
NitroPad: Secure Laptop with Tamper Detection - Manozco
https://www.nitrokey.com/news/2020/nitropad-secure-laptop-unique-tamper-detection
======
andy_ppp
If I was a government these are the exact sorts of projects I'd set up as a
honey pot to tempt people who are doing illegal things to use my pre
compromised hardware.

How can I trust NitroPad more than another laptop manufacturer? I actually
trust this much less.

~~~
bubblethink
If you try to read the article, including the linked projects, it helps a lot
rather than broadcasting every nascent thought that pops up in the head to the
internet.

All the ingredients have been a long time in the making. To summarise, it
builds upon coreboot, heads, nitrokey, and me_cleaner, all of which are open
source and have been developed by various people in this domain who also know
what they are doing. It uses a thinkpad x230 as it is an ivy bridge processor,
the last generation of intel processors whose initialisation is open source
and well understood. If you would like to read more about this specific
combination, you can also read at [https://www.qubes-os.org/doc/certified-
hardware/#qubes-certi...](https://www.qubes-os.org/doc/certified-
hardware/#qubes-certified-laptop-insurgo-privacybeast-x230) .

~~~
andy_ppp
>> it helps a lot rather than broadcasting every nascent thought that pops up
in the head to the internet

I think you mean "broadcasting every nascent thought that pops up into your
head to the internet".

I did read the article!

I'm sorry that you feel hurt by me not trusting your hardware company but it's
a problem that you will have to overcome if you are going to sell this more
secure hardware to people. Maybe not insulting people who have valid concerns
about your product might also be a good place to start.

Anyway, good luck with it, I hope you find a business here that is useful.

~~~
bubblethink
It's not my hardware company. No affiliation with them. I am not hurt; just
annoyed because you proclaimed, "I trust this much less". This is precisely
the goal of these projects. i.e., To reduce the trusted computing base. And
the company is a fairly small part of the puzzle here. A lot of man hours have
gone in building and reverse engineering various parts of the stack. Your
statement is roughly similar to "I trust this much less" if it had been made
sometime in the 90s on the linux announcement thread.

------
fit2rule
There will always be an abstract layer over which the user cannot/will not
observe.

Until we mere mortals are capable of growing our own chips in carefully
maintained vats, we are always going to be at the mercy of the wizards in
their high tower, which represents the computing world today.

Computers are simply not something we can safely trust, for as long as they
are built from a wide and diverse variety of components, and even then there
is not a clear or responsible class of society capable of providing safe
audits of silicon designs, without being immediately corruptible.

The only ways computing can contribute to trust is when society evolves,
hopefully using a bit of computing power along the way, to trust itself
inherently.

Even these third-party, open-source, audited systems are too untrustworthy. We
need complete and open design and manufacture, the entire chain audited along
the way, to come even close to having trustworthy systems.

With this in mind, I resist efforts of third parties to claim safe/security in
their system integration efforts. Please, by all means maintain enthusiasm for
the subject, but wake me up when the vat is warming up and the chips are
growable, locally ..

~~~
abtinf
> carefully maintained vats

We are to assume the firmware running the vats is secure? That they won't be
secretly (or openly through legal compulsion) infecting everything they grow?
You know, to protect the children.

~~~
fit2rule
Yeah, the vats need to come with docs, and the kids better know how to read by
then.

------
mosselman
> The Nitrokey Storage 2 additionally contains an encrypted mass storage with
> hidden volumes.

What use are the hidden volumes if it is already pretty obvious that they will
be there? I am pretty sure that whichever party you are trying to protect
yourself from with this, will know that a Nitrokey will have hidden volumes.

~~~
szszszsz
The idea is, that hidden volumes cannot be distinguished from a random data,
until the correct decryption password is entered. So while the device is
capable of having a hidden volume (or more), one cannot prove its existence on
device.

Disclaimer: I work with Nitrokey.

~~~
gruez
How does this work with SSDs supporting TRIM? If it's enabled, that large
block of space would be erased by the SSD. If you put a large file in its
place, that's also suspicious (huge block of random data). If you disable
TRIM, also suspicious.

~~~
szszszsz
Nitrokey Storage uses SD card, which AFAIK does not support TRIM. Before first
usage it is overwritten with a random data. Drive is presented to the OS like
any regular (non-SSD) flash drive device, hence I do not think OS would issue
TRIM on it.

------
fghtr
See also Librem Key for a free (as in freedom) alternative [0].

[0] [https://puri.sm/products/librem-key/](https://puri.sm/products/librem-
key/)

~~~
szszszsz
We are actually cooperating with Librem Key, developed firmware and hardware
they are using [1]. Librem Key is ours Nitrokey Pro.

[1] [https://www.nitrokey.com/news/2018/nitrokey-partners-
purism-...](https://www.nitrokey.com/news/2018/nitrokey-partners-purism-build-
librem-key)

Disclaimer: I work with Nitrokey.

------
pixelface
my initial reaction is that it's a hefty price to pay for a lightly modded
x230, but not everyone wants or is able to do these mods themselves.

I'm surprised nobody is going so far as to do the other common mods (1920x1080
IPS, x220 keyboard swap, make the X220 keyboard have all its native
functionality, whitelist mods, i7/16gb config) to offer the fully hotrodded
ultimate form. Having done them myself and seeing the amount of work, maybe
the market isn't such that they would sell at a price that makes sense for the
seller.

------
Red_Leaves_Flyy
I7 3520m is a 2012 ivy bridge CPU.

~~~
Kaibeezy
Not surprised at all they chose this hardware.

ThinkPad X230 (in my limited and skewed opinion) is still the second best
laptop ever made (for purposes like mine), behind only its predecessor, the
X220 which has (what I and many others consider) the best laptop keyboard ever
made.

It’s easy to find one with an i5 that’s perfectly adequate for most ordinary
business tasks. Pretty good screen, ports, battery life. Upgradable, sturdy,
repairable. Highly unlikely to be stolen. $150 in like new condition.

I’ve bought them for all my non-tech friends and family who I support, all are
happy. Please buy these and keep the market for parts alive.

~~~
pixelface
if you're not already aware, swapping the X220 keyboard (and palmrest) onto an
X230 is a fairly straightforward swap. That modification plus the FHD mod and
accompanying 1920x1080 IPS make the X230 a very nice daily driver.

~~~
Kaibeezy
Peripherally aware, as I’m tech-adjacent. I will have a closer look. Thanks
for the nudge. Is there a definitive source for how-to?

~~~
bubblethink
Unless you strongly prefer the smaller form factor, I would suggest T530 (the
intel igpu version, not the nvidia one) instead of x230. T530 supports FHD
natively. The keyboard mod principles are the same for all laptops from that
year. Keyboard mod resource: [https://github.com/hamishcoleman/thinkpad-
ec](https://github.com/hamishcoleman/thinkpad-ec)

x230 FHD resource:
[https://forum.thinkpads.com/viewtopic.php?t=122640](https://forum.thinkpads.com/viewtopic.php?t=122640)

~~~
pixelface
after using larger machines I realized that laptops (for me) are for
situations where a desktop is unavailable - airline seating, casual couch use,
all generally things that don't require much. having recently acquired some
P53s at work and traveling with them this week has really reinforced that
idea. if an X230 isn't up to the task, it's probably the kind of work where I
need to be at a desk with one of my desktop machines anyway.

------
kitani
>Secure >8 year old Intel Processors full of CPU bugs

I don't get how you can call this secure. Without those CPU's it certainly
would be an interesting device. But advertising it as secure and then using
something like Qubes where those bugs break the very isolation Qubes is based
upon ...

~~~
szszszsz
As far as I see Qubes 4.x is protected from most of the CPU attacks [1][2]
since over a year. Do you have anything particular in mind?

Disclaimer: I work with Nitrokey.

PS Due to comments' post limit my replies might be delayed.

[1] [https://www.qubes-os.org/news/2018/01/11/qsb-37/](https://www.qubes-
os.org/news/2018/01/11/qsb-37/)

[2] [https://github.com/QubesOS/qubes-
issues/issues/4262](https://github.com/QubesOS/qubes-issues/issues/4262)

------
mlosapio
Is the dm-crypt decryption key stored on the NitroKey with a pin/passphrase to
access the key to mount the decrypted the disk?

~~~
JensRantil
From what I understand the key is verifying that BIOS and unencrypted part of
disk is unaltered. It is not verifying that any of the encrypted part of the
hard drive has been tampered with. As such, it is not storing the hard drive
decryption key on the USB stick.

~~~
josteink
So this is much like UEFI secure-boot then?

~~~
jans23
Measured boot allows to verify the integrity of the installed firmware (which
itself verifies the integrity of the Linux boot partition) by a separate
Nitrokey. The idea is that you have your Nitrokey nearby and therefore safe
against compromise, other than the laptop which may be left unattended.

------
_salmon
> "The Intel Management Engine (ME) is some kind of separate computer within
> all modern Intel processors (CPU)."

Maybe this was a translation to English, but it makes it seem like they're not
sure what the Intel ME is.

~~~
mindslight
Is anyone, apart from Intel and conspirators, sure what Intel ME actually is?

~~~
jnaulty
[https://media.ccc.de/v/36c3-10694-intel_management_engine_de...](https://media.ccc.de/v/36c3-10694-intel_management_engine_deep_dive)

------
byteshock
Basically yubikey with storage?

~~~
szszszsz
This is actually a set of devices. NitroPad is a preconfigured refurbished
x230 laptop, with replaced firmware and deactivated IntelME, as well as
removed WiFi module on request. With it comes a companion device, Nitrokey Pro
or Nitrokey Storage, which takes part in the boot verification process.
Together they form a secure workstation.

Closest to your description is Nitrokey Storage, which in feature terms is a
Nitrokey Pro, but extended with an encrypted storage on an SD card.

Disclaimer: I work with Nitrokey.

