Was my laptop tampered with during shipping?


#1

Hello!

My Librem arrived a few days ago, and I must say the quality is much better than I was expecting. Thank you Purism for making such a great product!

However, I noticed some… anomalies when I was unpacking it. First of all, the product box (the one inside the Fedex box) was ripped, and I noticed some of the screws on the bottom of the laptop itself were slightly stripped, as if they had been used already.

This reminded me of the NSA Router tampering that would occur en-route (during shipping).

No legal action occurred over the tampering so there is no reason why it wouldn’t continue today. And if there is one device that would be specifically targeted for tampering, it would be the Librem.

Is there any way to verify that my device has not been tampered with, or to prevent any such tampering (like firmware modification) from being effective? It’s a Librem 13v3 (non-TPM).

Thank you!

Edit: Specific Question… If I update coreboot, would that overwrite any firmware-level backdoor that might have been inserted? Or are there separate firmwares that may have been modified that could also allow remote access?

I think this is @kakaroto’s area of expertise, so I wonder if he can help me out :grin:

Edit 2: Yes this was a brand-new laptop


#2

Forgive me if this is an obvious question, but this being a v2 version, is this a new laptop? IE: Was it sent to you from Purism?

If not the obvious guess would be that the previous owner was rougher on the screws and this is what you see.


#3

Yes it is a brand-new laptop. Hence my surprise at the stripped screws.

Edit: crap it was actually a v3, without TPM. I forgot that all i7’s are v3.


#4

Curious. I didn’t know you could buy a v2 brand new anymore. Did you get it directly from Purism?


#5

Yes


#6

Not all i7s are v3. I recently ordered the i7 13 and the customs info from Purism (hasn’t arrived yet) states Librem 13v2.


#7

I think if you have TPM module it is a v3. If you don’t it is a v2.


#8

All L13v3 have a TPM, so if it says L13v3 on the bottom cover then it has TPM. If you ordered the one from clearance which is supposed to not have TPM, then either :

  • It was out of stock so they simply upgraded you to l13v3
  • Someone in the warehouse ‘screwed up’ and shipped you a l13v3 instead of the non-tpm l13v2 you were supposed to get
  • Someone in the warehouse ‘screwed up’ and after installing SSD/RAM, swapped the cover from a l13v3 with yours, so you have a l13v2 but it says l13v3 stenciled in the bottom cover.

Also note, all l13v3 are i7, but the l13v2 were both sold with i5 and i7 processors.

To answer the actual problem : The inside box being ripped is weird, and I doubt the NSA would do a mistake like that if they were trying to tamper. I’d guess someone (again) ‘screwed up’ and damaged it during packaging/shipping/whatever. As for the screws being slightly stripped, that’s weird but not entirely unexpected. Don’t forget that the machines don’t come pre-assembled by a robot in a factory, when you make your order, someone takes a ‘virgin’ machine, unscrews it, installs the SSD/RAM of your choice, the wifi card, then boots it, installs coreboot, installs the PureOS OEM installer on it, then goes through QA, then screws the cover back. It’s quite possible that that’s what caused the screws to get slightly stripped.

And finally, to answer the actual question: Yes, if you update coreboot, it would overwrite any firmware-level backdoors that might be inserted. There wouldn’t be any other firmwares that I know of anywhere on the machine, and even less one that would allow remote access.
If you are truly paranoid or worried, I would suggest opening the machine and flashing coreboot using a hardware flasher (because, if the machine is compromised, how can you be sure that you’re not running inside a virtual machine and the SPI controller simply ignores any write commands?). I don’t think that’s really possible to hijack the SPI controller, but it’s safer to say “the only way to know for certain is to use an external hardware flasher”.

But yes, if you’re worried, just update coreboot to make sure you have the latest version of coreboot and you have the one that you built yourself and known not to have been tampered with.

P.S: if you press ESC during SeaBIOS, if your machine has a TPM, then seabios should show you a “t. TPM Configuration” menu option. Easy way to check for it…


#10

My thoughts exactly. Typically if a high power heavily funded organization is trying to monitor you or infiltrate your hardware, they wouldn’t make it blatantly obvious. :laughing:


#11

Thanks for the informative response kakaroto!

Isn’t there a cbmem command which will tell me if my most recent write was successful, and what the currently-installed version number is?

For example, if I update coreboot with a new version, I should be able to use cbmem to read whether the installed version of coreboot changed successfully, right? I realize that if the attacker was sophisticated enough then this too could be fake, but I think automatically updating the backdoored coreboot version based on previous flash attempts is probably too sophisticated an attack for me to worry about it being likely.

I appreciate your help!

Also, BTW:

According to other people at Purism, all i7-based 13-inch Librems are 13v3. So now I’m getting conflicting information on whether mine is 13v2 or 13v3 lol… But I was previously assured that mine was 13v3 because it uses a core i7, regardless of TPM.

I really hope my changelog suggestion can be considered so we don’t have this confusion with future librems. :grin:


#12

@Rumpusparable

Not all i7s are v3. I recently ordered the i7 13 and the customs info from Purism (hasn’t arrived yet) states Librem 13v2.

@2disbetter

I think if you have TPM module it is a v3. If you don’t it is a v2.

See here for the answer I received when I asked about this.


#13

Thanks for that! Appreciate helping figure it out for me :slight_smile:


#14

cbmem is the coreboot log when it boots, so it wouldn’t tell you if the write was successful, but when you reboot, you can see the new log and see whether it shows the new version or not.
To see current version use dmidecode -t 0

I’ll need @mladen to confirm but I’m pretty much 110% sure that ALL L13v3 are with TPM, and that we had a bunch of L13v2 that had i7 and TPM or i7 without TPM.
To be more precise, the L13v2 was the main skylake machine, and we had a batch with i5 processors, then we made another batch with i7 processors (because i7 was promised to some people). Then we stuck with i7, but this was still L13v2. After that, we introduced TPM as an addon. Users requesting/choosing TPM received a L13v2 which had a small TPM module manually soldered on the motherboard in the factory.
After that, we redesigned the motherboard, the TPM module was integrated in the motherboard instead of being a manually soldered TPM module, and the hardware killswitches were moved from the screen hinge to instead be on the left side of the machine. Since this was a new motherboard design, the version number was bumped to v3.
So, yes, L13v3 all have TPM in them. They are also all i7 machine, but L13v2 came both with i5 and i7 and came both with TPM and without TPM.
What you need to know to figure out if you have a l13v2 or l13v3 is to look at what is written in the bottom cover of the machine, and just to confirm, if your hardware killswitches are on the side of the body instead of being in the screen hinge, then you have a l13v3.

Like this? https://wiki.puri.sm/hw
I replied in the other as well.


Changelog (feature request)
#15

Like this? https://wiki.puri.sm/hw 2
I replied in the other as well.

Well, there’s no specs or changelog on the 13v3 page, and there’s literally zero information whatsoever on the 13v2 page as of today…

So although the wiki looks like a great place to put a changelog/specification list, it doesn’t currently have that information.


#16

Yeah, it’s very much a ‘work in progress’/incomplete page, but that’s where the information should reside.


#18

Hey all,
I cannot help much with the tempering issue but it seems to me that updating/reflahsing all that you can is a solid starting point.

I am writing to chip in on the V2/V3 debate, my 13 is a V2 with an i7 and TPM. Switches are on the hinge and the cover says V2. I placed my order with the i7 but no TPM, as it wasn’t available yet, over a year ago. The manufacturing process took many months and through the course of my email exchanges with Purism I learned that TPMs had become available, so I had one added.

I think I am not alone in this because that batch of Non-TPM machines that were recently on sale must have included my original machine and everybody else’s who made the switch once that became available.

Good luck with your issue.


#19

Just FYI to the OP, and others: they have recently found exploits in the wild (more than just talks) of writing to special persistent memory in the BIOS that remains even after a BIOS flash.

http://infozonic.com/2018/09/28/lojax-first-uefi-rootkit-found-in-the-wild-courtesy-of-the-sednit-group/

I recently posted a topic to Purism to see if these machines are open to the same attack.


#20

I didn’t see anything in the article you linked that implied the malware would remain after a BIOS flash… Though that is an example of the type of malware I’m trying to protect against


#21

Your right. After re-reading it, they are exploiting Secure Boot UEFI firmware modules that are not protected by Secure Boot signatures. E g. If u have secure boot disabled it gives the attacker an opening. In addition, the system needs to allow writing to UEFI from within the OS. They also uses various bypasses to get around poorly implemented safe guards.

So yes, re-flashing rhe bios (aka UEFI firmware) looks to remove it - if the firmware doesnt precent you from re-flashing. There was anothrr article I can’t find at the moment that suggested it could prevent future writes by invaliding pre-flash checks.

I recall the old AMI legady bios flashing tools had a way to force a flash without checking, without a whole bunch of warnings. Not typically something an end user would agree to.


#22

My box was not even sealed. I think Purism should definitely implement some sort of tamper protection.