Firstly, let me be clear: I highly respect and appreciate everything the Purism Team have done to date, want to support you and have an L13 and L15 on order, however am now feeling like I may need to cancel my orders.
The real issue here for me, and surely must be for everyone else too (?) is what’s the point of stripping all the spyware / hack vulnerability out of these laptops to then allow it to be reinserted again during transit to the end user? Seriously, doesn’t this make the whole Purism project a fail, until we resolve this?
In the post “Preventing Shipment Interception”, solutions were proposed (holographic seal tapes, glitter nail polish over screws, etc) then quickly defeated with confirmed existing government practices (syringe to inject acetone under seal surface etc). To me, these solutions only help us confirm we have received a hijacked device which is then of no use to us. The real objective / solution surely is to deliver the Librem to the end user in a “guaranteed secure state”.
Are there solutions that can be developed / offered (even at additional cost?) to receive in a “guaranteed secure state”? such as:
SOLUTION - Technical
Is it technically possible to deliver solutions like suggested by @pixel such as laptop signing key, fingerprints, etc, which would cryptographically sign the motherboard to prevent change, or similar ideas?
SOLUTION - Physical
Just sharing thoughts, but I may be interested in an “option” to choose some additional physical security. If we made it “too difficult” for them to quickly interfere with the laptop while in transit(?)
I) to choose one-way security screws, in conjunction with having you “super-glue” or “Loctite” the screws in the back cover. Also use super-glue to glue the back cover on even under the screws so they can not access inside. I accept that would mean I have to purchase a new replacement cover along with a replacement battery 2 years down the track, but thats a cost I would accept.
II) use stainless steel screws as they are a lot more difficult to micro-drill into the head and use an “easyout” (screw extractor) to remove the screw.
III) if points above were implemented and did actually stop a hardware / chip hack, but laptop was shipped in a bootable state, then we are still susceptible to boot / software install which still means delivered device may not be secure.
IV) deliver each Librem in multiple shipments for end user assembly(?) to avoid “boot-n-tamper” in transit(?) but then is susceptible to chip replacement hack as case is not super-glued together.
V) Other feasible solutions(?)
If you think this post is an over-reaction, consider this: Purism is manufacturing laptops DELIBERATELY designed to circumvent government malware / hacking / hardware monitoring, so if YOU were in charge of such monitoring, would you not specifically target ALL products dispatched by such a niche manufacture? I think this “delivered in a guaranteed secure state” is as important as all the other aspects you have so brilliantly addressed to date.
@mladen @jeff @pixel @jvader @todd-weaver and others, I would seriously appreciate your response to my thoughts above AND/OR other solutions as I am genuinely seeking a solution for us all, and so I do NOT have to cancel my orders.