Discussion on Purism

I understand that the TPM is a passive chip. The point about checking timing does not require that the TPM is active. It can check the time as part of processing the requests it receives.

2 Likes

There is no timing difference to be checked if the firmware already knows which value to use to lie to the TPM

1 Like

The paper describes sending data to the TPM in multiple pieces, not all at once. You can send a value to “extend” a current value which the TPM will combine internally. So the TPM could be programmed to expect that a specific number of values are sent within a specific set of time windows, and that the final value which the TPM calculates based on the series of inputs matches the expected value.

For the benefit of anyone reading this thread, I again want to emphasize that I am speaking only in theory. I do not know whether or not this logic is implemented in Librem hardware and I make no claim that it is or is not implemented.

1 Like

More photos of the Librem 16 prototype:

My response:

This is a ridiculous statement. Everyone has their own threat model and this one can be good enough for some people. Also @marmarek disagrees with you. Also AFAIK it’s the only way to provide security while keeping the user ownership of the hardware without blind trust in any corporation, including Purism.

Discussed here: https://forum.qubes-os.org/t/how-exactly-is-heads-pureboot-secure/23092. Key link from there: Notes on how to audit a maximized flashed firmware image · Issue #107 · linuxboot/heads-wiki · GitHub

This is a ridiculous statement. Everyone has their own threat model and this one can be good enough for some people.

It is objectively worse than Boot Guard, which is available on standard laptops. You haven’t even pointed out how it is not theatre, especially when compared to Boot Guard.

Also @marmarek disagrees with you.

No he doesn’t. You can’t defend an attacker with a programmer. The glitter business is pure luck, and you wouldn’t notice it until it’s too late.

Also AFAIK it’s the only way to provide security while keeping the user ownership of the hardware without blind trust in any corporation, including Purism.

Except its not how the world works, and entities like Intel are still part of the TCB. You just crippled security by making it possible for an attacker to be able to flash malicious firmware and still has it boot normally.

What ownership? You can’t even make the device not boot malicious firmware.

Discussed here: https://forum.qubes-os.org/t/how-exactly-is-heads-pureboot-secure/23092. Key link from there: Notes on how to audit a maximized flashed firmware image · Issue #107 · linuxboot/heads-wiki · GitHub

Exactly. I made that discussion. Nothing in that thread contradicts what I said. This is substantially worse than Boot Guard and cannot protect against tampering like Boot Guard can. Did you even read what you linked?

I thought the glitter nail polish could create a unique pattern that would be difficult to duplicate.

The pattern could be examined by an App on my phone, and compared to a previous image. Images could be routinely send – to another computer to verify that I am using the correct one.

Or is the image of glitter nailpolish easy to duplicate?
Or is the compare program on the phone not accurate enough?
Or the entropy of the glitter nail pollsh have too low an entropy?

I would not be surprised that groups like the NSA could duplicate an entropy image. They can spend a lot of money to create new technologies that can accomplish nearly anything.

Sure, on a long enough timeline, the survival rate of anything drops to zero.

They probably also have access to the source code used by all the major laptop manufacturers, and can easily produce modified firmware for any major brand laptop. Then they just need to get the manufacturer to signed it, if they don’t have their own copy of the Boot Guard signing key.

The same people that can “easily” break into your house and flash a modified version of Heads, can just as easily do the same thing with Boot Guard protected devices, the Boot Guard signing key is not a fortress.

2 Likes

Flashkeeper will happen:

1 Like

Are you gonna check the glitter nail every time you boot your computer? Or are you gonna slip and ignore it from time to time?

maybe just when the computer was outside my control.

But my question was. Is it really a waste of effort, even if I checked it every time I was about to boot up?

EDIT: 7-11-2024

Tommy Tran raises a good point. I am not likely to do this test at every time I power up computer. Even if I did the test once a day. I would have some means to detect if something had gone wrong.

Let me say it another way. I don’t trust in any one method to make my computer efforts perfectly secure.

But

I want to do what I can to make it difficult for anyone else to interfere with my computer security.

However, even if I felt the Entropy in glitter finger nail paint was great enough to offer some means of verifying the computer had not been opened, my next problem is whether the phone app that measures the glitter, had not been corrupted.

1 Like

I am just speculating, but securing the pureboot (Heads) TPM could be maybe improved like this, assuming the TPM is passive:

  • Level +1: Purism would include in the firmware a user/personal passphrase chosen by flashing the firmware and encrypted by the librem key…At boot, it would display the passphrase so that the user should be aware of tampering (replaced firmware). So, if the firmware is replaced with a corrupted firmware version, ti would not display the correct passphrase. How couldd the corrupted firmware lie? The hack would be to read the firmware, extract the passphrase and include it at the write place in the corrupted one, build the firmware and hack, This would need time.

  • Level +2: the passphrase could be stored in a separate chip on the hardware, encrypted by the librem key, maybe.