Supply chain protection

Considering that the first batch of Librem 14 units has arrived at Purism, I figured now might be a good time to recall the lessons of the SuperMicro episode. Short version: the Chinese manufacturer put a tiny extra chip on the board which looked like a standard component but was apparently designed for arbitrary data exfiltration. And then, there are more sophisticated attacks which rely on changing firmware during compilation or even circuits during hardware tapeout or silicon etching. The best demonstrated attacks donā€™t even involve logical circuit changes; they involve analog changes, such as making a pair of wires a bit too close together so that pumping the right bit patterns over long periods of time can accomplish control flow changes.

For the present though, all of the foregoing attacks can be preempted relatively well by applying good practices. (That might change when someone succeeds in silicon dopant tampering, but Iā€™m unaware of any such attacks at present.) While none of the following safety checks are easy or cheap, theyā€™re worth discussing and perhaps at implementing to some extent:

  • All firmware should be burned at Purism, but if this isnā€™t possible for certain devices, then the relevant firmware images should be spot checked for modification. Randomly select some small fraction of laptops to tear apart for comparison. (Purism customers are, by their nature, probably rather valuable targets, so we have to assume that an attack on some other small fraction of its shipping volume would still be worthwhile for certain attackers. Therefore, the former ā€œsmall fractionā€ might need to be relatively large, to the extent that pricing will allow.) This blog post from Purism CSO Kyle Rankin discusses some of their existing mitigations, which are at least more comprehensive than Iā€™ve seen anywhere else.

  • Take xray micrographs of an entire finished motherboard, or chip-by-chip if necessary, in order to visualize all circuitry including CPU transistors. Use image realignment and differencing at multiple resolutions to identify changes in circuitry, unexpected etching artifacts, or inaccurately placed nanowires. (Iā€™d be happy to assist with the image analysis, but itā€™s really not that complicated. You could do it in Python and run it on a few GB of image data.) The success of this approach does of course depend on the inherent degree of placement error both at the etching and component levels, so you would need some sort of statistical model of that.

  • Use a Geiger counter flush to the board and its components to identify anomalous radiation which might have passed into the country undetected. This could indicate a circuit designed to decay over time, and thus change function.

  • Continue to offer and hopefully cost-reduce the antiinterdiction service with glitter nail polish. Brilliant idea! It will work fine until they find a way to implement a JTAG connection to chip pads via the fan grilles. Not likely at least for now.

  • Other ideas, post here. Iā€™m outta here for a whileā€¦

1 Like

This has been discussed at length on this forum before. And I donā€™t think that in principle much has changed since the last few threads about it.
I mean thereā€™s a lot I could say about it, I just feel like most of itā€™s already been said.

4 Likes

Should be fanless - so that there are no fan grilles.

1 Like

@kieran I concur. Fanlessness is zen and we donā€™t need no stinking Turbo Mode anyway.

@especiallydirect Thanks for pointing that out. I did find some previous discussions before posting but didnā€™t see all of that. My suggestions were by no means original thinking, just new thoughts on old problems that refuse to die.

That said, this is still the elephant in the room that commands more firepower, so a bit of redundant effort is justifiable. Granted, it might be economically infeasible to implement a robust verify-on-delivery program. So the more I think about it, the practical solution might look more like this:

  • Over time and to the extent possible, implement an authoritarian-free supply chain. I donā€™t care whether the authoritarian is on the left or the right. I donā€™t want him in my box and Iā€™m willing to pay a hefty premium to keep him out. Yes, someone will probably pipe up and point out that this-or-that supposedly democratic government is actually painted with streaks of authoritarianism, but there is a spectrum, you know? The Librem 5 USA is a major step in the right direction, but we need to move from cell phone assembly to entire laptop sourcing. (I know: itā€™s a huge ask which doesnā€™t get fixed overnight just because we throw money at it.)

  • Again, over time and to the extent possible, move to open semiconductor architectures which are more amenable to auditing. I applaud Purismā€™s strides thus far in terms of defanged firmware, but perhaps this could eventually extend to silicon, such as RISC V. If I were looking for a gaming machine or a server to use for AI training, I wouldnā€™t be here. But I think most of us are looking for ā€œsufficiently performant with maximum securityā€. Open-source silicon would do a lot to fill this role.

  • Yes, I do hear the chorus of ā€œitā€™s a lot more complicated and expensive than you thinkā€. So hereā€™s one final idea that might provide maximum-security-for-the-buck while not providing maximum-security-period: assembly a suite of existing and perhaps custom tools to perform deep packet inspection on the internet traffic emmanating via LAN and wifi. No security hack is a hack until it can phone home. It would be reassuring to know that nothing is getting out other than I what I cause the machine to release. This could be done rather straightforwardly in a crude automated browser test with an external packet sniffer. More sophisticated approaches would make the machine appear to reside in a geographic area rich with cyber targets, while serving a cache of ā€œtop secretā€ documents downloaded from Wikileaks (with minor changes to defeat hash matching) or just flat out fabricated. Put Qubes on it with strong passwords so thereā€™s minimal risk of leaks unless the hardware is compromsed. Then plug it in to a VPN, get some popcorn, and watch the packet sniffer to see if anything gets exfiltrated, encrypted or not.

  • Well, Whistler, why donā€™t you shut up and do it yourself? Because my role is to be a whiner. Someone out there with better skills and better equipment in these areas would be better placed to executed on these ideas. At least, Iā€™m a whiner with a wallet and an insatiable desire for better security.

See also:

1 Like

Replied over in your threadā€¦