Hi guys, I really like their idea about that, and they make me feel I’m not the only one on the earth with such strange worries…
But there is a problem, I think they rely on the USB key to do the software part of temper evident, which is not good enough. We want this service because we do not trust the physical delivery path, so if there’s really a bad guy in the middle, he can just temper both the device and the key, even they are shipping to different address on different date. So when we use the key to test the device, how to test the key? The old chicken and egg problem…
I just came up with a thought, inspired from Apple company(I know you guys hate them). I think we could do something similar to their “activate” system for their IOS devices, but better:
- The disk is fully encrypted, and save part of the the key on the Purism server.
- Every time the computer boots, it will need to connect to the Purism server first to identify itself, Purism test the client signature to determine if the boot loader is authentic and untempered, then the server send the missing part of the key to the device.
- Such operation is logged each time, and no way to erase the log. The log can be checked by a webpage.
By doing the above, we only have to trust Purism(and a trusty device you may already have, to see the log), instead of a separate piece of hardware. Of course this should be optional because not every want to store their info online, or connect to the internet on every boot.
The boot loader would be heavier because it will need the driver and software for network, encryption, etc.
This is just my own thought, maybe stupid, I’d like to hear you guys’ ideas!