[guardian-dev] Fwd: NitroPad: Secure Laptop With Unique Tamper Detection
Devrandom
c1.devrandom at niftybox.net
Thu Jan 16 12:38:03 EST 2020
Agreed, ergonomics are definitely not top-notch, and I hope there's an
iteration that improves things. However, for development and Qubes I
need 32GB. That, together with the freedom aspect trumps other
considerations.
On Thu, Jan 16, 2020 at 2:29 AM Hans-Christoph Steiner
<hans at guardianproject.info> wrote:
>
>
> I hear you, and I've similar things from others. Fairphone is in a
> similar boat. I think we need to compare apples to apples here: what
> Nitrokey, Librem and Fairphone are trying to do is important, no other
> providers are doing those things better. Things like:
>
> * true free software support
> * hardware switches
> * repairability
> * conflict-free minerals
>
> .hc
>
> Abel Luck:
> > I have a Purism Librem v3 (the 13" model) and I have to say I am not
> > very happy with it.
> >
> > From a privacy pov, it's nice. ME can be disabled manually. The hardware
> > switches are very handy. Rather than ship binary blobs for the bluetooth
> > driver, they left that feature out, not compromising. Which I like.
> >
> > However from an ergonomics/usability pov, I am quite dissatisfied. When
> > I say the keyboard is bad, I'm not a keyboard snob. It truly is just a
> > bad keyboard, I really dread having to go on the road and use the
> > keyboard for any length of time. The trackpad quality is also very low.
> >
> > Also the laptop comes with a usb c port, which is basically useless as
> > it doesn't support thunderbolt, which means no adapter for ethernet or
> > external displays. Waste of a port!
> >
> > I wouldn't buy another Librem :/
> >
> > That NitroPad looks interesting, but the deal breaker for me is the
> > 1366x768 px screen. So small! 1920x1080 is the minimum I would ever get
> > in a laptop again.
> >
> > ~abel
> >
> > Devrandom:
> >> This is a Lenovo. The Purism laptop goes to 32GB and has hardware kill
> >> switches. It also has secure boot with the Nitrokey and the TPM option,
> >> but I didn't try it (yet).
> >>
> >> On Wed, Jan 8, 2020 at 4:19 AM Hans-Christoph Steiner <
> >> hans at guardianproject.info> wrote:
> >>
> >>>
> >>> Looks like quite a nice laptop setup for privacy:
> >>>
> >>>
> >>> -------- Forwarded Message --------
> >>> Subject: NitroPad: Secure Laptop With Unique Tamper Detection
> >>> Date: Tue, 7 Jan 2020 10:25:13 +0100
> >>> From: Nitrokey <info at nitrokey.com>
> >>> Reply-To: Nitrokey <info at nitrokey.com>
> >>> To: Hans-Christoph Steiner <hans at guardianproject.info>
> >>>
> >>> Deutsche Übersetzung ist hier:
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/d891PlpQflj763CzcTeLrLCQ/2drgzRE7oneOhHNyMnMe8g
> >>>
> >>> Dear Nitrokey supporters!
> >>>
> >>> Do you think your computer hardware is secure? Can you rule out that in
> >>> your absence no one has manipulated your computer? In a world, where
> >>> most users do not have any real control over their hardware and have to
> >>> blindly trust the security promises of vendors, NitroPad unlocks a
> >>> refreshingly new security experience. NitroPad X230 [1] is significantly
> >>> more secure than normal computers. With NitroPad, you'll have more
> >>> control over your hardware than ever before while maintaining ease of use.
> >>>
> >>> Features
> >>>
> >>> Tamper Detection Through Measured Boot
> >>>
> >>> Thanks to the combination of the open source solutions Coreboot [2],
> >>> Heads [3] and Nitrokey USB hardware, you can verify that your laptop
> >>> hardware has not been tampered with in transit or in your absence
> >>> (so-called evil maid attack). The integrity of the TPM, the firmware and
> >>> the operating system is effectively checked by a separate Nitrokey USB
> >>> key. Simply connect your Nitrokey to the NitroPad while booting and a
> >>> green LED on the Nitrokey will show that your NitroPad has not been
> >>> tampered with. If the LED should turn red one day, it indicates a
> >>> manipulation.
> >>>
> >>> Deactivated Intel Management Engine
> >>>
> >>> Vulnerable and proprietary low-level hardware parts are disabled to make
> >>> the hardware more robust against advanced attacks.
> >>>
> >>> The Intel Management Engine (ME) is some kind of separate computer
> >>> within all modern Intel processors (CPU). The ME acts as a master
> >>> controller for your CPU and has broad access to your computer (system
> >>> memory, screen, keyboard, network). Intel controls the code of the ME
> >>> and severe vulnerabilities have been found in the ME enabling local and
> >>> remote attacks. Therefore ME can be considered as a backdoor and has
> >>> been deactivated in NitroPad.
> >>>
> >>> Preinstalled Ubuntu Linux With Full-Disk Encryption
> >>>
> >>> NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS [4] with
> >>> full-disk encryption. Ubuntu is one of the most popular, stable and
> >>> easiest to use Linux distributions. Switching from Windows to Linux has
> >>> never been easier.
> >>>
> >>> Optional: Preinstalled Qubes OS For Highest Security Requirements
> >>>
> >>> Instead of Ubuntu Linux, on request you can get your NitroPad with
> >>> preinstalled Qubes OS 4.0 [5] and full-disk encryption.
> >>>
> >>> Qubes OS enables highly isolated working by means of virtual machines
> >>> (VM). A separate VM is started for each application or workspace. This
> >>> approach isolates applications and processes much more than conventional
> >>> operating systems. Qubes OS keeps your system secure, even if a
> >>> vulnerability has been exploited in one of the software applications
> >>> used. Example: If your PDF viewer or web browser has been successfully
> >>> attacked, the attacker cannot compromise the rest of the system and will
> >>> be locked out once the VM is closed.
> >>>
> >>> In addition, separate virtual workspaces can be used, such as an offline
> >>> workspace for secret data and an online workspace for communication.
> >>> NitroPad with Qubes OS is technically similar to SINA clients (for
> >>> governments), but remains transparent thanks to open source. Qubes OS is
> >>> for users who want maximum security.
> >>>
> >>> Keys Under Your Control
> >>>
> >>> All individual cryptographic keys are generated directly on the NitroPad
> >>> exclusively during installation and are not stored by us. However, all
> >>> individual keys can be replaced by you. Unlike "Secure Boot", the keys
> >>> for securing the operating system remain under your control and do not
> >>> depend on the consent of the vendor.
> >>>
> >>> Nitrokey USB Key Included
> >>>
> >>> NitroPad comes with a Nitrokey Pro 2 [6] or a Nitrokey Storage 2 [7].
> >>> Their security features include for example email encryption (PGP,
> >>> S/MIME), secure server administration (SSH) and two-factor
> >>> authentication through one-time passwords (OTP). The Nitrokey Storage 2
> >>> additionally contains an encrypted mass storage with hidden volumes.
> >>>
> >>> Professional ThinkPad Hardware
> >>>
> >>> Based on Lenovo ThinkPad X230, the hardware finish and robustness meet
> >>> professional quality standards. The famous ThinkPad keyboard with
> >>> background lighting and TrackPoint allows comfortable working. The used
> >>> laptops have been refurbished.
> >>>
> >>> Out-of-the-Box User Experience
> >>>
> >>> With NitroPad, you don't need to take care of opening the hardware
> >>> casing to flash the BIOS chip, installing and configuring Linux, or
> >>> pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey
> >>> is already configured with your NitroPad so that it can be used for
> >>> tamper detection without any further configuration effort.
> >>>
> >>> Security Conscious Shipping
> >>>
> >>> To make it more difficult to intercept and manipulate your NitroPad, the
> >>> NitroPad and the Nitrokey USB key can be shipped in two separate
> >>> shipments if desired.
> >>>
> >>> Use Cases
> >>>
> >>> For Everyone
> >>>
> >>> NitroPad enables you to detect hardware tampering. For example, if your
> >>> laptop is being inspected while crossing the border or if you leave your
> >>> device unattended in a hotel or during travelling, you can check the
> >>> integrity of your NitroPad with the help of the Nitrokey.
> >>>
> >>> For Enterprises
> >>>
> >>> NitroPad can serve as a hardened workstation for certificate authorities
> >>> and other use cases requiring high-security computers. On business
> >>> trips, the NitroPad protects against evil maid attacks while the
> >>> computer is unattended in a hotel or baggage.
> >>>
> >>> For Governments
> >>>
> >>> Governments can use NitroPad to protect themselves against advanced
> >>> persistent threats (APT) without relying on foreign proprietary technology.
> >>>
> >>> For Journalists
> >>>
> >>> If you as an investigative journalist are serious about protecting your
> >>> confidential sources, NitroPad helps you getting there.
> >>>
> >>> NitroPad X230 is now available in our Online Shop [1].
> >>>
> >>> More details are available in the product factsheet [8].
> >>>
> >>> Kind regards,
> >>> your Nitrokey team
> >>>
> >>> [1]
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/jZaFd1lbEdmWO6EYOcLzDQ/2drgzRE7oneOhHNyMnMe8g
> >>> [2]
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/YFe1znalGDB8Ua763Ggu9RKw/2drgzRE7oneOhHNyMnMe8g
> >>> [3]
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/cZ8CHlfV3cxRZgMwQJk6fQ/2drgzRE7oneOhHNyMnMe8g
> >>> [4]
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/UXFKS892rBzNshvgAM3iX7Sw/2drgzRE7oneOhHNyMnMe8g
> >>> [5]
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/D8RUORLEDmVGkJAOqOZ12w/2drgzRE7oneOhHNyMnMe8g/
> >>> [6]
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/3NM892YvQl3nQBfzax83fVdg/2drgzRE7oneOhHNyMnMe8g
> >>> [7]
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/892ZG8927tvGnlab4KjZMl8lQg/2drgzRE7oneOhHNyMnMe8g
> >>> [8]
> >>>
> >>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/ITDgVP8lO6ZSALVagGX892vw/2drgzRE7oneOhHNyMnMe8g
> >>>
> >>>
> >>> _______________________________________________
> >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
> >>>
> >>
> >>
> >> _______________________________________________
> >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> >> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
> >>
> > _______________________________________________
> > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> > To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
> >
>
> --
> PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
More information about the guardian-dev
mailing list