New Post: Hardware Encrypted COMSEC Bundle by Purism

Hell yea. Me too. Now for that LUKS build for L5 to get back up and running so I can flash my baby.

3 Likes

You can use two Librem Keys on any Linux Computer. So it would not be pretty, but you could use a usb hub and plug in a Librem key.

2 Likes

I looked into it some, and the Titan M2 seems to do many of the same things our Librem key/OpenPGP cards do. In fact, we secure our bootloader PureBoot using the OpenPGP card in the Librem key. The big difference is, instead of locking down the bootloader and calling it security (Which is what the Titan seems to do during boot), the Librem Key locks down the code you, the computer’s owner, signed with your Librem key. The Librem Key gives the same kind of security without handing full control (on any control) to the hardware vendor. In the case of hardware chat on the Librem 5, the difference is that you can generate your own keys and copy them to the card, you can back this key up and make duplicates, or generate on-card keys that never leave and can’t leave.

2 Likes

It’s important to remember that if your “security” depends on keys held by Big Tech then your “security” just went out the window if

  • the relevant company is compromised (e.g. a supply chain compromise), or
  • the relevant company is “persuaded” by a government to do something unpleasant, or
  • of course if the relevant company is just untrustworthy.

So it comes down to: whom do you want to be at your root of trust?

You or someone else?

4 Likes

Me, myself, and I.

3 Likes

Is there going to be work done on E2EE calls through L5’s PGP?

1 Like

The others features coming up on Chatty that i really want it is SMS Encrypted.
There is a Russian App for Sailfish OS that enable SMS Encrypted also there are a WEP to support SMS/MMS via Libsignal on Sailfish-Message

3 Likes

I hope you’re not spreading misinformation. I’m not sure that one can use a different bootloader, but certainly on a Pixel phone one can “unlock the bootloader,” use one’s own keys, and boot whatever you want. Were you trying to say that’s not true? How do you think people load custom ROMs or create/sign and load their own ROMs?

Honesty, the fact that certain updates on the Librem 5 require you to re-key/re-sign even if you can’t be assured that the changes were from where you suspect (e.g. updates already signed with a key) is backward. A user should only have to sign-off on a re-key/re-sign when there is a change that isn’t signed. I’ve seen plenty of examples on this forum where confused users were being prompted to re-sign and didn’t know why. That should not happen – the fact that it does happen is a security problem.

And do you not think that’s true for every implementation of TPM 2.0???

Don’t you think it would be cool is if there were an OS API that every application could count on to securely interface with the TPM/smartcard ???

2 Likes

I’d like to have a discussion about this, as I’m new to Titan, and the info around this is very marketing heavy. Honestly I’d be happy to hear Titan makes it easy to manage and handle your own keys. But we make it possible on many of our products to replace the bootloader completely with Coreboot. You can even build you’re own version of PureBoot and use that. :thinking:
As for your idea about how to sign updates, I love it. We do want to make our products as simple to use as possible without taking away user power. Perhaps an option in Pureboot to auto except signed files from purism or something along those lines. This might be a fun use case for a key signing services as well.
Just a note, I’m personally not a security expert so I have a lot of catching up to do :sweat_smile:. And sure, a simple API interface would be really handy. The demo chatty build uses gpg as a back-end, but that could be cleaned up to be much less hacky.

1 Like

@jonathon.hall

I would only be okay with such a feature if it was opt-in.

1 Like

Any such feature would be carefully thought out of course, we would not allow any change to subvert your own control over your own boot files.

As some incompletely-thought ideas though, I do think there are situations where this information would be useful to provide, though not directly controlling the decision whether to boot. It might be useful to provide information like this when the boot files have changed, although as I’ve said over on Heads I think a better solution to that problem is to eliminate the question by involving the user to sign new boot files at the time the updates are performed.

Or maybe there is an application of this information in PureBoot Basic where you are not signing boot files at all - you might want to know if your boot files are suddenly not signed by your distribution any more, and if it’s intentional you could continue to boot. But it needs to be thought out properly.

2 Likes

Given that PureBoot (and the related use of the Librem Key) is not available on the Librem 5 - unless I missed the big announcement - lines may be getting crossed here.

That’s true - I think there is room for improvement as to how this works.

Again though

not applicable to the Librem 5.

This is more complex. The normal apt interface allows updates to be signed and in certain cases will complain if updates are not signed (or are signed but the signature does not validate) but the security guarantees are different.

If a user just wants authentic updates then the user should not use PureBoot / Librem Key.

2 Likes

The Librem Key is a smart card adapter, with a smart card inside, is not different than a Smart Card in a Librem 5. While PureBoot is not support on the Librem 5 as a bootloarder, you can still use the smart card to do encryption.

4 Likes

@Kyle_Rankin did mention about PureBoot on the Librem 5:

@jonathon.hall

Is there a need for this? From my understanding, there is no CPU microcode or TPM (PCRs) on the Librem 5.

I do think there is a use case for tamper evidence on Librem 5 just as there is on Librem 14 and our other products.

How exactly we provide that tamper evidence is still an open question though.

2 Likes

@jonathon.hall

Any ETA for Purism Librem 14 EC driver mainlined in LNX?

Thank you of advance.

1 Like

Is the openPGP card from Purism needed (to be used in the L5)?
Or will a third party openPGP card also do the trick, as long as it is a compatible ISO/IEC 7816-4, -8 card?

2 Likes

@carlosgonz Thanks for bringing this to my attention, I hadn’t looked into this as the EC driver has not needed any work from me yet. I don’t have an ETA yet but it is on my TODO list to check out.

2 Likes

Compatible third party cards should work; bottom line if it works with gpg from the terminal it should work.

3 Likes

Thank you.

1 Like