I assume these system are insured for shipping, against loss or in the unlikely event of seizure by customs?
Hey @ubersecure
generally, any product you order only counts as delivered once you hold it in hands (and have given your signature to the delivery person) - we take responsibility for this to happen. Please take care not to accept a package if it is obviously damaged…
best
1 Like
Great.
And do you offer any protection against interdiction?
I know you can ship the NItroKey separately, but this would still allow hardware modifications such as installing a key logger. Is there any information on the security implications of this?
hey @ubersecure
we offer a sealing for the laptops to increase the security against physical tampering: Verify Sealed Hardware - Nitrokey Documentation
Furthermore a Nitrokey 3 comes with a pretty strong hardware security through a secure-boot mechanism so that only our signed firmware(s) are booting on the Nitrokey 3 - you can verify this using nitropy nk3 test if all these tests are SUCCESS you can be pretty sure that there was no tampering. The check is done indirectly through a verification of the certificate/key on the device, which can only differ from the ones we deliver if some other firmware would be on the device.
best
On reading again I’m not sure if I am understanding your reply.
I think your quoted message addresses tampering with the firmware on the NitroKey itself.
Whereas I was trying to ask specifically exactly what firmware on the NitroPad is verified by the NitroKey? My understanding that the BIOS is verified, but by “firmware” I am including anything, e.g. in the NIC or firmware in the graphics chip, etc …
ah, ok, classic communication issue 
ok, so what HEADS does can also be partly found on the heads wiki - there some technical details, especially what “firmware” means, in this context are only implicit. To be a little more precise on what “firmware” means here: Heads does various things to verify the system integrity, it reads the firmware flash (formerly known as “bios”), signs the (kernel) artifacts inside /boot and on top of that also uses “measured boot” - the former are well defined in terms of what they aim for (firmware flash + /boot contents) … the latter, “measured boot” is a mechanism described in the tpm(2) specs. These PCRs (combined hashes of firmwares) are also verified to stay the same from boot to boot and this also includes other measureable firmwares of the platform.
best
1 Like
I looked at the two references you gave, but they are not easy to follow and I still have a question:
Suppose that the NitroPad with HEADS is used to boot off of an OS on the usb drive. Does a measured boot still occur? So that one still gets the benefit of firmware attestation?
For example you mention that it “signs the artifacts inside /boot” but I assume that is not relevent when booting of the usb?
No there will be no measured-boot style verification, if you boot from a usb-stick. Essentially HEADS only verifies correctly if ALL components are in its expected state: /boot, firmware (PCRs), Security Token and the calculated HOTP secret.
best
1 Like