@ledOnion Hello there!
Of course removing physical components is pertinent for hardening.
The point I tried to make is reflected in previous comments.
The reason I do not offer removal is pretty simple. Maintainership issues and additional testing and separation of duties issues and related liabilities issues in terms of guarantees from refurbisher transferred to my side.
Without giving too much details, I keep original BIOS images and track item associated numbers to order numbers in case anything happens after shipping, and the item is sent back to me, so I can flash it back and resend to refurbisher. Doing as minimal manipulation on the hardware possible, while still testing the hardware extensively and monitoring fan noise and variation of expected performances against initial re-ownership of the hardware through Heads against deployed OEM disk of hardware and re-encryption of the disk image, which is the same for all sold items.
I’m not looking at either complexifying the testing process nor taking additional responsibilities off of the refurbisher here.
I think people are mixing concepts which justifies their requests. I try to not judge those, but there is no security justification behind removing a usb connected camera, even less on Qubes, as opposed to keeping functionality and putting tape on it or a slider, where it is useless confined under sys-usb until it is explicitly passed to the qubes where needed.
Same applies to microphone, where tape is less efficient. One could remove it, but nowadays, it is a needed feature and since it is secluded to dom0 unless explicitely passed to qube needed prior of use, it is not listening to anything, and even if it was, dom0 (as sys-usb) is not connected to internet, and consequently cannot exfiltrate data.
Removing wifi is the same. The standard wifi card is swapped to an open source driver driven minipci card, and secluded to sys-net. I understand the need of a air-gapped system, but if such laptop is needed, the laptop as a whole should be isolated physically, and physical slider on the laptop should be put in off mode.
There is no advantage, as a service provider to provide a distinct OEM image to remove such devices and create and maintain a separate OEM image without those physical components.
On top of that, you asked me to not provide an SSD drive, and to deploy osboot instead of Heads. I replied that you actually didn’t want a PrivacyBeast.
Removing Qubes, SSD drive: not providing a disk image (where relies most of my added value), replacing Heads with osboot, where relies pre-boot security with measured boot with the TPM with encrypted disk image, kinda nullifies in transit tamper detection altogether. Basically stripping off all the work and added value I provide.
I would ask more money to provide less, which is why I directed you to osboot/minifree. It does not make sense to me to provide such service.
You wanted a x230 with osboot and hardware components removed. You did not wanted a PrivacyBeast. Or didn’t understand what a PrivacyBeast offered.
It is not the first nor the last time that this is unclear for users, even though the website is pretty clear on the offer, where the product page restates it in even more details. People don’t read. This is my conclusion.
Hope this will be read from others requesting the same.
The service I provide is added value on top of refurbished x230 hardware, with pre-installed and up to date Qubes deployment, with transit tamper evidence where nobody in transit can modify boot nor pre-boot environment without being tamper evident. Encrypted Qubes installation is re-encrypted with a random disk encryption key passphrase that isn’t shared until hardware reception and the user booting the hardware, confirms its in a working state and validates that both firmware measurements are as expected and boot components detached signatures are validated per the firmware. Then transfer of ownership happens.
Then and only then, the transitional disk encryption key passphrase is shared so the user can launch the re-ownership wizard to re-own the TPM, USB security dongle and generate his own GPG keypair and re-encrypt Qubes installation with his own secrets. After that point, the ownership is transferred and the warranty on the parts is not covered by the shipping insurances anymore. You already accepted the state of the hardware, where shipping back becomes more complicated and fees are involved.
It doesn’t make any sense for me nor users to diversify the offer, even less without disk nor without Heads.
I think the website is pretty clear on the processes involved and the added value I provide. Without those components, what someone wants is flashing as a service, which would not make sense to me.
Hope that clarifies things a little more.
And sorry for my english, sometimes I seem to not be as clear as I think I am.