security, and cryptography. One past client I can mention is Chumby, who I assisted with cryptography for the on-board microcontroller.

My previous company was Cryptography Research, where I co-developed the Blu-ray content protection system, aka BD+. While there were technical challenges, the greatest effort was political. The other security component, AACS, was compromised for both HD-DVD and Blu-ray in early 2007 and is quickly re-hacked each time a key revocation occurs (four times in two years, so far). BD+ first started shipping on discs in October 2007 and the first discs were compromised in March 2008. We planned for the first discs to be eventually hacked, and thus subsequent releases should require additional attacker effort.

I don’t like blogs. I think a blog elevates the author’s opinion over the commenters, unlike a Usenet discussion where replies to the first post have equal weight. I don’t like the narrow screen and ugly design. They don’t print books on receipt paper for a reason. I also don’t like the emphasis on time and the reverse direction of conversation, instead of articles structured by topic. I don’t like the mix of posts worth reading versus filler to keep timeliness.

However, I do like the ease of publishing, and that’s why I chose this structure. I hope this can be a bit of a different forum, with thoughtful articles that are each worth your time.

Thanks and enjoy!


The Rubric Theme. Blog at


Get every new post delivered to your Inbox.

Join 103 other followers