Hi guys.
I like the idea of anti-interdiction for their products: https://puri.sm/posts/anti-interdiction-services/
However, I think it’s still not perfect. For example, a bad guy can just replace the red LED on the Librem key with a green one, and the user may have difficulty noticing that unless testing it carefully. Or, the hacker can replace the package with a compomised computer of the same model, paired with a key. I think seperated shipping address and delayed shipping aren’t going to help anyway.
I can think of a method to check the uniqueness:
- Having 2 secret codes A and B, both Purism and the user know both codes, but keep them safe, it doesn’t matter which side generate them.
- Purism input both codes into the computer before shipping it.
- The computer should ask for code A, and only after code A is correct, display code B.
- By checking code B, the user know if the computer is exactly the one he ordered.
This method is useless if the codes are stored on disk or in normal BIOS, even if the disk is fully encrypted. Because a hacker can just swap the disk/SPI or copy the contents to another compromised computer. But if this can be stored and verified by TPM, which is uncopiable(I’m not sure) and will be bounded to the rest of the components, it should work.
I saw there seems something related:
It seems they have a phone based system even before the hardware key, but I’m not sure if the customer can use anything sent to them digitally, to verify the computer ships to them.
Any ideas welcome to discuss.