Tag: Boot and BIOS

Coreboot and Skylake, part 2: A Beautiful Game!

Hi everyone,

While most of you are probably excited about the possibilities of the recently announced “Librem 5” phone, today I am sharing a technical progress report about our existing laptops, particularly findings about getting coreboot to be “production-ready” on the Skylake-based Librem 13 and 15, where you will see one of the primary reasons we experienced a delay in shipping last month (and how we solved the issue).

TL;DR: Shortly we began shipping from inventory the coreboot port was considered done, but we found some weird SATA issues at the last minute, and those needed to be fixed before shipping those orders.

  • The bug was sometimes preventing booting any operating system, which is why it became a blocker for shipments.
  • I didn’t find the “perfect” fix yet, I simply worked around the problem; the workaround corrects the behavior without any major consequences for users, other than warnings showing up during boot with the Linux kernel, which allowed us to resume shipments.
  • Once I come up with the proper/perfect fix, an update will be made available for users to update their coreboot install post-facto. So, for now, do not worry if you see ATA errors during boot (or in dmesg) in your new Librem laptops shipped this summer: it is normal, harmless, and hopefully will be fixed soon.

Read more

“Ship from inventory” has begun

With the new  batch of Librem 13 and Librem 15 this summer, we created our first ever “inventory” to shift from a purely build to order (preorders) model to a build to stock model. In other words, for the first time in our existence, we now have more laptops in stock than the amount of orders, which means new orders can be fulfilled in 7-10 days instead of taking months. We made a formal announcement about this a few days ago, and would like to take the time today to thank you, early supporters, for having made it possible for us to reach this milestone! As we finish working through our backlog and finalizing our coreboot port to correct some last minute bugs (more on this later), some users have already started receiving their Librems:

P.s.: got your Librem? Feel free to post a photo while mentioning us on Twitter, or in this forum thread!

At the forefront

These new models ship with coreboot preloaded and the newest version of PureOS—featuring Wayland and GNOME 3 by default. We are, in fact, the first independent hardware manufacturer of brand new laptops to do this.

We are also uniquely positioned to ship with Skylake processors immune to the hyperthreading issue recently disclosed by OCaml developers, independently of whether or not you run PureOS on your Librem, as we have bundled the fix and rebuilt our coreboot images for the current inventory being shipped out from this week forward (those who have already received their Librems last week will be able to apply a BIOS update to fix the issue on their machines). Think about this for a second: there are no other manufacturers of brand new laptops in the world who can provide such a timely BIOS update, while shipping, within 48 hours of a CPU issue being publicly disclosed by a third-party mailing list.

Get them while they’re hot

We are expecting to sell through this first inventory fairly quickly. For those who did not want to preorder and wanted to buy only when inventory becomes available, this is your chance—don’t miss it! Afterwards, we will manufacture increasingly frequent batches until we reach cruising speed and have a tightly controlled right-on-time rolling inventory to ship from.

Coreboot on the Librem 13 v2, part 1

Hello everyone! I am very happy to announce that the coreboot port to the Librem 13 v2 as well as the Librem 15 v3 is done! Wow, what an adventure! The entire thing took about 2 weeks of hard work, and an additional week of testing, fixing small issues that kept popping up, and cleaning up the code/commits.

It was truly an adventure, and I would have liked to stop and take the time to write 10 blog posts during that time, one for every major bump in the road or milestone, but I was under a strict deadline because we needed to finish the port before we started shipping the new Librem 13 v2 hardware (from now on referred to as ‘the v2’), so it could be shipping with coreboot pre-installed from day one. Now that the port is finished, I can finally start writing the first chapter in the story.

TL;DR: in the process of porting the Skylake-based Librem 13 v2 to coreboot, I have implemented a new debugging method (“flashconsole”) and added it to coreboot. It has been reviewed and merged upstream. Read more

A fleet of coreboot laptops assembles

Following up on our status update where we revealed the imminent shipping date and general availability of our laptops this June, we’re happy to let you know today that we’ve recently had a breakthrough in our work to port the new laptops to coreboot, thanks to the fruitful collaboration between our coreboot developer Youness “KaKaRoTo” Alaoui and Matt “Mr. Chromebox” DeVillier (to whom we sent a prototype unit). Our coreboot port is now working for both the Librem 13 v2 and the Librem 15 v3, with all the test cases passing.

We are now pretty confident that we should be able to have coreboot firmware ready in time for factory preloading of the new inventory we’ll be shipping from in June. As we receive the first “production” units, we will ship some of those across the border, so that Youness can re-test and finalize the port on those machines (the results should be the same, but we want to make sure everything is top-notch). I will also seize the opportunity to take good reference images in our photo studio.

In the meantime, Youness is currently busy preparing his code contributions to be upstreamed officially to the coreboot project, after which he will be attending the 2017 edition of the coreboot conference in Denver. You will also soon be able to read his latest technical findings as part of the current round of coreboot ports.

The only model that will remain to be ported to coreboot afterwards will be the Librem 15 v2 (it turns out that the “v1” was an early demonstration unit that was sent out to some reviewers but never made it into large-scale production, so it does not actually need to be ported), thus reaching a milestone and honouring a promise that many of you have been eagerly looking forward to. That remaining port should be fairly straightforward to do, now that Youness has gained a lot of experience with other models. Then, depending on how the timing plays out this summer, our reverse engineering work is expected to resume from where we left off.

How Purism Avoids Critical Intel Security Exploit

Intel dropped a fairly large bombshell on the world May 1st, 2017, when they published a security advisory that explains how nearly every single Intel chip since 2008 is now vulnerable to a remote exploit through AMT, even when powered off.

Purism, which uses Intel chips, happens to be immune to this very nasty threat. Purism happens to also be the only manufacturer where all products are designed specifically to be immune to this very substantial threat. Purism is able to accomplish this thanks to its strict belief in digital rights for users and adherence to its social purpose; it is this philosophy that brings Purism to systematically remove exploitable firmware from the computers it makes, and users are all the better for it.

We already published a lengthy article on the potential of this type of threat, which you can find at How Purism Avoids Intel AMT, but in case you wanted the shorter version:

  1. We choose Intel CPUs that do not have the hardware enabled to be exploitable (no vPro/AMT)
  2. We avoid Intel networking, to remove this exact threat (no Intel networking, no remote exploit from exploitable firmware)
  3. We neutralize the exploitable firmware

The larger message rings true; if you can’t control the computer, the computer controls you. This turn of events highlights that fact clearly; this exploitable Intel firmware is a binary at the lowest level of the CPU, outside the view of the user, allowing for anybody to use it to gain full control of the computer, even when the device is powered off. This represents the worst of all possible security vulnerabilities, and we are very proud to have a philosophy that makes our products the only high-end current hardware offering that can safely avoid this Intel security exploit.

How Purism avoids Vault 7 leaked threats “Dark Matter”

Recently, WikiLeaks unloaded another lot of Vault 7 documents, under the “Dark Matter” codename. In there, other tools and techniques used by the CIA to gain persistent remote exploits on Apple devices (including Macs and iPhones) are revealed.

Most of these attacks target Apple’s EFI/UEFI firmware, therefore such infections persist even if the operating system is re-installed. This collection of threats, including Sonic Screwdriver, Triton, Der Starke, and Dark Sea Skies, all utilize the same general principle: to attack a device at the BIOS level depth, in order to seize control of all shallower levels including the operating system, applications, networking, and web access.

In addition to the EFI/UEFI exploits mentioned, there are targeted exploits such as Night Skies focusing on iPhones, or the Sea Pea rootkit focusing on Apple’s Mac OS X kernel specifically.

Night Skies is a tool that operates in the background and does not exhibit user-alerting behavior, providing upload, download and execution capability on the device. NightSkies will attempt to use any available Internet connection to beacon. Once user activity is detected, it will monitor specific directories on the phone such as the browser history file, YouTube video cache, map files cache, or mail files metadata. Night Skies can then:

  • retrieve files from the iPhone including the address book, SMSes, call logs, etc.;
  • send files and binaries to the iPhone (such as additional hacking tools);
  • execute arbitrary commands on the iPhone;
  • grant full remote command and control;
  • masquerade as the standard HTTP protocol for communications;
  • use XXTEA block encryption to provide secure communications;
  • provide self-upgrade capability.

Sea Pea, on the other hand, is a rootkit designed for Mac OS X’s kernel, that will remain on the system unless one of the following conditions are met: the hard drive is reformatted, an upgrade is made to the next major version of OS X (i.e. 10.6), or an error is encountered (at which point SeaPea may remove itself).

What these threats continue to showcase is that EFI/UEFI is an ideal low-level backdoor to control a user’s device without their knowledge, and the leaked documents shows how widespread these threats are against any user running a EFI/UEFI BIOS.

Purism is working hard to make its products immune against these threats by designing its devices to be able to run coreboot instead EFI/UEFI. Purism also utilizes PureOS (a GNU/Linux based distribution that does not contain any mystery binaries), so the entire source code stack can be audited.

These documents continue to reinforce the fact that security is a game of depth, and the deeper you go with releasing free software where the source code can be audited, the better.

Purism has future plans of including hardware encryption tools to verify the entire boot chain, putting the entire system under a user’s control, rather than that of a bad corporation, government, spying agency, criminals, or ISPs.

Security Researcher Trammell Hudson and Device Maker Purism Join Forces to Set a New Standard for Security-Focused Laptops

Hudson’s security firmware Heads will be built into Purism Librem hardware to further protect users from cybersecurity threats, privacy invasion, identity theft, and more.

SAN FRANCISCO, CA — APRIL 12, 2017 — One of the foremost security researchers in the infosec community, Trammell Hudson, is working with secure device maker Purism to integrate his free and open-source “Heads” firmware into the company’s Librem laptop line. Purism will be the first hardware company to integrate Heads into its products, and the partnership will push the industry standard with unprecedented protection for end-user devices. Testing has already begun for the integration of the two platforms. Read more

Bringing Librem 13 v2 and Librem 15 v3 prototypes back from LibrePlanet for further coreboot porting work

A few days ago we gave you a very quick sneak peek of the Librem 15 v3’s anodized black finish as we were doing final preparations for our LibrePlanet 2017 attendance. We were very happy to support the Free Software Foundation by sponsoring LibrePlanet! On Saturday morning, we started setting up our booth slowly, thinking there would not be much activity going on at the beginning of the day. We were proved wrong:

There was a crowd around our booth at pretty much all times (except lunchtime) throughout the day Saturday, during which it was revealed that Todd is possibly a cyborg, as he stood there answering questions for eight hours straight, without needing to eat, drink, or sit:

Great discussions were had. James was also present, attending talks and officially winning our photobomber of the year award, as you can see him in the lower-right corner of this photo:

New passions bloomed among attendees:

People who saw and touched the Librems found them to be quite impressive. For instance:

Some of the frequent comments we heard were “Wow. They’re even better than on the photos!”, “When can I buy one?” and “I was a Purism skeptic, but I see you are delivering on your promises and making the impossible possible.”

Really encouraging!

Upcoming coreboot work

While we were hard at work answering thousands of questions at LibrePlanet, our coreboot developer Youness was on vacation while waiting for some more testing hardware. This week he will be resuming his work on preparing/packaging coreboot for release, and with the two new prototype units I brought back from Boston he will also be able to begin the coreboot port for these devices. We hope to do that in time to factory-flash them for the next batch of deliveries in May-June, but we’ll see how the development work pans out. If it’s not ready within that short timespan, we will provide coreboot as an update that you can flash yourself.

Youness has also made some additional progress on the Intel ME, thanks to information and data that Igor Skochinsky was able to share with us. Stay tuned for Youness’ next report!

Yet Another EFI/UEFI Exploit, this one Utilizing NVRAM and Persistent Storage

Continuing on our previous post on this topic, another EFI/UEFI BIOS exploit theoretically known–and even proven to work by Trammel hudson some years ago–that resurfaced through the Vault 7 documents, is the EFI/UEFI exploit that can write to NVRAM or persistent storage. This means that this exploit cannot be detected from hard drive inspection, and can survive through a complete OS reinstall if you’re using EFI/UEFI (which is not a problem for Purism users running coreboot).

The CIA documents describe it best:

“These variables present interesting opportunities for our tools since they will survive a OS reinstall and are invisible to a forensic image of the hard drive. What’s also interesting is that there is no way to enumerate NVRAM variables from the OS… you have to know the exact GUID and name of the variable to even determine that it exists.” — the CIA, as leaked through the Vault 7 Persistent Storage Document

This line also summarizes intent for the exploit:

“This might be a good place to put either implants or encryption keys. If every implant deployment used a different GUID/name pair, it would make the variables a bit more difficult to discover.” — the CIA, from the Vault 7 Persistent Storage Document

This continues to reinforce that our philosophy and beliefs are the only way to have long-term products that respects users’ digital rights.