I’d like to understand what hardware identifiers such as MAC address, serial number, etc are retained by purism during purchase.
Say if I purchased librem 15 with my credit card, and later used the laptop in an airport or a hotel with MAC randomization off accidentally or if a local software collected my MAC and associated MAC with the product license. Does purism retain the MAC address or other hardware identifiers with my purchase history and my credit card?
No, we keep just serial numbers of the laptop, which can be found on stickers when you lift the back cover plate.
That’s good to know. Is the serial number stored digitally and accessible by the OS or BIOS? @mladen
Try this command:
sudo dmidecode -t system
or more specifically:
sudo dmidecode -s system-serial-number
I haven’t purchased the machine yet. Could someone with the machine check whether the serial number is stored digitally as stated by @amosbatto
Yes it works. The same serial is also pulled by the coreboot firmware update script. 
There is an important difference between the MAC address and the serial number.
The MAC address is intentionally disclosed outside the computer and requires negligible effort on the part of a malicious party to “collect”.
The serial number may not be accessible at all outside the computer. In other words, to get the serial number requires running code on the computer - in which case whoever is “collecting” that information in an airport or a hotel may well already “own” your computer - and the fact that the serial number is able to be collected by the malicious party is the least of your worries.
The exception to this line of argument would be if sandboxed code run in your browser (e.g. JavaScript, Java) is able to read the serial number.
The MAC address is also an identifier of your network card, and is NOT necessarily associated with the system. If you replace the network card, you will have a new MAC address.
You can also override the MAC address that is in use with a different MAC address.
@2disbetter Thanks. That’s is sad to hear.
@kieran
You statement makes sense in most situations. But in the use case of anonymity, it falls short.
I intend to use purism as a whonix workstation https://www.whonix.org/wiki/Comparison_with_Others ) that is physically separated with a whonix gateway. All data on the whonix station is tunneled via tor physically to the gateway. In this case, even a root level exploit is unable to de-anonymize the workstation.
Sure, it will compromise all the data on the workstation, which is disastrous, but at least the anonymity is preserved. For example, a 0 day in tails was used for de-anonymization rather easily. https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez I’d imagine such a 0 day is way easier to pull off than the interdiction purism charge $200 to mitigate.
I understand that I can spoof the MAC address. But if any hardware identifiers are exploitable via OS, then there is really no point in using a separate tor gateway.
I wonder if there is anyway to override the serial. It’s probably gonna void the warranty but I’m totally ok with that.
Depends. Given only user level access on the client device, probably yes - as it should be readable only to root (is on my computer anyway) - and root can either lie or alter the value. Given root / kernel access, probably not.
However it is important to note that dmidecode is just formatting a bunch of information that has been dumped there. It is not reading the actual serial number. So with kernel access, even if you can “alter” the DMI table to prevent the true serial number from being revealed, it is potentially the case that other code could obtain the serial number in the manner in which it was originally obtained and written into the DMI table.
If this is important to you then you will need either to ask Purism or grab the sources of the BIOS and try to find out where the serial number really comes from.
My opinion is that your desire not to have a unique machine-readable number in the hardware is legitimate and worthy of Purism’s consideration.
If you are worried about root / kernel exploits then the permanent MAC address is probably as good as the serial number. Even though you can override the MAC address, a root / kernel exploit should be able to get the MAC address before it could be overridden.
When updating coreboot it’s possible to change the serial number. So it’s stored in flash, not in a fuse ROM or something.
To get the serial number, you would need root access to run dmidecode or to read the information directly from /sys/firmware/dmi/tables/smbios_entry_point and /dev/mem. If someone manages to get root access, then your serial number is the least of your worries.
Yes. I’d rather be able to pay extra like the anti-interdiction service to overwrite/randomize the serial number to be 0000000 without purism storing it. Or purism can simply choose to not store the original serial number during purchase. Purism can warn that choosing this option will lead to no warranty. Or purism can offer a way to purchase anonymously. Sure purism supports bitcoin, but a shipping address negates the anonymity as well.
@kieran Yes, a permanent MAC address is a tracker, just like hardware UUID, microphone UUID, etc etc but @mladen stated in this thread that nothing else is stored, only serial number.
@vmedea seems “This feature is only valid for use with the standard/SeaBIOS firmware”. So will be out of luck with pureboot. But at least this shows changing serial number is possible
Please see my threat model above.
You statement makes sense in most situations. But in the use case of anonymity, it falls short.
I intend to use purism as a whonix workstation https://www.whonix.org/wiki/Comparison_with_Others 1 ) that is physically separated with a whonix gateway. All data on the whonix station is tunneled via tor physically to the gateway. In this case, even a root level exploit is unable to de-anonymize the workstation.
Sure, it will compromise all the data on the workstation, which is disastrous, but at least the anonymity is preserved. For example, a 0 day in tails was used for de-anonymization rather easily. https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez 2 I’d imagine such a 0 day is way easier to pull off than the interdiction purism charge $200 to mitigate.
Yes, that’s strange. It doesn’t look like the script injects any serial number into Heads/Pureboot at all. In which case it’s lost? Did anyone try dmidecode after upgrading to that? Does it still return one?
That (no warranty) is probably unnecessary. I doubt that getting warranty service would be contingent on being able to quote and verify a serial number.
What if
a) the sticker has long ago come off and been lost (although it is open to you to make a secure, private record of the serial number), and
b) the computer that is requiring warranty service is so borked that it is not possible for the customer (or Purism) to get the serial number from the computer.
In other words, if Purism wants you to quote your original serial number then you can probably still do that even if you have in the meantime randomised it or zeroed it but probably Purism wouldn’t insist on your quoting it. Perhaps an order number is a suitable alternative.
Also, in some warranty scenarios you will be able to restore the original serial number before requesting warranty service.
Also, would you even want warranty service given the exposure that you would have in returning the computer and subsequently getting it back? That is then anti-interdiction x 2.
What about encrypting the serial number with a secure, private random key and replacing the original serial number with that encrypted value (keep a copy of the random key of course) and if you ever need warranty service, you can provide a copy of the random key to Purism, which they can use to reconstruct the original serial number?
(This assumes that the encryption algorithm is not broken and is public i.e. best to use a current and standard algorithm. You are free to update at any time to a more current algorithm, as algorithms are broken or no longer considered best practice.)
After getting the computer back from warranty service you would have to generate a new random key and re-encrypt the original serial number.
You’re totally correct. I will definitely not want warranty service for this machine if there is a way to override the serial.
I mean, they can totally just use the physical serial number. I’m not opposed to a physical serial which is hackproof and can be easily peeled off.
BaAJJD, Many US states have laws prohibiting the removal of serial numbers, so I don’t think that this is service that Purism can legally provide.
Perhaps @MrChromebox can let us know if there is a way that you can overwrite serial number in the DMI table on your own.
I did some web searches and it looks like overwriting the DMI table requires specific knowledge about the board, and you may need tools/software from the Flash/EEPROM manufacturer. The documentation at flashrom isn’t very helpful if you don’t know the specific memory chip, but it does have this lovely warning about messing around with laptops.
Another option is to create a script that executes during boot that overwrites the serial number that is stored in /sys/firmware/dmi/entries/1-0/raw and /dev/mem.
Honestly, if you are taking the time to install Whonix, I doubt that you are going to let anyone get root access to be able to read your serial number, but I guess that you have your reasons.