Privacy Respecting Laptops

oshwm oshwm at openmailbox.org
Mon Sep 14 10:29:07 PDT 2015


Maybe manufacturers aren't sure what they should be building in order to
genuinely and honestly be able to market as 'Respects Your Privacy'.
It sounds simple but when you look at the ultimate level of privacy
protection then you are talking about open source hardware, software and
manufacturing processes and proper auditing of all of these.
For a company to manufacture and market a device under these conditions
is likely to be hideously expensive and have a very small customer base
who are willing to pay such a large price in cash terms.
What might be a good idea is for a community such as this one to create
some sort of scale which describes the methods, materials and processes
to achieve some sort of scoring which would range from 'NSA Spying
Device' (0 out of 10) to 'Complete Privacy Protection' (10 out of 10).
This would then allow manufacturers to work to a specific score and
advertise as such.

cheers,
oshwm.

On 14/09/15 17:09, Blibbet wrote:
>>> Librem isn't perfect, and its BIOS isn't fully free. But it's free-er
> than
>>> almost any other laptop being sold that's worth owning, and it even comes
>>> with a hardware switch for some key sensors.
>> If a product markets itself as 'privacy respecting' (is the Librem
>> *actually* marketed this way) then it had better back up it's claims.
> Regardless of the way the marketing team is spinning things, they
> supposedly have 3 firmware developers trying to make a difference.
> Outside Bunnie Studios, I don't know of another OEM that is trying to
> help with this niche market with new hardware (not including refurbished
> Thinkpads). So I respect that effort. Not sure they'll fully succeed in
> this model, but perhaps a few models later they will have some decent boxes.
>
> It sounds like they have a source license to Intel's Firmware Support
> Package (FSP), and are modifying it to disable some silicon/firmware
> features. The results will still be closed-source.
>
> Today, nearly all Intel systems are 100% closed-source firmware, via
> IBVs (Phoenix, AMI, Insyde, and OEMs). Some AMD and ARM systems could
> provide blob-free firmware. If used in conjunction with fully open
> source OS/app stack, then you might be able to trust it.
>
> Today, I don't see how you can trust any keys/certs in any of the
> Trusted/Verified/Measured/etc boots, most of the solutions don't seem to
> have any way for the owner/user to verify, eg, no CRL/OSCP keys. My
> reading of NIST SP80-147's seems to imply that sysadmins need to be able
> to verify things, but that doesn't seem viable today.
>
> While Purism's marketing may be a bit overboard, I'm hopeful that
> they're trying. Maybe their next model will use the new RISC-V Raven3
> chip, with U-Boot Verified Boot, and ship with full source to
> CPU/firmware/enclosure, firmware, OS, and apps. To get to that point,
> we'll probably need to help them fund this current Intel model, to keep
> Purism alive....
>
> I am not sure why they they need to create yet-another privacy-centric
> OS, PureOS, and focus on improving and using Qubes/TAILs/Trisqel/Mempo/etc.
>
> They're apparently working on a Free Software fork of FSP. I wish this
> was a shared effort with many more free software developers, perhaps
> managed by FSF or Linux Foundation, not just a single OEM. More than one
> Linux OEM could benefit from such an effort, most of them still use COTS
> 100% closed-source IBVs.
>
> Can the current Intel-based solution get certified by the FSF
> RespectYourFreedom program? I'm not sure.
>
> Whatever happens with what they do to the FSP and Intel silicon, if the
> result is less secure to attackers, that'll be an issue. Many who care
> about personal freedom and detest blobs seem to ignore security. But
> Purism cares about privacy and security, so they have to try and deal
> with both issues. Disabling BootGuard in updated FSP may make it more
> configurable, but less secure, it seems. Their web site has fancy
> graphics and tables. I hope they create a list of FSP modifications so
> we can see what security holes the system may have.
>
> I like the kill switch. I'd go further: since many firmware attacks come
> through suspend/resume, I'd rather just disable that at the HW/FW/OS
> levels. I'd like to have a fully-lockable enclosure in a laptop, which
> can cover exposed ports, with a good quality lock, in a metal enclosure.
> Of course, it would't be able to make it through TSA customs, so
> probably not commercially viable. :-(
>
> If I worked there, I'd tone down the marketing a bit (they have blobs in
> their firmware, and they're based on an Intel system, they'll never
> satisfy some of their potential market), perhaps focus on hardware that
> can be built with blob-free firmware for their next model. And I'd hire
> LegbaCore to evaluate the hardware before they ship it, for security
> issues. :-)
>
> Looking forward to their next model!
>


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20150914/ece299bd/attachment-0002.sig>


More information about the cypherpunks mailing list