Kyle Rankin

Chief Security Officer
PGP ID: 0xB9EF770D6EFE360F
Fingerprint: 0DFE 2A03 7FEF B6BF C56F73C5 B9EF 770D 6EFE 360F
Librem Social

Latest posts by Kyle Rankin (see all)

PureBoot is our cutting-edge secured boot process that combines a number of technologies including:

  • Neutralized and Disabled Intel Management Engine where only the code absolutely essential for the system to boot is left in the ME.
  • Coreboot the free software BIOS replacement.
  • A Trusted Platform Module (TPM) chip.
  • Heads, our tamper-evident boot software that loads from within coreboot and uses the TPM and the user’s own GPG keys to detect tampering within the BIOS, kernel, and GRUB config.
  • Librem Key, our USB security token that integrates with Heads to alert the user to tampering with an easy “green light good, red light bad” process.
  • Integration between the Librem Key and LUKS disk encryption so you can unlock your disk with your Librem Key.

Recently we started offering the PureBoot Bundle–PureBoot installed and configured on your laptop at the factory and bundled with a pre-configured Librem Key so you can detect tampering from the moment you unbox your laptop. It’s been great to see so many customers select the PureBoot Bundle and now that PureBoot is on so many more customer laptops, we felt it was a good time to write up a post to describe some best practices when using PureBoot.

If you are just getting started with PureBoot and want to know the basics, check out our Getting Started Guide for pointers on what to do when you start up your PureBoot Bundle for the first time. In this post I’ll assume you have already gone through the first boot and first reboot of your laptop and have settled into daily use.

Create Your Own Keys

To make PureBoot easier to use, from the factory we default to well-known and weak PINs for the TPM, GPG user PIN and GPG admin PIN. We recommend that once get your laptop and perform the initial boot, that you change the TPM, GPG admin and GPG user PINs to something unique. We document that process here.

We also generate unique GPG secret keys for each customer directly on the Librem Key, and store the corresponding public GPG key on a USB drive we ship with the laptop. Purism doesn’t back up these private keys when we generate them, so the private keys only exist on your specific Librem Key. For the average user who only intends on using the GPG key on the Librem Key for tamper detection, the factory-provided key should work fine required you trust Purism. The beauty of PureBoot, though, is that you aren’t required to trust Purism to be secure.

If you would like to replace the factory-provided GPG key with your own GPG key, or you intend on using the Librem Key for other GPG operations like signing email, and not just for tamper detection, you can follow the steps documented here to generate a new GPG key and replace the existing keys with your own.

Update Software With Packagekit

By default PureOS uses Packagekit, integrated with Gnome Software, to perform software updates. If you’ve ever been prompted by the default PureOS desktop to reboot and install updates, this is Packagekit. While you can certainly use other tools (including apt on the command line) to update PureOS, Packagekit offers some additional benefits when you use PureBoot, in particular when it comes to avoiding false positives.

PureBoot alerts you whenever any existing file in /boot changes. This means that any time you update software that changes files in /boot (such as with kernel updates or other system updates that might update the initrd file under /boot), PureBoot will issue an alert the next time you reboot. The easiest way to tell the difference between actual tampering of files in /boot and changes caused by package updates is to re-sign all of the changed files in /boot immediately after they change. The more time that goes by between the legitimate changes and a reboot, the better the chance you will forget about that software update and may interpret a harmless alert about changes in /boot as an attack, or dismiss an alert about a legitimate attack because you assume it’s related to a software update.

If you use Packagekit to perform your updates, the process goes something like this:

  • Tell Packagekit to reboot and apply updates
  • The computer reboots
  • PureBoot confirms the firmware and /boot files have not been tampered with and boots into PureOS
  • Packagekit applies updates in a restricted environment and then reboots again
  • If Packagekit changed files in /boot, PureBoot will alert you

Since you know the changes occurred only during this Packagekit update window, you can reasonably conclude the changes were caused by Packagekit. Then you immediately re-sign all files in /boot before booting into your OS, thereby sealing the current known good state in a trusted environment. If you get an alert about files changing in /boot at a later date, you have a stronger reason to be suspicious.

Traveling With PureBoot

Traveling presents a higher-than-normal risk for tampering, because you are more likely to leave your laptop unattended in an unfamiliar area strangers have access to, potentially for extended periods of time. Whether it’s for relatively brief periods of time during customs or other security checks, or more extended periods of time if you leave your laptop in your hotel room, PureBoot can help give you piece of mind when your laptop is out of your hands as long as you follow a few best practices.

Travel Best Practice 1: Keep Your Librem Key With You

When you turn on your laptop, PureBoot proves that it hasn’t been tampered with by sending a special code over USB to your Librem Key. If the code matches what the Librem Key itself generated, the Librem Key blinks green, notifying you the computer is safe, otherwise it blinks red. This procedure works because you keep your Librem Key with you so even if an attacker tampers with the laptop they can’t tamper with the Librem Key. If you leave both your laptop and your Librem Key at your hotel room, an attacker could potentially reset both devices (or guess your PIN) and you may not notice until it’s too late. Whenever you leave your laptop unattended, unplug your Librem Key and put it in your pocket or purse.

Librem Key Tip: If you wear jeans, you may not know that they have a custom “Librem Key pocket” just above the larger front-right pocket! It’s the best place to store your Librem Key, as long as you remember to remove it before your jeans go in the wash.

Travel Best Practice 2: Don’t Add/Remove/Update Software While Traveling

Because travel presents a larger risk of tampering, you want to make sure to remove as many false positives as possible, so that if PureBoot does detect tampering, you know to be suspicious. One of the biggest causes of false positives with PureBoot is from software updates, so if you need to install, remove, or update software, do it before you travel. Then before you leave, reboot the laptop and boot back into your OS to ensure that PureBoot does not detect any tampering. While you are traveling, try to avoid making changes (in particular software changes) to your laptop. That way if PureBoot does detect tampering either during traveling or right when you return, you have a strong reason to suspect tampering.

Travel Best Practice 3: Power Off Your Laptop When Unattended, Don’t Suspend

Librem Laptops encrypt the hard drive by default, and hopefully if you reinstalled a different OS, you also enabled disk encryption. When your laptop is suspended, an attacker with enough time alone with your machine can attempt a “cold boot attack” to retrieve disk encryption keys and other secrets from RAM. Beyond that, if your login password is weak, or you disabled screen locking when resuming from a suspended state, an attacker will have an easier time tampering with your machine if it’s suspended. By powering off your laptop whenever it’s unattended, you ensure that the attacker has to crack your disk encryption password before they can tamper with anything.

By powering off your laptop whenever it’s unattended, it means that when you return to your laptop, you will power it on and PureBoot will be able to test the system for tampering. If PureBoot does detect tampering, you will have a better chance of pinpointing when it happened since you are testing the system each time you use it.

Set Up Two-Factor Disk Unlocking

One of the final pieces of the PureBoot technology stack is the use of the Librem Key to enable multi-factor authentication to unlock your disk. This means that instead of typing in a passphrase to unlock the disk, you can use a combination of your Librem Key (something you have) and your Librem Key GPG user PIN (something you know) to unlock the disk. This is not only more secure, it’s also more convenient. This means you can set a very long, difficult passphrase as your fallback disk unlock passphrase, and potentially set a somewhat easier-to-type GPG unlock PIN that you use to unlock the disk normally.

We do not yet enable this feature in PureBoot by default, but if you would like to set up two-factor disk unlocking, we have created a script for PureOS and Debian that can help automate the process while we work with upstream providers to included this functionality in Debian and PureOS by default. In the meantime you can read our guide here on how to download and use our script to enable this feature.

Conclusion

We’ve been very pleased to see so many people use PureBoot. We believe it’s one of the best (and one of the few) ways to provide high security on laptops while giving you full control over all of the keys. By following these best practices you can get the most out of PureBoot. If you’d like to read more, check out our full PureBoot documentation.

Recent Posts

Related Content

Tags