Looks like quite a nice laptop setup for privacy:
-------- Forwarded Message -------- Subject: NitroPad: Secure Laptop With Unique Tamper Detection Date: Tue, 7 Jan 2020 10:25:13 +0100 From: Nitrokey <[email protected]> Reply-To: Nitrokey <[email protected]> To: Hans-Christoph Steiner <[email protected]> Deutsche Übersetzung ist hier: https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/d891PlpQflj763CzcTeLrLCQ/2drgzRE7oneOhHNyMnMe8g Dear Nitrokey supporters! Do you think your computer hardware is secure? Can you rule out that in your absence no one has manipulated your computer? In a world, where most users do not have any real control over their hardware and have to blindly trust the security promises of vendors, NitroPad unlocks a refreshingly new security experience. NitroPad X230 [1] is significantly more secure than normal computers. With NitroPad, you'll have more control over your hardware than ever before while maintaining ease of use. Features Tamper Detection Through Measured Boot Thanks to the combination of the open source solutions Coreboot [2], Heads [3] and Nitrokey USB hardware, you can verify that your laptop hardware has not been tampered with in transit or in your absence (so-called evil maid attack). The integrity of the TPM, the firmware and the operating system is effectively checked by a separate Nitrokey USB key. Simply connect your Nitrokey to the NitroPad while booting and a green LED on the Nitrokey will show that your NitroPad has not been tampered with. If the LED should turn red one day, it indicates a manipulation. Deactivated Intel Management Engine Vulnerable and proprietary low-level hardware parts are disabled to make the hardware more robust against advanced attacks. The Intel Management Engine (ME) is some kind of separate computer within all modern Intel processors (CPU). The ME acts as a master controller for your CPU and has broad access to your computer (system memory, screen, keyboard, network). Intel controls the code of the ME and severe vulnerabilities have been found in the ME enabling local and remote attacks. Therefore ME can be considered as a backdoor and has been deactivated in NitroPad. Preinstalled Ubuntu Linux With Full-Disk Encryption NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS [4] with full-disk encryption. Ubuntu is one of the most popular, stable and easiest to use Linux distributions. Switching from Windows to Linux has never been easier. Optional: Preinstalled Qubes OS For Highest Security Requirements Instead of Ubuntu Linux, on request you can get your NitroPad with preinstalled Qubes OS 4.0 [5] and full-disk encryption. Qubes OS enables highly isolated working by means of virtual machines (VM). A separate VM is started for each application or workspace. This approach isolates applications and processes much more than conventional operating systems. Qubes OS keeps your system secure, even if a vulnerability has been exploited in one of the software applications used. Example: If your PDF viewer or web browser has been successfully attacked, the attacker cannot compromise the rest of the system and will be locked out once the VM is closed. In addition, separate virtual workspaces can be used, such as an offline workspace for secret data and an online workspace for communication. NitroPad with Qubes OS is technically similar to SINA clients (for governments), but remains transparent thanks to open source. Qubes OS is for users who want maximum security. Keys Under Your Control All individual cryptographic keys are generated directly on the NitroPad exclusively during installation and are not stored by us. However, all individual keys can be replaced by you. Unlike "Secure Boot", the keys for securing the operating system remain under your control and do not depend on the consent of the vendor. Nitrokey USB Key Included NitroPad comes with a Nitrokey Pro 2 [6] or a Nitrokey Storage 2 [7]. Their security features include for example email encryption (PGP, S/MIME), secure server administration (SSH) and two-factor authentication through one-time passwords (OTP). The Nitrokey Storage 2 additionally contains an encrypted mass storage with hidden volumes. Professional ThinkPad Hardware Based on Lenovo ThinkPad X230, the hardware finish and robustness meet professional quality standards. The famous ThinkPad keyboard with background lighting and TrackPoint allows comfortable working. The used laptops have been refurbished. Out-of-the-Box User Experience With NitroPad, you don't need to take care of opening the hardware casing to flash the BIOS chip, installing and configuring Linux, or pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey is already configured with your NitroPad so that it can be used for tamper detection without any further configuration effort. Security Conscious Shipping To make it more difficult to intercept and manipulate your NitroPad, the NitroPad and the Nitrokey USB key can be shipped in two separate shipments if desired. Use Cases For Everyone NitroPad enables you to detect hardware tampering. For example, if your laptop is being inspected while crossing the border or if you leave your device unattended in a hotel or during travelling, you can check the integrity of your NitroPad with the help of the Nitrokey. For Enterprises NitroPad can serve as a hardened workstation for certificate authorities and other use cases requiring high-security computers. On business trips, the NitroPad protects against evil maid attacks while the computer is unattended in a hotel or baggage. For Governments Governments can use NitroPad to protect themselves against advanced persistent threats (APT) without relying on foreign proprietary technology. For Journalists If you as an investigative journalist are serious about protecting your confidential sources, NitroPad helps you getting there. NitroPad X230 is now available in our Online Shop [1]. More details are available in the product factsheet [8]. Kind regards, your Nitrokey team [1] https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/jZaFd1lbEdmWO6EYOcLzDQ/2drgzRE7oneOhHNyMnMe8g [2] https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/YFe1znalGDB8Ua763Ggu9RKw/2drgzRE7oneOhHNyMnMe8g [3] https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/cZ8CHlfV3cxRZgMwQJk6fQ/2drgzRE7oneOhHNyMnMe8g [4] https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/UXFKS892rBzNshvgAM3iX7Sw/2drgzRE7oneOhHNyMnMe8g [5] https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/D8RUORLEDmVGkJAOqOZ12w/2drgzRE7oneOhHNyMnMe8g/ [6] https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/3NM892YvQl3nQBfzax83fVdg/2drgzRE7oneOhHNyMnMe8g [7] https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/892ZG8927tvGnlab4KjZMl8lQg/2drgzRE7oneOhHNyMnMe8g [8] https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/ITDgVP8lO6ZSALVagGX892vw/2drgzRE7oneOhHNyMnMe8g _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
