Preventing shipment interception, providing hardware integrity verification

We have not yet introduced anti-interdiction support, but now that we have a more solid operational flow with regard to assembly and shipping, we can revisit the anti-interdiction flow. Here is what we cannot and then can do; first we are not legally able to release the schematics, sadly, this is something as we grow leverage we do hope to do, but it will take time to get there; releasing the schematics doesn’t make looking for interdiction or tampering easy for most users.

What we are planning is this order flow:

  1. User places order, requests anti-interdiction support (+ $99)
  2. High-resolution photo of motherboard is taken during assembly
  3. Security seal of center screw, Trammell Hudson’s fuzzy nailpolish approach and photo of security seal
  4. Tamper resistant tape on inner bag or box and photo of tamper resistant seal
  5. Photos from #2, #3, and #4 are uploaded to the user’s my account page for viewing
  6. User receives package, confirms whatever level of anti-interdiction he/she feels comfortable in testing, be that the tamper resistant tape photo matches, or the security seal matches, or the high-resolution photo of the motherboard matches.

This is something that we have been working on for a few months now, such as getting the my account page to display the uploaded photos, getting the assembly flow to include an anti-interdiction section, and to confirm that this will suffice as a good anti-interdiction solution.

If you who are involved in this thread like this approach, or would appreciate to see this implemented, or have comments or suggestions along these lines, please reply here, and we will factor that into our upcoming anti-interdiction offering.

Thanks for the lively and healthy discussion on an important (yet often overlooked) area of security.

9 Likes

Firstly I would like to say that this is great news.

Obviously this would vary from model to model and between revisions, but would it vary from laptop to laptop? For example, do some components have unique IDs visible?

Yes, we put a serial number sticker inside, as well as various drive configurations, ram sizes, and wiring tape, all make each motherboard photo unique in their own way.

1 Like

Thanks to everyone here for your attention to an important topic. Although nothing is perfect, perhaps for starters simple physical deterrents would be the most manageable.

Custom designed, self sealed bags could cover the entire machine. That, and tamper resistant tape placed strategically on machine innards and photographed seems like a simple and relatively inexpensive place to start. Sparkle nail polish is cheap. If it were me, I’d change up the bag designs or use multiple designs and use a Sharpie marker to make unique markings for the photograph.

Pictures of individual machines (both insides & packaged) could be emailed to the consumer after the machine is sent, with instructions to photograph the product in its received form and to remove the tape before using.

This is far from perfect and I am a novice end user, but it seems to me that something is better than nothing while more sophisticated ideas are discussed. It requires the labor of communication after sending but that would create one more layer of specificity… sort of a physical password, as well as an opportunity to get feedback in real time about whether tampering is occurring, and if so, how often.

1 Like

Hi Alex,

I am no computer expert so I’d like to clarify a comment you made about using a mouse, and for that matter, and your thoughts on using an external keyboard too… I’m I correct to assume these extensions can compromise or tag my new computer? I use an ergonomic keyboard (made by microsoft) and a mouse. If these attachments shouldn’t be used, what would you suggest if anything for one to purchase? If Purism doesn’t have it, there’s probably nothing in the commercial market to have, and I would have to adapt to keep my computer safe. Thank you for any assistance. BEST!

  1. thats a fair price. id pay it.
  2. thats glittery nail polish, though i suppose fuzzy could work as well. it would be harder to photograph. finding a good glitter nail polish is difficult. it has to look similar at different angles. a blink testable setup would be great, but even with blink + filters, this is very difficult. make sure you put enough on there that the attacker would have to kinda drill the screw driver to get through it.
  3. try the syringe trick on the bag. maybe you’ll find one it doesnt work on. [edit: just realized, syringes are sharp, so if the bags not too thick, it would cut it :slight_smile: ]
  4. this means trusting your web site. you should put the sites fingerprint in multiple places so the user can verify this as well. such as keybase, github, business cards (with your pgp keys of course) etc. yes, its paranoid, but sys admins,journalists, and govt employees (military, intelligence, and law enforcement) will (should) appreciate it.
1 Like

Prepare to wait when you order one. Months of waiting. With no updates. By the time it ships, hostile nation state adversary will have long forgotten about you.

Presuming that you can trust the source. The best solution is to make it reasonably difficult but not impossible to compromise during shipping. If it were impossible to compromise the item during shipping, then the adversary (presumably government) would infiltrate the source (or it’s suppliers) and compromise the item before it ever shipped. But if the adversary believes that it can compromise every shipped item, then you can show up at the source and cart away the item yourself. Just don’t leave it unattended when transporting the item yourself.
Just my thoughts on the topic.
Rob

2 Likes

Are there any updates to this? I thought I read purism was going to implement some sort of tape or something but is anything actually happening with respect to identifying shipment interception?

1 Like

@todd-weaver: The order flow you described for new shipments looks great! Your post was from a year ago though…will anti-interdiction support be added in the near future?

1 Like

I might be wrong, but I think one of the major reasons we don’t have this service, even after two and a half years of discussion is because of the legal/cost aspect of it.

AFAIK interceptions can be as much illegal as legal. So what if an interception is officially labeled as “legal”, who is to pay for shipping, because I believe this is what’s gonna happen if the package will show “signs” of it being opened, most probably the customer will ship the unit back and then Purism will have to ship a new one in exchange.
These are extra costs, and then, what if it happens over and over when trying to send a package to a specific address?

If the interception would be illegal, I guess we would have the “guilty” one cover the costs both for shipping and for attorneys, which Purism will have to hire.

All these questions can only be answered by professional attorney and hiring a team of attorneys and dealing with such situations will not be cheap, and $99 will surely not cover that.

Disclaimer: please treat this comment as a subjective opinion.

I think 99%+ shipments won’t actually be intercepted though, and the $99 fee will help cover any and all associated costs. Plus once a shipment is actually intercepted & tampered with, Purism could advise that specific customer that they’ll be unable to offer future interception prevention for that individual - he/she would always have the option to pick the laptop up in person from Purism offices.

Basically this is an important service that will provide peace of mind to Purism customers that their Librems haven’t been altered during shipment. The mere presence of this anti-interdiction system will deter attackers, and it can always be re-evaluated in the future if there is a significant uptick in interdiction events. I see no reason to not move forward with this right way.

This is why it is important that purism has a seller outside NSA’s jurisdiction, who will receive the units directly from the factory. And this should be a small stable country. Not Germany or France. Try Belgium, Greece :wink:, Portugal, etc. Actually Greece is an entry point for Asian products for the EU.

2 Likes

guys this is very premature. Purism doesn’t even have RYF certification yet.

i was thinking the same thing before i tracked my package online with usps.

it was showing a gap of 3 days after it entered my country so 3 days of silence from the airport to my local post office/customs.
but not complete silence since it reported the package beeing taken to unkown place sometimes in between the moment it left the airport and the local destination. where ? bah … just communist security having a look at this bad boy i guess :wink:
guess it’s ok if i refused it because of no hot-swapable batteries
i think i would ask Cable from x-m** to scan my device with his eye and tell me what is wrong

Tamper-evidence for shipping is obviously something that Purism needs to work on. I would be happy to see all expenditure on PureOS dropped and diverted to this.

Also, I know that Purism is very busy with the Librem 5, but buyers of the Librem 5 will want it shipped tamper-evidently. So, this issue should be addressed before the Librem 5 ships.

For those in this thread who have been suggesting tamper-evident tape or seals, you should know that these are typically more easily bypassed than their marketing material will acknowledge. See, for example, Datagram’s talk from 2011 at DEF CON 19: Introduction to Tamper Evident Devices. I am not aware of many sources with information about tamper-evident seals that are both effective and inexpensive. Reasonable starting points are those discussed by R. Johnston et al in the Journal of Nuclear Materials Management, which is available fairly inexpensively from the Institute for Nuclear Materials Management.

Also, in order for Purism to be able to send photos of any seals to customers, without those photos themselves being undetectably intercepted and tampered with, the customer would need to already have a means to trust Purism’s public key, in order to trust Purism’s signature. (The key distribution problem.) If the customer is willing to trust Purism’s web server and its HTTPS connection to deliver them the correct key, fair enough. Users requiring stronger verification should do some upfront work to learn how to use the OpenPGP web of trust.

A least one person on this forum has reported that their parcel appears to have been tampered with during shipping: Laptop arrived today. Shipping box was tampered.

Since anti-interdiction has not become available, how can we take steps to return our Librems to factory state? I understand that certain hardware methods of interdiction are not easily detected by the average person, such as myself, but there must be a way to flash a stock BIOS, core boot, OS, etc. Basically everything from the ground up.

Is there a way to do this at home after receiving the unit?

https://puri.sm/posts/pureboot-the-high-security-boot-process/

Scroll down to “Interdiction”.
If you’re serious about it, make sure to supply your secondary shipment address via encrypted mail. The whole team has GPG keys.

Thanks for your reply, Caliga. That article was the reason for placing my order of both a Librem 15 and a Librem Key.

I did reach out to the Ops team following my order to ask about the anti-interdiction service and was told the service is not yet available.

1 Like

To clarify my question:

Since anti-interdiction using a pre-configured Librem Key shipped separately from the machine was not possible, I must take steps to ensure my system is secure upon receipt. I would think this involves flashing known-clean coreboot, Heads, and OS.

Reinstalling coreboot:
https://puri.sm/coreboot/
This document mentions that it must all be done on the Librem machine in question. Assuming the Librem in question is compromised, would the new coreboot image generated not then also potentially be compromised?

Heads: same concerns as above

OS: If the above are compromised, then OS security doesn’t matter.

If my thinking above is correct, can anyone point me in the direction of securing my new hardware?

If my thinking is incorrect, can anyone explain why and point me in the right direction?

Many thanks in advance!