Hey devs :)
I'm collaborating on the Heads project, which is a linux Coreboot
payload which enforces firmware tamper evidence through TPMTOTP and
visually through Librem Key HOTP, resulting in the Librem Key/Nitrokey
Pro/Nitrokey Storage to flash green if integrity is as expected or red
otherwise. Boot integrity is attested through checksumming all /boot
files into a digest that is validated automatically against user's
signed one with user's public key inserted into the rom.
Heads is meant to be "the other side of tails" to permit trusted
persistence in QubesOS installation.
I've developped a OEM->User ReOwnership wizard that permits OEM to
preinstall QubesOS in a LUKS container, sealing the firmware through
TPMTOTP and HOTP (for which the resulting QRCode is sent to customer
over secured communication channels prior to reception with actual Disk
Recovery Key passphrase) while sending the Librem Key/Nitrokey Pro for
the user to validate himself that neither the firmware nor the /boot
configurations have been tampered with in transit.
The Reownership wizard then takes advantage of the linux recovery
environment to enforce the reownership by proposing the user EFF
diceware passphrases meeting minimal requirements, reencrypting the
provided sdcard and SSD drive with his new Disk Recovery Key passphrase,
reowning shipped Librem Key/Nitrokey Pro and generating the public key
that is flashed into the rom, reowns the TPM and reseals TPMTOTP and
HOTP secrets with his new Librem Key/Nitrokey Pro, while setting a Disk
Unlock Key into the LUKS header, released by the TPM only if the
firmware measurements matches. The details are here
<
https://github.com/osresearch/heads/pull/551/>
Now the problem. Heads also permits to boot ISOs from USB partition. No
problem here since Tails supports usb devices.
But it doesn't seem to support mmc and sdhci modules required to be able
to boot from the memory expansion slot (ricoh)
<
https://github.com/osresearch/heads/pull/551/files#diff-893be823b299bd80d45c36112bbbf1e3R24>card
on the X230. As a result, the sdcard is mounted
<
https://github.com/osresearch/heads/pull/551/files#diff-9a66e05586b37d4779ee1eb88802e759R259>,
the validatity of Tails ISO integrity
<
https://github.com/osresearch/heads/blob/master/initrd/bin/kexec-iso-init#L20>
against rom internal distro keys
<
https://github.com/osresearch/heads/blob/master/initrd/etc/distro/keys/tails.key>
succeeds, the ISO iso mounted consequently and the kernel is kexec'ed
<
https://github.com/osresearch/heads/blob/master/initrd/bin/kexec-iso-init#L48>,
but the initrd fails to find the original mounted device by uuid
<
https://github.com/osresearch/heads/issues/581#issuecomment-501414411>
to continue init from within booted Tails kernel?
Is it possible for you guys to add mmc and sdhci modules
<
https://github.com/osresearch/heads/pull/551/files#diff-893be823b299bd80d45c36112bbbf1e3R24>?
My next goal being to support a stateless X200 inside of heads, the same
missing pieces would be required to support integrity validated ISO
images from being booted from the memory expension slot' sdcard drive.
Thanks for your time!
Thierry Laurion / Insurgo Open Technologies