This is a Lenovo. The Purism laptop goes to 32GB and has hardware kill switches. It also has secure boot with the Nitrokey and the TPM option, but I didn't try it (yet).
On Wed, Jan 8, 2020 at 4:19 AM Hans-Christoph Steiner < [email protected]> wrote: > > Looks like quite a nice laptop setup for privacy: > > > -------- Forwarded Message -------- > Subject: NitroPad: Secure Laptop With Unique Tamper Detection > Date: Tue, 7 Jan 2020 10:25:13 +0100 > From: Nitrokey <[email protected]> > Reply-To: Nitrokey <[email protected]> > To: Hans-Christoph Steiner <[email protected]> > > Deutsche Übersetzung ist hier: > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/d891PlpQflj763CzcTeLrLCQ/2drgzRE7oneOhHNyMnMe8g > > Dear Nitrokey supporters! > > Do you think your computer hardware is secure? Can you rule out that in > your absence no one has manipulated your computer? In a world, where > most users do not have any real control over their hardware and have to > blindly trust the security promises of vendors, NitroPad unlocks a > refreshingly new security experience. NitroPad X230 [1] is significantly > more secure than normal computers. With NitroPad, you'll have more > control over your hardware than ever before while maintaining ease of use. > > Features > > Tamper Detection Through Measured Boot > > Thanks to the combination of the open source solutions Coreboot [2], > Heads [3] and Nitrokey USB hardware, you can verify that your laptop > hardware has not been tampered with in transit or in your absence > (so-called evil maid attack). The integrity of the TPM, the firmware and > the operating system is effectively checked by a separate Nitrokey USB > key. Simply connect your Nitrokey to the NitroPad while booting and a > green LED on the Nitrokey will show that your NitroPad has not been > tampered with. If the LED should turn red one day, it indicates a > manipulation. > > Deactivated Intel Management Engine > > Vulnerable and proprietary low-level hardware parts are disabled to make > the hardware more robust against advanced attacks. > > The Intel Management Engine (ME) is some kind of separate computer > within all modern Intel processors (CPU). The ME acts as a master > controller for your CPU and has broad access to your computer (system > memory, screen, keyboard, network). Intel controls the code of the ME > and severe vulnerabilities have been found in the ME enabling local and > remote attacks. Therefore ME can be considered as a backdoor and has > been deactivated in NitroPad. > > Preinstalled Ubuntu Linux With Full-Disk Encryption > > NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS [4] with > full-disk encryption. Ubuntu is one of the most popular, stable and > easiest to use Linux distributions. Switching from Windows to Linux has > never been easier. > > Optional: Preinstalled Qubes OS For Highest Security Requirements > > Instead of Ubuntu Linux, on request you can get your NitroPad with > preinstalled Qubes OS 4.0 [5] and full-disk encryption. > > Qubes OS enables highly isolated working by means of virtual machines > (VM). A separate VM is started for each application or workspace. This > approach isolates applications and processes much more than conventional > operating systems. Qubes OS keeps your system secure, even if a > vulnerability has been exploited in one of the software applications > used. Example: If your PDF viewer or web browser has been successfully > attacked, the attacker cannot compromise the rest of the system and will > be locked out once the VM is closed. > > In addition, separate virtual workspaces can be used, such as an offline > workspace for secret data and an online workspace for communication. > NitroPad with Qubes OS is technically similar to SINA clients (for > governments), but remains transparent thanks to open source. Qubes OS is > for users who want maximum security. > > Keys Under Your Control > > All individual cryptographic keys are generated directly on the NitroPad > exclusively during installation and are not stored by us. However, all > individual keys can be replaced by you. Unlike "Secure Boot", the keys > for securing the operating system remain under your control and do not > depend on the consent of the vendor. > > Nitrokey USB Key Included > > NitroPad comes with a Nitrokey Pro 2 [6] or a Nitrokey Storage 2 [7]. > Their security features include for example email encryption (PGP, > S/MIME), secure server administration (SSH) and two-factor > authentication through one-time passwords (OTP). The Nitrokey Storage 2 > additionally contains an encrypted mass storage with hidden volumes. > > Professional ThinkPad Hardware > > Based on Lenovo ThinkPad X230, the hardware finish and robustness meet > professional quality standards. The famous ThinkPad keyboard with > background lighting and TrackPoint allows comfortable working. The used > laptops have been refurbished. > > Out-of-the-Box User Experience > > With NitroPad, you don't need to take care of opening the hardware > casing to flash the BIOS chip, installing and configuring Linux, or > pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey > is already configured with your NitroPad so that it can be used for > tamper detection without any further configuration effort. > > Security Conscious Shipping > > To make it more difficult to intercept and manipulate your NitroPad, the > NitroPad and the Nitrokey USB key can be shipped in two separate > shipments if desired. > > Use Cases > > For Everyone > > NitroPad enables you to detect hardware tampering. For example, if your > laptop is being inspected while crossing the border or if you leave your > device unattended in a hotel or during travelling, you can check the > integrity of your NitroPad with the help of the Nitrokey. > > For Enterprises > > NitroPad can serve as a hardened workstation for certificate authorities > and other use cases requiring high-security computers. On business > trips, the NitroPad protects against evil maid attacks while the > computer is unattended in a hotel or baggage. > > For Governments > > Governments can use NitroPad to protect themselves against advanced > persistent threats (APT) without relying on foreign proprietary technology. > > For Journalists > > If you as an investigative journalist are serious about protecting your > confidential sources, NitroPad helps you getting there. > > NitroPad X230 is now available in our Online Shop [1]. > > More details are available in the product factsheet [8]. > > Kind regards, > your Nitrokey team > > [1] > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/jZaFd1lbEdmWO6EYOcLzDQ/2drgzRE7oneOhHNyMnMe8g > [2] > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/YFe1znalGDB8Ua763Ggu9RKw/2drgzRE7oneOhHNyMnMe8g > [3] > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/cZ8CHlfV3cxRZgMwQJk6fQ/2drgzRE7oneOhHNyMnMe8g > [4] > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/UXFKS892rBzNshvgAM3iX7Sw/2drgzRE7oneOhHNyMnMe8g > [5] > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/D8RUORLEDmVGkJAOqOZ12w/2drgzRE7oneOhHNyMnMe8g/ > [6] > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/3NM892YvQl3nQBfzax83fVdg/2drgzRE7oneOhHNyMnMe8g > [7] > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/892ZG8927tvGnlab4KjZMl8lQg/2drgzRE7oneOhHNyMnMe8g > [8] > > https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/ITDgVP8lO6ZSALVagGX892vw/2drgzRE7oneOhHNyMnMe8g > > > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] >
_______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
