Invest in the Future You Want to See.

A First Public Offering of Purism Stock on StartEngine. Minimum $500.

Invest Now

Anti-Interdiction on the Librem 14

Hardware, Librem 14, Security /

David Hamner

Latest posts by David Hamner (see all)

Whether you face extreme threats or want some extra peace of mind, you might want to be able to detect if someone tampers with your laptop when it’s out of your possession. Anti-interdiction can be particularly handy when traveling and for the initial delivery.

Manual Setup

Following this procedure will allow you to verify your laptop has not been used or modified, even if it’s left unattended for a lengthy time. You’ll need a Librem Key and some glitter nail polish. On the software side, your Librem 14 will need to be running PureBoot. For those that selected the coreboot bootloader at checkout, switching to PureBoot is straightforward.

Switching to PureBoot

If you are already running PureBoot with a paired Librem Key, you can skip onto the hardware preparation section. Keep in mind PureBoot requires a separate /boot partition formatted as ext4. If you’re running PureOS, we default to this boot setup, but other distros may need custom partitioning. To verify your boot partition is valid, run:

lsblk -f | grep /boot

You should see an ext4 filesystem.

Make sure your laptop is charging and connected to the internet for the PureBoot upgrade and run the following:

mkdir ~/updates
cd ~/updates
wget https://source.puri.sm/coreboot/utility/raw/master/corebootutil.sh -O corebootutil.sh
sudo bash ./coreboot_util.sh

This will prompt you for your root password, enter it, and select 1 to use a pre-built pureBoot image. It should auto-detect you’re using a Librem 14; Press enter.Select 2 to Install PureBoot. Enter ‘Y’ to continue.You can update the serial number or use the extracted value. Enter ‘Y’ again to start the upgrade process.Flashing will take a few min to complete. Once you see this message, you can attach the Librem Key and reboot. 

PureBoot will start up and begin the pairing process of your new Librem Key and BIOS. Press “Enter” to continue.You can enter custom information, Like your email and your name, if you’d like. This also gives you the option to export your newly generated keys to a USB. If you plan to sign emails with these keys, this is a good idea.The pairing will take about 3 min.

After a reboot, you’ll need to generate your new HOTP/TOTP secrets, select the defaults and follow the onscreen setup directions to complete the pairing.

Hardware Preparation

To verify the hardware is unmodified, apply glitter nail polish to at least the 4 outside screws. This will take a few hours to dry. Once completely dry, photograph the unique patterns on each of the screws. These will be used as a reference to compare and validate visually that the chassis is untampered with. Store the photos in a safe place like a password manager.If you’d rather skip the setup, we ship Librem 14s with these same Anti Interdiction services as an option at checkout. In addition, you’ll get tamper-evident tape on the surrounding laptop packaging within the box and separate shipping for the Librem Key and Laptop. On the software side, your Librem Key will come preloaded with a custom PIN. We will also discuss a customized threat model coordinated over encrypted email.

Purism Products and Availability Chart

 ModelStatusLead Time 
USB Security Token Purism Librem KeyLibrem Key

(Made in USA)		In Stock
($59+)		10 business days
Learn More Buy Now
Librem 5In Stock
($999+)
3GB/32GB		10 business days
Learn More Buy Now
Librem 5 + SIMple
(4 GB Data)		In Stock
($99/mo)		10 business days
Learn More Buy Now
Librem 5 + SIMple Plus
(10 GB Data)		In Stock
($129/mo)		10 business days
Learn More Buy Now
Librem 5 + AweSIM
(Unlimited Data)		In Stock
($169/mo)		10 business days
Learn More Buy Now
Librem 11In Stock
($999+)
8GB/1TB		10 business days
Learn More Buy Now
Most Secure Laptop Purism Librem 14Librem 14In Stock
($1,370+)		10 business days
Learn More Buy Now
Most Secure PC Purism Librem Mini
Librem MiniApr 2024
($799+)		Shipping April, 2024
Learn More Buy Now
Purism Liberty Phone with Made in USA ElectronicsLiberty Phone
(Made in USA Electronics)		Apr 2024
($1,999+)
4GB/128GB		Shipping April, 2024
Learn More Buy Now
Most Secure Server Purism Librem ServersLibrem ServerApr 2024
($2,999+)		Shipping April, 2024
Learn More Buy Now
The current product and shipping chart of Purism Librem products, updated on March 26th, 2024

Recent Posts

Related Content

Tags

Advanced readers AweSIM Battery life Benchmarks and testing Boot and BIOS Chipsets and components Communications infrastructure Crowdfunding Customer Feedback cybersecurity Enterprise FLOSS applications Giving and contributing back Graphics infosec Laptops librem 5 Librem 5 USA Librem 14 Linux kernel Made in USA Electronics most secure computer most secure laptop most secure pc most secure phone Newsletter and status updates Phones Power management Press Privacy Product or service launch PureOS secure computing Security Social media Software freedom Supply chain Tablets Testimonials and user stories Tips and tricks User empowerment User experience design User interaction design Videos Website
Purism

3D renders are artist renderings, for illustration purposes. Images and specifications are subject to change depending on manufacturing requirements.

Unless otherwise noted, contents created by the Purism team on this website are copyleft with a CC-by-SA 4.0 license.