andy_ppp

If I was a government these are the exact sorts of projects I'd set up as a honey pot to tempt people who are doing illegal things to use my pre compromised hardware.

How can I trust NitroPad more than another laptop manufacturer? I actually trust this much less.

bubblethink

If you try to read the article, including the linked projects, it helps a lot rather than broadcasting every nascent thought that pops up in the head to the internet.

All the ingredients have been a long time in the making. To summarise, it builds upon coreboot, heads, nitrokey, and me_cleaner, all of which are open source and have been developed by various people in this domain who also know what they are doing. It uses a thinkpad x230 as it is an ivy bridge processor, the last generation of intel processors whose initialisation is open source and well understood. If you would like to read more about this specific combination, you can also read at https://www.qubes-os.org/doc/certified-hardware/#qubes-certi... .

danShumway

I also read the article, and did look at the linked projects, and it's not clear to me how they solve GP's issue, because the company is still providing these solutions precompiled on hardware they control.

How does GP know that everything is actually being provided unmodified, without any backdoors?

> it helps a lot rather than broadcasting every nascent thought that pops up in the head to the internet.

I don't think this is helpful, it's unnecessarily antagonistic and dismissive.

GP's point seems reasonable to me; I don't see anything here that means that the Thinkpad x230 couldn't be modified before installation/paring, or that the tools themselves couldn't be modified before the laptop was shipped. If there is a reason to trust the initial build process, the linked page isn't explaining what it is.

bubblethink
>How does GP know that everything is actually being provided unmodified, without any backdoors?

They don't need to. That is precisely the point. The entire software stack is open source and reproducible (except a few KBs of Intel ME). As a press release, the linked post is brief. If you wish to read more on the technical aspects, here are all the constituent projects:

https://coreboot.org/

https://github.com/osresearch/heads/

https://github.com/corna/me_cleaner

https://github.com/nitrokey

A good talk if you prefer video: https://media.ccc.de/v/33c3-8314-bootstraping_a_slightly_mor...