Tag: Laptops

Introducing the Librem Key

A few months ago we announced that we were partnering with Nitrokey to produce a new security token: the Librem Key and I’m pleased to announce that today the Librem Key is available for purchase on our site for $59.

What is a USB Security Token?

In case you haven’t heard of USB security tokens before, they are devices typically about the size of a USB thumb drive that can act as “something you have” for multi-factor authentication. With so many attacks on password logins, most security experts these days recommend adding a second form of authentication (often referred to as “2FA” or “multi-factor authentication”) in addition to your password so that if your password gets compromised the attacker still has to compromise your second factor. USB security tokens work well as this second factor because they are “something you have” instead of “something you know” like a password is, and because they are portable enough you can just keep them in your pocket, purse, or keychain and use them only when you need to login to a secure site.

In addition to multi-factor authentication, security tokens can also often store your private GPG keys in a tamper-proof way so you can protect them from attackers who may compromise your laptop. With your private keys on the security token, you can just insert the key when you need to encrypt, decrypt, sign, or authenticate and then type in your PIN to unlock the key. Since your private keys stay on the security token, even if an attacker compromises your computer, they can’t copy your keys (and even if you leave the key plugged in, they need to know your PIN to use it).

Why Make a Librem Key?

There are many other vendors out there who offer their own security tokens, so why make our own? The first reason is that few security tokens out on the market align with our values here at Purism, in particular with respect to freedom. I’ve explained in a previous post why freedom is essential to security and privacy and this is especially true for a device that is holding some of your most sensitive secrets. We wanted a security token that used open hardware, free software firmware, and free software user applications and that is why we partnered with Nitrokey to produce a security token that respected your freedom from the beginning.

We also wanted to make the Librem Key because of all of the integration possibilities with our existing products that would make customers more secure in a way that’s also more convenient. When you can bundle a security token with your own laptop and operating system, there are so many interesting possibilities, especially when the firmware and user applications are free software so we can easily modify them to add even more features.

In addition to the standard features of a security token (GPG key storage and multi-factor authentication) that the Librem Key can perform on any computer, here are some of the interesting integration options with our Librem laptops we are already looking into with the Librem Key that will make security much more convenient for users who are facing average threats:

  • Insert the Librem Key at boot and automatically decrypt your hard drive
  • Automatically lock your laptop whenever you remove the Librem Key
  • Use your Librem Key to log in

Provable Security, Made Easy

One of the most exciting opportunities the Librem Key opens up to us is in integrating with our tamper-evident Heads BIOS to provide cutting-edge tamper-evident security but in a convenient package that doesn’t exist anywhere else.

Currently with Heads, when you want to prove that the BIOS hasn’t been tampered with, you need to set up a TOTP application on your phone and scan a QR code from within Heads. Then at each boot you compare the 6-digit code Heads displays on the screen with the code in your phone. If the codes match, the BIOS is safe. This method works but is a bit cumbersome and with the Librem Key we can do better.

We have worked with Nitrokey to add a custom feature to our Librem Key firmware specifically for Heads. This custom firmware along with a userspace application allows us to store the shared secret from the TPM on the Librem Key instead of on a phone app. Then when Heads boots, if the BIOS hasn’t been tampered with the TPM will unlock its copy of the shared secret, and Heads will send the 6-digit code over to the Librem Key. If the code matches what the Librem Key itself generated, it flashes a green light. If the codes don’t match, it flashes a red light.

So if you are concerned about someone tampering with your computer when you aren’t around, just boot with the Librem Key inserted. If it blinks green you are safe, if it blinks red you’ve been tampered with. There is no other product on the market today that offers this kind of simple but strong tamper-evident protection, much less one that respects your freedom where the keys are fully in your control.

Even Stronger Anti-Interdiction Protection

The Librem Key opens up possibilities for even stronger anti-interdiction protection for customers who need it. We will be able to link a Librem Key with a laptop running Heads at our facility and then ship them separately. Then when each package arrives you can immediately test for tampering with an easy “green is good, red is bad” test.

Convenient Security for the Enterprise

Many companies have already incorporated 3rd party security tokens into their engineering teams as a way for software engineers to sign their code pushes securely or as convenient multi-factor token. The Librem Key offers enterprises a way to combine all of the other features they are used to with other security tokens along with our cutting-edge tamper-evident boot process on our Librem laptops in an easy and convenient package where all of the keys are fully under their control.

Since the firmware and userspace tools are free software, that means enterprises can also easily customize these tools to suit their own internal policies whether with their own software teams or by working with Purism. That could mean anything from providing a customized error page to employees when Heads detects tampering to actively preventing employees from booting a tampered-with machine.

Only the Beginning

Knowing that our customers have a secure and freedom-respecting security token opens up all sorts of other possibilities and today we are only scratching the surface on what we will be able to do with Librem Key both for new customers and those that have been with us from the beginning. Stay tuned for future posts where I will dive deeper into some of the Librem Key’s features and explain how to get the most out of it. In the mean time you can order your own Librem Key from the Librem Key product page.

Purism launches Librem Key, the first and only security key to offer tamper evident protection to laptop users

New OpenPGP smart cards now available for purchase on Purism’s website

SAN FRANCISCO, Calif., September 20, 2018 — Purism, the social purpose corporation which designs and produces popular digital rights respecting hardware, software, and services, has launched its new security token, the Librem Key, which is the first and only OpenPGP smart card providing a Heads-firmware-integrated tamper-evident boot process. The new Librem Key, built with Open Hardware USB OpenPGP security tokens from Nitrokey, can store up to 4096-bit RSA keys and up to 512-bit ECC keys and can securely generate them directly on the device. Librem Keys are now available for purchase on Purism’s website, with Librem laptops or as a single order. Librem Keys will be able to provide basic security token functions on any laptop, but have extended features that work exclusively with Purism’s Librem laptop line and other devices that support Trammel Hudson’s Heads security firmware. Read more

The Back to School sale is on!

For some of you, it is a time to return your educational institution and continue the important process of learning about the world around you—maybe for some of you it is the first time being part of higher education, while some of you might be long-time academic researchers and associates. For those who are sick of their thick laptops weighing down on their backpacks and who would also want something with security in mind, what better way to start the school year than with a Purism laptop?!

While learning important topics like economics, computer science, mathematics, history and law, why not also be the teacher and show folks around you the importance of privacy and security? At Purism, our laptops are geared for exactly that.

Now you can save money with our back to school special. From now till September 9th, enjoy significant savings on our in-stock laptops and be protected: on any of our current Librem 13 or Librem 15 laptops, use coupon BTS-SHJXO-18 to benefit from rebates ranging from $100 to $465 (Librem 13) and from $115 to over $480 (Librem 15) depending on the configuration. The more you spend on upgrades and accessories, the greater the savings! Of course, if you want to order laptops for a whole classroom, we won’t stop you…

If you’re looking for even more affordable alternatives and don’t need the uncompromising anti physical tampering features that our TPM-enabled laptops provide, you may be interested in the non-TPM variants of our laptops on clearance (limited quantities available, depending on the keyboard layout you choose). The same coupon code applies, allowing you to grab some of those laptops for as low as $927.07!

Ethical aesthetics – Librem 5 design report #7

You may have noticed that there is no obvious visual branding on the Librem laptops. While this was at first a technical limitation on the very first Librem model (back in 2015), the subtle and minimalistic branding that began on newer models in 2016 was a conscious design decision.

Now, we’re hoping to refine the physical branding further.
One reason for a minimalist design is aesthetic. Just like on a piece of hand-made jewelry, we wish the branding to be made in the form of an inconspicuous marking that doesn’t interfere with the natural beauty of the overall shape.

Another reason is ethical. While one should easily be able to identify a computer model when closely inspecting it, people using a Librem device should be prevented from, unintentionally, exposing the brand of their hardware, which may be seen as arrogant in some situations. But, above all, the Librem customer should not be used as a passive promoting medium. We think that this is an essential part of an ethical design.

This is described within our internal industrial design policies in term of visual identity, so I think important to emphasize those points.

Branding on the Librem laptops

Therefore, on the current Librem line, branding is only visible on the keyboard (with the “Super” key displaying the Purism logo) and on the bottom cover, displaying the brand and model name, along with certification symbols, underneath the computer.

That said, while not being visible during normal use (open on a table), the bottom branding of the Librem may be considered a bit flashy when carrying the laptop around, so we are considering making it even more discreet in the future.

Branding on the Librem 5

The Librem 5 is not in production yet but the public mock-ups have been escaping that rule so far. While I think that it was important for everyone to easily identify the device mock-ups during the campaign, the final model should not display any branding on the back cover of the handset. Instead we are discussing the possibility of having the brand and model number carved on the side of the device.

Librem 15 sale? Librem 13 sale? Why not both?

Yesterday we’ve been pleasantly surprised to hear from Publisher of the legendary Linux Journal that we have been featured in their latest May issue focused on privacy. Shawn Powers, associate editor at Linux Journal, purchased a Librem 13 for his own use and decided to review it in depth. The result is a glowing review that warms our hearts after this particularly long winter (remember, our team is international, so most of us are not surfing the beaches of San Francisco). Read more

Demonstrating Tamper Detection with Heads

We are excited about the future of Heads on Librem laptops and the extra level of protection it can give customers. As a result we’ve both been writing about it a lot publicly and working on it a lot privately. What I’ve realized when I’ve talked to people about Heads and given demos, is that many people have never seen a tamper-evident boot process before. All of the concepts around tamper-evident boot are pretty abstract and it can be difficult to fully grasp how it protects you if you’ve never seen it work.

We have created a short demo that walks through a normal Heads boot process and demonstrates tamper detection. In the interest of keeping the demo short I only briefly described what was happening. In this post I will elaborate on what you are seeing in the video.

Step One: Normal Boot

The normal boot process for a computer that uses Heads is much like with any other computer, at least from a user experience standpoint. Like with other computers, you can bring up a full menu of different items to boot, but you can also pick one to set as your default. Once you set a boot option as a default, at boot time you can just press Enter and it will boot into your operating system just like with any other system.

Default Heads Boot Menu
Default Heads Boot Menu

Unlike with other systems, Heads is providing extra levels of security during the boot process. At that default boot screen, you will see a 6-digit number above the menu options. That is a TOTP (Time-based One Time Password) code that Heads uses to prove to you that it hasn’t been tampered with and can be trusted. If you’ve ever used a TOTP code in the past, normally it’s so you can authenticate yourself to a website using Two-Factor Authentication. In this case it’s the reverse: the computer (specifically Heads) is authenticating itself to you! If that code matches the code on your phone, you know it’s safe to proceed.

Once you hit Enter during a normal boot, Heads then verifies the signatures of all of its configuration files stored in /boot based on the copy of your public GPG key it has within it. These configuration files include a file that contains sha256 checksums for the rest of the files in /boot. Once it verifies your signature for that file, Heads can trust it hasn’t been modified so it uses it to make sure the rest of the files in /boot haven’t changed. Since all of them match, they weren’t tampered with so Heads proceeds with the boot process.

Step Two: Hack The Computer

Hacking grub.cfg
Hacking grub.cfg

Once the computer boots, I put my black hat on and “hack” my computer by defacing my /boot/grub/grub.cfg file with a comment. This is a benign hack for demonstration purposes, but the attacker could have just as easily modified grub.cfg to boot from an older kernel on your system that has a known security vulnerability, added a single user mode, or otherwise altered the boot process to make it easier to launch another attack.

An attack that changes a plain text configuration file leaves a trail that might be easier for a user to detect if they happened to edit the file themselves. A more sophisticated hacker would put a back door into your default initrd file (the initial file system your kernel uses when it boots) or even replace your kernel with a compromised version. Both of these kinds of attacks are almost impossible to detect without a system like Heads. Because all of these files are stored in /boot, and Heads checks all of them, it is able to detect all of these types of tampering.

Step Three: Detect Tampering

When the system reboots, it returns back to the main Heads boot screen. First I hit Enter to select the default boot option but this time when Heads scans all of the files in /boot, it detects that grub.cfg has been changed! Along with the warning, I also get the option to re-sign all of the files in /boot. This option exists because there are a number of perfectly legitimate reasons why your grub.cfg, initrd, kernel, or other /boot files might change either because you edited them yourself or you updated software that changed them. Otherwise if you don’t want to re-sign files you can return to the main menu.

Tampering detected!
Tampering detected!

If you choose to re-sign all of the files, you will get an additional warning screen that explains what Heads is about to do and another chance to exit out to the main menu. If you did choose to re-sign all of the files you would then insert a USB GPG smart card that held your private keys so you could re-sign the Heads configuration files in /boot.

Since I knew that I didn’t want to keep that “hacked” grub.cfg file, instead of signing the files I returned to the main menu. By default Heads used to error out to a recovery shell if it detected a file was tampered with. The assumption is that the expert user could then investigate and remedy the problem from within that shell. If you aren’t an expert user in this situation you might not know how to recover and would end up being locked out of your computer!

We understand that there are a number of situations where a user might legitimately or accidentally change files in /boot and while it’s not advisable to boot into a system that is actually tampered with by an attacker (because among other reasons, an attacker might be able to get your disk encryption or login passwords), we also don’t want to lock you out. We’ve added an “insecure boot mode” to Heads for these circumstances. When you select that option, Heads will ignore any tamper warnings and present you with a GRUB-style menu of boot options. You can then select a boot option and Heads will boot into your system. To make sure you know that this is an unsafe option, in addition to the warnings in the user interface, we also disable the splash screen and change the console to have a red background.

Insecure boot mode
Insecure boot mode

Step Four: (Optionally) Investigate Tampering

So what should you do if Heads alerts you to tampering? Exactly how you respond to a potentially legitimate tampering alert depends on a number of factors including what kind of user you are. I’ll step through three of the most common categories of Heads user and describe how they might respond to a legitimate tampering alert.

Category 1: Enterprise User

In the event of tampering, enterprise users would just hand the laptop over to their IT team and pick up a replacement while the IT team investigates. Some organizations might want to go a step further and work with us to customize their Heads image with branded and customized warning messages with their custom policies or direct the employee to an internal wiki or other resources. Some enterprises may even want to go even further and remove the ability to boot a machine that sets off tampering alerts. This would also be useful for employees who take their machine overseas to ensure the machine is in a safe state before they reconnect it to the corporate network.

Once the IT team receives the laptop, they can then inspect the laptop for tampering using their in-house tools and procedures, and then reflash the system back to their secure, internal image. For smaller organizations who may not have those capabilities, Purism also provides support services to bring the laptop back to a clean factory state.

Category 2: Expert-level End User

The expert level user will likely want to inspect the system themselves in the event of a legitimate tamper alert. While I demonstrate the insecure forced boot mode in the demo, the expert user would likely use the Heads recovery shell or boot into a USB recovery disk instead (like the PureOS live install disk) to investigate from there. Otherwise, when they boot their compromised system, they will be prompted for their disk decryption passphrase and login password and risk turning those secrets over to the attacker.

While the Heads recovery shell is limited to a small subset of Linux command-line tools, it has enough tools for the expert user to inspect files in /boot including a text editor to inspect grub.cfg and tools to mount the encrypted root file system from a trusted environment. Provided you trust Heads itself hasn’t been tampered with, you could inspect quite a bit just from this recovery shell alone.

If the Heads recovery shell didn’t provide enough tools, the expert user could also boot from a USB disk, mount the /boot partition and inspect the changed files. In the case of a modified grub.cfg they would just use a text editor for this. In the case of a modified initrd they would need to extract the file and inspect the extracted file system. From there they could also decide to mount the root file system and inspect it for rootkits as well. For users who may suspect Heads itself was tampered with, they would be able to use flashrom to pull down a copy of the version of Heads on the system and inspect it directly.

Category 3: Everyone Else

The average user is unlikely to put on their forensics hat and inspect a compromised system. While for the most part any alerts an average user will see will likely be a direct result of package updates or other changes they know they made, there’s a possibility that sometimes they might get an alert they weren’t expecting. For instance, if you took your laptop overseas on a trip and didn’t update it or otherwise change it during the trip, a tampering alert when you got home would be much more suspicious.

So what’s the average user to do? No matter what, you can always fall back to the insecure boot mode so you won’t lose access to their system or files. In that case even if you couldn’t inspect or fix the errors yourself, you could at least backup your personal files and reinstall the OS to get back to a safe state. Alternatively like with enterprise users you could also take advantage of Purism support services to reflash your system to a factory state.

Conclusion

Hopefully watching Heads in action has helped make it a bit more clear just how it will protect you from tampering. In future posts I will walk through other Heads features and workflows including registering a new TOTP code and completely resetting the TPM.

Intel FSP reverse engineering: finding the real entry point!

2018-05-10 UPDATE: Intel politely asked Purism to remove this document which Intel believes may conflict with a licensing term. Since this post was informational only and has no impact on the future goals of Purism, we have complied. If you would like the repository link of the Intel FSP provided from Intel, please visit their publicly available code on the subject.

2018-04-23 UPDATE: after receiving a courtesy request from Intel’s Director of Software Infrastructure, we have decided to remove this post’s technical contents while we investigate our options. You are still welcome to learn about reverse engineering in general with my introductory post on the matter, Introduction to Reverse Engineering: A Primer Guide.


Hi everyone, it’s time for another blog post from your favorite Purism Reverse Engineer (that’s me! ’cause I’m the only one…)!

After attending 34C3 in Leipzig at the end of December, in which we (Zlatan and me) met with some of you, and had a lot of fun, I took some time off to travel Europe and fall victim to the horrible Influenza virus that so many people caught this year. After a couple more weeks of bed rest, I continued my saga in trying to find the real entry point of the Intel FSP-S module.

Here’s the non-technical summary of the current situation: I made some good progress in reverse engineering both the FSP-S and FSP-M and I’m very happy with it so far. Unfortunately, all the code I’ve seen so far has been about setting up the FSP itself, so I haven’t actually been able to start reverse engineering the actual Silicon initialization code.

Librem laptop orders now shipping within a week

As many team members have been travelling to negotiate hardware supplies or participate in community events lately, we are taking this opportunity to give you an update on Librem laptop operations this month, while regular posts about the Librem phone are expected to resume in a week or two.

Amidst the plethora of progress we blogged about recently on the mobile and security areas of our products, we also quietly achieved a very significant milestone in the life of our organisation, from the Inventory management and logistics standpoint: the ability to fulfill orders within 5 business days (on average), thanks to the inventory of Librem 13 and Librem 15 laptops we have built up.

Indeed, as our early supporters throughout the years have demonstrated incredible patience to wait for their preorders to arrive on their doorstep, we are deeply grateful for their investment that now allows us to fulfill new orders in merely a few days instead of months. Just look at the progress we’ve made through our efforts since the beginning of Purism, where we have now caught up with the demand:

Note that the situation is even better than what the chart above indicates, as the remaining gap between orders and shipments of the Librem 15 actually represents orders from customers who have not decided what they want to do with their previous 4K order (we tried contacting those multiple times through email over the past few months and got no reply—if you are in this situation and have somehow not received emails from our ops department, please contact us with your existing order information).

The Librem 13 was introduced five months after the Librem 15, which explains the chart data starting in May 2015. We have kept the X axis the same as for the Librem 15 for comparison purposes.

The increased interest in our products is also the reason why we are now able to deliver worldwide with free shipping, and invest heavily in security by eating the cost of making TPM a standard feature on our laptop motherboards and advancing software that integrates with it, such as coreboot and Heads, where we are making significant contributions to those upstream projects, such as a menu interface for Heads or fixing various bugs in coreboot. Stay tuned for reverse engineering news in April!

Exhibiting at LibrePlanet 2018

We would like to thank all our users of Librem laptops and FSF endorsed PureOS, as well as all those that have backed the Librem 5 phone, and of course all those people who support us by feedback, kind words (we were psyched to see many of you showing support and interest at our booth at LibrePlanet last week-end!), and spreading the word. It is with this unified education approach that we can change the future of computing and digital rights for the better.

Tamper-evident Boot Update: Making Heads More Usable

We announced not too long ago that we have successfully integrated the tamper-evident boot software Heads into our Librem laptops. Heads secures the boot process so that you can trust that the BIOS and the rest of the boot process hasn’t been tampered with, but with keys that are fully under your control.

Heads is cutting edge software and provides a level of security beyond what you would find in a regular computer. Up to this point though, its main user base are expert-level users who are willing to hardware flash their BIOS. The current user interface is also geared more toward those expert users with command-line scripts that make the assumption that you know a fair amount about how Heads works under the hood.

We want all our customers to benefit from the extra security in Heads so we intend to include it by default in all of our laptops in the future. For that to work though, Heads needs to be accessible for people of all experience levels. Most users don’t want to drop to a recovery shell with an odd error message so they can type some commands if they happen to update their BIOS, and they don’t want to be locked out of their system if they forgot to update their file signatures in /boot after a kernel update.

When we announced that we were partnering with Trammell Hudson to use Heads on our laptops, we didn’t just mean “thanks for the Free Software, see you later!” Instead, we are putting our own internal engineering efforts to the task of not just porting Heads to our hardware, but also improving it–and sharing those improvements upstream.

The Delicious GUI Center

The first of our improvements is focused on making the boot screen more accessible. We started by added whiptail (software that lets you display GUI menus in a console) to Heads so that we can display a boot menu that more closely resembles GRUB. We then duplicated the features of the existing Heads boot menu so that instead of this:

Heads booting on a Librem 13v2
Heads booting on a Librem 13v2

you now see this:

Initial Heads GUI Menu
Initial Heads GUI Menu

If you hit enter, you boot straight into your OS just like with GRUB, only behind the scenes Heads is checking all the files in /boot for tampering. If you hadn’t already configured a default boot option, instead of dumping you back to a main menu with no explanation or existing out to a shell, we decided to provide a GUI so you can decide what to do next:

No Default Boot Set
No Default Boot Set

If you decide to load a menu of boot options from the main menu or from this dialog, we also wrapped a GUI around the Heads boot menu that parses your GRUB config file:

Heads Boot Selection Menu
Heads Boot Selection Menu

In each of the most common workflows, we’ve replaced the console output with an easier-to-use menu that also provides a bit more explanation on what’s happening if something goes wrong. For the most part the average user will just verify the TOTP code and then hit Enter to boot their system so in that way it’s not much different from a standard GRUB boot screen. These extra menus come in only if the user ever needs to deviate from the default and select a different kernel, generate a new TOTP code, or do other maintenance within Heads.

What’s Next

We now have these GUI menus working well in our internal Heads prototypes and we’ve also pushed our changes upstream, where most of them have already been pulled into the Heads project. That said, having a GUI boot menu is only part of what you need to make tamper-evident boot usable. Now that the boot menu is in a good place, our next focus is on making the overall Heads bootstrap and update process, key management, and signature generation easy (if only we had a GPG expert to help us with smart card integration, that would sure make things easier). Keep an eye out for more updates along all these lines soon.

 

Purism Integrates Trammel Hudson’s Heads security firmware with Trusted Platform Module, giving full control and digital privacy to laptop users

Librem devices add tamper-evident features to further protect users from cybersecurity threats by offering users the full control that no mainstream computer manufacturer ever has before

SAN FRANCISCO, Calif., February 27, 2018 — Purism, maker of security-focused laptops has announced today that they have successfully tested integration of Trammel Hudson’s Heads security firmware into their Trusted Platform Module (TPM)-enabled coreboot-running Librem laptops. This integration allows Librem laptop users to freely inspect the code, build and install it (and customize it) themselves, and own control of the secure boot process as Heads uses the TPM on the system to provide tamper-evidence. Read more