Questions about "anti-interdiction service"


#1
  1. Will Purism extend it’s “anti-interdiction service” to phones?
  2. Does anyone else in the world provide a similar service to their individual customers(not only to goverments or huge companies)?
  3. Will Purism do it for other vendor’s products(Act as a broker, with service fees of course)?

BTW, I’m not sure why they named it anti-interdiction, I think it’s more like anti-evil-maid…


#2
  1. Once PureBoot has been ported to the Librem 5, we’ll look into it.
  2. Don’t know the answer myself but my guess is no.
  3. Why when you can just buy our stuff! (Richard’s “fun” way of saying no).

#3

Because interdiction in the path from the supplier (Purism) to the customer is a genuine risk, particularly for some source and destination countries.

https://shop.puri.sm/posts/the-librem-key-makes-tamper-detection-easy/

It also addresses an evil maid but the point is that once you have custody of your computer, you are assumed to be in a position to retain custody and ensure ongoing integrity but until you have initial custody of your computer, it is certain that you don’t have custody and hence you can’t assume integrity, unless specific measures are taken. In other words, your evil maid is your problem to manage and control but it is assumed that getting initial custody is beyond your control. (That isn’t completely true of course. You are free to travel to the supplier’s premises, complete your transaction in person, and then retain custody for the entire return journey. Theoretically.)


#4

I think everyone here do love Purism’s products, including myself. But we have to admit they cannot provide everything we need yet: what about tablets, desktops, servers, SBCs…? Or someone may just want a AMD device for some reason… :thinking:


#5

All in due time my friend, all in due time.


#6

Knock one off your list: Librem Server :slight_smile:


#7

This may work with any physical aspects of anti-interdiction but, for the boot path integrity aspect of it, I am unclear on how much Purism could achieve.

As a hypothetical, let’s say I want to buy a printer and I am concerned that, between the vendor and me, some nasty government will ‘update’ the firmware so that a copy of everything I print is exfiltrated. (This wouldn’t be the silliest idea for said government to come up with - although in my case they will be very bored by the exfiltrated documents.)

Given that the hardware and firmware of the printer are opaque to Purism, the device maybe doesn’t have a TPM or any kind of trusted initial boot firmware, I am wondering how much could be achieved by Purism. Certainly if this is something that the other vendor wanted to get to, the vendor could work with Purism for a future model, but that would not be a simple add-on service. Even then, all you would be proving is that the potentially untrusted closed firmware has not been modified in transit. It is still untrusted.