Looks like the Nitropad x230 just got Qubes certification! Congrats to NitroKey.
https://www.qubes-os.org/news/2020/03/04/nitropad-x230-qubes-certification/ My old librem only accepts 16GB RAM, and it is very very difficult to use it as my daily development workstation. 32GB is also a practical minimum for me when running so many VMs. I'm not traveling as much these days, so my desktop is working fine. Would definitely snap up a Nitrokey model with 32GB+ RAM though, especially if it was Qubes certified. I'd definitely prefer buying from a "local" EU vendor. ~abel Devrandom: > Agreed, ergonomics are definitely not top-notch, and I hope there's an > iteration that improves things. However, for development and Qubes I > need 32GB. That, together with the freedom aspect trumps other > considerations. > > On Thu, Jan 16, 2020 at 2:29 AM Hans-Christoph Steiner > <[email protected]> wrote: >> >> >> I hear you, and I've similar things from others. Fairphone is in a >> similar boat. I think we need to compare apples to apples here: what >> Nitrokey, Librem and Fairphone are trying to do is important, no other >> providers are doing those things better. Things like: >> >> * true free software support >> * hardware switches >> * repairability >> * conflict-free minerals >> >> .hc >> >> Abel Luck: >>> I have a Purism Librem v3 (the 13" model) and I have to say I am not >>> very happy with it. >>> >>> From a privacy pov, it's nice. ME can be disabled manually. The hardware >>> switches are very handy. Rather than ship binary blobs for the bluetooth >>> driver, they left that feature out, not compromising. Which I like. >>> >>> However from an ergonomics/usability pov, I am quite dissatisfied. When >>> I say the keyboard is bad, I'm not a keyboard snob. It truly is just a >>> bad keyboard, I really dread having to go on the road and use the >>> keyboard for any length of time. The trackpad quality is also very low. >>> >>> Also the laptop comes with a usb c port, which is basically useless as >>> it doesn't support thunderbolt, which means no adapter for ethernet or >>> external displays. Waste of a port! >>> >>> I wouldn't buy another Librem :/ >>> >>> That NitroPad looks interesting, but the deal breaker for me is the >>> 1366x768 px screen. So small! 1920x1080 is the minimum I would ever get >>> in a laptop again. >>> >>> ~abel >>> >>> Devrandom: >>>> This is a Lenovo. The Purism laptop goes to 32GB and has hardware kill >>>> switches. It also has secure boot with the Nitrokey and the TPM option, >>>> but I didn't try it (yet). >>>> >>>> On Wed, Jan 8, 2020 at 4:19 AM Hans-Christoph Steiner < >>>> [email protected]> wrote: >>>> >>>>> >>>>> Looks like quite a nice laptop setup for privacy: >>>>> >>>>> >>>>> -------- Forwarded Message -------- >>>>> Subject: NitroPad: Secure Laptop With Unique Tamper Detection >>>>> Date: Tue, 7 Jan 2020 10:25:13 +0100 >>>>> From: Nitrokey <[email protected]> >>>>> Reply-To: Nitrokey <[email protected]> >>>>> To: Hans-Christoph Steiner <[email protected]> >>>>> >>>>> Deutsche Übersetzung ist hier: >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/d891PlpQflj763CzcTeLrLCQ/2drgzRE7oneOhHNyMnMe8g >>>>> >>>>> Dear Nitrokey supporters! >>>>> >>>>> Do you think your computer hardware is secure? Can you rule out that in >>>>> your absence no one has manipulated your computer? In a world, where >>>>> most users do not have any real control over their hardware and have to >>>>> blindly trust the security promises of vendors, NitroPad unlocks a >>>>> refreshingly new security experience. NitroPad X230 [1] is significantly >>>>> more secure than normal computers. With NitroPad, you'll have more >>>>> control over your hardware than ever before while maintaining ease of use. >>>>> >>>>> Features >>>>> >>>>> Tamper Detection Through Measured Boot >>>>> >>>>> Thanks to the combination of the open source solutions Coreboot [2], >>>>> Heads [3] and Nitrokey USB hardware, you can verify that your laptop >>>>> hardware has not been tampered with in transit or in your absence >>>>> (so-called evil maid attack). The integrity of the TPM, the firmware and >>>>> the operating system is effectively checked by a separate Nitrokey USB >>>>> key. Simply connect your Nitrokey to the NitroPad while booting and a >>>>> green LED on the Nitrokey will show that your NitroPad has not been >>>>> tampered with. If the LED should turn red one day, it indicates a >>>>> manipulation. >>>>> >>>>> Deactivated Intel Management Engine >>>>> >>>>> Vulnerable and proprietary low-level hardware parts are disabled to make >>>>> the hardware more robust against advanced attacks. >>>>> >>>>> The Intel Management Engine (ME) is some kind of separate computer >>>>> within all modern Intel processors (CPU). The ME acts as a master >>>>> controller for your CPU and has broad access to your computer (system >>>>> memory, screen, keyboard, network). Intel controls the code of the ME >>>>> and severe vulnerabilities have been found in the ME enabling local and >>>>> remote attacks. Therefore ME can be considered as a backdoor and has >>>>> been deactivated in NitroPad. >>>>> >>>>> Preinstalled Ubuntu Linux With Full-Disk Encryption >>>>> >>>>> NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS [4] with >>>>> full-disk encryption. Ubuntu is one of the most popular, stable and >>>>> easiest to use Linux distributions. Switching from Windows to Linux has >>>>> never been easier. >>>>> >>>>> Optional: Preinstalled Qubes OS For Highest Security Requirements >>>>> >>>>> Instead of Ubuntu Linux, on request you can get your NitroPad with >>>>> preinstalled Qubes OS 4.0 [5] and full-disk encryption. >>>>> >>>>> Qubes OS enables highly isolated working by means of virtual machines >>>>> (VM). A separate VM is started for each application or workspace. This >>>>> approach isolates applications and processes much more than conventional >>>>> operating systems. Qubes OS keeps your system secure, even if a >>>>> vulnerability has been exploited in one of the software applications >>>>> used. Example: If your PDF viewer or web browser has been successfully >>>>> attacked, the attacker cannot compromise the rest of the system and will >>>>> be locked out once the VM is closed. >>>>> >>>>> In addition, separate virtual workspaces can be used, such as an offline >>>>> workspace for secret data and an online workspace for communication. >>>>> NitroPad with Qubes OS is technically similar to SINA clients (for >>>>> governments), but remains transparent thanks to open source. Qubes OS is >>>>> for users who want maximum security. >>>>> >>>>> Keys Under Your Control >>>>> >>>>> All individual cryptographic keys are generated directly on the NitroPad >>>>> exclusively during installation and are not stored by us. However, all >>>>> individual keys can be replaced by you. Unlike "Secure Boot", the keys >>>>> for securing the operating system remain under your control and do not >>>>> depend on the consent of the vendor. >>>>> >>>>> Nitrokey USB Key Included >>>>> >>>>> NitroPad comes with a Nitrokey Pro 2 [6] or a Nitrokey Storage 2 [7]. >>>>> Their security features include for example email encryption (PGP, >>>>> S/MIME), secure server administration (SSH) and two-factor >>>>> authentication through one-time passwords (OTP). The Nitrokey Storage 2 >>>>> additionally contains an encrypted mass storage with hidden volumes. >>>>> >>>>> Professional ThinkPad Hardware >>>>> >>>>> Based on Lenovo ThinkPad X230, the hardware finish and robustness meet >>>>> professional quality standards. The famous ThinkPad keyboard with >>>>> background lighting and TrackPoint allows comfortable working. The used >>>>> laptops have been refurbished. >>>>> >>>>> Out-of-the-Box User Experience >>>>> >>>>> With NitroPad, you don't need to take care of opening the hardware >>>>> casing to flash the BIOS chip, installing and configuring Linux, or >>>>> pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey >>>>> is already configured with your NitroPad so that it can be used for >>>>> tamper detection without any further configuration effort. >>>>> >>>>> Security Conscious Shipping >>>>> >>>>> To make it more difficult to intercept and manipulate your NitroPad, the >>>>> NitroPad and the Nitrokey USB key can be shipped in two separate >>>>> shipments if desired. >>>>> >>>>> Use Cases >>>>> >>>>> For Everyone >>>>> >>>>> NitroPad enables you to detect hardware tampering. For example, if your >>>>> laptop is being inspected while crossing the border or if you leave your >>>>> device unattended in a hotel or during travelling, you can check the >>>>> integrity of your NitroPad with the help of the Nitrokey. >>>>> >>>>> For Enterprises >>>>> >>>>> NitroPad can serve as a hardened workstation for certificate authorities >>>>> and other use cases requiring high-security computers. On business >>>>> trips, the NitroPad protects against evil maid attacks while the >>>>> computer is unattended in a hotel or baggage. >>>>> >>>>> For Governments >>>>> >>>>> Governments can use NitroPad to protect themselves against advanced >>>>> persistent threats (APT) without relying on foreign proprietary >>>>> technology. >>>>> >>>>> For Journalists >>>>> >>>>> If you as an investigative journalist are serious about protecting your >>>>> confidential sources, NitroPad helps you getting there. >>>>> >>>>> NitroPad X230 is now available in our Online Shop [1]. >>>>> >>>>> More details are available in the product factsheet [8]. >>>>> >>>>> Kind regards, >>>>> your Nitrokey team >>>>> >>>>> [1] >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/jZaFd1lbEdmWO6EYOcLzDQ/2drgzRE7oneOhHNyMnMe8g >>>>> [2] >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/YFe1znalGDB8Ua763Ggu9RKw/2drgzRE7oneOhHNyMnMe8g >>>>> [3] >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/cZ8CHlfV3cxRZgMwQJk6fQ/2drgzRE7oneOhHNyMnMe8g >>>>> [4] >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/UXFKS892rBzNshvgAM3iX7Sw/2drgzRE7oneOhHNyMnMe8g >>>>> [5] >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/D8RUORLEDmVGkJAOqOZ12w/2drgzRE7oneOhHNyMnMe8g/ >>>>> [6] >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/3NM892YvQl3nQBfzax83fVdg/2drgzRE7oneOhHNyMnMe8g >>>>> [7] >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/892ZG8927tvGnlab4KjZMl8lQg/2drgzRE7oneOhHNyMnMe8g >>>>> [8] >>>>> >>>>> https://sendy.nitrokey.com/l/DYw4PK9oeKpCQ4HCJ3sHVA/ITDgVP8lO6ZSALVagGX892vw/2drgzRE7oneOhHNyMnMe8g >>>>> >>>>> >>>>> _______________________________________________ >>>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>>>> To unsubscribe, email: [email protected] >>>>> >>>> >>>> >>>> _______________________________________________ >>>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>>> To unsubscribe, email: [email protected] >>>> >>> _______________________________________________ >>> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >>> To unsubscribe, email: [email protected] >>> >> >> -- >> PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 >> https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 >> _______________________________________________ >> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev >> To unsubscribe, email: [email protected] > _______________________________________________ > List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev > To unsubscribe, email: [email protected] > _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
