[guardian-dev] Fwd: NitroPad: Secure Laptop With Unique Tamper Detection
Hans-Christoph Steiner
hans at guardianproject.info
Tue Jan 21 05:54:55 EST 2020
glad to hear that the FP3 is good! They are making progress then. I
like the FP2 well enough, but its buggy. Partially, I assume that's
because it is hard to make a device with easy to swap out parts. Its a
bummer they don't have Fairphone Open for FP3, but I think they are
overwhelmed with Android integration work, so its better to have one
solid ROM than a Play and an Open where neither are solid.
.hc
Abel Luck:
> Agreed with both of you.
>
> I still use my librem daily. I said I wouldn't buy another, but that's
> cause I plan to use it for a long time until hopefuly there is a good
> alternative. And I guess if my Librem drowned today I would buy another :S.
>
> I plug in my own keyboard, and can get non-USBC hubs for things like
> ethernet. But screen size and ram.. there are limits to the tradeoffs
> I'll make.
>
> The FP3 is not that bad tbh. Everyone in my household has one now!
>
> ~abel
>
> Devrandom:
>> Agreed, ergonomics are definitely not top-notch, and I hope there's an
>> iteration that improves things. However, for development and Qubes I
>> need 32GB. That, together with the freedom aspect trumps other
>> considerations.
>>
>> On Thu, Jan 16, 2020 at 2:29 AM Hans-Christoph Steiner
>> <hans at guardianproject.info> wrote:
>>>
>>>
>>> I hear you, and I've similar things from others. Fairphone is in a
>>> similar boat. I think we need to compare apples to apples here: what
>>> Nitrokey, Librem and Fairphone are trying to do is important, no other
>>> providers are doing those things better. Things like:
>>>
>>> * true free software support
>>> * hardware switches
>>> * repairability
>>> * conflict-free minerals
>>>
>>> .hc
>>>
>>> Abel Luck:
>>>> I have a Purism Librem v3 (the 13" model) and I have to say I am not
>>>> very happy with it.
>>>>
>>>> From a privacy pov, it's nice. ME can be disabled manually. The hardware
>>>> switches are very handy. Rather than ship binary blobs for the bluetooth
>>>> driver, they left that feature out, not compromising. Which I like.
>>>>
>>>> However from an ergonomics/usability pov, I am quite dissatisfied. When
>>>> I say the keyboard is bad, I'm not a keyboard snob. It truly is just a
>>>> bad keyboard, I really dread having to go on the road and use the
>>>> keyboard for any length of time. The trackpad quality is also very low.
>>>>
>>>> Also the laptop comes with a usb c port, which is basically useless as
>>>> it doesn't support thunderbolt, which means no adapter for ethernet or
>>>> external displays. Waste of a port!
>>>>
>>>> I wouldn't buy another Librem :/
>>>>
>>>> That NitroPad looks interesting, but the deal breaker for me is the
>>>> 1366x768 px screen. So small! 1920x1080 is the minimum I would ever get
>>>> in a laptop again.
>>>>
>>>> ~abel
>>>>
>>>> Devrandom:
>>>>> This is a Lenovo. The Purism laptop goes to 32GB and has hardware kill
>>>>> switches. It also has secure boot with the Nitrokey and the TPM option,
>>>>> but I didn't try it (yet).
>>>>>
>>>>> On Wed, Jan 8, 2020 at 4:19 AM Hans-Christoph Steiner <
>>>>> hans at guardianproject.info> wrote:
>>>>>
>>>>>>
>>>>>> Looks like quite a nice laptop setup for privacy:
>>>>>>
>>>>>>
>>>>>> -------- Forwarded Message --------
>>>>>> Subject: NitroPad: Secure Laptop With Unique Tamper Detection
>>>>>> Date: Tue, 7 Jan 2020 10:25:13 +0100
>>>>>> From: Nitrokey <info at nitrokey.com>
>>>>>> Reply-To: Nitrokey <info at nitrokey.com>
>>>>>> To: Hans-Christoph Steiner <hans at guardianproject.info>
>>>>>>
>>>>>> Deutsche Übersetzung ist hier:
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/d891PlpQflj763CzcTeLrLCQ/2drgzRE7oneOhHNyMnMe8g
>>>>>>
>>>>>> Dear Nitrokey supporters!
>>>>>>
>>>>>> Do you think your computer hardware is secure? Can you rule out that in
>>>>>> your absence no one has manipulated your computer? In a world, where
>>>>>> most users do not have any real control over their hardware and have to
>>>>>> blindly trust the security promises of vendors, NitroPad unlocks a
>>>>>> refreshingly new security experience. NitroPad X230 [1] is significantly
>>>>>> more secure than normal computers. With NitroPad, you'll have more
>>>>>> control over your hardware than ever before while maintaining ease of use.
>>>>>>
>>>>>> Features
>>>>>>
>>>>>> Tamper Detection Through Measured Boot
>>>>>>
>>>>>> Thanks to the combination of the open source solutions Coreboot [2],
>>>>>> Heads [3] and Nitrokey USB hardware, you can verify that your laptop
>>>>>> hardware has not been tampered with in transit or in your absence
>>>>>> (so-called evil maid attack). The integrity of the TPM, the firmware and
>>>>>> the operating system is effectively checked by a separate Nitrokey USB
>>>>>> key. Simply connect your Nitrokey to the NitroPad while booting and a
>>>>>> green LED on the Nitrokey will show that your NitroPad has not been
>>>>>> tampered with. If the LED should turn red one day, it indicates a
>>>>>> manipulation.
>>>>>>
>>>>>> Deactivated Intel Management Engine
>>>>>>
>>>>>> Vulnerable and proprietary low-level hardware parts are disabled to make
>>>>>> the hardware more robust against advanced attacks.
>>>>>>
>>>>>> The Intel Management Engine (ME) is some kind of separate computer
>>>>>> within all modern Intel processors (CPU). The ME acts as a master
>>>>>> controller for your CPU and has broad access to your computer (system
>>>>>> memory, screen, keyboard, network). Intel controls the code of the ME
>>>>>> and severe vulnerabilities have been found in the ME enabling local and
>>>>>> remote attacks. Therefore ME can be considered as a backdoor and has
>>>>>> been deactivated in NitroPad.
>>>>>>
>>>>>> Preinstalled Ubuntu Linux With Full-Disk Encryption
>>>>>>
>>>>>> NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS [4] with
>>>>>> full-disk encryption. Ubuntu is one of the most popular, stable and
>>>>>> easiest to use Linux distributions. Switching from Windows to Linux has
>>>>>> never been easier.
>>>>>>
>>>>>> Optional: Preinstalled Qubes OS For Highest Security Requirements
>>>>>>
>>>>>> Instead of Ubuntu Linux, on request you can get your NitroPad with
>>>>>> preinstalled Qubes OS 4.0 [5] and full-disk encryption.
>>>>>>
>>>>>> Qubes OS enables highly isolated working by means of virtual machines
>>>>>> (VM). A separate VM is started for each application or workspace. This
>>>>>> approach isolates applications and processes much more than conventional
>>>>>> operating systems. Qubes OS keeps your system secure, even if a
>>>>>> vulnerability has been exploited in one of the software applications
>>>>>> used. Example: If your PDF viewer or web browser has been successfully
>>>>>> attacked, the attacker cannot compromise the rest of the system and will
>>>>>> be locked out once the VM is closed.
>>>>>>
>>>>>> In addition, separate virtual workspaces can be used, such as an offline
>>>>>> workspace for secret data and an online workspace for communication.
>>>>>> NitroPad with Qubes OS is technically similar to SINA clients (for
>>>>>> governments), but remains transparent thanks to open source. Qubes OS is
>>>>>> for users who want maximum security.
>>>>>>
>>>>>> Keys Under Your Control
>>>>>>
>>>>>> All individual cryptographic keys are generated directly on the NitroPad
>>>>>> exclusively during installation and are not stored by us. However, all
>>>>>> individual keys can be replaced by you. Unlike "Secure Boot", the keys
>>>>>> for securing the operating system remain under your control and do not
>>>>>> depend on the consent of the vendor.
>>>>>>
>>>>>> Nitrokey USB Key Included
>>>>>>
>>>>>> NitroPad comes with a Nitrokey Pro 2 [6] or a Nitrokey Storage 2 [7].
>>>>>> Their security features include for example email encryption (PGP,
>>>>>> S/MIME), secure server administration (SSH) and two-factor
>>>>>> authentication through one-time passwords (OTP). The Nitrokey Storage 2
>>>>>> additionally contains an encrypted mass storage with hidden volumes.
>>>>>>
>>>>>> Professional ThinkPad Hardware
>>>>>>
>>>>>> Based on Lenovo ThinkPad X230, the hardware finish and robustness meet
>>>>>> professional quality standards. The famous ThinkPad keyboard with
>>>>>> background lighting and TrackPoint allows comfortable working. The used
>>>>>> laptops have been refurbished.
>>>>>>
>>>>>> Out-of-the-Box User Experience
>>>>>>
>>>>>> With NitroPad, you don't need to take care of opening the hardware
>>>>>> casing to flash the BIOS chip, installing and configuring Linux, or
>>>>>> pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey
>>>>>> is already configured with your NitroPad so that it can be used for
>>>>>> tamper detection without any further configuration effort.
>>>>>>
>>>>>> Security Conscious Shipping
>>>>>>
>>>>>> To make it more difficult to intercept and manipulate your NitroPad, the
>>>>>> NitroPad and the Nitrokey USB key can be shipped in two separate
>>>>>> shipments if desired.
>>>>>>
>>>>>> Use Cases
>>>>>>
>>>>>> For Everyone
>>>>>>
>>>>>> NitroPad enables you to detect hardware tampering. For example, if your
>>>>>> laptop is being inspected while crossing the border or if you leave your
>>>>>> device unattended in a hotel or during travelling, you can check the
>>>>>> integrity of your NitroPad with the help of the Nitrokey.
>>>>>>
>>>>>> For Enterprises
>>>>>>
>>>>>> NitroPad can serve as a hardened workstation for certificate authorities
>>>>>> and other use cases requiring high-security computers. On business
>>>>>> trips, the NitroPad protects against evil maid attacks while the
>>>>>> computer is unattended in a hotel or baggage.
>>>>>>
>>>>>> For Governments
>>>>>>
>>>>>> Governments can use NitroPad to protect themselves against advanced
>>>>>> persistent threats (APT) without relying on foreign proprietary technology.
>>>>>>
>>>>>> For Journalists
>>>>>>
>>>>>> If you as an investigative journalist are serious about protecting your
>>>>>> confidential sources, NitroPad helps you getting there.
>>>>>>
>>>>>> NitroPad X230 is now available in our Online Shop [1].
>>>>>>
>>>>>> More details are available in the product factsheet [8].
>>>>>>
>>>>>> Kind regards,
>>>>>> your Nitrokey team
>>>>>>
>>>>>> [1]
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/jZaFd1lbEdmWO6EYOcLzDQ/2drgzRE7oneOhHNyMnMe8g
>>>>>> [2]
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/YFe1znalGDB8Ua763Ggu9RKw/2drgzRE7oneOhHNyMnMe8g
>>>>>> [3]
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/cZ8CHlfV3cxRZgMwQJk6fQ/2drgzRE7oneOhHNyMnMe8g
>>>>>> [4]
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/UXFKS892rBzNshvgAM3iX7Sw/2drgzRE7oneOhHNyMnMe8g
>>>>>> [5]
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/D8RUORLEDmVGkJAOqOZ12w/2drgzRE7oneOhHNyMnMe8g/
>>>>>> [6]
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/3NM892YvQl3nQBfzax83fVdg/2drgzRE7oneOhHNyMnMe8g
>>>>>> [7]
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/892ZG8927tvGnlab4KjZMl8lQg/2drgzRE7oneOhHNyMnMe8g
>>>>>> [8]
>>>>>>
>>>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/ITDgVP8lO6ZSALVagGX892vw/2drgzRE7oneOhHNyMnMe8g
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>>>>
>>>> _______________________________________________
>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>>>
>>>
>>> --
>>> PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
>>> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
>>> _______________________________________________
>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>> _______________________________________________
>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
>> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>>
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
More information about the guardian-dev
mailing list