Hi, im interested in buying the x230, however my doubts are:
What is the Coreboot distribution that it comes with?
What if I need to update? do I have to open the laptop? Im buying this because I want to avoid doing this on the first place.
What is the Nitrokey exactly? from what I understand, it’s only use is to see if someone has opened the laptop? If you open the case, the it detects it was opened, or you need to remove a hardware piece or something? how does it know?
If I want to change something in the hardware, for instance add RAM or change the keyboard, it will detect that it was changed, what do I do then, to reset this?
If I didn’t change anything but the Nitrokey detects that something changed, how do I know exactly what happened? since it would just be a red light but it does not tell you anything from what i’ve read.
This process blocks you from booting? Do you need the Nitrokey to boot, or its only use case is to know if something was changed?
What happens if I lose the Nitrokey?
How does the email/password work when you are in the buying page? do I leave this empty? I don’t know how PGP works, I use bitcoin signed addresses if I want to anonymously sign something.
As far as buying it with or without wifi+bluetooth, im trying to decide what’s best. I don’t think i’ll use either, but if you guarantee that the hardware switch on the side disables bluetooth+wifi at the hardware level, I guess it’s good to have them in case I ever wireless. But once again, does it really power off the bluetooth+wifi? Could it be backed to trick you into thinking it’s disabled but isn’t? Im not sure if I should just remove them.
If I wipe the drive to install my own Linux distro of choice, do I need to reconfigure something to boot? Im talking about the Heads thing, or the nitro key, which I still don’t really understand what it is for. Im a bit concerned that if I need this USB, I lose it or its gets stolen, then im stuck without being able to log in, that is why I’ve never used these things and I just use a password to boot in FDE drives.
It comes with Ubuntu/Debian/ or Qubes, Coreboot comes with the Heads payload.
No there is no need to open the Laptop when you update
The nitrokey insures that the conntent of the bios (coreboot) and the boot partition of the operating system are not tampered with. It does not show if the laptop was open, and also does not detect a different RAM or Keyboard for example. Have a look there https://osresearch.net/ for more detail.
As answered above you would not need to to this but if you want you can use the factory reset see the documentation Factory Reset — Nitrokey Documentation
This is not possible, but most of the time there are explanations like after you installed a software update. It really just can tell you that something changed
No you cann boot without the Nitrokey via the “unsafe boot” option if you do this more then 10 times you would need to factroy reset your nitrokey to “pair” it again with the bios
you need a new one and then need to factory reset your nitropad (don’t worry no data on the nitropad will be lost just within the Firmeware, the wording in the doc is a bit off)
you can leave it empty
They are Hardwarelevel.
This really dependent on what you want to install at the moment we just support our installation (Qubes 4.0 /Debian 10/Ubuntu 20.04) see Operating System Reinstallation — Nitrokey Documentation . For other OS specially newer one there might be issues with the coreboot version we use at the moment (4.8) we will update this in the beginning of next year
What happens if I use 2 drives? one internal and one external via USB. When I boot with the external one, wouldn’t I get a red light? On the factory reset tutorial, it points that you select one boot drive, so what if you use 2 different drives?
What can happen with the nitrokey in customs crossing a border or in airport, what if they force you to decrypt etc? apparently more and more airports do this so full disk encryption may be a bad idea, that’s why having an internal decoy drive with a regular OS may be a good idea (then use an external drive with the documents you need to encrypt). And the fancy nitrokey thing may be a thing that raises some alarms?
Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which aims to be a stateless OS that leaves no trace on the computer of its presence, Heads is intended for the case where you need to store data and state on the computer.
I think this ruins any possibility of plausible deniability. Like you get stopped in an airport and forced to decrypt or something. Wouldn’t Heads deliver unnecessary information?
Can’t you give the option to get just a basic Coreboot firmware?
