Announcement: Insurgo PrivacyBeast X230 Laptop meets and exceeds Qubes 4.0 hardware certification

[Andrew David Wong]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear Qubes Community,

We are very pleased to announce that the Insurgo PrivacyBeast X230 [1]
has passed Qubes 4.0 Hardware Certification and is now a Qubes-certified
Laptop! [2]

## What is Qubes Certified Hardware?

Qubes Certified Hardware [3] is hardware that has been certified by the
Qubes developers as compatible with Qubes OS. Beginning with Qubes 4.0,
in order to achieve certification, the hardware must satisfy a rigorous
set of requirements [4], and the vendor must commit to offering
customers the very same configuration (same motherboard, same screen,
same BIOS version, same Wi-Fi module, etc.) for at least one year.

Qubes-certified Laptops [2], in particular, are regularly tested
by the Qubes developers to ensure compatibility with all of Qubes'
features. The developers test all new major versions and updates to
ensure that no regressions are introduced.

It is important to note, however, that Qubes Hardware Certification
certifies only that a particular hardware *configuration* is *supported*
by Qubes. The Qubes OS Project takes no responsibility for any
manufacturing or shipping processes, nor can we control whether physical
hardware is modified (whether maliciously or otherwise) *en route* to
the user. (However, see below for information about how the Insurgo
team mitigates this risk.)

## About the Insurgo PrivacyBeast X230 Laptop

The Insurgo PrivacyBeast X230 [1] is a custom refurbished ThinkPad X230
[5] that not only *meets* all Qubes Hardware Certification requirements
[4] but also *exceeds* them thanks to its unique configuration,
including:

- Coreboot [6] initialization for the x230 is binary-blob-free,
including native graphic initialization. Built with the
Heads [7] payload, it delivers an Anti Evil Maid (AEM) [8]-like
solution built into the firmware. (Even though our requirements [4]
provide an exception for CPU-vendor-provided blobs for silicon and
memory initialization, Insurgo exceeds our requirements by insisting
that these be absent from its machines.)

- Intel ME [9] is neutered through the AltMeDisable bit, while all
modules other than ROMP and BUP, which are required to initialize
main CPU, have been deleted. [10]

- A re-ownership process that allows it to ship pre-installed with
Qubes OS, including full-disk encryption already in place, but
where the final disk encryption key is regenerated only when the
machine is first powered on by the user, so that the OEM doesn't
know it.

- Heads [7] provisioned pre-delivery to protect against malicious
interdiction. [11]

## How to get one

Please see the Insurgo PrivacyBeast X230 [1] on the Insurgo website [12]
for more information.

## Acknowledgements

Special thanks go to:

- Thierry Laurion [13], Director of Insurgo, Technologies Libres (Open
Technologies), for spearheading this effort and making Heads+Qubes
laptops more broadly accessible.

- Trammell Hudson [14], for creating Heads [7].

- Purism [15], for greatly improving the UX of Heads [7], including
the GUI menu, and for adding Nitrokey [16] and Librem Key [17]
support.


[1] https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/
[2] https://www.qubes-os.org/doc/certified-hardware/#qubes-certified-laptop-insurgo-privacybeast-x230
[3] https://www.qubes-os.org/doc/certified-hardware/
[4] https://www.qubes-os.org/doc/certified-hardware/#hardware-certification-requirements
[5] https://www.thinkwiki.org/wiki/Category:X230
[6] https://www.coreboot.org/
[7] https://github.com/osresearch/heads/
[8] https://www.qubes-os.org/doc/anti-evil-maid/
[9] https://libreboot.org/faq.html#intelme
[10] https://github.com/osresearch/heads-wiki/blob/master/Clean-the-ME-firmware.md#how-to-disabledeactive-most-of-it
[11] https://en.wikipedia.org/wiki/Interdiction
[12] https://insurgo.ca
[13] https://www.linkedin.com/in/thierry-laurion-40b4128/
[14] https://trmm.net/About
[15] https://puri.sm/
[16] https://www.nitrokey.com/
[17] https://puri.sm/posts/introducing-the-librem-key/

This announcement is also available on the Qubes website:
https://www.qubes-os.org/news/2019/07/18/insurgo-privacybeast-qubes-certification/

- --
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAl0xRMEACgkQ203TvDlQ
MDAEVQ//d5Ziw78qjjYCaepSpJTXwdlw6yiZVXm5ecB1xYMdS7UrQJYX3vS/on/R
i4Sh/fuQBfr5qzap8BHK7DyZ3IJYFjazVPkXStKk5gYrx2ZCD+/3xMNwKYNn9Old
YNf6N5+2ux9WMn39k+E5MJNJOUWuM3VRTTSlJT8YnM4fQR+2pzC7Ugdam24BGUSr
bTz7k/3mbDTDjWAmttzDNTt+pJEB0BkSlms862JqxCLulwwrw3noQk8DGHX1VraD
EY72atFoehSvU8HpeXhjxiCQhPwk/2SktxL5C+W21Z4Jyl+NzLFA2OCf5Bw+wOpp
LJZ6/Y1Gy+FNH8mzD6mNVu23l+x4nlTfSqIHtpw/OnQTxdmMYsWV1Ayn9xONJJB0
PPEBW24c0NKKD/b2V9R3rfwScLgP4Lc5kfS6KFJItUka4OoZ1cQdGdAX+2X2S0QT
RIW1NUeeqbJHPwSPLTszBs9gGW0mmE26J4D2F8r+ldVgGskOeX9MGJ8qSzBVzOLk
SnhfY9ZXjxyrT4v+QMShu6QJqPwcbFpbS5Lp5ZMS1JAz1fWL8/tbXhCNcTKzl1R7
mXpjfGjtM9hDFzlD/eMyCFRAW3V16Pk9qcABak5+HEH8py88mnnnyNy4npRYu/Xe
j6VpvWE87DI4vYuUX/F9hKLES5HJZVRdWj5j+9B+riZZuVJOo+M=
=WwYE
-----END PGP SIGNATURE-----

[Thierry Laurion]

Hello all.

For those of you who would want to ask questions but are against using Google services/Twitter/Facebook, you are more then welcome to comment post on my ZeroNet technical blog:

http://127.0.0.1:43110/1DMb3CV66qZPwJqkgm4z12nu8BrAwDoD4g/?Post:26:PrivacyBeast+X230+is+alive!!!

Cheers,

Thierry Laurion

Insurgo Open Technologies/Technologies Libres

[awokd]

Thierry Laurion:

> Hello all.
>
> For those of you who would want to ask questions but are against using
> Google services/Twitter/Facebook, you are more then welcome to comment post
> on my ZeroNet technical blog:
> http://127.0.0.1:43110/1DMb3CV66qZPwJqkgm4z12nu8BrAwDoD4g/?Post:26:PrivacyBeast+X230+is+alive!!!

Unless you hacked my computer, I don't think the above link is going to
work. :)

Otherwise, nice work with the laptop!

[Thierry Laurion]

This is ZeroNet URL. :)
It can be accessed through a clearnet proxy here for read access:

https://zero.acelewis.com/#1DMb3CV66qZPwJqkgm4z12nu8BrAwDoD4g/?Post:26:PrivacyBeast+X230+is+alive!!!

>
>Otherwise, nice work with the laptop!

Thanks!

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

[Matthew Finkel]

On Friday, July 19, 2019, Andrew David Wong <a...@qubes-os.org> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Dear Qubes Community,

We are very pleased to announce that the Insurgo PrivacyBeast X230 [1]
has passed Qubes 4.0 Hardware Certification and is now a Qubes-certified
Laptop! [2]

 Can you say how many USB controllers this laptop has?

Thanks,

Matt

--
Matthew Finkel

[Demi M. Obenour]

On 7/19/19 12:19 AM, Andrew David Wong wrote:
> - Coreboot [6] initialization for the x230 is binary-blob-free,
> including native graphic initialization. Built with the
> Heads [7] payload, it delivers an Anti Evil Maid (AEM) [8]-like
> solution built into the firmware. (Even though our requirements [4]
> provide an exception for CPU-vendor-provided blobs for silicon and
> memory initialization, Insurgo exceeds our requirements by insisting
> that these be absent from its machines.)
>

Is the RAM vulnerable to Rowhammer attacks? My understanding is that
recent motherboards mitigate these attacks by increasing the refresh
rate, but I am not sure if this one can.

Sincerely,

Demi

[Lorenzo Lamas]

Very nice to finally have a certified Qubes laptop!

Personally, for me it would be nice if there was a more powerful alternative in the future. I'm currently using something with about the same resource power and I find myself often wishing I had something faster because Qubes is quite heavy compared to a standard OS. It would be great to have a quad core CPU(and a proper one, not one of those power-saving U line from Intel), 32GB RAM or more and a NVMe SSD instead of SATA.

Also, there is the issue of the CPU being a 3rd gen Intel i CPU. Maybe this is specifically chosen because later CPU's are harder to get blob free, I don't know the details. However, Intel had quite a few side channel vulnerabilities over the past year, and this year they dropped microcode update support for 1st gen CPU's, so there is a pretty high chance they will drop 2nd gen support next year and 3rd gen support the year after that.

[Chris Laprise]

There is even one statement from Intel out there that they've
tentatively already dropped support for 3rd gen (which is what the X230
and its 'sister' the T430s uses).

The Lenovo G505s should be slightly more powerful than the X230, and its
AMD A10 processor is significantly less prone to attack.

The only problems with it are that HEADS doesn't work (not a big
disadvantage, given how vulnerable X230's older TPM is), and to install
Qubes you need to flash it with a Coreboot config that requires you to
add an un-signed graphics driver (I think if enough people posted SHA256
hashes of the driver it wouldn't be a big problem).

It also accepts ECC RAM, which reduces the DDR3 side-channel
vulnerabilities somewhat.

So the alternative to the 2012 laptop is the 2013 laptop. A bit
underwhelming.

-

The overall problem here is none of these open source OS projects are
true integrators or designers, not when it has anything to do with
hardware. This is why Qubes project will identify USB controller
isolation as a major issue, but then do nothing about it (note the X230
is lacking a secondary USB controller). They'll say Intel or X86 is
fundamentally insecure, but won't begin to describe what a good
alternative would look like at the component level; without that,
there's nothing into which the hardware people to sink their teeth or
even notice Qubes.

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB 4AB3 1DC4 D106 F07F 1886

[unman]

You are wrong about the x230 lacking a secondary USB controller, if you
mean " a second controller".
The x230 has controllers which can be allocated to two distinct usb
qubes.

[Thierry Laurion]

That model is unfortunately not really available to redistribute. The SPI flash isn't big enough to support Heads features right now, even though the Librem Key could be used to support firmware and boot integrity attestation.

There is a ticket opened on Heads project page to make that device supported. But that device cannot be used to preinstall QubesOS as of right now.

Tasket: you have references to 3rd gen Intel support drop?

[Thierry Laurion]

Le lundi 22 juillet 2019 11:40:44 UTC-4, Chris Laprise a écrit :

On 7/21/19 5:44 PM, Lorenzo Lamas wrote:
> Very nice to finally have a certified Qubes laptop!
>
> Personally, for me it would be nice if there was a more powerful
> alternative in the future. I'm currently using something with about the
> same resource power and I find myself often wishing I had something
> faster because Qubes is quite heavy compared to a standard OS. It would
> be great to have a quad core CPU(and a proper one, not one of those
> power-saving U line from Intel), 32GB RAM or more and a NVMe SSD instead
> of SATA.
> Also, there is the issue of the CPU being a 3rd gen Intel i CPU. Maybe
> this is specifically chosen because later CPU's are harder to get blob
> free, I don't know the details. However, Intel had quite a few side
> channel vulnerabilities over the past year, and this year they dropped
> microcode update support for 1st gen CPU's, so there is a pretty high
> chance they will drop 2nd gen support next year and 3rd gen support the
> year after that.

There is even one statement from Intel out there that they've
tentatively already dropped support for 3rd gen (which is what the X230
and its 'sister' the T430s uses).

 

I didn't find such statement. Would love to find confirming/infirming information for i7-3520M.
Microcode updates were released for Windows:
https://support.microsoft.com/en-us/help/4494451/kb4494451-intel-microcode-updates

They do not seem to have been injected them in Intel repository, though:

https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files

No idea if they are included in Fedora, to be applied by dom0 in QubesOS.

The Lenovo G505s should be slightly more powerful than the X230, and its
AMD A10 processor is significantly less prone to attack.

The only problems with it are that HEADS doesn't work (not a big
disadvantage, given how vulnerable X230's older TPM is),

TPM was not vulnerable to weak RSA cert generation of 2017: https://web.archive.org/web/20190203222631/https://support.lenovo.com/us/en/product_security/len-15552

And since the TPM is used under Heads as one of the first modified instructions of Coreboot, I don't see how boot measurements could be impacted by S3 resume vulnerability of 2018: https://github.com/kkamagui/napper-for-tpm

and to install
Qubes you need to flash it with a Coreboot config that requires you to
add an un-signed graphics driver (I think if enough people posted SHA256
hashes of the driver it wouldn't be a big problem).

It also accepts ECC RAM, which reduces the DDR3 side-channel
vulnerabilities somewhat.

For the side-channel attacks, I would love to see a PoC, since from my understanding, it is not possible to access other's qubes memory and those timing attacks are even weaker in virtualized environments:

https://security.stackexchange.com/questions/127806/are-virtualized-environments-vulnerable-to-the-row-hammer-attack/130762

For the G505S:

I can only redirect to the work needing to be done on that model to reduce size so it could support Librem Key and its external measurements without a TPM (the G505s doesn't have a TPM). After which GPG, cryptsetup-reencrypt and other tools can be injected in the ROM to support a trustworthy "root of trust" on which QubesOS can securely be preinstalled/used: https://github.com/osresearch/heads/issues/453#issuecomment-514652215

So the alternative to the 2012 laptop is the 2013 laptop. A bit
underwhelming.

-

The overall problem here is none of these open source OS projects are
true integrators or designers, not when it has anything to do with
hardware.

The path to resolve this becomes clearer.
We need open source hardware supported by QubesOS. ppc64 support is our best bet IMHO: https://github.com/QubesOS/qubes-issues/issues/4318

Meanwhile, actual best solutions needs to be upstreamed, and this is the path i've decided to take which got funded:

https://github.com/osresearch/heads/issues/540

This is why Qubes project will identify USB controller
isolation as a major issue, but then do nothing about it (note the X230
is lacking a secondary USB controller).

That was adressed by unman in a precedent answer.

They'll say Intel or X86 is
fundamentally insecure, but won't begin to describe what a good
alternative would look like at the component level; without that,
there's nothing into which the hardware people to sink their teeth or
even notice Qubes.

ppc64 laptops are in the pipeline by RaptorEngineering.

Those will need virtualization support, IOMMU and Open Source Firmware.

Better would be to have encrypted memory from each VM to leverage side-channel theoretical attack impacts.

Best would be to completely externalize internal SPI flash or design an equivalent.

Something that could be hacked on on already existing hardware, or designed from scratch.
Interesting work by Trammel Hudson that can be transferred to this: https://github.com/osresearch/spispy

There are funds available for such projects. NL, OpenTech funds. We only need to organize :)

But you're right. I'm not a hardware designer. I cannot take that lead.

But I think we should all collaborate on this to make it reality.

Cheers,

Thierry Laurion / Insurgo Open Technologies

--

Chris Laprise, tas...@posteo.net
https://github.com/tasket
https://twitter.com/ttaskett
PGP: BEE2 20C5 356E 764A 73EB  4AB3 1DC4 D106 F07F 1886

[travorfi...@gmail.com]

>sandybridge

>

$1,581.00

 

laught high.

пятница, 19 июля 2019 г., 7:19:37 UTC+3 пользователь Andrew David Wong написал:

[travorfi...@gmail.com]

Also x230 can be more powerful. 

Look at this guyz

https://world.taobao.com/item/550879131380.htm

https://forum.51nb.com/forum.php?mod=viewthread&tid=1602437

http://thinkpads.kr/xe/REVIEW01/204307

https://forum.51nb.com/thread-1548345-1-1.html

[Thierry Laurion]

On Wed, Jul 24, 2019 at 7:16 AM Matthew Finkel <matthew...@gmail.com> wrote:

Hi Thierry,

Thanks for the response. Maybe I'm not looking at the correct page.On
https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/
I see it says:

"2x Fast USB 3. 0 ports (left side blue ports) + 1x USB 2.0 port
(right side yellow port)"

But I don't see any mention of the number of distinct USB controllers
- specifically the number of controllers (and USB ports) that can be
isolated per qube.

There is 3 usb-controllers, all attached to sys-usb by default, added to the sdcard controller. See attachment.

Thanks,

On Mon, Jul 22, 2019 at 3:21 PM Thierry Laurion
<thierry...@gmail.com> wrote:
>
> This is detailed under product page.
> Thanks

>> --
>> You received this message because you are subscribed to the Google Groups "qubes-users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAGF8hsvas-dcbgYYaHhtjerfnyMV9AO%3D0Dnd3ALoL5zhqKw3fQ%40mail.gmail.com.



--
Matthew Finkel

[Thierry Laurion]

On Wed, Jul 24, 2019 at 1:16 PM <travorfi...@gmail.com> wrote:

>sandybridge

>

$1,581.00

 

laught high.

I can understand seeing the total price. The reality is 946$CAD, though for the Grade A refurbished laptop i7 2.9ghz, 16GB ram, 256Gb SSD drive and IPS screen. See product description. You pay an additional 500$CAD to have integrity attestation of firmware and QubesOS preinstallation, while supporting what I try to accomplish.

Else you can do it yourself from locally available hardware, but I doubt you can find equivalent quality refurb grade A equivalent hardware with competitive price.

The OEM Re-Ownership wizard in action, with important links and references: https://archive.org/details/oemuserreownership

Regards,

Thierry Laurion/Insurgo

--
You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ac1f957-06e2-40c7-84c5-5112b365848a%40googlegroups.com.

--

Thierry Laurion

[travorfi...@gmail.com]

Guyz, this is not serious.

>100$ laptop

>chink keyboard

>lost battery

>flashed with a $5 ch341a coreboot

среда, 24 июля 2019 г., 20:48:11 UTC+3 пользователь Thierry Laurion написал:

To unsubscribe from this group and stop receiving emails from it, send an email to qubes...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1ac1f957-06e2-40c7-84c5-5112b365848a%40googlegroups.com.

--

Thierry Laurion

[Thierry Laurion]

I won't feed trolls. But will invite you to find me comparative prices for grade A x230 i7 2.9ghz of the same specs.

Those are not 200$ CAD, but 940+ (with IPS, 16GB RAM, 250GB SSD and Atheros card) + 80$ for a Librem Key (80$CAD) which will visually attest integrity of firmware at each boot, while permitting to sign boot configuration changes and attest that you approved the changes. Added to that price is 500$CAD for the service made on the laptop to neuter Intel ME, flash the rom, preinstall QubesOS and latet updates, preinstall a Windows7 TemplateVM that you can activate over Windows activation phone line. While permitting to have provable integrity, to attest to you that the laptop haven been tampered with in transit, added with a tamper evident sticker on the main screw of the laptop, required to unscrew to access internal hardware.

Compare prices for yourself. You will find used hardware requiring fan/cpu thermal paste reaaplication, broken cases, 8GB memory equipped laptops with spinning HD without IPS screen.

Please challenge me:
https://insurgo.ca/produit/qubesos-certified-privacybeast_x230-reasonably-secured-laptop/

My goal is to start a workers/buyers cooperative with this, charging an additional flat fee on top of hardware cost for what is done on the refurbished hardware. That money is my salary and personal funding source to pay for other knowledgeable work, pay for QubesOS development and for sure, also pay myself so I do not have have a job outside of this and dedicate myself to open hardware and projects that need money to go forward, while continuing to do security trainings for right defenders, that need this kind of tool, btw.

OEM reownership in action, permitting QubesOS preinstallation on "slightly more secured hardware" (Heads moto):

https://archive.org/details/activateoemreownership

The more refurbisher sources of high end and grade A hardware, the best prices users will get.

Finding a secure source for that model was not an easy task.

Try it for yourself. You will see. Its quite easy to find one super deal. Finding a provider is a different story.

If you find one, contact me, you might become a distributor for your own country!

Doing the OEM reownership to make QubesOS preinstallable was not an easy task either.

https://github.com/osresearch/heads/pull/551

QubesOS certification was made bridge the gap on having QubesOS preinstalled, which never happened, even if it was supposed in the past.
To finally promote QubesOS preinstalled machines, without compromising encrypted keys, while promoting my first move torward "Accessible security", project for which grant was received. Else users are redirected on the HCL page and not all people are technical enough to even choose the right hardware, even less ones that can boot from Open Source Firmware. And enven less of them will arrive to the point of having a provable root of trust.

All of this work was made open source, and can be ported to other models and platforms, which I would really love to see happen though the Heads project.

I also did the port for the KGPE-D16/KCMA-D8, which you can find on the Heads github site, which has OpenBMC iKVM module, can be used a QubesOS server and can be remotely booted, with provable root of trust through iserted Librem Key.

You are more then welcome to join forces instead of criticizing in a nonconstructive way.

I'm doing my best to pay myself back 2 years of development and laucnhing this all by myself. Now is a time for collaboration to make QubesOS more accessible to freedom defenders, journalists and others who needs this the most. I will do some of that development myself, made grant paper workto be able to pay other people's work and plan on doing that until we have something free to propose to the masses, which supports QubesOS.

If you are knowledgeable/technical enough to be able to do it yourself and be able to own provable boot security, then you are more then welcome to do it yourself or be helped by a friend. If you are not in that situation, that is why I did that work and to be able to promote such solutions in my own security trainings for organizations and journalists.

If you want to support my work, you are more then welcome to do it, by proposing collaboration and support other hardware through Heads or other Open Source Firmware where the same reownership logic could apply and guarantee integrity/security/confidentiality and in transit tamper evidence.

As all of you, I would prefer promoting more performant hardware to the masses, but i'm not compromising myself in promoting FSP binary-blob dependent hardware initialized by non-free Coreboot, nor non-neuteured Intel ME or AMD equivalent crap running by default, or simply asked to be deactivated while binary blobs are still there in SPI flash.

Cheers,

Thierry/Insurgo