Tag: Stateless Laptop

Petition for Intel to build a no-ME system

~ hucktech ~ Leave a comment

Here is where to sign:
https://puri.sm/posts/petition-for-intel-to-release-an-me-less-cpu-design/

I hope someone does a petition to get the Stateless Laptop built. If Intel builds a new ME-less system, it should also be building this Stateless system as part of it.

http://blog.invisiblethings.org/2015/12/23/state_harmful.html

AND… I don’t understand why OEMs are dancing around with tamper resistant screws. IMO, a system needs a lock, a good one, since lockpicking is a normal hacker sport, most locks are useless. A good laptop should have a lock to prevent casual evil maids. The Google Chromebox Pixel Developer Mode scew is nice, but an evil maid could also use that, no lock. Cars have locks. Houses have locks. Computer server rooms have locks. Data contained in laptops are often worth more than cars and houses. Why do modern expensive computers have no locks? Cost? Governments would not want them, harder to access boxes going through customs? I want a Stateless Laptop, with a secure metal enclosure and a good quality lock. Then I’ll keep the key and thumbdrives with me, and just deal with rubberhose attacks, not evil maid attacks.

X-Ray Inspector for PCBs

~ hucktech ~ Leave a comment

If you have not read about the “Stateless Laptop” proposal, please read it, it covers modern Intel firmware/hardware security issues:

ITL’s Stateless Laptop proposal

http://blog.invisiblethings.org/2015/12/23/state_harmful.html

One part in the article talks about how to trust silicon:

The physical protections mentioned above do not, however, resolve the problem of the attackers subverting the laptop hardware at manufacturing or shipment stages. This includes, naturally, a potentially conspiring laptop vendor. In order to address this latter problem we — the industry — need to come up with reliable and simple methods for comparing PCBs with each other. A tool analogical to ‘diff’, only working for PCBs rather than on files. Such a tool, implemented as a software, could e.g. take two (sets of) photos taken by the user of the two boards to compare. The photos might be taken with an ordinary camera, or, in a more sophisticated setup, using X-ray imaging to reveal also the internal layer wiring. This inititive has already been proposed by other researchers recently (e.g. [@appelbaum_technical_action_plan]), so it is not unreasonable to expect some progress in this area in the near future.

So when Make Magazine retweated a recent PCB Xray project, I thought of the above:

Homemade X-Ray Inspector Reveals PCB Secrets

Anyone who has ever tried to reverse engineer a printed circuit board is familiar with the frustration of tracing out the connections by eye and by multimeter. It’s a long process, and if there are multiple layers to the board, you may not even get the full picture. It would be a lot easier if you could just see through the board. On an industrial scale, X-ray inspection machines are used for this, but as you might suspect, they’re not cheap. So, hardware hacker John McMaster built his own.

Homemade X-Ray Inspector Reveals PCB Secrets

ITL’s Stateless Laptop proposal

~ hucktech ~ Leave a comment

Joanna Rutkowska of Invisible Things Lab (ITL) has proposed the Stateless Laptop, and will be presenting at CCC in a few days (2015/12/27) on the topic.

http://blog.invisiblethings.org/2015/12/23/state_harmful.html
https://events.ccc.de/congress/2015/Fahrplan/events/7352.html

Click to access state_harmful.pdf

https://github.com/rootkovska/state_harmful/blob/master/state_harmful.md

I can’t begin to create a list of tags this article covers… This article is all about firmware security (and hardware security) for x86 systems, a MUST READ!!

Purism must consider this a holiday gift from ITL: the spec for their next Librem box. Looking forward to this box, built with fully Open Source Hardware designs/parts, hopefully from multiple OEMs next year! 🙂