I’m looking for docs or a statement, where I can read about the handling of the encryption keys on the Librem 5. Especially regarding the FDE and /home encryption.
For instance, Android is somewhat problematic if it’s already turned on. Bruteforcing the pin is much easier than on iOS and not every Android derivative uses the new encryption scheme which is also not ideal in terms of security. This rather old blog article explains it pretty well, why encryption on Android is kinda broken.
Another question is, if the Librem does use some kind of a secure element to store secrets like a TPM or ARM TrustZone. If it has something like this, it would be possible (if there’d be enough dev-wo_men-power) to integrate it into cloud backup solutions like Google does it with the Pixel 3 nowadays or a lot of other usecases I can’t think of right now.
There is a socket for a smart card. There is a more general discussion in this issue.
Sorry, but this link doesn’t seem to be valid…
Sorry about that. I think the issue is marked as internal, so it isn’t public. I’ll have to go looking for more resources about key handling. You might be able to find more information by searching the issues for that repository, or other related ones.
There’s an open task for the documentation about disk encryption that will need addressing before too long.
Peterpan: we’ve got a general plan, but we’re still fleshing out the details. The aim so far is to have the same level of full disk encryption as on the laptop, by whatever means necessary. That will most likely require a smart card.
Thanks for the article, that was an interesting perspective. It left me with some questions which I intend to learn more about.
Our long term plan involves a user-encrypted cloud backup service integrated with the Librem phones and laptops, so we’ve got you covered.
I know you’ve partnered with Nitrokey, but could you please somehow also support YubiKey?
Any idea if the smart cards that will be used in the device will be memory devices, or Javacard devices? And will there be APIs available to interact with it an store keys other than the boot key in it? (Similar to a TPM on a laptop/desktop.)
Although I think the keystore implementation on Android is abysmal, I do think it is a good idea. (Though, why they store public certificates in an encrypted store is still beyond me.)
FWIW - If you have a SIM card in the device, you technically have a “secure element”. It just probably won’t do what you want it to.
The dev kit already supports one SIM card and one OpenPGP compatible card, see the description.
Given the constraints, we want to make sure your secrets are as protected as possible. In the worst case, there’s the Librem Key which we eventually want to make compatible with the phone.
Thanks @dcz, that’s promising.
Even more, that the Librem Key - may - be compatible with the Librem 5 in the future™ (with USB-C instead of USB-A connector, it would be more than enough - even better, because you can separate the keys from the device)
You can do that with the smart card too
So the slot will be accessible from the outside? That’s awesome as well
I’m not sure whether it will be accessible from outside, but it will not be soldered on for sure.
The Smart Card reader is described as accepting “2FF format smart cards”… which is AFAICT the same form factor as a SIM card. While I’ve been able to find plenty of smart cards with the same chip layout, I can’t find any for sale in that form factor.
Will Purism include/supply a 2FF smart card? Will they sell them, or recommend some brands/sources that will be compatible?
I assume this one would work?
That looks like a 1FF (credit card sized) smart card. The spec says “2FF”, which is 25mmx15mm.
The page states:
"Cut-out for breaking out the card in SIM card format. Cards without ID000 cut-out can be ordered blank optionally and without surcharge, only with imprint of the serial number. "
However it’s just saying “SIM card format” not which one. Apart from that I assume again that a rasp would serve quite well as it’s only the plastic and not the chip itself which is too big?
The smart card reader will support GPG smart cards, and I think the plan is to sell them separately (but don’t quote me on that).
Since the L5 has hardware switches, it would be darn funny if it had a quarter inch wide half inch tall round white plastic pull-up that looked like it came from the receiver cradle of a Western Electric model 2500 with a secure switch tied to a encryption device.
“Ready to go secure? 1, 2, 3, … squeeeeelch!”