Purism at SCaLE 2019 – Retrospective on Secure PureBoot

• About
• Latest Posts

Todd Weaver

Founder and CEO
PGP Fingerprint: B8CA ACEA D949 30F1 23C4 642C 23CF 2E3D 2545 14F7

Latest posts by Todd Weaver (see all)

• Purism Differentiator Series, Part 14: Surveillance Capitalism - April 23, 2024
• Purism Differentiator Series, Part 13: Modularity & Right to Repair - April 23, 2024
• Purism Differentiator Series, Part 12: Secure Supply Chain and Made in USA Electronics - April 22, 2024

In March, Purism took part in the Southern California Linux Expo – SCaLE 2019.

Once again, we were so busy we barely had the time to leave our booth: people were very interested in the Librem 5 devkit hardware, in the latest version of the Librem laptops and PureOS, on having the same apps for the Librem laptops and the Librem 5 phone… so we got to do the full pitch. On a less technical note, our swag was quite a success. People told us they loved our paper notebook and carpenter pencil, and asked questions about the pencils – which, according to Kyle Rankin, Chief Security Officer of Purism, have a section that is “kind of shaped like our logo”, and being carpenter pencils “are designed so you can sharpen them without having to use a proprietary pencil sharpener.” Visitors (and team) loved them for being beautiful, unusual and useful.

Above all, our audience wanted to see the PureBoot demos (apart from an inspirational young attendee, who asked his grandmother to take him to SCaLE specifically so he could meet Todd Weaver, our founder and CEO) – and each time we thought we could take a break, someone else came up and asked about PureBoot. We had constant demonstrations of PureBoot on a Librem 13v4 and Librem Key, and got lots of excitement from the security community and enterprise customers – national and international.

PureBoot, as introduced earlier, is a combination of hardware – a trusted platform module (TPM) inside a Librem laptop – with a disabled Management Engine. It boots using a coreboot BIOS and a Heads payload, that verifies it hasn’t been tampered with, using a Librem Key. This combination is the strongest security available in computing devices. Unlike other secured boot processes, this combination also allows you to control and sign with your own keys. We were frequently asked to demonstrate PureBoot for enterprise use cases – specifically, what the best-practices would be for an enterprise to secure their fleet of laptops; these same enterprise best-practices may also be applied to an individual, whether a beginner or a security expert.

During the in-person demonstration, Purism team members showcased for the first time the complete PureBoot solution from start to finish (and we are about to get technical):

• A Librem 13v3 /boot partition was frozen in time and signed with a user-generated gpg key, on a Librem Key. The happy path is proven by an inserted Librem Key; the Librem laptop is powered on to show the device matches the previous known-good-state – and the LED blinks green.
• The system is booted and PureBoot unlocks the encrypted disk, using the Librem Key and the user’s PIN. The Librem Key is then removed, and a malicious attack is simulated by modifying the secrets stored in the TPM.
• The Librem Key is inserted, the Librem laptop powered back on, the measurements failed to match – alerting the user that the device was tampered with (since the last known-good-state) by a bright red screen on the Librem laptop, and a constantly blinking red LED on the Librem Key.
• The user of the Librem laptop can now decide how to handle the tampered-with laptop: by flipping the Hardware Kill Switch on the WiFi/BT and deciding to boot; by booting from a known-good USB recovery OS and performing forensics on the system; or by working with Purism to return the system to a known-good factory state.

PureBoot Enterprise Best Practices

The best practices for enterprise using Pureboot were also described to a regular audience at the Purism booth in Pasadena, and here they are, for reference:

• The IT/Security department uses an airgapped Librem Laptop, and they generate GPG keys for all staff and copy the GPG key per staff, onto an individual’s Librem Key;
• They physically label the Librem Key for the staff member, sign the staff member’s Librem laptop with the Librem Key, hand the Librem laptop (and Librem Key) to the staff member, who boots and sets up the Librem laptop like normal; uses the Librem Key for tamper-detection, disk-decryption, mail encryption among other uses, such as anti-interdiction;
• If a Librem Key is lost, a new key can be created from the airgapped backup Librem laptop, and handed to the staff member.
• If a device was tampered with, the IT/Security department can have any number of policies implemented including: Librem laptop drops to offline mode for document recovery; Librem laptop optionally wipes the disks, or Librem laptop flags the user to bring it to IT/Security.

This offers the best in class enterprise control, measuring single-bit detection and tampering on a signed image – while subscribing to the usable computing practice of “boot not brick” of devices in the field.

It was really nice meeting you at SCaLE, and we hope to see you next time.