Hello All,
I know this topic was discussed a while back but I wondered if anyone had any thoughts on this service offered by Purism as it now seems to be popular.
How does everyone feel about the protection this service offers?
Why is it that only Purism offers this service?
And if the hardware was tampered with, what exacly would you look for to check?
Thanks in advance
LinuxNew
As Anti-Interdiction it is part of the “chain of trust”, as Purism calls it, it’s only important (or useful), if such a chain exists at all. So, for vendors that care less about fully free (auditable) firmware, and without something comparable to PureBoot, such an offering makes less sense.
It starts with the hardware that, ideally, would be fully open/free.
Ideally, the hardware is assembled by somebody you trust. In the case of the Librem 5 USA, that would be Purism, not a Chinese contractor.
Next best is, having at least only free firmware. Purism is close to that, at least for the important components.
On top, Purism has PureBoot, meant to signal you malicious modifications.
But all of that doesn’t help if a high profile attacker can make modifications before PureBoot is under your control.
Further reading:
What is TPM and do I need it?
PureBoot Best Practices
Announcing the PureBoot Bundle: Tamper-evident Firmware from the Factory
Protecting the Digital Supply Chain
Anti-interdiction Services
Anti-interdiction Update: Six Month Retrospective
Thanks Caliga,
Does’nt Purism put the laptops together in the US?
To my knowledge, yes, the final assembly (at least disks, RAM, battery, charger…) of the laptops is done in the US. I assume they receive the devices as a (custom made) barebone (case with PCB, CPU, display…).
Likewise, the Mini (and the server?) are customized barebones.
For the Librem key, and the Librem 5 USA, it’s not only the assebly, it’s also the production of the PCB.
As Purism grows, they’ll try to go more in that direction, having more control over the manufacturing process.
So In a sense, if you buy a laptop other than a Purism laptop you have no idea if tampering has occured?
on that last … it depends at what level of the code you are trying to audit your software …
if you are trying to see the code of the higher levels on closed-hardware you might be able to do some BASIC auditing going (if you use GNU+Linux) but with the lower levels being not-free-software (i.e not even open-source - firmware,IME,the micro-architecture of the CPU,etc.) you are hitting a dead end …
still there is hope that those lower levels might NOT get exploited if you aren’t a high enough target
even then there remains the question of hardware longevity … if the lower levels of the code come with a “time-bomb” from the manufacturer you will find out that after a certain amount of predetermined time “your” device suddenly dies or has some other pain-in-the-ass problem that will render it unusable enough for you to “want” to get a new one 
Cool, but not something I would ever pay for. Of course, I don’t have any reason to believe that a government or private entity is targeting me for espionage.
I would assume that some companies are offering this service for government agencies and corporate clients, but they probably don’t publicly advertise it, and they charge a lot more than Purism.
Before Purism started offering anti-interdiction services, there probably wasn’t much of a consumer market for it. By offering it at a low enough price and by advertising it, Purism is creating the consumer market for it. It wouldn’t surprise me if other companies start copying Purism’s anti-interdiction services in the future, now that Purism is demonstrating that there is demand in the market.
The Librem Key can detect tampering with the boot software, so it prevents rootkit attacks, and presumably you have disk encryption, so that should prevent tampering with the operating system and your data.
For hardware tampering, you can look at the tamper-evident tape to see if the package was opened and look at the glitter nail polish over the screws to see if anyone has opened the screws. Presumably, someone could use nail polish remover to take off the old nail polish and paint on new nail polish over the screws, but Purism sends you photos of the laptop and its packaging before it is shipped, so you can compare the tape on the packaging and the glitter pattern on your laptop’s screws to see if it matches the photo. I don’t know if the photos are high enough resolution for this to really work, but it should work in theory since the glitter pattern over each screw should be unique and you can’t recreate it.
Purism also includes a photo of the laptop’s internals before the back case is attached, so you can check if any hardware spying device has been added to the back side of the PCB. However, if the spying device was applied during PCB assembly or put in between layers of the PCB (as was reported with Supermicro), then anti-interdiction will not detect it.
Purism released the schematics and x-rays of the Librem 5’s PCBs to prevent the insertion of spying hardware during assembly at the factory, but Purism can’t do that with the Librem 13/15, because the PCB is based on copyrighted Intel reference designs, so Purism can’t publish the schematics and I assume that Intel also has restrictions on publishing x-rays as well.
Have you seen the last video from Purism (11 June)?
Another vendor offering anti-interdiction delivery of a tamper evident system is Nitrokey. They offer rebuilt Thinkpad x230’s (they call their product NitroPad), running your choice of Ubuntu, or Qubes, using Coreboot, Heads, and a Nitrokey. Deactivated Intel ME, of course.
Nitrokey is a German company, and the Nitropads are built in and shipped from Germany.
The keyboards are quite good, there are hardware kill switches, etc.
With Purism, you get brand new everything. Nitropads are rebuilt, but solid, machines.
The anti-interdiction services of the two are essentially the same.
Thanks for mentioning the NitroKey NitroPad X230–I didn’t know about it.
This product was first offered for sale on 2020-01-08 and its anti-interdiction costs less (€100 + €20), so this is an example of Purism inspiring competitors. Given that Purism uses the NitroKey Pro 2 for its Librem Key, this is more like an upstream supplier deciding to offer a competing product.
This is another example of Purism pushing change in the Linux hardware industry. Purism was the first to sell a laptop with a neutralized Intel ME, and then System76, ThinkPenguin and TUXEDO Computers followed its example. Purism was the first to sell new Linux laptops with Coreboot preinstalled, and then System76 followed, and now TUXEDO Computers and Slimbook are also working on Coreboot ports. (There were used Linux laptops and Chromebooks on sale with Coreboot before, but the new Linux laptop companies didn’t decide that Coreboot was important until Purism did it). Purism was the first to sell a laptop with Heads, and then whiteboxdev.de and NitroKey followed.
(I’m not sure if System76’s decision to create its own distro, Pop!_OS, was inspired by Purism first creating its own distro, but it could be another example of Purism changing the Linux hardware industry. Of course, Libiquity created ProteanOS in 2011, and Nokia created Maemo in 2005, so Purism isn’t the first Linux hardware company to create its own distro.)
The Linux laptop industry hasn’t followed Purism’s example by adding hardware kill switches, but I think that is mostly explained by the fact that Star Labs and PINE64 are the only other Linux laptop makers who do custom manufacturing and they both focus on the low-end of the market, whereas kill switches are a feature for higher-end laptops. The hardware kill DIP switches in the PinePhone, however, were inspired by the hardware kill switches on the Librem 5, so it looks like Purism is influencing the design of Linux phones.
Re: System76; Pop!OS is their way of keeping their product stable for mainstream use. They kind of got screwed at one point, in that regard.
When I first became aware of them, I was impressed at the technical specs, the recent developments in their quality improvements, the obvious commitment to their laptop development. Solid machines. I figured since they’re Coreboot, and Ubuntu, the machines should be able to be configured to be Qubes compatible, and ship with Heads installed.
Wrong.
Not compatible with Qubes, no plans to offer a Qubes compatible option, either. I asked about Anti Evil Maid protection, and their answer was actually kind of misleading, until I pressed them on it. I asked if I could pay for a system with Heads installed, and they said they didn’t offer that. I then asked if their system was compatible with Heads if I wanted to do it myself - and was told no.
It was like pulling teeth, trying to get straightforward answers out of these folks, regarding system security capabilities.
Anyway, at the end, they said they understand how Heads implementation could be important, and claimed they were going to start looking at the compatibility issues, to consider offering it.
Sexy, stable products for sure, hard working intelligent people too, but I couldn’t justify putting down my money on something I’d always have to wonder about later.
For me, anti interdiction isn’t a matter of life-or-death. Not for me, personally. It’s an acknowledgement that this technology is far too easily leveraged for ill purposes, whether intentionally compromised or not, and that the personally responsible approach is to secure our systems as best we can. It’s a best practice principle.
In the end, the more demand for the service, the more people use the service, the safer the technology environment becomes.
I see System76 as serving a more general Linux market, so I’m not surprised that they don’t support Heads and Qubes.
I’m impressed by what System76 did with the free/open hardware case and IO daughter card in the Thelio, and the free/open EC firmware on their laptops and Thelio.
What is interesting to me is the fact that System76 and Purism seem to be switching roles on different platforms.
For laptops, Purism uses high-priced, small-scale custom manufacturing, whereas System76 used Clevo base models. For desktop PCs, the System76 Thelio uses high-priced, small-scale custom manufacturing, whereas Purism’s Librem Mini uses an ODM (probably Eglobal) base model.
Since I care about free software and free hardware, I want both companies to exist, since they are pushing the envelope in different areas. If System76 can push Purism to use free EC firmware in its laptops, I will be very happy.
Thank you everyone, there have been some great comments on this post.
I have a question about the disabled intel me, both Purism & system 76 state that they disable the intel ME on their laptops, but system 76 does not disable it on it’s desktops?
The obvious answer is ot ask them I know 
But could the reason be that disabling the ME on a desktop is more difficult?
Thanks in advance
LinuxNew