[guardian-dev] Fwd: NitroPad: Secure Laptop With Unique Tamper Detection
Hans-Christoph Steiner
hans at guardianproject.info
Thu Jan 16 05:28:46 EST 2020
I hear you, and I've similar things from others. Fairphone is in a
similar boat. I think we need to compare apples to apples here: what
Nitrokey, Librem and Fairphone are trying to do is important, no other
providers are doing those things better. Things like:
* true free software support
* hardware switches
* repairability
* conflict-free minerals
.hc
Abel Luck:
> I have a Purism Librem v3 (the 13" model) and I have to say I am not
> very happy with it.
>
> From a privacy pov, it's nice. ME can be disabled manually. The hardware
> switches are very handy. Rather than ship binary blobs for the bluetooth
> driver, they left that feature out, not compromising. Which I like.
>
> However from an ergonomics/usability pov, I am quite dissatisfied. When
> I say the keyboard is bad, I'm not a keyboard snob. It truly is just a
> bad keyboard, I really dread having to go on the road and use the
> keyboard for any length of time. The trackpad quality is also very low.
>
> Also the laptop comes with a usb c port, which is basically useless as
> it doesn't support thunderbolt, which means no adapter for ethernet or
> external displays. Waste of a port!
>
> I wouldn't buy another Librem :/
>
> That NitroPad looks interesting, but the deal breaker for me is the
> 1366x768 px screen. So small! 1920x1080 is the minimum I would ever get
> in a laptop again.
>
> ~abel
>
> Devrandom:
>> This is a Lenovo. The Purism laptop goes to 32GB and has hardware kill
>> switches. It also has secure boot with the Nitrokey and the TPM option,
>> but I didn't try it (yet).
>>
>> On Wed, Jan 8, 2020 at 4:19 AM Hans-Christoph Steiner <
>> hans at guardianproject.info> wrote:
>>
>>>
>>> Looks like quite a nice laptop setup for privacy:
>>>
>>>
>>> -------- Forwarded Message --------
>>> Subject: NitroPad: Secure Laptop With Unique Tamper Detection
>>> Date: Tue, 7 Jan 2020 10:25:13 +0100
>>> From: Nitrokey <info at nitrokey.com>
>>> Reply-To: Nitrokey <info at nitrokey.com>
>>> To: Hans-Christoph Steiner <hans at guardianproject.info>
>>>
>>> Deutsche Übersetzung ist hier:
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/d891PlpQflj763CzcTeLrLCQ/2drgzRE7oneOhHNyMnMe8g
>>>
>>> Dear Nitrokey supporters!
>>>
>>> Do you think your computer hardware is secure? Can you rule out that in
>>> your absence no one has manipulated your computer? In a world, where
>>> most users do not have any real control over their hardware and have to
>>> blindly trust the security promises of vendors, NitroPad unlocks a
>>> refreshingly new security experience. NitroPad X230 [1] is significantly
>>> more secure than normal computers. With NitroPad, you'll have more
>>> control over your hardware than ever before while maintaining ease of use.
>>>
>>> Features
>>>
>>> Tamper Detection Through Measured Boot
>>>
>>> Thanks to the combination of the open source solutions Coreboot [2],
>>> Heads [3] and Nitrokey USB hardware, you can verify that your laptop
>>> hardware has not been tampered with in transit or in your absence
>>> (so-called evil maid attack). The integrity of the TPM, the firmware and
>>> the operating system is effectively checked by a separate Nitrokey USB
>>> key. Simply connect your Nitrokey to the NitroPad while booting and a
>>> green LED on the Nitrokey will show that your NitroPad has not been
>>> tampered with. If the LED should turn red one day, it indicates a
>>> manipulation.
>>>
>>> Deactivated Intel Management Engine
>>>
>>> Vulnerable and proprietary low-level hardware parts are disabled to make
>>> the hardware more robust against advanced attacks.
>>>
>>> The Intel Management Engine (ME) is some kind of separate computer
>>> within all modern Intel processors (CPU). The ME acts as a master
>>> controller for your CPU and has broad access to your computer (system
>>> memory, screen, keyboard, network). Intel controls the code of the ME
>>> and severe vulnerabilities have been found in the ME enabling local and
>>> remote attacks. Therefore ME can be considered as a backdoor and has
>>> been deactivated in NitroPad.
>>>
>>> Preinstalled Ubuntu Linux With Full-Disk Encryption
>>>
>>> NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS [4] with
>>> full-disk encryption. Ubuntu is one of the most popular, stable and
>>> easiest to use Linux distributions. Switching from Windows to Linux has
>>> never been easier.
>>>
>>> Optional: Preinstalled Qubes OS For Highest Security Requirements
>>>
>>> Instead of Ubuntu Linux, on request you can get your NitroPad with
>>> preinstalled Qubes OS 4.0 [5] and full-disk encryption.
>>>
>>> Qubes OS enables highly isolated working by means of virtual machines
>>> (VM). A separate VM is started for each application or workspace. This
>>> approach isolates applications and processes much more than conventional
>>> operating systems. Qubes OS keeps your system secure, even if a
>>> vulnerability has been exploited in one of the software applications
>>> used. Example: If your PDF viewer or web browser has been successfully
>>> attacked, the attacker cannot compromise the rest of the system and will
>>> be locked out once the VM is closed.
>>>
>>> In addition, separate virtual workspaces can be used, such as an offline
>>> workspace for secret data and an online workspace for communication.
>>> NitroPad with Qubes OS is technically similar to SINA clients (for
>>> governments), but remains transparent thanks to open source. Qubes OS is
>>> for users who want maximum security.
>>>
>>> Keys Under Your Control
>>>
>>> All individual cryptographic keys are generated directly on the NitroPad
>>> exclusively during installation and are not stored by us. However, all
>>> individual keys can be replaced by you. Unlike "Secure Boot", the keys
>>> for securing the operating system remain under your control and do not
>>> depend on the consent of the vendor.
>>>
>>> Nitrokey USB Key Included
>>>
>>> NitroPad comes with a Nitrokey Pro 2 [6] or a Nitrokey Storage 2 [7].
>>> Their security features include for example email encryption (PGP,
>>> S/MIME), secure server administration (SSH) and two-factor
>>> authentication through one-time passwords (OTP). The Nitrokey Storage 2
>>> additionally contains an encrypted mass storage with hidden volumes.
>>>
>>> Professional ThinkPad Hardware
>>>
>>> Based on Lenovo ThinkPad X230, the hardware finish and robustness meet
>>> professional quality standards. The famous ThinkPad keyboard with
>>> background lighting and TrackPoint allows comfortable working. The used
>>> laptops have been refurbished.
>>>
>>> Out-of-the-Box User Experience
>>>
>>> With NitroPad, you don't need to take care of opening the hardware
>>> casing to flash the BIOS chip, installing and configuring Linux, or
>>> pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey
>>> is already configured with your NitroPad so that it can be used for
>>> tamper detection without any further configuration effort.
>>>
>>> Security Conscious Shipping
>>>
>>> To make it more difficult to intercept and manipulate your NitroPad, the
>>> NitroPad and the Nitrokey USB key can be shipped in two separate
>>> shipments if desired.
>>>
>>> Use Cases
>>>
>>> For Everyone
>>>
>>> NitroPad enables you to detect hardware tampering. For example, if your
>>> laptop is being inspected while crossing the border or if you leave your
>>> device unattended in a hotel or during travelling, you can check the
>>> integrity of your NitroPad with the help of the Nitrokey.
>>>
>>> For Enterprises
>>>
>>> NitroPad can serve as a hardened workstation for certificate authorities
>>> and other use cases requiring high-security computers. On business
>>> trips, the NitroPad protects against evil maid attacks while the
>>> computer is unattended in a hotel or baggage.
>>>
>>> For Governments
>>>
>>> Governments can use NitroPad to protect themselves against advanced
>>> persistent threats (APT) without relying on foreign proprietary technology.
>>>
>>> For Journalists
>>>
>>> If you as an investigative journalist are serious about protecting your
>>> confidential sources, NitroPad helps you getting there.
>>>
>>> NitroPad X230 is now available in our Online Shop [1].
>>>
>>> More details are available in the product factsheet [8].
>>>
>>> Kind regards,
>>> your Nitrokey team
>>>
>>> [1]
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/jZaFd1lbEdmWO6EYOcLzDQ/2drgzRE7oneOhHNyMnMe8g
>>> [2]
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/YFe1znalGDB8Ua763Ggu9RKw/2drgzRE7oneOhHNyMnMe8g
>>> [3]
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/cZ8CHlfV3cxRZgMwQJk6fQ/2drgzRE7oneOhHNyMnMe8g
>>> [4]
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/UXFKS892rBzNshvgAM3iX7Sw/2drgzRE7oneOhHNyMnMe8g
>>> [5]
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/D8RUORLEDmVGkJAOqOZ12w/2drgzRE7oneOhHNyMnMe8g/
>>> [6]
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/3NM892YvQl3nQBfzax83fVdg/2drgzRE7oneOhHNyMnMe8g
>>> [7]
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/892ZG8927tvGnlab4KjZMl8lQg/2drgzRE7oneOhHNyMnMe8g
>>> [8]
>>>
>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/ITDgVP8lO6ZSALVagGX892vw/2drgzRE7oneOhHNyMnMe8g
>>>
>>>
>>> _______________________________________________
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>>
>>
>>
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
More information about the guardian-dev
mailing list