I am trying not to get paranoid about this so I thought I would ask the community first. I ordered a Librem Key on Jan 5. It shipped on Jan 6 via priority mail but I did not receive it in my mailbox till January 21 and the package looked like it was tampered with. Has anyone had a similar experience and seeing how sus it all went down, is it advisable to use the key? Thanks for your help.
1 Like
EDIT: I see from Purism’s main website that the Key has a 10-day (probably meaning business days) lead time after ordering, so the duration doesn’t seem too extraordinary, unless they indicated a sooner delivery. And if it was sent by ground transport, who knows if the fires in and around Los Angeles slowed something down?
As for the damage, it could have just been rough handling. Are you particularly at risk of government/law enforcement snooping? If you ordered with tamper-evident security measures, then you should contact Purism support, I guess.
2 Likes
It depends on your threat model.
2 Likes
Yes, it definitely depends on the threat model. If you are concerned that someone was able to extract the keys present on the device, then I think you could safely factory reset / generate new keys. If you are concerned that maybe some hardware was modified, the Librem Key was made in partnership with Nitrokey, and I believe it is based on the Nitrokey Pro. This repository seems to have information about the PCB layout and schematics of the Nitrokey, so maybe you or some other expert could compare the device you have with what should be there to look for differences:
If you are concerned that some sort of malware was added that can persist through factory resets, I’m not sure how to address that.
2 Likes
Persistent malware on the Librem Key could be removed by externally reflashing firmware:
- Nitrokey/nitrokey-pro-firmware - GotHub (on my GotHub instance)
1 Like
Yes, I am most definitely targeted, hence the switch to Purism.
1 Like
Then I would definitely contact Purism Support and inquire about it.
2 Likes
Wrote to them twice - the last time on Jan 22 I believe. They haven’t responded, but then again even my email gets hijacked. Ugh.
2 Likes
I think Purism SPC should envision maybe introducing an Anti-interdiction service for this type of edge case when someone wants to be sure the key they ordered was not tampered with during transit.
It would not be that hard to implement: how about Purism sets a user pin code (and an admin as well) before shipping the LK and then once the key has been delivered to the customer, they would communicate both pin codes for the receiving end to test.
This can be done with current Librem Keys still shipping, because firmware is 0.10 - meaning it can’t be reflashed without loosing all internal secrets. Any firmware re-flashing would end up with none of the pins working, therefore detecting tampering.
This method would not work with newer NitroKey 3 familiy, since those can update/reflash their firmware while still leaving stored states untouched.
2 Likes
1 Like
Thank you for your references, which I already knew about.
But those do not address the specific problem of @NewUserAL who started this thread.
Purism’s Anti-interdiction service is great, but currently only applies to Laptop/Mini + LK bundle purchased together.
The question here, was how about such same service for the case that only a Librem Key is purchased (e.g. as a replacement for a lost or dead one) and the receiving end wants to be sure it was not tampered with in transit? This is why I suggested this simple solution in my post above, of an additional Anti-interdiction service for this specific (but not very common) case.
2 Likes
That would be fantastic!
1 Like
Thank you. I did but haven’t heard back.
1 Like
I agree with you!
1 Like