It also addresses an evil maid but the point is that once you have custody of your computer, you are assumed to be in a position to retain custody and ensure ongoing integrity but until you have initial custody of your computer, it is certain that you don’t have custody and hence you can’t assume integrity, unless specific measures are taken. In other words, your evil maid is your problem to manage and control but it is assumed that getting initial custody is beyond your control. (That isn’t completely true of course. You are free to travel to the supplier’s premises, complete your transaction in person, and then retain custody for the entire return journey. Theoretically.)
I think everyone here do love Purism’s products, including myself. But we have to admit they cannot provide everything we need yet: what about tablets, desktops, servers, SBCs…? Or someone may just want a AMD device for some reason…
This may work with any physical aspects of anti-interdiction but, for the boot path integrity aspect of it, I am unclear on how much Purism could achieve.
As a hypothetical, let’s say I want to buy a printer and I am concerned that, between the vendor and me, some nasty government will ‘update’ the firmware so that a copy of everything I print is exfiltrated. (This wouldn’t be the silliest idea for said government to come up with - although in my case they will be very bored by the exfiltrated documents.)
Given that the hardware and firmware of the printer are opaque to Purism, the device maybe doesn’t have a TPM or any kind of trusted initial boot firmware, I am wondering how much could be achieved by Purism. Certainly if this is something that the other vendor wanted to get to, the vendor could work with Purism for a future model, but that would not be a simple add-on service. Even then, all you would be proving is that the potentially untrusted closed firmware has not been modified in transit. It is still untrusted.