My Librem arrived a few days ago, and I must say the quality is much better than I was expecting. Thank you Purism for making such a great product!
However, I noticed some… anomalies when I was unpacking it. First of all, the product box (the one inside the Fedex box) was ripped, and I noticed some of the screws on the bottom of the laptop itself were slightly stripped, as if they had been used already.
This reminded me of the NSA Router tampering that would occur en-route (during shipping).
No legal action occurred over the tampering so there is no reason why it wouldn’t continue today. And if there is one device that would be specifically targeted for tampering, it would be the Librem.
Is there any way to verify that my device has not been tampered with, or to prevent any such tampering (like firmware modification) from being effective? It’s a Librem 13v3 (non-TPM).
Edit: Specific Question… If I update coreboot, would that overwrite any firmware-level backdoor that might have been inserted? Or are there separate firmwares that may have been modified that could also allow remote access?
I think this is @kakaroto’s area of expertise, so I wonder if he can help me out
Edit 2: Yes this was a brand-new laptop