Is the Librem Key Free'd?


#1

My understanding is that the Librem Key is based on the NitroKey.
However, most of the NitroKeys (except the Nitrokey Start) are not fully Free Software1.
Is the Librem Key different?


#2

at this point in time does it really matter ? they haevn’t got the RYF certification yet so … https://puri.sm/learn/freedom-roadmap/


#3

@reC I can answer that…yes, yes it does.
Freedom always matters.


#4

Our goal is for all of our products to be RYF certified, and we try to pick hardware components that are free and if that’s not possible we work to free the remaining components. This is a policy that’s part of our Social Purpose Corporation Charter:

The Corporation will design and manufacture hardware that respects users’ rights to privacy, security, and freedom. The Corporation will use hardware and software that respects users’ rights. Non-free, or proprietary, chipsets that require installable firmware binaries into the kernel will be strictly prohibited within the Corporation. If a suitable component part that fully respects these rights is not available in the marketplace, the Corporation may use a part in its products that does not meet this standard if it is necessary for the product to be fit for purpose, in which case the Corporation will: (1) provide purchasers of the product, in writing, with strong evidence that a free version of the part with equivalent specifications is not available and that developing a free version of such would not be feasible at that point in time; and (2) actively pursue the development of a free version of the part for its future products.

To answer your specific question, the Librem Key is based on the Nitrokey Pro v2 hardware.


Exactly which key types does the Librem Key support?
#5

@Kyle_Rankin So to clarify, no it is not free’d?
Also, why didn’t Purism base it on the NitroKey Start which is fully free1?

Cheers,
TheMountainSquirrel :v:


#6

Could you elaborate on which hardware component in the Nitrokey Pro isn’t free? The thread you linked seemed to indicate something about the smartcard but I had thought that OpenPGP smart cards could potentially qualify for RYF based on how the FSF treat write-once firmware (but there could be something I’m missing).

I don’t know that the Nitrokey Start was available when we first made our hardware choice, but we wanted the tamper-resistance of a standard OpenPGP smart card regardless.


#7

I would assume, that since the thread is about RYF Certification their answers were aimed towards the possibility of RYF Certification. It does state:

Smart cards in general aren’t very open and wouldn’t be eligible for RYF.
– jans23, NitroKey Member1

NitroKey may be misinformed but it sounds like a solid approach.
I would like to note the FSF RYF exception for secondary embedded processors which may be a place to start. @Kyle_Rankin

One more thing, why are smart cards are such a big deal.
I could be misinformed, but generally when I think of smart cards as the contactless credit cards.
What purpose does this help with?


#8

The benefit of smart cards is that private keys are stored directly on them and computations using those keys are performed on chip. This is important because smart cards are also tamper-resistant, which means that attempts to extract the private keys from the smart card is supposed to result in damaging the chip beyond the point that you could retrieve anything.

For instance, if the Librem Key didn’t use an OpenPGP smart card but stored the GPG private keys on flash memory, an attacker could remove the case and extract your private keys.


#9

Not based, Nitrokey Pro 2 is the Librem Key, they didn’t change anything^^
I asked the company who made the key.
Buy the cheaper Nitrokey Pro 2 if you’re living in Europe :slight_smile:


#10

What if I tell you that we did? :wink:

The Librem Key is a slightly modified version of the Nitrokey, to serve the use case that we in Purism are working on: a secure boot chain

And while it can perform the majority (if not all) the functions of a Nitro Key, in our use case it integrates with HEADS to provide a Tamper Evident boot chain.

Before saying that:

I would recommend you to read this article where we talk about what the Librem Key is, what is it for and specially the work that Purism in collaboration with NitroKey poured into creating the Librem Key, not only on the firmware side but also the modifications in the hardware, and adding the needed features for our tamper evident boot system:

I would also recommend you this article presenting Pureboot, our work at securing the boot process in laptops, which is the reason why we created the Librem Key

Lastly, you made this exact same post on more than one thread regarding the Librem Key. Our Forum rules clearly state: no double posting

I would not be mentioning this if it was a first time, but you have broken our forum rules several times, and I believe that some of my colleagues have already spoken with you about this.

Please respect the rules of this Forum:

https://forums.puri.sm/t/forum-rules-please-read-before-posting/760


#11

#12

#13

Thank you.
Okay yes a collaboration.
But if i buy today a Nitrokey they are exactly the same now?
-> That’s what the Nitrokey told me.

Why you not mention on your page, that if you are from Europe etc buy it in the Nitrokey Shop for climate and without taxes?


#14

Did you even read the links I posted in my previous post?

The Librem Key integrates with HEADS to provide a tamper evident boot, like described in the posts above. That is something the Nitrokey was not designed to do originally.

The Librem Key not only helps to provide this high security boot process, like described in the links above, but aside from that, it can also perform most if not all operations a normal Nitrokey does.

If this is not enough difference for you then there is not much more I can say.


#15