This document mentions that it must all be done on the Librem machine in question. Assuming the Librem in question is compromised, would the new coreboot image generated not then also potentially be compromised?
Since 2 months ago, no more replies to this important question. Did you receive any info from Purism themselves?
But it should also involve the firmware (and potentially hardware) of the TPM, the CPU, especially the IME, the SPI, embedded controllers and other), as anz of those might compromise you. In other words you would have to replace pretty much the entire system: There is no way to be really sure your laptop is not compromised (you could of cause assume, that an attacker would nt bother to compromise anything deeper than your BIOS or OS and just reflash/reinstall those).
I agree and found the solution provided me to be inadequate. I also found it to be the best reasonable immediately available solution among those recommended to me.
Decency warning:
If they want to fuck us, they will.
**I flagged myself **
2 questions:
Anyone knowing if also mobile phones have been tampered with while crossing border?
Anyone experience of bringing a laptop from the US to Europe on own travel? I surely would have to specify that I am bringing a laptop for the import countryâs customs, but do the US custom check what is leaving their country?
With heads and disk encryption there are more secure ways to confirm that nobody tampered with a Librem during shipping:
Purism could install the Librems like before, but with the (final) heads/coreboot. The encrypted disk would be protected by an initial password.
If the user bought a LibremKey it is inititalized with the needed keys, used for heads and for disk encryption. Then it is shipped in a different package on a different day. The pins protecting the LibremKey are given to the customer directly using a different transport medium than shipping (phone, encrypted mail, download link, personal meeting - whatever level of paranoia the customer is willing to pay for).
If the user didnât buy a LibremKey the passwords to unlock the initial disk encryption and the seed to initialize totp are provided the same way.
On initial setup the user should be warned to re-encrypt the disk to replace the master encryption key which had been generated at Purism with a knew one generated under the hands of the customer.
This is really good news then! 
@todd-weaver Will the LibremKey be shipped in a different package? Why use an default password?
The LibremKey and the disk encryption key should be protected by an individual password/pin during shipping that should be given to the customer personally like proposed above.
Probably there would still be an attack vector, but it would be a lot more difficult than just getting the parcel(s), tampering the device, signing using the LibremKey and the default password, copy the disk encryption masterkey and sending the device(s) on to the customer.
The initial goal with the PureBoot Bundle is to make it easy for the average user to detect tampering after they get the laptop so they donât have to go through the (somewhat complicated) initial PureBoot setup. Shipping the Librem Key in the same package and with default passwords helps with ease of useâthe goal isnât anti-interdiction except for in the most basic cases (average customs official, etc.).
To help protect against interdiction, you have to get our additional anti-interdiction services. This sort of thing requires extra work and back-and-forth communication between us and the customer so itâs not something we can offer as a default (or for free). But, as I mention in the article, the PureBoot Bundle does greatly enhance our already-existing anti-interdiction services because now we can do things like you are suggesting, including accepting a private key to pre-load onto the Librem Key, setting a new unique user and admin PIN, and shipping the Librem Key separately (and optionally to a separate address).
@Kyle_Rankin you wrote:
âif it blinks red, it was tampered with in transitâ in my understanding is the promise that what you describe in your announcement helps to detect tampering during transport.
Later on you confirm this by writing: âWhen you get your PureBoot Bundle, you can immediately test whether the firmware was tampered with during shipment.â
Yes, there is also the offer to contact you for a non-standard delivery: âFor an additional charge, you can contact us about our anti-interdiction services which, among other measures, ships the Librem laptop and Librem Key separately.â
But how many people do understand what you write and are able to distinct between âtampering detection during shippingâ and âanti-interdiction servicesâ?
Iâll let alone the - from my point of view - nearly not detectable border between those two in your argumentation.
I looked up âinterdictinâ on Wikipedia and found the following paragraph:
The term interdiction is also used by the NSA when an electronics shipment is secretly intercepted by an intelligence service (domestic or foreign) for the purpose of implanting bugs before they reach their destination. According to Der Spiegel, the NSAâs TAO group is able to divert shipping deliveries to its own âsecret workshopsâ in a method called interdiction, where agents load malware onto the electronics or install malicious hardware that can give US intelligence agencies remote access. The report also indicates that the NSA, in collaboration with the CIA and FBI, routinely and secretly intercepts shipping deliveries for laptops or other computer accessories, such as a computer monitor or keyboard cables with hidden wireless transmitters bugs built-in for eavesdropping on video and keylogging.
Iâll cite from your FAQ:
In your FAQ you compare security and privacy to âinstalling camerasâ and âwant unwanted people having access [âŚ] to your camera or microphoneâ. Theses are usually not attacks of average custom officers or script kiddies, but theses are standards you set - and for good.
From my point of view your announcement for the average user is highly misleading.
And yes, youâre right, what you call âanti-iterdiction serviceâ has to be paid for because it needs more work and time on your side. But people are here at Purism already paying higher prices, because it is exactly what at least I want to do:
Pay a fair price (and thereby I mean that from my point of view Purisms pricing is more than fair looking at the work you put into it) to get products focused on privacy and security achieved by using open source and open hardware as far as possible - and not to forget for the necessary processes to handle this software and devices.
My suggestion: Design a way youâd like to handle secure communication for pins and passwords, calculate what it costs and what costs sending the LibremKey in an additional shipment, add it to the pricing for âPureBoot Bundleâ and offer only that.
Yes, you can detect firmware and rootkit tampering in transit with the PureBoot Bundle without extra anti-interdiction work, just not from a sophisticated attacker. As I said before, it is enough if your threat is an average customs official, but likely not if your attacker is more sophisticatedâresponding to that requires more effort both on our and on the customerâs part.
That extra level of sophistication is not something all customers face, are worried about, or are willing to pay extra for. With all of our security measures we try to balance an option for the extreme case with what actual people need in the average case. This is why, for instance, the Librem 5 has 3, but not 10, kill switches and our compromise is to offer âLockdown Modeâ for those people who do need that option.
I donât understand this: Can you explain which attack vector / risk you mean by âaverage customs officialâ and how âPureBoot Bundleâ defends against it? What do you think an âaverage customs officialâ might do that can be detected by using âPureBoot Bundleâ?
Iâm not trying to be misleading at all, thatâs one reason why we arenât shipping the Librem Key separately by default with default settings to the same address because I feel it would give people a false sense of security against sophisticated interdiction. To do it properly against that real threat requires not just shipping a key separate, but extra work from our side and extra work from the customer side (and a lot of extra coordination between the two parties).
With the default PureBoot Bundle, any attack in transit against either the firmware or files in /boot (so attempts to install a rootkit by booting some kind of automated USB-based OS) by someone not sophisticated enough to be well-versed in PureBoot, Librem Keys, etc. would be detected.
You could make the argument, I suppose, that only someone very sophisticated would even attempt modifying PureBoot firmware since itâs so specialized, so the more likely attack by a less sophisticated attacker would just be focused on rootkits.
I wouldnât worry about it. If they wanna getcha theyâll getcha. Just consider Epstein.
My favorite is the darn hard plastic they seal small parts in at the store. Its near darn tamper proof even after you buy it. Even a package of 10 philips-head wood screws I could barely open with tin snips.
Perhaps have the initial shipment be a laptop with no OS, and a build of coreboot capable only of validating a GPG key and booting from USB.
Then, once the machine arrives, the end user downloads an OS install/bios install image that, upon signature verification flashes the bios and installs the os image.
Even then and with the key, youâd still have to be worried about the firmware of all the controllers, unless the aforementioned image reflashes and validates them all.
That looks really Really cool!
I may consider that $99 worth it. Iâm not living in a way that I need to hid things, but I talk so much shit about the Israeli Govt, Putin, Trump, Chinaâs Winnie the Pooh, and many more. That $99 might prevent a lot of gray hairs from forming early.
@Kyle_Rankin, I know that youâre not trying to be misleading and I believe that all of you people at Purism give your best and still - with all my questions and critics - I think youâre doing a great job developing things into the right direction. You are being an example for others - especially with your openness and willingness to discuss things.
But that said 
âŚ
Exactly. What kind of attacker would do anything illegal to a parcel in shipping? Yes, there might be the person paid to just switch on any notebook while connected to an usb stick. But really, how likely is that?
Further more: Just by being Purism and being customer to Purism we already proclaim that we are aware of surveillance and we are willing to invest effort and money to protect our self.
Iâd suppose the latter already gives us some focus by people who are interested in other peoples data.
I guess, if there is something like âinterdictinâ happening on a regular basis, people who interdict shippings sent by Purism know about the hurdles and about the weaknesses.
I just wanted to follow up and thank you @ChriChri for reviving this discussion on interdiction and the impact of the PureBoot Bundle on it. Ever since this discussion Iâve been thinking about this and even though shipping the Librem Key separately doesnât provide the same level of safety as our full anti-interdiction service, we should allow it as an option because it does protect against more of the casual interdiction threats than what we currently offer.
We just added an extra âPureBoot Bundle Plusâ option when ordering a laptop that will ship the Librem Key separately. It costs a bit more than the default PureBoot Bundle to account for the extra shipping and handling.
Iâll try to follow up with a blog post soon that describes the different threat models at play here so people can make a better-informed decision about which option they want.
I know this thread is finished, but I just had a thought while looking at the users manual.
https://docs.puri.sm/Librem_5/Settings.html#changing-your-passcode
If the Librem 5 is being delivered with an unstated preset passcode, does that mean it is somewhat randomly set and unique to each device shipped?
It occurred to me that it would be pretty good protection to have the recipient use their librem eMail to notify Purism of the shipments arrival, which would trigger a reply eMail holding a one time coded time sensitive link to a Librem page which displays the correct unlock code and the aggregate number of times the unlock code was queried.
When you start adding a lot of customization for each customer, in particular when that customization requires a lot of back-and-forth emails to coordinate, it becomes time-consuming and therefore expensive to do. This is why we offer anti-interdiction services as an add-on for the laptops, for folks who want that kind of customization and more advanced measures put in place:
basically it depends on each customers need and Purisms wilingness/ability to comply ⌠once the aditional payment is processed.
