Hi guys, can u pls explain ALL the circumstances in which the librum key flashes red? The purism computer has not been connected to the internet AT ALL and the keys were reset several weeks ago so the key flashed green. It was quite a shock to see the key flashing red today, admittedly this is the first time I checked the key since several weeks ago…
Re-flashing the BIOS will cause this. If this is the reason for the red LED, you’ll also be prompted with a red screen asking if you’ve recently performed a BIOS re-flash, among other things.
Hi thanks for the response. What does it mean reflashing the BIOS? Basic question probably; I’ve mainly been using the word processor / media application nothing in the way of programming or using internet,
Since then I’ve reset the OEM / re-done the keys so it flashes green but it was working like that before, and usage was mainly office function and some media no internet so this makes me wonder has it been interfered with
In our case, Pureboot is our BIOS firmware. To re-flash the BIOS, you’d have needed to copy a .rom file to a USB drive, insert that USB drive into your machine, and manually re-flash your BIOS through the existing BIOS menu using the .rom file on the USB drive.
From what I understand: Pureboot is Coreboot+Heads. Heads uses your GPG key stored on the Librem Key to sign the OS /boot files. Heads verifies that no changes are made to the OS /boot files every time you restart your machine, using your attached Librem Key.
So, I think if something changed in your OS /boot filesystem, Heads would detect it, as long as the GPG key stored in the Librem Key has not changed.
Hi, thanks for the response, what kind of things can cause this / changes to the OS/ Boot file system? I’m not really clued up on this / not something I’d really play with. I had reset the keys awhile ago barely 1-2 months to get the librum key flashing green again but no real changes since then that I’m aware of
Yes, but it depends on what all is included in that software. For example, if only the web browser updates, I don’t believe that would trigger librem key to flash red. If, instead, the kernel or firmware was updated, I believe that would. I think that applies to any update that would trigger update-initramfs. I don’t have a librem so i can’t confirm this for you, but if your software updated very shortly before your librem key started blinking red, I would consider the update to be the cause.
The problem is this: it has not been connected to the internet in any way since the key was last reset to flash green. In fact I don’t event use that computer to connect to the internet period. There is no reason whatsoever for it to do that. No programming, no internet connection, nothing; it went from green to red. There must be some other way / some other thing that caused this.
What other explanations / possibilities can there be?
the computer is not on any network of any kind (e.g. WiFi is killed and no USB ethernet dongle), or
the computer is on a private network (e.g. WiFi is not killed) but the private network is air-gapped from the internet
?
I’m not across the full technical details of the Librem Key but I would assume that a local user could easily alter something that is covered by the integrity checks. See for example what Kyle Rankin does here https://puri.sm/posts/demonstrating-tamper-detection-with-heads/ in order to simulate a tampering with his computer. Note that in order for a legitimate local user to do this, that local user would need sudo access.
If you decide to make a formal support request to Purism, or otherwise, you would want to clarify exactly what your config is - e.g. which laptop, which BIOS.
To drill down, the WiFi is not on any network of any kind, has been killed, as in hard-kill switch activated / on / to make internet connection impossible
The computer is not used for internet, so the flashing red, for no apparent reason, is / was all the more alarming.
Is there a way to check all logs spanning last 10 days? Something must have caused it
This is a serious rhetorical question: where would it store the logs? If the whole point is to detect tampering, the logs would need to be somewhere that is tamper proof.
I think the underlying question of “when the integrity check fails, how do I know what part of the check has failed / what has changed?” is a valid question.
I’m still thinking formal support request with clarification of config.
If the librum key detects tampering, what kind of tampering is possible? What are the forms of tampering possible? Thanks in advance for your consideration
Hi, what is config? Do you mean ask support for clarification of config? Not sure I know what this means- so they can cross check somehow? Could you kindly suggest some steps to taken to be sure, it seems the integrity / tamper was broken so somehow getting to the bottom of it makes sense - no update was run, so something caused it