(Feel free to skip to the numerated questions if you don’t care for the context.)
I’m looking to maximize both security and FOSS while trying to stay within a budget and avoiding extremely complicated systems such as manually hardened Gentoo. We may also assume that advanced persistent threats are part of my threat model. I think Qubes OS is a decent option for this criteria, and while I’m not an IT professional I am willing to learn.
I’ve seen conflicting advice on which hardware and firmware you should choose when trying to maximize security. Some of these in-depth discussions have taken place here in the extremely long “Discussion on Purism” and “Secure hardware for Qubes” threads with significant portions of the back and fourth happening between @TommyTran732 and @Insurgo. In contrast to Qubes OS recommended and certified hardware, some people make very different hardware recommendations. One of the most well put together examples would be this draft of an article from PrivSec.
I do not want to restart a debate, just looking receive simpler answers that new “security hobbyists” like myself could understand. If people from different sides respond, I hope that in this thread they can explain their positions independently from one another and without reigniting a debate that apparently couldn’t be settled. That said, including sources or short technical explanations in answers are appreciated.
Is it a bad idea to neuter Intel ME/CSME? - Many of the Qubes certified devices come with IME neutered (or prepared to be neutered at the users option) as it is seen by some as a backdoor, but the PrivSec draft article claims that neutering it (or preparing it to be neutered) also disables important security features provided by the processor. They also point out that if Intel or AMD backdoored their hardware, they could do so without needing to resort to ME or PSP which seems to makes sense to me.
How vulnerable is older hardware? - Many Qubes certified and recommended hardware is quite old and apparently no longer receiving microcode updates. How vulnerable are these devices as a result of this? If it’s an issue, what are the cheapest options for someone looking to use a laptop that will continue to receive full updates into the next few years?
How effective is Heads against physical attacks? – Despite the debates that were had, it seems most of the Qubes OS community supports the use of Heads. Exactly how effective is Heads at preventing (or alerting the user of) compromise from an attacker with physical access?
It’s currently safe to use the X230/T430, but if a new vulnerability is discovered that only can be fixed with microcode, there will be no fix for the old laptops.
Recently, the KGPE and KCMA motherboards stopped being usable with Xen/Qubes OS because of CPU exploit mitigation patches for AMD CPUs not being 100% compatible with older CPU models.
Would you be able to elaborate? In case it helps, I did include some context at the beginning of the post. Not sure if you’d need me to elaborate more on anything in particular:
Advanced persistent threats have ample resources and expertise in order to achieve their objective(s), so your choice of hardware and firmware may not matter against them. I highly suggest you perform a critical examination of your security practices and focus on preventing such access in the first place, especially physical.
Good point. That being said, I’d still be interested in finding the best available option just in case it helps, or at least it might provide better protection against lesser resourced attackers.
I don’t want to put words in your mouth but I’m sensing your answer to #3 is that it doesn’t really matter what firmware or hardware I pick when it comes to physical attacks and instead should try to physically hide or protect my device rather than bother with something like Heads?
To give you some understanding of my Qubes OS hardware criteria years ago, it was based on three requirements:
Anti-interdiction
Hardware kill switches
Coreboot
I decided the Purism Librem 14 with PureBoot Bundle Anti-interdiction was the best option for me at the time:
My root of trust is solely based on my own judgment, so I value any opportunities where I can reduce and/or eliminate trusting any third-parties. This article from @maltfield explains Trusted Boot and its contrasting models:
I will mention that who and/or what you trust will determine what options are best for you against your threat model, so I cannot necessarily provide suggestions until your order of priorities are known. Even though I may only use gratis and libre open-source software in my workflow, that does not necessarily apply to firmware and/or hardware due to lack of options, resources, and/or updates.
@FranklyFlawless I actually would recommend @novacustom over Purism. They don’t (yet) have hardware kill switches, but they do have (better) anti-interdiction services.
The photos of the screws that I received from Purism when I paid for the anti-interdiction services were so blurry that they were completely unusable.
NovaCustom actually didn’t have anti-interdiction services at the time I published that article. After they read my article, they added it.
Not to mention that NovaCustom laptops are Qubes-certified, something we don’t see from Purism…
Do you know when @novacustom will offer hardware kill switches for their products? My anti-interdiction service with Purism was fine and as expected years ago, although I understand that other Purism customers may not share similar experiences. I will ask @jonathon.hall about Qubes OS certification for the upcoming Librem 16 and see if there are any plans to resume it.
Could you be more specific about what exact quantity and type of hardware kill switches are planned? On the Librem 14, there are two combination switches:
The V54 and V56 Series product pages state that Dasharo Pro Package (Coreboot + Heads) is pending compatibility research. In addition, the Librem 14 also has a write-protect dip switch on the motherboard for the BIOS and EC firmware, although it is still not currently implemented yet:
Assuming that Coreboot + Heads will eventually be supported for the V54 and V56 Series, do they have a write-protect dip switch for the BIOS/EC, and if not, are there any plans to incorporate them into future hardware revisions?
If that means a physical switch: I’m sorry to say that we don’t have it. I think something like that would require modification of the motherboard, which is not feasible in our case. This is because we are a small company (3 employees in total) and have to reply on our ODM provider (Clevo) who is responsible for the motherboard’s design. Modifications like these would require a minimal order quantity of at least 10,000 units, which isn’t realistic for us at this moment.
Okay, who is spearheading development of these hardware kill switches? You, Nitrokey, or both? Is the development of this feature affected by Clevo’s minimum order quantity, or is the chassis treated differently from the motherboard in this case?
Q1 depends. IME has many features and most of them are not wanted. TXT is welcome if you use AEM. If you use TXT then keep IME, if not, then better get rid of it for reduced attack surface.
Q2 I don’t know.
Q3 On heads website they link to an article: Trusted Boot (Anti-Evil-Maid, Heads, and PureBoot) - Michael Altfield's Tech Blog
Towards the bottom of the article some vulnerabilities with pureboot/heads are written. In short, replay and relay attacks. Also if the adversary can get your usb secure key they can hack you as well in a couple ways. If they get both the laptop and the key they can also hack you. So Heads is not secure against advanced physical adversaries like you said in OP as your threat model.
I think the only choice you have is to use Glitter Nail Polish. It’s extremely difficult to remove and reapply the glitter nail polish without it being detected. Even the greatest artists in the world have a lot of trouble with it. You have to use only 1 layer of glitter nail polish and it should have rainbow colors and varying sizes. Assuming the adversaries can’t defeat this protection then they can’t do replay/relay attacks or any other covert physical attack. The only thing they can do is put a hidden camera or use laser on your window for keylogging.
Is it worth using Heads in combination with Glitter Nail Polish? Yes because Heads can detect Rootkits and bootkits. The question is if DRTM would be better such as trenchboot instead of Heads for detecting rootkits and bootkits coming from userspace and kernel, I don’t know but Heads is open source and don’t need IME but trenchboot needs IME but like you said, maybe it doesn’t matter if you have IME or not because if Intel was an adversary then they have other ways of putting a backdoor. Another bonus with Trenchboot is you don’t need a usb secure key you have to make sure don’t fall into wrong hands. You need a backup stored somewhere and they usually recommend at a friend, obviously not at home where you laptop is. And the one on you can get robbed or lost or destroyed in an accident. So that’s one reason trenchboot seems a better choice in combination with glitter nail polish.
It would be helpful to know if you have a budget in mind, how flexible it is, and if you’ve confirmed you have open vectors of attack. From there you can cross reference vendors who have a solution for you. You may need to take a serious long think on the “cannot go withouts” and prioritize everything else accordingly.
For example, someone has mentioned anti-interdiction being a concern for them and it didn’t turn out as they expected. My followup would have been, “What was Purism’s response/handling of this?”. Did they make it right? If they made it right, would they sway your opinion? Is that important considering it was not right the first time on such a critical service? Can they be trusted? How paranoid do you need to be? Humans are human and do require some grace, so there’s that pebble for the other side of the scale.
Finally, if there’s a specific feature or capability you need, ask away!
I recently found a couple posts over on the Privacy Guides forum that I think are worth mentioning for anyone who reads this in the future. My takeaway is that IME is bad but disabling it probably leaves you worse off and there are currently no usable and secure open-hardware alternatives yet.
I never heard of TrenchBoot, too bad they’re not included in this discussion more because they seem like the better solution both for usability (issues related to needing Nitrokey) and probably security (see beginning of my comment). I skimmed some of the documentation and it seems pretty advanced to set up. I’ll have to do a lot more reading on it if I have time but I really appreciate the glitter suggestion since it’s a low-tech partial solution that I can realistically make use of now.
EDIT: Scrolling through the forum I was reminded of Anti-Evil Maid. Wouldn’t that also be an option?