I bought the Nitropad x230 and I want to use 2 drives, one SSD internal and one SSD external and remove what comes by default and install my own Linux distro on both after formating them.
Can someone explain how to do the signing of the boot files etc for each drive so both work with the nitrokey to get the green light?
I’ve tried reading the wiki and it’s not clear to me. Also there are no videos on Youtube. You should make tutorials or something.
Can someone explain how to do this?
Sorry for anyone who doesn’t want this revived, but I am still curious to this myself.
When it will be supported, etc…
I recall it being unsupported for now though.
I don’t think this is possible right now from an architecture perspective … All components are strictly bound to each other (signatures, hotp secret + counter, private keys) allowing multiple instances of any of these (e.g. signatures) would require another set of the others. This would need a significant amount of work within HEADS to make this work, so I don’t think this will happen anytime soon, sorry.
best
Not tested but with kexec it should be possible to continue the trusted boot chain by preparing a followup boot configuration from the running os.
heads->first os
first os->script with kexec, vmlinuz, initrd, kernel cmdline->second os
yes, this should be possible, but with this approach the 2nd OS will not have the same security guarantees - my impression was that this is a requirement.
Questions then, if I tried to turn an x230 into a nitropad, but it had two SSDs within it:
A: Would this function at all without any major hiccups? I get it would not be supported for the future as something you would help with
B: I get nitrokey wouldn’t support such an idea, but is it even possible to run both on the same system
C: I have attached live persistent usbs and booted from them, how is this any different than that
D: when you say, anytime soon… do you mean for the foreseeable future?
E: is using nitropad still beneficial even for such a setup vs a bios like regular coreboot or libreboot and if so how much would you guess?
Just curious that’s all
hey @zapper
generally I can recommend reading some of the docs for heads: https://osresearch.net/ as explaining all details of how heads works, which threat model it addresses would be a little out of scope here 
But anyways, some words for your questions:
A: Would this function at all without any major hiccups? I get it would not be supported for the future as something you would help with
The problem/challenge is not the fact that there are multiple hard-drives within a machine. The issue arises once you would like to have multiple, bootable operating systems (OS) as HEADS will sign all files within /boot for a specific OS - so it can promise you that only an untouched OS (the one you signed) will be booted.
So if you have multiple drives within a machine running HEADS there will be no problem, you just have to ensure that you boot just one OS.
Yes, of course it is possible to have two harddisks within one system, it’s just not possible to boot two different OS.
the difference is that HEADS gives you (among others) a guarantee that nobody touched/modified your files in /boot for the set up main OS. If you boot from a USB-stick you still get the promise that your firmware hasn’t been modified, but if something or somebody changed your usb-stick’s contents (e.g., the kernel) heads will not recognize this.
This simply means, that if there is not a ton of users, which justify this development invest here, then likely never. Another option would be (as it is open source) that the development would be made within the HEADS community, but I cannot see this there at this moment. Despite the fact that your idea doesn’t really match with the overall HEADS architecture, goals and threat model.
Generally your hypothetical idea, without a fully thought through concept is really tough to compare with other already existing approaches - and “how much” implies you would like to get a metric or number from me - I have to admit: this is nothing I can do - simply because there are no absolute nor relative metrics for security. At least none I can give you in the context of a forum thread without a thorough threat analysis - hope you understand. Generally, open-source firmware is good and better as a proprietary blob, by how much is a very complex question to answer.
@daringer so you are saying, I couldn’t boot one of two different OS? Even if one was the only one that would be “trusted”
Like it wouldn’t show the second partition and allow me to boot from it?
Well in any case, just thought I would ask for myself and for anyone else who cares.
Well, no worries, disk cloning is always possible, via separate storage anyhow. So… no big deal! 
