How do you bootstrap trust when you have to order a trusted computer from an untrusted one? One way is with our anti-interdiction services and in this article I will talk through how that works.
There are many different reasons why customers add our anti-interdiction services to their phone or laptop orders. When you sign up for anti-interdiction, I work with you personally to identify your threats and talk you through the different measures we can put in place. As a result I have seen a full spectrum of reasons for anti-interdiction. Some (arguably most) customers aren’t facing a particular threat, but instead just want some peace of mind that their device hasn’t been tampered with in shipping so they can start with a clean, secure computer. On the other end of the spectrum are customers who have past experience with tampering and reason to believe that their new computer will be tampered with in transit either by local governments, couriers, neighbors, stalkers, or even family members.
Yet one of the most challenging threat models is when a customer has reason to believe their current computer, email, and other devices are compromised. Even more challenging, their devices have been compromised by someone with some level of physical access, whether as a family member, an abusive ex, or a stalker. Interdiction is a real concern, and they are ordering Purism devices so they can start with a clean slate.
PureBoot is our high-security, tamper-detecting boot firmware that we ship by default on all Librem 14 and Librem Mini anti-interdiction orders. With PureBoot we can pair the computer with a Librem Key such that if the boot firmware or OS has been tampered with, the Librem Key will flash red, warning the user before they boot or type in any secrets. We can also optionally set a unique PIN on the Librem Key which means that only people who know the PIN can re-sign files in boot or load different firmware without detection. We then ship the Librem Key and computer separately, with the understanding that it is twice as difficult to interdict two packages instead of one.
When we need to bootstrap trust from an untrusted device, there are a few anti-interdiction measures I generally recommend. First, since we are assuming that the customer’s email is compromised, we do not use it to share secrets, such as a unique PIN. Instead, I will generate a random PIN that I only share with the customer after they receive both the Librem Key and the computer and inspect for physical tampering. Then, since this secret was shared over an insecure channel, I recommend that the customer immediately change the PIN to something only they know–which is a best practice we recommend to all PureBoot users in our Getting Started Guide.
Secondly, I recommend that we ship the Librem Key first, and only ship the computer once the customer confirms they have received the Librem Key. This ensures that even if both packages are interdicted, it is impossible for them to be in the same place at the same time. By themselves, it would be difficult for an attacker to do much apart from easily-detectable tampering on either device. If both packages were interdicted at the same time, an attacker could tamper with the firmware or OS and then reset both devices with new keys. Even in this case we could detect such tampering due to the fact that the random, secret PIN would have changed to something new, but by staggering the shipment of the Librem Key and computer, we ensure we don’t have to resort to that test.
Finally, I always recommend a customer facing this threat implement our glitter nail polish measure, at least on some of the screws. With this in place, an attacker cannot remove the case and tamper with the hardware without disturbing the unique pattern of glitter covering the screws. We take pictures of the unique glitter pattern as well as the inside of the computer before we ship, and can share those pictures with the customer if they see signs that the initial tamper seals on the packaging were disturbed.
With all of these measures in place, an attacker is much less likely to attempt to tamper with the computer, and the customer can have peace of mind that they are starting with a clean, secure device. Once they boot and set their own unique passwords, they can then use this clean slate to create a new, safe email account (perhaps on our Librem One platform).
Even after shipping, customers can use the tamper detection in PureBoot to test their computer for tampering whenever it is unattended. As long as they keep their Librem Key with them, when they go back to their computer they can immediately test it for firmware and software tampering. We also recommend customers take their own pictures of the glitter nail polish patterns with lighting and camera angles under their control. This makes it much easier to detect physical tampering later on.
While most people (thankfully) don’t face this level of threat, you can still take advantage of the advanced security from anti-interdiction and PureBoot even if you just want extra peace of mind. If you would like to add this service to your own order, just look for the “PureBoot Bundle Anti-Interdiction” option in the firmware drop-down on the shop page for Librem 14, Librem Mini, or the checkbox to add “Anti-Interdiction Service” for Librem 5 USA and Librem 5.
|Librem Mini||In Stock||10 days|
|Librem Servers||Coming Soon||--|
|Librem Key||In Stock||10 days|
|Librem 14||In Stock||10 days|
|Librem 5 USA||In Stock||10 days|
|Librem 5||Currently shipping backlogs||20 weeks|