This is not how it works in reality. The Librem key doesn’t actually do any verification itself.
- The bootblock does the measurements
- The measurements are submitted to the TPM
- The TPM releases the secret if the measurements match what it is expecting
- The key flashes green if the secret the TPM releases matches what it is expecting.
If the bootblock is malicious and lies about the measurements, you are screwed. What is protecting the boot block? Nothing.
If I then Update the Qubes. then go through a power down sequence, without the Librem Key being Plugged into (Its USB slot, upper right) on power down.
If I then Update the Qubes. then go through a power down sequence, without the Librem Key being Plugged into (Its USB slot, upper right) on power down.
This is only because the firmware is not lying about the measurements. You are describing a scenario where the files on the disk are changed, for which, PureBoot can detect the changes.
If someone flashes malicious firmware (into the EEPROM, not the disk) that will lie about the measurements, you will not notice the change.
Perhaps going through the entire re-ownership thing.
No, all it’s doing is signing your new boot files and boot policy.
If, lets say, I went through a security checkpoint, and they took my computer away to the back room. And went through the re-ownership with their USB Librem Key. When I got the computer back, My Librem Key will not work.
If they go ahead and flash malicious firmware with a programmer, they don’t even need to touch your Librem Key, and the TPM will still release the secret and the Librem Key will still flash green because the firmware will be lying about measurements.
Extra USB Key with PGP Key generated at Re-Ownership time. With some foresight on my part. I could pull that PGP key info off a site that can not be controlled or blocked by the local authority.
No, it does HOTP, so you can only use 1 key for verification at a time.
Or is it. IF my computer is ever taken away out of my possession by an authority. When I get it back. I should replace it, although perhaps send the one – which was taken out of my control – to someone who can actually look for Tampering.
You know what you can also do this with? Every. Other. Computer, so long as you set up your OS properly.
It is also much harder to attack normal Dell/Lenovo laptops too. They need to find an actual exploit against the firmware like LogoFail to attack you. If they try to flash their own firmware on top - it will not work because of Boot Guard. If they try some sort of downgrade attack, they still need an exploit to make the boot block (protected by Boot Guard) lie about the measurements, if such a thing could be pulled off in the first place. There are also Boot Guard fuses which can prevent downgrading past a certain version (the computer will straight up not boot), although admittedly neither vendor blows these often enough.
nail polish
If you have to rely on nail polish for security, it just means that your firmware can’t provide any meaningful protection in the first place.
I felt Purism was more about Privacy.
Not high level - near perfect - Security
Their website blasts “Security & Privacy” everywhere, and you can’t have privacy without security. Also, I am certainly not talking about “perfect security”. I am saying that they are substantially worse than normal Apple/Dell/Lenovo laptops. Even a Dell Latitude (vPro or not) running Fedora will be infinitely more secure and private than a Librem 14 running PureOS.
They are not selling you a private or secure product, they are selling you a dream.