That’s where it’s getting really dubious from Joanna to fingerpoint ORWL specifically when all the other laptops approved have major security opening well known and documented such as ME attacks using USB. Design SHIFT paid Joanna to help architect ORWL and optimize the system to support Qubes out of the box and the architecture, firmware, schematics and source code were provided to Invisible lab. The Intel CPU version was recommended by Joanna and she has the first prototype of ORWL. These below are the minutes of the architecture selection.
Ok, so we have spent almost 7 hours in a restaurant yesterday discussing this…
As mentioned, nobody likes the Option #1.
Option #3 turned out to be a no-go, because at the time of the main CPU wakes up
from S3 we don’t have access to Qubes VMs, where we could delegate NFC
processing to occur. And we can’t have this access till we authenticate the
user. It’s a classic chicken-and-egg problem here.
Option #4 alone (i.e. without #3) is, of course, not good enough because we want
ORWL unlocking to also work with a default (cheap) token, whatever it would be.
So, the option #2 is what’s left. After some discussions it seems like we should
be able to utilize MPU on the Maxim to get the satisfactory security isolation
in a similar way as we wanted from the MMU unit (i.e to isolate secure-boot and
flash handling-related code from the auth/unlocking related, and from the dirty
NFC stacks and drivers). Additionally it seems like this would not necessarily
mean writing a new microkernel by us or Genode (something which would likely be
prohibitively expensive), because Rafal just found this promisingly-looking
…which looks like it might be very useful for our case. I wonder if any of
you: Marc, or Gupta, or your team, has any experience with this FreeROTS?
So, that looks promising!
As for the details regarding the actual NFC token, and if it should also play
the role of a smart card (so carry user secret(s) with it – I think these are
quite secondary topics that could be left to be determined later. However, if
you already had some specific NFC tokens/smart cards at your considerations,
please send over their datasheets our way (or better: push them to the
Some other things we discussed included a method for the end user to verify the
device he or she got has not been tampered during the shipment. This uses a
secret in the uC and the trusted OLED. So, this would work well with this Maxim
uC. This method does not, however, solve the problem of the user needing to
trust the factory. This topic is more complex to solve and requires more
thinking. As a temporary solution we could say: those who don’t trust the
factory can just build the device themselves (as it’s gonna be Open Hardware
project), but this option doesn’t sound quite satisfactory in practice.
Looking to your feedback. If everything looks ok, I will update the arch docs
early next week.