Discussion on Purism

Himeno17 · May 13, 2024, 1:14am

Hold on now, even if there is no Boot Guard, afaik normal UEFI firmware still can check the signature of the firmware update before applying it. Do they not do this at all or something?

TommyTran732 · May 13, 2024, 1:17am

Oh yeah you are right. I forgot to mention it. You can infer that there is no verification either from their own blog post:

How to Hardware Flash your Librem 14 Boot Firmware – Purism

Of course, you can always flash your custom PureBoot using the built-in menu, but with development comes bugs, and flashing via the menu may not be an option if your custom build has an issue.

How is this supposed to work if there was any sort of signature check?

Himeno17 · May 13, 2024, 1:20am

LMFAO, that is hillarious. Even MSI with their leaked Boot Guard key is better than this. Not sure what Purism is even selling at this point - false hopes and dreams?

deeplow · May 13, 2024, 6:26am

Hey everyone. This thread is getting very off-topic. Can we please stick to purism?

Himeno17 · May 13, 2024, 8:41am

To be fair, I appreciate the info dump. It just shows how proper OEMs do security compared to Purism.

Originally I thought that Purism actually sells good hardware and that they are just bad at delivering them. I expected the boot firmware and stuff to be better than Dell and Lenovo, since they are advertising “high security”. After reading this thread it seems like their laptops are just snake oil and doesn’t even actually meet the basics.

I mean, what even is this? HSI 0? Librem 14 LVFS

They say they don’t use UEFI in their blog post and how they are immune to UEFI vulnerabilities which lead to Secure Boot bypass, but in reality they don’t even have a root of trust.

They say they “disabled the ME” because it is somehow evil and untrustworthy, but then they just set the HAP field to 1 (nicely telling the ME to turn itself off) and sell that as an achievement? They are not doing the me_cleaner stuff anymore, but they keep this post up to mislead people. You have to go look on the forums for the truth.

They are not even reducing attack surface either. They just increasing it massively by messing with CSME, which are responsible for a bunch of security features.

And I know IOMMU exists, but it is not a silver bullet. Vulerabilities do come and go. The bare minimum someone should do for defense in depth is to have a Wifi/Bluetooth card with firmware updates so that they are at least getting fixes for known vulnerabilities. Their defense shouldn’t rely solely on IOMMU. Purism shipping that old Atheros card just shows how little they truly care.

IMHO, this is just fraud. If I want to be charitable, maybe they are incompetent and mislead. But really, it is most likely fraud. And they are selling an insecure product to people who needs security the most. The harm must be immeasurable.

catacombs · May 13, 2024, 11:49am

I have a Librem 13v2. And I think it works a bit different than you fellows are supposing.

I have never used it, but there is an option in the Pure Boot that can -Absolutely Require -that the Librem Key which is used in the start up of the computer. Whatever is verified when Librem Key is inserted during boot up. TOTP. HOTP. TPM. Verified. to the Librem Key.

There are three pins for those that the user sets when he Owns the computer for the first time. They are 8 characters-numeric, for two of them, and six characters-numeric only.

As well as calculating a new PGP that can be (optional) written to an additional USB drive , I thought could be used with Email??

I also have discovered, that if I re-install Qubes. Then go through the process of Re-Owning computer. (Resetting HOTP, TOTP, TPM) with the Pure Boot -I guess we could think of it as BIOS/EFI replacement.) Then it has some other steps for me to go through. Some place it sets the intrmfs, (can’t spell?)

If I then Update the Qubes. then go through a power down sequence, without the Librem Key being Plugged into (Its USB slot, upper right) on power down.

then on the next boot it fails, because the intfrmfs is not correct. Which requires that I make that fixes inside the Pure Boot Firmware. Perhaps going through the entire re-ownership thing.

If, lets say, I went through a security checkpoint, and they took my computer away to the back room. And went through the re-ownership with their USB Librem Key. When I got the computer back, My Librem Key will not work.

If we suppose the person who examines the computer in the back room doing this, really knows computers --as well as some of those posting on this board, and they took all, my computer. Librem Key. Extra USB Key with PGP Key generated at Re-Ownership time. With some foresight on my part. I could pull that PGP key info off a site that can not be controlled or blocked by the local authority. I will be able to verify if I have been had, or maybe not. My Security also includes Two Passwords. Drive. Account. Information I want to keep --private–, I would prefer to have it stored in nested encrypted vaults inside Qubes. Or some would want it, saved to some place online I can reach when I need, If I still believe my computer has not been tampered with. I guess we are thinking -glitter finger nail polish photos.

Or is it. IF my computer is ever taken away out of my possession by an authority. When I get it back. I should replace it, although perhaps send the one – which was taken out of my control – to someone who can actually look for Tampering.

But I would like to point out the word I used earlier, Privacy. I have felt that Purism has carefully never promised perfect security. As most of the more technological competent, on the forum would say. "Don’t trust statements from companies about, “Perfect Security. Can’t be Hacked.” I felt Purism was more about Privacy. Not high level - near perfect - Security. Security is a capital S.

Some of these postings, Seem to have mixed up in the questions of: Privacy. Security. Anonymity. Reasonable Usability. Leading into, in my life, Affordability.

unman · May 13, 2024, 12:42pm

I really dont want to get involved in discussions of Purism
again. I’ve made my views clear, and my health wont take repeating
the same old arguments.

To be clear, the Purism claim is “freedom respecting, privacy protecting, and security focused products,”
You can assess these claims together with the corporate and consumer
practices of the company.

Relations between Qubes and Purism have been fraught in the past, and
Qubes do not promote their products. Michael said some years back,
“while we don’t have an explicit “ethical” requirement for official
certification, I feel we would do our users a dis-service otherwise.”

I never presume to speak for the Qubes team. When I comment in the Forum I speak for myself.

TommyTran732 · May 13, 2024, 12:55pm

This is not how it works in reality. The Librem key doesn’t actually do any verification itself.

The bootblock does the measurements
The measurements are submitted to the TPM
The TPM releases the secret if the measurements match what it is expecting
The key flashes green if the secret the TPM releases matches what it is expecting.

If the bootblock is malicious and lies about the measurements, you are screwed. What is protecting the boot block? Nothing.

If I then Update the Qubes. then go through a power down sequence, without the Librem Key being Plugged into (Its USB slot, upper right) on power down.

This is only because the firmware is not lying about the measurements. You are describing a scenario where the files on the disk are changed, for which, PureBoot can detect the changes.

If someone flashes malicious firmware (into the EEPROM, not the disk) that will lie about the measurements, you will not notice the change.

Perhaps going through the entire re-ownership thing.

No, all it’s doing is signing your new boot files and boot policy.

If, lets say, I went through a security checkpoint, and they took my computer away to the back room. And went through the re-ownership with their USB Librem Key. When I got the computer back, My Librem Key will not work.

If they go ahead and flash malicious firmware with a programmer, they don’t even need to touch your Librem Key, and the TPM will still release the secret and the Librem Key will still flash green because the firmware will be lying about measurements.

Extra USB Key with PGP Key generated at Re-Ownership time. With some foresight on my part. I could pull that PGP key info off a site that can not be controlled or blocked by the local authority.

No, it does HOTP, so you can only use 1 key for verification at a time.

Or is it. IF my computer is ever taken away out of my possession by an authority. When I get it back. I should replace it, although perhaps send the one – which was taken out of my control – to someone who can actually look for Tampering.

You know what you can also do this with? Every. Other. Computer, so long as you set up your OS properly.

It is also much harder to attack normal Dell/Lenovo laptops too. They need to find an actual exploit against the firmware like LogoFail to attack you. If they try to flash their own firmware on top - it will not work because of Boot Guard. If they try some sort of downgrade attack, they still need an exploit to make the boot block (protected by Boot Guard) lie about the measurements, if such a thing could be pulled off in the first place. There are also Boot Guard fuses which can prevent downgrading past a certain version (the computer will straight up not boot), although admittedly neither vendor blows these often enough.

nail polish

If you have to rely on nail polish for security, it just means that your firmware can’t provide any meaningful protection in the first place.

I felt Purism was more about Privacy.
Not high level - near perfect - Security

Their website blasts “Security & Privacy” everywhere, and you can’t have privacy without security. Also, I am certainly not talking about “perfect security”. I am saying that they are substantially worse than normal Apple/Dell/Lenovo laptops. Even a Dell Latitude (vPro or not) running Fedora will be infinitely more secure and private than a Librem 14 running PureOS.

They are not selling you a private or secure product, they are selling you a dream.

Himeno17 · May 13, 2024, 1:21pm

I am fairly certain that Tommy is right on this one. How can a device attached over USB actually do the measurements of the computer firmware all by itself? It is inconceivable. It makes no sense.

You are getting scammed. There is no way the Librem can protect you against the threat that you are thinking of.

catacombs · May 13, 2024, 6:50pm

Thank you for clarification.

FranklyFlawless · May 14, 2024, 6:54am

For the Librem 14 and Mini v2, it is the Intel AX200 since November 2023.

Purism Librem 14 v1

Here is an updated HCL report of my Librem 14:

---
layout:
  'hcl'
type:
  'Laptop'
hvm:
  'yes'
iommu:
  'yes'
slat:
  'yes'
tpm:
  '2.0'
remap:
  'yes'
brand: |
  Purism
model: |
  librem_14
bios: |
  PureBoot-Release-29
cpu: |
  Intel(R) Core(TM) i7-10710U CPU @ 1.10GHz
cpu-short: |
  FIXME
chipset: |
  Intel Corporation Device [8086:9b51]
chipset-short: |
  FIXME
gpu: |
  Intel Corporation Comet Lake UHD Graphics [8086:9bca] (rev 04) (prog-if 00 [VGA controller])
  
gpu-short: |
  FIXME
network: |
  Intel Corporation Wi-Fi 6 AX200 [8086:2723] (rev 1a)
  Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller [10ec:8168] (rev 15)
  
memory: |
  65410
scsi: |

usb: |
  1
certified:
  'no'
versions:
  - works:
      'FIXME:yes|no|partial'
    qubes: |
      R4.2.1
    xen: |
      4.17.3
    kernel: |
      6.6.21-1
    remark: |
      FIXME
    credit: |
      FIXAUTHOR
    link: |
      FIXLINK

Qubes-HCL-Purism-librem_14-20240404-124242.yml (898 Bytes)

I upgraded my WiFi/Bluetooth module to the Intel AX200 recently.

For your convenience, mention my username or quote my posts here if you have other questions about Purism, or alternatively open a thread on the Purism community forums:

TommyTran732 · May 14, 2024, 7:50am

Yeah, I have an older Librem 14 with the Atheros card… (yeah, yeah I know… young and stupid Tommy got scammed big time… and dw I don’t use it )

Anyhow the entire post they made and the approach they took is just hillarious.

But take a close look at the phrasing there – “provide its firmware”. It’s not realistic to think that this card does not have firmware. These cards contain a Tensilica Xtensa CPU core, which executes a program. The card stores this program itself, but it is not fundamentally different from sending the same program to the card when the driver loads.

They finally admit what they have been doing has been nonsense all along. But let’s see what they do to remedy this…

With firmware stored in the card, there is no control. There’s little visibility into what firmware is there, we can’t tell if it’s the same firmware everyone else has, and we can’t easily switch between it and any alternative if one should become available.

Okay, so far so good…

PureBoot’s Firmware Blob Jail feature provides device firmware for operating systems that do not include any non-free components, like PureOS. Using the Linux configurable firmware search path, it does not require a special kernel or any special operating system support. It works for both an installed OS and a live USB boot. PureBoot places the firmware files in /run/firmware (/run is a tmpfs mount), so it does not alter anything on disk.

Why man? Why? Every sane distribution have been loading in firmware since the beginning of time. This isn’t a “firmware jail”, it’s just a poor imitation what proper systems do. It makes no sense. Why have the boot firmware mess with tmpfs? Why can’t they just do things in a sensible way by shipping updates and forgo the insane RYF certification?

This isn’t “Moving the Needle”. They did the opposite of security - not shipping firmware updates, and shipping hardware that don’t get firmware updates. Now, after kind of realizing their mistake, they backtracked, but instead of just shipping proper firmware updates with the OS and LVFS like everyone else, they use PureBoot to mess with the OS’s tmpfs to only ship firmware updates for the Wifi card.

Other vendors like Dell and Lenovo don’t do anything this ridiculous. They use LVFS to ship firmware for a bunch of things like the EEPROM, OEM drives (yes, Purism doesn’t do this), TPMs, controllers, and even their batteries. The rest can be loaded in by a sane OS like Fedora with linux-firmware. That will give you a much more sensible system than whatever this is.

qubist · May 14, 2024, 8:40am

To be clear, the Purism claim is “freedom respecting, privacy protecting, and security focused products,”
You can assess these claims together with the corporate and consumer
practices of the company.

This is exactly the essence of their business model. They target a specific niche and do everything possible to sustain the mindset of that niche by “educating” everyone. The more people concerned about their freedom/privacy/security, the better the business. I don’t want to go into which socioeconomic model this is typical for, but it surely has nothing to do with “social purpose” (another fanciful term in Purism’s PsyOps).

That doesn’t mean the products are bad per se. It rather shows how the whole ultra-libre-utopian propaganda, that goes along with them, creates this discord between promise and fact to the point of silently replacing a certified product with a non-certified one. Branding for the win.

Relations between Qubes and Purism have been fraught in the past, and
Qubes do not promote their products. Michael said some years back,
“while we don’t have an explicit “ethical” requirement for official
certification, I feel we would do our users a dis-service otherwise.”

Wise.

FranklyFlawless · May 14, 2024, 10:11am

You already know one of the answers:

Here are two more:

TommyTran732 · May 14, 2024, 10:41am

The Corporation will only use and distribute free/libre and open source software in the kernel, OS, and software in its products.

Well that goes against the “prioritize privacy, security” part.

What they are doing is anti-security, anti-privacy for the illusion of freedom.

FranklyFlawless · May 14, 2024, 3:17pm

Interesting perspective, I was inspired by the same quote and only chose FOSS operating systems from that point onwards, such as Fedora, Debian, Tails, Qubes OS and Whonix. PureOS is just one of multiple FOSS operating systems I currently use.

fiftyfourthparallel · May 14, 2024, 3:48pm

I came up with a quick heuristic for figuring out how secure a piece of hardware/software is without having to dig into its technical details, and I want to get some feedback

The ultra-short version: Find out how much value it’s protecting.

The rough value of assets protected by the security product across its largest deployments should give some sense of how secure it is. Note that this isn’t the sum of all deployments, since otherwise you’d end up including all households, etc. The simple idea is that entities will naturally seek out the best to protect its resources, and entities with resources can spend a lot to figure that out–hire teams of specialists, experts, consultants, etc. People who want to protect themselves from a few billion dollars of damage will at least find somewhat-secure products and methods, so find out what they’re using/doing.

e.g. If Purism was a vendor that had high-stake deployments in Fortune 500 corporations, then it’s highly likely that their products are at least somewhat-secure despite the bashing it’s receiving here and we should all reconsider. (spoiler: Purism isn’t protecting the secrets of Fortune 500 CEOs.)

Counterexample: Companies that make high-end corporate firewalls seem to be dealing with a rash of extremely severe vulnerabilities (ratings 9.5 to 10)–It feels like I’ve seen a lot these during the last year or two.

Pitfalls: Large orgs face different challenges than individuals, and more than a few solutions only work for large orgs. Also, corruption and cost-cutting.

FranklyFlawless · May 14, 2024, 4:04pm

The answer is insurance and other non-technical solutions.

Relevant quote:

I suggest keeping discussions focused on Purism, instead of measuring the security of hardware based on their assets’ economic value.

renehoj · May 14, 2024, 6:38pm

I don’t really see how that makes sense.

Purism are selling laptops with coreboot, there is not really anything special about their product. I don’t think their product is better or worse than any other Linux laptop with Heads firmware, a Fortune 500 company using their laptop wouldn’t make them more or less secure.

Not having Intel Boot Guard isn’t that big of a deal, lots of system don’t use Boot Guard. Purism doesn’t promise you the world’s most secure laptop, and I don’t think it’s unreasonable to claim that a Linux laptop with Heads firmware is a secure laptop, even if Fortune 500 companies don’t use it.

TommyTran732 · May 15, 2024, 12:08pm

Fedora ships proper firmware updates and have been doing so for years. Red Hat employees are also the ones who started LVFS. Fedora is FOSS but it is not crazy like PureOS, and it actually does things much more properly.