If I was a government these are the exact sorts of projects I'd set up as a honey pot to tempt people who are doing illegal things to use my pre compromised hardware.
How can I trust NitroPad more than another laptop manufacturer? I actually trust this much less.
That's because they do not produce the laptops. As it says on the website they're modified Lenovo X230 thinkpads. A super common laptop in the enterprise world
Sure - that’s why I said company/laptop. I should have been more specific, I guess. But pretty much everything about the writing, branding, marketing, and company seem too generic for me.
If you try to read the article, including the linked projects, it helps a lot rather than broadcasting every nascent thought that pops up in the head to the internet.
All the ingredients have been a long time in the making. To summarise, it builds upon coreboot, heads, nitrokey, and me_cleaner, all of which are open source and have been developed by various people in this domain who also know what they are doing. It uses a thinkpad x230 as it is an ivy bridge processor, the last generation of intel processors whose initialisation is open source and well understood. If you would like to read more about this specific combination, you can also read at https://www.qubes-os.org/doc/certified-hardware/#qubes-certi... .
I also read the article, and did look at the linked projects, and it's not clear to me how they solve GP's issue, because the company is still providing these solutions precompiled on hardware they control.
How does GP know that everything is actually being provided unmodified, without any backdoors?
> it helps a lot rather than broadcasting every nascent thought that pops up in the head to the internet.
I don't think this is helpful, it's unnecessarily antagonistic and dismissive.
GP's point seems reasonable to me; I don't see anything here that means that the Thinkpad x230 couldn't be modified before installation/paring, or that the tools themselves couldn't be modified before the laptop was shipped. If there is a reason to trust the initial build process, the linked page isn't explaining what it is.
>How does GP know that everything is actually being provided unmodified, without any backdoors?
They don't need to. That is precisely the point. The entire software stack is open source and reproducible (except a few KBs of Intel ME). As a press release, the linked post is brief. If you wish to read more on the technical aspects, here are all the constituent projects:
>> it helps a lot rather than broadcasting every nascent thought that pops up in the head to the internet
I think you mean "broadcasting every nascent thought that pops up into your head to the internet".
I did read the article!
I'm sorry that you feel hurt by me not trusting your hardware company but it's a problem that you will have to overcome if you are going to sell this more secure hardware to people. Maybe not insulting people who have valid concerns about your product might also be a good place to start.
Anyway, good luck with it, I hope you find a business here that is useful.
It's not my hardware company. No affiliation with them. I am not hurt; just annoyed because you proclaimed, "I trust this much less". This is precisely the goal of these projects. i.e., To reduce the trusted computing base. And the company is a fairly small part of the puzzle here. A lot of man hours have gone in building and reverse engineering various parts of the stack. Your statement is roughly similar to "I trust this much less" if it had been made sometime in the 90s on the linux announcement thread.
There will always be an abstract layer over which the user cannot/will not observe.
Until we mere mortals are capable of growing our own chips in carefully maintained vats, we are always going to be at the mercy of the wizards in their high tower, which represents the computing world today.
Computers are simply not something we can safely trust, for as long as they are built from a wide and diverse variety of components, and even then there is not a clear or responsible class of society capable of providing safe audits of silicon designs, without being immediately corruptible.
The only ways computing can contribute to trust is when society evolves, hopefully using a bit of computing power along the way, to trust itself inherently.
Even these third-party, open-source, audited systems are too untrustworthy. We need complete and open design and manufacture, the entire chain audited along the way, to come even close to having trustworthy systems.
With this in mind, I resist efforts of third parties to claim safe/security in their system integration efforts. Please, by all means maintain enthusiasm for the subject, but wake me up when the vat is warming up and the chips are growable, locally ..
We are to assume the firmware running the vats is secure? That they won't be secretly (or openly through legal compulsion) infecting everything they grow? You know, to protect the children.
> The Nitrokey Storage 2 additionally contains an encrypted mass storage with hidden volumes.
What use are the hidden volumes if it is already pretty obvious that they will be there? I am pretty sure that whichever party you are trying to protect yourself from with this, will know that a Nitrokey will have hidden volumes.
The idea is, that hidden volumes cannot be distinguished from a random data, until the correct decryption password is entered.
So while the device is capable of having a hidden volume (or more), one cannot prove its existence on device.
I get the technology and with a random disk it could make sense: there is no way to prove that there will be a hidden volume. But if you use this with a device that was built to support this, the plausible deniability becomes less believable.
How does this work with SSDs supporting TRIM? If it's enabled, that large block of space would be erased by the SSD. If you put a large file in its place, that's also suspicious (huge block of random data). If you disable TRIM, also suspicious.
Nitrokey Storage uses SD card, which AFAIK does not support TRIM. Before first usage it is overwritten with a random data.
Drive is presented to the OS like any regular (non-SSD) flash drive device, hence I do not think OS would issue TRIM on it.
my initial reaction is that it's a hefty price to pay for a lightly modded x230, but not everyone wants or is able to do these mods themselves.
I'm surprised nobody is going so far as to do the other common mods (1920x1080 IPS, x220 keyboard swap, make the X220 keyboard have all its native functionality, whitelist mods, i7/16gb config) to offer the fully hotrodded ultimate form. Having done them myself and seeing the amount of work, maybe the market isn't such that they would sell at a price that makes sense for the seller.
ThinkPad X230 (in my limited and skewed opinion) is still the second best laptop ever made (for purposes like mine), behind only its predecessor, the X220 which has (what I and many others consider) the best laptop keyboard ever made.
It’s easy to find one with an i5 that’s perfectly adequate for most ordinary business tasks. Pretty good screen, ports, battery life. Upgradable, sturdy, repairable. Highly unlikely to be stolen. $150 in like new condition.
I’ve bought them for all my non-tech friends and family who I support, all are happy. Please buy these and keep the market for parts alive.
if you're not already aware, swapping the X220 keyboard (and palmrest) onto an X230 is a fairly straightforward swap. That modification plus the FHD mod and accompanying 1920x1080 IPS make the X230 a very nice daily driver.
I remember there being issues with the keyboard swap with some buttons not working as expected, plus you have to tape some pins in order to avoid damaging the keyboard or the laptop itself.
Unless you strongly prefer the smaller form factor, I would suggest T530 (the intel igpu version, not the nvidia one) instead of x230. T530 supports FHD natively. The keyboard mod principles are the same for all laptops from that year. Keyboard mod resource: https://github.com/hamishcoleman/thinkpad-ec
after using larger machines I realized that laptops (for me) are for situations where a desktop is unavailable - airline seating, casual couch use, all generally things that don't require much. having recently acquired some P53s at work and traveling with them this week has really reinforced that idea. if an X230 isn't up to the task, it's probably the kind of work where I need to be at a desk with one of my desktop machines anyway.
That's correct. Hopefully the firmware components it is based upon will support newer platforms in the future. From my understanding that mostly depends on the hardware vendors, which seem to close their solutions, instead of opening them.
Anyway, for secure communication (email, IRC, Jabber etc) this hardware will suffice with the current specification.
It's a surprisingly performant CPU. I've been using an x230 (the slower i5 variant, even) until a year ago and I felt pretty productive with it. In between Intel microcode nerfs and all kinds of software being rewritten into performance-hungry web-based SPAs I wouldn't recommend it in 2020, though.
>Secure
>8 year old Intel Processors full of CPU bugs
I don't get how you can call this secure. Without those CPU's it certainly would be an interesting device. But advertising it as secure and then using something like Qubes where those bugs break the very isolation Qubes is based upon ...
From what I understand the key is verifying that BIOS and unencrypted part of disk is unaltered. It is not verifying that any of the encrypted part of the hard drive has been tampered with. As such, it is not storing the hard drive decryption key on the USB stick.
Measured boot allows to verify the integrity of the installed firmware (which itself verifies the integrity of the Linux boot partition) by a separate Nitrokey. The idea is that you have your Nitrokey nearby and therefore safe against compromise, other than the laptop which may be left unattended.
This is actually a set of devices. NitroPad is a preconfigured refurbished x230 laptop, with replaced firmware and deactivated IntelME, as well as removed WiFi module on request. With it comes a companion device, Nitrokey Pro or Nitrokey Storage, which takes part in the boot verification process. Together they form a secure workstation.
Closest to your description is Nitrokey Storage, which in feature terms is a Nitrokey Pro, but extended with an encrypted storage on an SD card.
How can I trust NitroPad more than another laptop manufacturer? I actually trust this much less.