Hi, I just saw this discussion at PrivacyGuides on Linux laptops. I’ll say right off that this is not meant to start a war of opinions between the two communities - I value both and I’m sure some here read both forums. I just wanted to see what this community opinion was on:
“3. Purism
Circular logic. PureBoot cannot provide anti tampering by design. They are trying to check whether the firmware has been tampered with by trusting the measurements given to the TPM by the firmware, which the firmware can always lie about.
No Boot Guard to talk about. Decrepit old hardware with no memory encryption. Overpriced.
On top of that, the CPU is unfused. (The eFuse is to prevent tampering)”
Would be interesting to hear perspective on this in regards to a range of Purism products including with and without TPM (ie - Mini v2).
That is by design! Purism intentionally wants that no corporation, big (Intel, Microsoft) or small (themselves), controls what software you run on your hardware. You own your own hardware. You choose what software to run on it. If you want to run open source firmware then that is potentially incompatible with Intel Boot Guard. (I mean they may be willing to sign some code but you are at their mercy. It is very unlikely that you could compile your own firmware and get it signed.)
(There is also chatter on the internet that some Intel Boot Guard private keys have been “disclosed” on the internet, which means that for affected hardware, Intel Boot Guard may not defend against the attack that it is designed to defend against. It may still have value because it is still a barrier but it won’t defend against e.g. nation state attackers.)
This kind of locked-down-to-Wintel approach may well suit a company with a fleet of PCs. The company’s IT team very likely don’t want employees installing random firmware. However that can be a problem when it comes time to turn over the fleet i.e. sell off the old PCs to the unsuspecting public.
Regarding TPM, I think the challenge is verifying that the person making any claims about how it works is qualified to make such claims. Has the person actually read and understood all the code, including in the Librem Key? (After all, all the code is public - unlike any code subject to claims made by Wintel, which have contained relevant coding errors in the past.)
At the very least, the use of “decrepit” here is hyperbolic; it’s dismissive; it raises questions about the credibility of the person saying that.
When I think about all the computers that I have with an Intel CPU, all of them are “decrepit” by the author’s standards, despite the youngest of them being only a year old.
I could be wrong but I think that it’s only some Intel 11th gen CPUs and some later that have memory encryption. So, yes, memory encryption is lacking on the Librem 14, despite the CPU being only a few years old. But that isn’t a reason for every company in the world and every person in the world to throw out any CPU that does not have memory encryption.
When/if the Librem 16 comes out, it will be interesting to see what CPU it contains.
The reality is that some people can’t afford to upgrade all their computers every few years. So they can only have the most secure / most private environment that their hardware affords.
An interesting point here would be to try to assess what are the securitiy implications of having the CPU left unfused (or rather the PCH, because I think that’s where the e-fuses reside)
I have wondered about this, but unfortunately information is scarce.
Anyone has an opinion - or even better - factual knowledge?
My understanding: If you fuse it then you can only run what Wintel tell you that you can run on “your” computer. If you were going to do that anyway (i.e. run Windows) then fusing is theoretically a good thing because it prevents an Evil Maid attack. (The downside is then that on resale you are imposing your choice on the next owner. That might be OK if you plan to “own” the computer forever i.e. until it dies or becomes unusable for whatever reason.)
I guess a full examination of the security implications would also have to consider
which other entities can exert coercive control over Wintel (typically governments), and
which other entities might compromise Wintel unbeknownst to Wintel (could be state actors, could be other actors).
If you don’t fuse it then you would want to counter the Evil Maid attack via some other technique e.g. Pureboot + Librem Key.