Will the Librem 5 have a TPM?


#1

First off, I’d like to apologize if this has been addressed already, and I just haven’t come across it yet. I’ve been trying to find information via developer.puri.sm/Librem5 and on the forums, but I wasn’t successful. I know they are working on a USB-C version of the Librem Key that will be able to work with the Librem 5 similar to how the current Librem Key works with the Librem 13/15. Am I correct to assume the Librem 5 will have a TPM as well? I didn’t see any mention of it in the hardware reference or schematics. I’m planning on supporting Purism with the purchase of the Librem Key and the Librem 5. From a perspective of a secure supply chain, as far as the logistics are concerned, I’m hoping to get a Key first if possible, and then a phone on a second shipment from an alternate carrier, and pureboot to provide Trust On First Use (referenced other places, but I learned of the term here). Is this going to be possible? It’s quite possible I’m missing something, but I thought I’d double-check before I invest because a TPM isn’t something you can necessarily fix after the fact. An API to interact with it on the other hand would be nice for developing apps to work with it as well. I’m a longtime privacy advocate, but admittedly new to the Purism community. Thanks.


Full-disk encryption performance in Librem 5
#2

When it comes to the TPM as the standard, the TPM devices are too big and power hungry to fit in the phone, so we won’t ship with one. What we will have is a smart card slot, and the USB port where you can plug in the Librem Key.

We are still interested in providing verified boot, and while the details are not entirely hashed out, I believe we roughly know how to get there.


#3

Ohh thats interesting. I always thought of TMP as a really small and only rarely active component. Only active on boot and other verification actions. And i know laptop have alot more power to draw form their battiers but modern ultra books aren’t especially wasting energie and i thought nearly all devices have TMP for secure boot nowadays, thought not a free user configurable like the librem notebooks.
Or am i totally mixing up things here?


#4

I might have misremembered the power draw thing, but you can certainly see that it’s a big component when looking at ebay pictures (it’s often sold separately).

When it comes to Librem notebooks, I don’t actually remember anyone saying that the TPM inside them is any different than any other TPM. Otherwise what you’re saying sounds right.


#5

Librem 5 won’t have a TPM. It will have an OpenPGP smart card which you can use to securely store GPG secrets and perform secure cryptographic operations on-chip, so in some ways it will offer TPM-like features.

We are also looking into using an external Librem Key along with PureBoot to offer tamper-evident boot protection much like we have with our older Librem laptops that don’t have a TPM but do have PureBoot firmware installed.


#6

Thanks for that insight!

Sorry I am a noob to OpenPGP smart cards - would I have to put it when booting and remove it after that so that noone get’s the secret or is the smart card secured in some way? Or would this work as a private key of mails where I enter a password and then the OpenPGP card stores the private and public key for everything else? Would it be bad to loose the OpenPGP Card together with the mobile phone to a perp?
Sorry if those are stupid questions :-/


#7

You would leave the OpenPGP smart card in the phone and you would have to type in a PIN to unlock and use the keys you store on there. If someone gets access to it, they’d still need to figure out your PIN to use the keys on there, but even then, they still couldn’t extract the keys from that smart card and use them elsewhere.


#8

Will there be options for people that use Yubikeys (NFC and/or USB)?


#9

How about secure boot?


#10

Secure boot is, if I understand right, an UEFI/Microsoft thing. The verified boot we have on the laptops is using PureBoot instead, and we’re thinking about following a similar path on the phones.


#11

I didn’t mean the trademark, I meant the concept of boot security. Good to know you are considering it.


#12

Interesting. Thanks for the reply. That seems like that would be a good way to implement it. On the topic of device encryption, and just so I’m understanding this correctly, would it be safe to say from a developer’s perspective, that when a Librem 5 client would want install my application, they would generate a PGP key pair that would be unique and associated with my application, and they would exchange their public key with my web server(s) that I could tie to their user account, and I could exchange my public key with them so we could essentially have containerized encrypted communication on a per application basis? Also, am I correct to assume their private keys would then be stored on that smart card? Thanks.


#13

I don’t think this was something we wanted to implement on a per-application basis. The idea was simpler IMO: provide end to end encryption on a per-contact basis, like GPG with email, or XMPP with OMEMO, or Matrix.

gnome-keyring-daemon allows for applications to store secrets in a secure way, so if you insist on implementing a special way of communicating in your app, you could take advantage of it. The master key to the keyring would be what is stored on the smart card as I understand it.