How does the Librem 5 handle encryption keys? Does it have a Secure Element?


#1

I’m looking for docs or a statement, where I can read about the handling of the encryption keys on the Librem 5. Especially regarding the FDE and /home encryption.

For instance, Android is somewhat problematic if it’s already turned on. Bruteforcing the pin is much easier than on iOS and not every Android derivative uses the new encryption scheme which is also not ideal in terms of security. This rather old blog article explains it pretty well, why encryption on Android is kinda broken.

Another question is, if the Librem does use some kind of a secure element to store secrets like a TPM or ARM TrustZone. If it has something like this, it would be possible (if there’d be enough dev-wo_men-power) to integrate it into cloud backup solutions like Google does it with the Pixel 3 nowadays or a lot of other usecases I can’t think of right now.


#2

There is a socket for a smart card. There is a more general discussion in this issue.


#3

Sorry, but this link doesn’t seem to be valid…


#4

Sorry about that. I think the issue is marked as internal, so it isn’t public. :frowning: I’ll have to go looking for more resources about key handling. You might be able to find more information by searching the issues for that repository, or other related ones.

There’s an open task for the documentation about disk encryption that will need addressing before too long.


Librem 5 file encryption
#5

Peterpan: we’ve got a general plan, but we’re still fleshing out the details. The aim so far is to have the same level of full disk encryption as on the laptop, by whatever means necessary. That will most likely require a smart card.

Thanks for the article, that was an interesting perspective. It left me with some questions which I intend to learn more about.

Our long term plan involves a user-encrypted cloud backup service integrated with the Librem phones and laptops, so we’ve got you covered.


#6

I know you’ve partnered with Nitrokey, but could you please somehow also support YubiKey?


#7

Any idea if the smart cards that will be used in the device will be memory devices, or Javacard devices? And will there be APIs available to interact with it an store keys other than the boot key in it? (Similar to a TPM on a laptop/desktop.)

Although I think the keystore implementation on Android is abysmal, I do think it is a good idea. (Though, why they store public certificates in an encrypted store is still beyond me.)

FWIW - If you have a SIM card in the device, you technically have a “secure element”. It just probably won’t do what you want it to. :wink:


#8

The dev kit already supports one SIM card and one OpenPGP compatible card, see the description.

Given the constraints, we want to make sure your secrets are as protected as possible. In the worst case, there’s the Librem Key which we eventually want to make compatible with the phone.


#9

Thanks @dcz, that’s promising.
Even more, that the Librem Key - may - be compatible with the Librem 5 in the future™ (with USB-C instead of USB-A connector, it would be more than enough - even better, because you can separate the keys from the device)


#10

You can do that with the smart card too :slight_smile:


#11

So the slot will be accessible from the outside? That’s awesome as well :slight_smile:


#12

I’m not sure whether it will be accessible from outside, but it will not be soldered on for sure.