Privacy Respecting Laptops

Blibbet blibbet at gmail.com
Mon Sep 14 09:09:38 PDT 2015


>> Librem isn't perfect, and its BIOS isn't fully free. But it's free-er
than
>> almost any other laptop being sold that's worth owning, and it even comes
>> with a hardware switch for some key sensors.
> If a product markets itself as 'privacy respecting' (is the Librem
> *actually* marketed this way) then it had better back up it's claims.

Regardless of the way the marketing team is spinning things, they
supposedly have 3 firmware developers trying to make a difference.
Outside Bunnie Studios, I don't know of another OEM that is trying to
help with this niche market with new hardware (not including refurbished
Thinkpads). So I respect that effort. Not sure they'll fully succeed in
this model, but perhaps a few models later they will have some decent boxes.

It sounds like they have a source license to Intel's Firmware Support
Package (FSP), and are modifying it to disable some silicon/firmware
features. The results will still be closed-source.

Today, nearly all Intel systems are 100% closed-source firmware, via
IBVs (Phoenix, AMI, Insyde, and OEMs). Some AMD and ARM systems could
provide blob-free firmware. If used in conjunction with fully open
source OS/app stack, then you might be able to trust it.

Today, I don't see how you can trust any keys/certs in any of the
Trusted/Verified/Measured/etc boots, most of the solutions don't seem to
have any way for the owner/user to verify, eg, no CRL/OSCP keys. My
reading of NIST SP80-147's seems to imply that sysadmins need to be able
to verify things, but that doesn't seem viable today.

While Purism's marketing may be a bit overboard, I'm hopeful that
they're trying. Maybe their next model will use the new RISC-V Raven3
chip, with U-Boot Verified Boot, and ship with full source to
CPU/firmware/enclosure, firmware, OS, and apps. To get to that point,
we'll probably need to help them fund this current Intel model, to keep
Purism alive....

I am not sure why they they need to create yet-another privacy-centric
OS, PureOS, and focus on improving and using Qubes/TAILs/Trisqel/Mempo/etc.

They're apparently working on a Free Software fork of FSP. I wish this
was a shared effort with many more free software developers, perhaps
managed by FSF or Linux Foundation, not just a single OEM. More than one
Linux OEM could benefit from such an effort, most of them still use COTS
100% closed-source IBVs.

Can the current Intel-based solution get certified by the FSF
RespectYourFreedom program? I'm not sure.

Whatever happens with what they do to the FSP and Intel silicon, if the
result is less secure to attackers, that'll be an issue. Many who care
about personal freedom and detest blobs seem to ignore security. But
Purism cares about privacy and security, so they have to try and deal
with both issues. Disabling BootGuard in updated FSP may make it more
configurable, but less secure, it seems. Their web site has fancy
graphics and tables. I hope they create a list of FSP modifications so
we can see what security holes the system may have.

I like the kill switch. I'd go further: since many firmware attacks come
through suspend/resume, I'd rather just disable that at the HW/FW/OS
levels. I'd like to have a fully-lockable enclosure in a laptop, which
can cover exposed ports, with a good quality lock, in a metal enclosure.
Of course, it would't be able to make it through TSA customs, so
probably not commercially viable. :-(

If I worked there, I'd tone down the marketing a bit (they have blobs in
their firmware, and they're based on an Intel system, they'll never
satisfy some of their potential market), perhaps focus on hardware that
can be built with blob-free firmware for their next model. And I'd hire
LegbaCore to evaluate the hardware before they ship it, for security
issues. :-)

Looking forward to their next model!




More information about the cypherpunks mailing list