'Reasonably Secure Hardware' (Stateless Laptop Progress & More)

This is a long thread relating to future hardware design for secure Mobile (Laptop) End User Devices.
The purpose is to create a start a discussion with the aim of gathering ideas for a possible future reasonably secure hardware framework for EUDs.

1. Statelessness
   Not much seems to have been done here, such a shame. I would like to know, with current complexity of SSDs and future RAM (see OpenPower issues), is statelessness going to be possible (i.e: will it be unfeasible without new component standards specifically designed to enable statelessness)? In addition how could statelessness remain secure and user-friendly when we start to compartmentalise hardware (i.e. dedicated router) - can one ‘trusted stick’ be used for separate ‘computers’ in the same device?

2. Compartmentalisation of Hardware

There is at-least one company I know of that has integrated this design inside the laptop chasis, see:

The question here is, with our current knowledge - given the current insecurity and complexity of hardware (SSD and RAM essentially becoming mini-computers), which is only increasing - what mechanisms ought to be in place to compartmentalise these different components - thus what standard can we create? Joanna briefly mentioned integrating a ‘proxy’ into the trusted stick, see

Abstractly I would propose splitting the motherboard into standard form-factor isolated boards, with some-sort of dumb KVM switch connecting the keyboard and screen to each for management. The compute board would be conected via a standard high speed interface to the router board. Of-course with power-based hardware switches (for camera, microphone, speakers, network cards, etc) for when not needed.

This, however, is already becoming standard in implementations such as CSfC above, so I’m thinking what further is needed - and, how can it remain easily managable for the user (assuming an ‘advanced’ user, i.e. someone who is already ok using Qubes)?

I am trying to think of practical solutions for the future. Yes there’s RISC-V etc but if we want ‘reasonably secure’ then blindly trusting the CPU seems like a very bad idea. Thus, at the very least, to maintain security whilst using an external network a dedicated router is necessary.

3. Passive Intercept/Logging
   Passive intercept/logging undeniably has a value in identifying advanced attacks. The question here is not how difficult it is, for it would be rather simple to do with today’s small form factor technologies. The question is, given a reasonably secure hardware design - how useful would passive intercept be?
   I can only think, assuming interfaces between boards/components/compute-devices are encrypted, the only real use of passive intercept would be post network-card transmission (i.e. passive monitoring of the U.FL cable for the wireless card, passive monitoring of the ethernet cable for the wired card). This would catch any comms not being securely tunneled*.

*Though, of course, it doesn’t stop the local access point names from being broadcast via the secure tunnel somehow in an encrypted format - passive monitoring would /enable/ any sort of metadata steganography to be caught and this is not a trivial attack.

An example ‘standard’:
Hot-swap NVME SSD drives with readonly switch

Standard form factor for router board, easily replaceable
Standard form factor for passive monitoring board, easily replacable
Standard form factor for network cards
Two wireless network card M.2 slots with C.FL/U.FL to SMA/external-connectors

Hardware (power-based) switches for:
Network cards
Display
Speakers
Microphone
Camera
RAM wipe switch
Trusted Boot Port (for trusted stick - containing firmware and readonly partitions)
DUMB I/O switch (to switch between router/computer/passive-monitoring device management)

That’s a really high-level list of requirements, the purpose here is not merely to refine those - but to discuss how they would be technically implemented. (As above, i.e: passive tap on the C.FL and ethernet cables).

This has probably come out as a long ramble, my apologies, I don’t expect many to read, letalone reply.

I don’t have much to contribute, unfortunately. Just wanted to add here a link to Joanna’s post that is very much related (I think).

https://blog.invisiblethings.org/2015/12/23/state_harmful.html

Do you know of any advances since:

?

yes. heads is usable, yet still considered to advanced users: https://osresearch.net/
there are 2 company’s that sell laptops with heads installed (insurgo and nitrokey). T430 from lenovo (used)
You can buy a x230 or t430 and build heads rom and flash it.

And Purism, their pureboot is just rebranded heads

Pureboot is not rebranded Heads, it’s Heads + Coreboot + Neutralized ME + Librem Key

ok, my bad for the language. What I meant to say is that Pureboot is based mostly on Heads.
As for the other components of Pureboot, is it actually possible to use Heads without Coreboot? My x230 also has a neutralized ME and the the only difference I see with the L14 with Pureboot is that the librem key actually flashes instead of me having to manually check the TOTP every time. So basically, it is a good Heads configuration with a key that flashes.

there are several tastes of heads you can choose, if you build, including (or not) integration with librem key or nitrokey. Meaning, you could buil yourself the ROM with the same feature.
You can even switch between them if you find advantage in one of them (except between maximized and non maximized ROMs)

@fsflover wrote:

Heads + Coreboot + Neutralized ME

Heads is a Coreboot payload, so they always come together. When building
HEADS/Coreboot one also neutralizes the ME for ones particular machine
(it’s part of the make/build process).

• Librem Key

… or any other method like TOTP or Nitrokey. Librem Key BTW is a
rebranded Nitrokey. I find it entirely fair to call “pureboot” a
“rebranded HEADS”. What did they add that wasn’t there already?

That being said. Heads + Coreboot + Neutralized ME + Librem/Nitrokey is
awesome.

I myself don’t even use all that (yet), but I suspect that they at least have been improving the UX and compatibility between all those things.

@Quser59 another great post with very important points (thanks for sharing info about Archon). My $0.02 would be that we have huge problem with user adoption of advanced hardware security. I already mentioned that on frame.work forum. We not only need hardware that give ability to build trustworthy systems, but we also have to do that in way that is acceptable by users. So far we have huge problems with that eg. please take a look about coreboot, heads, Qubes OS deployment procedures, UI/UX complains etc.

Having hardware that enables security is one thing, enabling security is other thing. What we see with Archon is that only gov level players can afford such stuff, and maybe only them have that threat model. Of course there is potential in digital currency environment to rise awareness, but still that would target rather infrastructure (good example is is 15k EUR pledge from Immunefi).

EUD market seem to be reasonably well handled by Arm presence on mobile market and I’m not sure if we can do anything with that. It maybe even not so bad for customers. Also if we consider ARM superiority to x86 (with maybe RISC-V and OpenPOWER being next in line), then it may happen we will get reasonably secure (or maybe stateless) hardware soon.

Finally, pushing all above very hard may mean wasted resources in face of massive capital that companies driving this business. 3mdeb always repeat we should not underestimate connections between SV, IBV, ODM or OEM unless we can, or partner with someone who can, offer something competing.

Love 3mdeb work!

KGPE-D16 dasharo not target dev workstation and qubes users? Re-upstream status?

Do we? For qubes?

Updates? TY @pietrushnic

@Quser59 fascinating post. New consumer options found since? Know other stateless laptop progress? prototypes?

Do you buy it prepared from Librem, assemble it on your own, or something else?

Edit: I’m asking since I hope to buy such a setup in the future. I am unsure about how to approach it. I don’t desire to learn how to flash BIOS or whatever

Option you may know are qubes-certified-laptops.

Think Sven mentions own NitroPad T430 equivs

Missing context. Are you asking about the Librem key or the laptop?

The laptop.

Edit: Dag nabbit. I meant the whole laptop with heads + coreboot + neutered ME. Although the nitrokey/libremkey is a sweet addition.

I should have pinged you in my previous post… Qubes certified laptops? Nice! Thanks!

Understand
When first saw

1200×898 224 KB

If qubes-certified-laptops had been option then I would have taken but learn less.

Today I envy weyoun.six who have heads x230, w530, and t430.

x230_w530_t430_heads3072×1226 431 KB

Edit: Credit weyoun.six

Houla. That is a terrifying picture that should be replaced! Can you point to where that image was taken from? It reflects a R&D setup more than a user oriented flashing setup. I can see there a disconnected crumb board (spispy project?), a connected teensy board (an open source hardware flasher project named spiflash from Trammel, also hosted as well on his osresearch github repo). What is shown on screen is also scary for someone just wanting to flash coreboot derivatives and doesn’t represent flashrom’s documented ch341a programmer reality.

People can flash with multiple programmers. A lot of documentation was produced from coreboot derivatives projects to flash with multiple devices following different values (opennness, accessibility, repurposing of already owned raspberry PI) of the authors who wrote the articles. The easiest and most accessible programmer is out of question the ch341a programmer with a SOIC8 clip, which is what is documented under Heads, which is a really good fit for Lenovo laptops.

It should look way more user-friendly. Something like this with documented ch341a programmer (most accessible and low risk approach for Lenovo laptops SPI chips which are tolerating higher voltage range then other capricious SPI chips in other boards):

ch341a_flasher1000×830 109 KB

This is @weyoun.six’s picture! (hopefully, that was ok flagging you!)

Again, as I try to remind everyone each time Heads subject is raised: the Heads documentation should not be scary, it should be accessible. And for that to happen, that documentation should be modified by those who struggled using them for them to be easier to follow.

I would invite everyone to contribute back to GitHub - linuxboot/heads-wiki: Documentation for the Heads firmware project in the goal of having https://osresearch.net/ as accessible to all as possible through incremental, community driven improvements!

At the end of the day, the actual certified products today (Lenovo’s x230, t430 laptops) are supposed to be locally accessible machines today, that can be bought refurbished or second hand locally for most to flash themselves with low technical background: Lenovo X230 Maximized | Heads - Wiki

After that, installing Qubes OS on them should be straightforward as well: Step 4 - Installing Qubes and other OSes | Heads - Wiki

Certified Qubes products aims at supporting specific hardware configurations with Qubes OS preinstalled.

The actual models have Heads pre-flashed. There is nothing stopping users replicating those hardware configurations, and to flash Heads on top of them and then installing Qubes themselves.

After all, a side benefit of the Qubes Certification is also to have Qubes OS team test for regressions on those certified hardware models.

yes, this is my heads xx30 family

my recommendation, if you are uncomfortable with pulling apart a laptop to flash, is to purchase an x230 through Insurgo to support all the work they do for the heads project.

but I would also consider this: if you want to mail me your xx30 thinkpad, i would flash it for you on a sliding scale donation basis. feel free to PM me if interested. i’m also willing to be a resource for people trying to do it themselves. feel free to reach out here or on the heads matrix/slack.