Sorry for reposting. Previous mail badly formatted. On Wed, Jan 1, 2020 at 3:16 AM Anil Eklavya <anilekla...@gmail.com> wrote:
> Thanks for putting all this information in one place. I was earlier > looking to buy Insurgio Privacy Beast, but it was not clear whether it > could be shipped to India. I then ordered Librem 13. > Website does the simulation in costs for tax and shipping costs. If shipping address returns a shipping option, it can be shipped to you. > > Is there any comparison available between these two, based on privacy and > security considerations? > Unfortunately, not for the moment. External comparisons welcome! At the end of the day, it goes to those simple points: - X230's Intel ME has no kernel, no syslibs. It is reduced to be able to boot itself and main CPU and is shut down, not having anything else to execute since the modules have been removed completely. See here <https://github.com/osresearch/heads-wiki/blob/master/Clean-the-ME-firmware.md> . - Here is an extract of the same me_cleaner command applied to: - X230: Full image detected The ME/TXE region goes from 0x3000 to 0x4ff000 Found FPT header at 0x3010 Found 23 partition(s) Found FTPR header: FTPR partition spans from 0x183000 to 0x24d000 *ME/TXE firmware version 8.1.30.1350* Removing extra partitions... Removing extra partition entries in FPT... Removing EFFS presence flag... Removing ME/TXE R/W access to the other flash regions... Correcting checksum (0x7b)... Reading FTPR modules list... UPDATE (LZMA , 0x1cf4f2 - 0x1cf6b0): removed * ROMP (Huffman, fragmented data ): NOT removed, essential BUP (Huffman, fragmented data ): NOT removed, essential* KERNEL (Huffman, fragmented data ): removed POLICY (Huffman, fragmented data ): removed HOSTCOMM (LZMA , 0x1cf6b0 - 0x1d648b): removed RSA (LZMA , 0x1d648b - 0x1db6e0): removed CLS (LZMA , 0x1db6e0 - 0x1e0e71): removed TDT (LZMA , 0x1e0e71 - 0x1e7556): removed FTCS (Huffman, fragmented data ): removed ClsPriv (LZMA , 0x1e7556 - 0x1e7937): removed SESSMGR (LZMA , 0x1e7937 - 0x1f6240): removed Relocating FTPR from 0xd00 - 0xcad00 to 0xd00 - 0xcad00... Adjusting FPT entry... Adjusting LUT start offset... Adjusting Huffman start offset... Adjusting chunks offsets... Moving data... *The ME minimum size should be 98304 bytes (0x18000 bytes)* The ME region can be reduced up to: 00003000:0001afff me Setting the AltMeDisable bit in PCHSTRP10 to disable Intel ME... Removing ME/TXE R/W access to the other flash regions... Extracting and truncating the ME image to "extracted_me.rom"... Checking the FTPR RSA signature of the extracted ME image... VALID Checking the FTPR RSA signature... VALID Done! Good luck! - Librem V3: Full image detected Found FPT header at 0x1010 Found 1 partition(s) Found FTPR header: FTPR partition spans from 0x1000 to 0xa8000 Found FTPR manifest at 0x1448 *ME/TXE firmware version 11.6.0.1126 (generation 3)* Public key match: Intel ME, firmware versions 11.x.x.x The HAP bit is SET Reading partitions list... FTPR (0x00001000 - 0x0000a8000, 0x000a7000 total bytes): NOT removed Removing partition entries in FPT... Removing EFFS presence flag... Correcting checksum (0x98)... Reading FTPR modules list... FTPR.man (uncompressed, 0x001448 - 0x002018): NOT removed, partition manif. rbe.met (uncompressed, 0x002018 - 0x0020ae): NOT removed, module metadata kernel.met (uncompressed, 0x0020ae - 0x00213c): NOT removed, module metadata syslib.met (uncompressed, 0x00213c - 0x0021a0): NOT removed, module metadata bup.met (uncompressed, 0x0021a0 - 0x00274a): NOT removed, module metadata pm.met (uncompressed, 0x00274a - 0x0027f8): NOT removed, module metadata vfs.met (uncompressed, 0x0027f8 - 0x003158): NOT removed, module metadata evtdisp.met (uncompressed, 0x003158 - 0x0032e6): NOT removed, module metadata loadmgr.met (uncompressed, 0x0032e6 - 0x00340e): NOT removed, module metadata busdrv.met (uncompressed, 0x00340e - 0x0037b4): NOT removed, module metadata gpio.met (uncompressed, 0x0037b4 - 0x0038fe): NOT removed, module metadata prtc.met (uncompressed, 0x0038fe - 0x003aae): NOT removed, module metadata policy.met (uncompressed, 0x003aae - 0x003c72): NOT removed, module metadata crypto.met (uncompressed, 0x003c72 - 0x003dfc): NOT removed, module metadata heci.met (uncompressed, 0x003dfc - 0x003fc8): NOT removed, module metadata storage.met (uncompressed, 0x003fc8 - 0x0042c4): NOT removed, module metadata pmdrv.met (uncompressed, 0x0042c4 - 0x0043e8): NOT removed, module metadata maestro.met (uncompressed, 0x0043e8 - 0x0044d2): NOT removed, module metadata fpf.met (uncompressed, 0x0044d2 - 0x0045de): NOT removed, module metadata hci.met (uncompressed, 0x0045de - 0x0046e0): NOT removed, module metadata fwupdate.met (uncompressed, 0x0046e0 - 0x0047ea): NOT removed, module metadata ptt.met (uncompressed, 0x0047ea - 0x0048f6): NOT removed, module metadata touch_fw.met (uncompressed, 0x0048f6 - 0x004a40): NOT removed, module metadata * rbe (Huffman , 0x004a40 - 0x007100): NOT removed, essential kernel (Huffman , 0x007100 - 0x016d00): NOT removed, essential syslib (Huffman , 0x016d00 - 0x028d00): NOT removed, essential bup (Huffman , 0x028d00 - 0x050440): NOT removed, essential* pm (LZMA/uncomp., 0x050440 - 0x052a40): removed vfs (LZMA/uncomp., 0x052a40 - 0x05a740): removed evtdisp (LZMA/uncomp., 0x05a740 - 0x05c140): removed loadmgr (LZMA/uncomp., 0x05c140 - 0x05eec0): removed busdrv (LZMA/uncomp., 0x05eec0 - 0x060780): removed gpio (LZMA/uncomp., 0x060780 - 0x061a00): removed prtc (LZMA/uncomp., 0x061a00 - 0x0625c0): removed policy (LZMA/uncomp., 0x0625c0 - 0x067200): removed crypto (LZMA/uncomp., 0x067200 - 0x074d80): removed heci (LZMA/uncomp., 0x074d80 - 0x078c80): removed storage (LZMA/uncomp., 0x078c80 - 0x07d200): removed pmdrv (LZMA/uncomp., 0x07d200 - 0x07e340): removed maestro (LZMA/uncomp., 0x07e340 - 0x0800c0): removed fpf (LZMA/uncomp., 0x0800c0 - 0x081940): removed hci (LZMA/uncomp., 0x081940 - 0x082200): removed fwupdate (LZMA/uncomp., 0x082200 - 0x086d40): removed ptt (LZMA/uncomp., 0x086d40 - 0x09bd80): removed touch_fw (LZMA/uncomp., 0x09bd80 - 0x0a8000): removed Relocating FTPR from 0x1000 - 0xa8000 to 0x400 - 0xa7400... Adjusting FPT entry... Moving data... *The ME minimum size should be 344064 bytes (0x54000 bytes)* The ME region can be reduced up to: 00001000:00054fff me Setting the HAP bit in PCHSTRP0 to disable Intel ME... Removing ME/TXE R/W access to the other flash regions... Extracting and truncating the ME image to "extracted_me.rom"... Checking the FTPR RSA signature of the extracted ME image... VALID Checking the FTPR RSA signature... VALID Done! Good luck! - *V4:* ME/TXE image detected Found FPT header at 0x10 Found 2 partition(s) Found FTPR header: FTPR partition spans from 0x1000 to 0xa8000 Found FTPR manifest at 0x1478 *ME/TXE firmware version 11.0.18.1002 (generation 3)* Public key match: Intel ME, firmware versions 11.x.x.x Reading partitions list... FTPR (0x00001000 - 0x0000a8000, 0x000a7000 total bytes): NOT removed MFS (0x000a8000 - 0x00010c000, 0x00064000 total bytes): removed Removing partition entries in FPT... Removing EFFS presence flag... Correcting checksum (0x01)... Reading FTPR modules list... FTPR.man (uncompressed, 0x001478 - 0x00207c): NOT removed, partition manif. rbe.met (uncompressed, 0x00207c - 0x002112): NOT removed, module metadata kernel.met (uncompressed, 0x002112 - 0x0021a0): NOT removed, module metadata syslib.met (uncompressed, 0x0021a0 - 0x002204): NOT removed, module metadata bup.met (uncompressed, 0x002204 - 0x0026a4): NOT removed, module metadata pm.met (uncompressed, 0x0026a4 - 0x002752): NOT removed, module metadata syncman.met (uncompressed, 0x002752 - 0x0027e8): NOT removed, module metadata vfs.met (uncompressed, 0x0027e8 - 0x003148): NOT removed, module metadata evtdisp.met (uncompressed, 0x003148 - 0x0032d6): NOT removed, module metadata loadmgr.met (uncompressed, 0x0032d6 - 0x0033fe): NOT removed, module metadata busdrv.met (uncompressed, 0x0033fe - 0x0037b0): NOT removed, module metadata gpio.met (uncompressed, 0x0037b0 - 0x0038bc): NOT removed, module metadata prtc.met (uncompressed, 0x0038bc - 0x003a6c): NOT removed, module metadata policy.met (uncompressed, 0x003a6c - 0x003c36): NOT removed, module metadata crypto.met (uncompressed, 0x003c36 - 0x003dc0): NOT removed, module metadata heci.met (uncompressed, 0x003dc0 - 0x003f74): NOT removed, module metadata storage.met (uncompressed, 0x003f74 - 0x004258): NOT removed, module metadata pmdrv.met (uncompressed, 0x004258 - 0x00437c): NOT removed, module metadata maestro.met (uncompressed, 0x00437c - 0x004466): NOT removed, module metadata fpf.met (uncompressed, 0x004466 - 0x00455a): NOT removed, module metadata hci.met (uncompressed, 0x00455a - 0x004704): NOT removed, module metadata fwupdate.met (uncompressed, 0x004704 - 0x00480c): NOT removed, module metadata ptt.met (uncompressed, 0x00480c - 0x0048fe): NOT removed, module metadata touch_fw.met (uncompressed, 0x0048fe - 0x004a40): NOT removed, module metadata * rbe (Huffman , 0x004a40 - 0x0070c0): NOT removed, essential kernel (Huffman , 0x0070c0 - 0x015dc0): NOT removed, essential syslib (Huffman , 0x015dc0 - 0x028a00): NOT removed, essential bup (Huffman , 0x028a00 - 0x051600): NOT removed, essential* pm (LZMA/uncomp., 0x051600 - 0x053f80): removed syncman (LZMA/uncomp., 0x053f80 - 0x0544c0): removed vfs (LZMA/uncomp., 0x0544c0 - 0x05c2c0): removed evtdisp (LZMA/uncomp., 0x05c2c0 - 0x05dd40): removed loadmgr (LZMA/uncomp., 0x05dd40 - 0x060b80): removed busdrv (LZMA/uncomp., 0x060b80 - 0x063980): removed gpio (LZMA/uncomp., 0x063980 - 0x064e00): removed prtc (LZMA/uncomp., 0x064e00 - 0x065bc0): removed policy (LZMA/uncomp., 0x065bc0 - 0x06c280): removed crypto (LZMA/uncomp., 0x06c280 - 0x07be00): removed heci (LZMA/uncomp., 0x07be00 - 0x07fec0): removed storage (LZMA/uncomp., 0x07fec0 - 0x084640): removed pmdrv (LZMA/uncomp., 0x084640 - 0x085e40): removed maestro (LZMA/uncomp., 0x085e40 - 0x088d40): removed fpf (LZMA/uncomp., 0x088d40 - 0x08a740): removed hci (LZMA/uncomp., 0x08a740 - 0x08afc0): removed fwupdate (LZMA/uncomp., 0x08afc0 - 0x08f840): removed ptt (LZMA/uncomp., 0x08f840 - 0x0a3980): removed touch_fw (LZMA/uncomp., 0x0a3980 - 0x0a8000): removed *The ME minimum size should be 352256 bytes (0x56000 bytes)* Checking the FTPR RSA signature... VALID Done! Good luck! - X230's coreboot doesn't depend on Intel FSP binary blobs on the x230 nor any others <https://github.com/osresearch/heads/blob/master/config/coreboot-x230.config>. Librem's depend on those <https://github.com/osresearch/heads/blob/master/config/coreboot-librem15v4.config> . - There is no mechanical switch for the webcam nor microphone on X230, while those are isolated under QubesOS (microphone: dom0; not network, webcam: sys-usb; no network) and require explicit assignment to AppVM it will be used in prior to usage. A nice project exists to mod the X230/X220 <https://hackaday.io/project/164343-nsa-b-gone> but prototyping has not taken off by the community to simplify and make build reproducible enough to be included. - Both X230 and Librems provide a wifi mechanical switch, while again, QubesOS isolates network from the rest of the system out of the box, relying on routing between defined gateways, firewalls and network. AppVMs that do not need networking doesn't. - The PrivacyBeast strongly emphasize on the importance of setting a Disk Unlock Key, released by the TPM only if firmware measurements are known and user supplies the valid valid passphrase to unlock encrypted LUKS container with a second decryption key to boot QubesOS. This security measure mitigate the risk of having a third party record keystrokes and be able to unlock remotely the cloned disk, since the user doesn't type the Disk Recovery Key passphrase to boot his laptop. Purism chose to base their disk unlock feature on their USB security dongle and unlock the LUKS container when provided with passphrase for the security dongle (untested from me). > Regards, > > Anil Kumar Singh > > On 01-Jan-2020, at 2:15 AM, Thierry Laurion <thierry.laur...@gmail.com> > wrote: > > > > On Wed, Dec 25, 2019 at 6:03 PM <brendan.h...@gmail.com> wrote: > >> Insurgo is providing a service. >> >> If one can do the steps themselves, that’s fine. >> >> If I were advising a somewhat less technical journalist or a potentially >> targeted human-rights worker or politically targeted activist who just >> wanted to get stuff done and had the resources, I’d point them to Insurgo. >> >> Brendan >> >> -- >> You received this message because you are subscribed to the Google Groups >> "qubes-users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to qubes-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/qubes-users/7a7741f2-6b80-40be-a5a0-0f56b658f9fc%40googlegroups.com >> . >> > > > Hello there, Thierry Laurion from Insurgo Open Technologies. > > Thanks Brendan. > > I feel the need to clarify things a bit once in a while. This reply is one > of those. This QubesOS community is large, and even if replies were done on > Reddit and other posts here in the past, the same questions arises with the > same scattered answers. Here is a combination of those answers. > > - Insurgo made grant applications so that actual best trustworthy > unmaintained hardware becomes mainstreamed under coreboot, and added under > Heads (extend Heads measured boot support of latest coreboot VBOOT+measured > boot on Sandy/Ivy bridge xx30 and xx20 platforms: t530, t430, x220. Thanks > to obtained NlNet grant for Accessible Security project). > - Insurgo is attempting to gather developers, device manufacturers > (RaptorEngineering) and funders around Power9-Power10 hardware based X86 > alternative platform (PPC64le QubesOS platform support which has a bounty > offer already but needs commited developers). Let's remember that their > Blackbird/Talos II platforms recently got RYF certification. > - The last x86 platform having met RYF criteria is the X200, thanks > to the Libreboot project, which removed Intel ME. > - Since then, the x86 platforms have blobs we have to accept/deal > with to make it trustworthier: > - Sandy Bridge/Ivy bridge : EC firmware, Intel ME BUP ROMP modules. > Coreboot doesnt rely on FSP blobs for initialization. ME is actually > neutered (no kernel nor syslibs as opposed to newer platforms, just > BUP and > ROMP) and deactivated (AltMeDisable bit, not HAP bit). > - More recent hardware requires ME with its kernel and syslibs > binary blobs present, while ME is asked to be deactivated through > HAP bit, > requires Intel FSP and other binary blobs for hardware > initialization. > - Insurgo works to bridge the gap to broader QubesOS > accessibility, so that users in need of remote support can have secured > remote administration from trusted third parties (new revenue? AccessNow? > Other third parties?) over hidden tor onion service from additional GUI > (NlNet grant for Accessible Security project). > - Insurgo tries its best to support Heads community through GitHub > opened issues while promoting collaboration. > - Insurgo tries its best to mainstream CI build systems to produce > reproducible builds artifacts (this is broken for months and is still not > resolved). > - Insurgo tries to raise awareness of researchers and developers on > the current state of "Open Source Firmware" (currently requiring FSP, ME or > equivalent,not having completely neutered Intel ME while claiming it is > deactivated, while system libraries and kernel is still there but > latent...) This implies going to conferences, doing talks, confronting the > status quo, researching, developing so we have alternatives in the > future....while also doing the required clerical work. > - Insurgo made QubesOS preinstallable for the first time on the > PrivacyBeast X230, thanks to its reownership wizard which takes care of GPG > key generation, internal ROM reflashing, TPM ownership and sealing of > measurements, signing boot configuration, while enforcing diceware > passphrases in the provisioning phase. The goal is to generalize it to > other platforms. Ideally through collaboration... > - Insurgo made the PrivacyBeast X230 certified by QubesOS, with a lot > of work done on Heads that is unfortunately not upstreamed yet. Will go > back at this, while branch is available through Gitlab and GitHub. > - Insurgo collaborates with other parties to make needed work to have > fwupd (firmware upgrades), available inside of QubesOS, including Heads > firmware, thanks to NlNet Privacy and Trust grant, once again. > - Insurgo tries to push verified boot to measure also the LVM > containers inside of deployed QubesOS reencrypted disk installation, > through Heads, so that third party OEMs could also deploy reproducible ROMs > that are measureable, verify their reproducibility, have verified boot and > known good QubesOS installation with safer defaults to deploy to users by > themselves (LUKS discards, MAC randomization, sdcard attached to sys-usb > and others). The user would not have to trust those third parties on the > RoT. > - Add internationalization into Heads, so that UK keyboards and other > keymaps can be selected at first boot and saved into the ROM at ownership. > - .... Other work required by both QubesOS, Heads and their > subprojects for more accessible security and usability. > > There is something really interesting in the open source world. > > Bigger corporation will pay for the development work they require to fit > their needs and upstream changes. This makes software and accomplished work > feel like free as in free beer. > > Meanwhile, when a small player tries to make important changes for > everyone in related projects, with really limited resources, people apply > the same free as in free beer logic since they can buy second hand hardware > online at lower price and do the reprogramming themselves, not > understanding even the differences on the model they are buying and the > changes in costs associated with the model they buy, nor the privilege they > have to be able to do required technical work themselves nor the knowledge > privilege they have of knowing that such hardware and free software exist > with which their hardware can be freed with. > > Of course, you can and are encouraged to backup your SPI flash chips, > unlock the rom, apply me_cleaner, flash ME and Heads back into SPI flash > chips, replace the wifi card, factory reset your USB security dongle, seal > secrets for remote attestation and sign boot components, if you are tech > savvy enough to do it right, yourself. > > Meanwhile, Insurgo's goal is to facilitate that DIY, while still making > money enough to pay itself and others to do the technical required work... > so that you can do it yourself if you'd like, while organizations needing > this kind of privacy/confidentiality/security for their users can also do > the work for their users, without knowing all the technical details. On the > X230 now, and other platforms in the near future. > > Meanwhile, the x230 i7 2.9ghz, with its IPS screen and replaced wifi card, > maximized 16GB ram and 256GB SSD drive, which makes the PrivacyBeast X230 > hardware, is the one of the last platform on which open source firmware can > fully thrive, meeting QubesOS requirements, pushing things the farthest > possible by truely neutering ME (releasing 5Mb of additional ROM space to > do more stuff from the boot environment), using its TPM to do the measured > boot functions, sealing secrets into a QR code that enforces remote > attestation through TOTP (smartphone based manual validation) or HOTP USB > security dongles (Librem Key/Nitrokey Pro and Nitrokey Storage which > visually attests of firmware integrity with a green or red LED), while > using OpenGPG functions of the smartcard to enforce verified boot on > QubesOS core system components (/boot), making those root of trust required > components tamper evident. > > Thanks for you time. Equip yourself accordingly. :) > > Thierry Laurion > Insurgo, Open Technologies > > -- > You received this message because you are subscribed to the Google Groups > "qubes-users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-users/CAAzJznx%2BSgVSWOMvaohPf-im082uXqSqsu%3DLLL7P4N8rhXRKKA%40mail.gmail.com > <https://groups.google.com/d/msgid/qubes-users/CAAzJznx%2BSgVSWOMvaohPf-im082uXqSqsu%3DLLL7P4N8rhXRKKA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > > -- Thierry Laurion -- Thierry Laurion -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAAzJznzYnUcNwsAkOdNMS2Ce0JxLS%2BOGvu4P5n7bv71tCZpeug%40mail.gmail.com.
