Interesting announcement about the laptop

Very interesting announcement about the new laptop from nitrokey.

I don’t need a laptop right now but I’ll keep it in mind.

1 Like

Yes, after the Purism agreement, Nitrokey now reuse the wise setup for other laptops, which is very good for everyone.
Unfortunately in my case I am presently using a german Tuxedo linux laptop, whose specs are way better than the X230 machine Nitropad is based upon; and alas, Purism computers only feature QWERTY keyboards, so… I’ll continue waiting patiently for either a more flexible Purism design or the next Nitropad :wink:
(I wonder, in fact, if the agreement between Purism and Nitrokey prevents NK from proposing machines too close to Purism specs…)
Anyway : a very good news!

Another question : assuming I buy one of these machines, along with the associated Nitroke : is it possible for me to order a second key, for the case I lose the original one, and get a setup that works with both?

This may look funny, but it is a significant point to me…

Thank you!!

AFAIK this is not possible with the current implementation, but should not be hard to change that - it would require generation of a second secret. Using the same is not possible, since counter would desynchronize between the PC and the backup device, unless a special case for testing counter ‘0’ would be introduced.

@nitroalex Please correct me if I am wrong.

1 Like

Thank you szszszsz! I am a bit worried that this turns the complete computer into a secure but disposable device… This should’t be the price to pay IMHO…

I think the device is optional to boot, and it should maintain its synchronization for the 9 boots without it. I do not know, whether it contains any required data, like keys to the encrypted volume.
@nitroalex Can you describe stick responsibilities in this system?

Surely it is used to make sure the used laptop is not compromised.


sorry for the late response. I was actually busy with the NitroPad :slight_smile:

The Nitrokey is used to verify the integrity of the system. Losing it or not having it with you means you can not verify it. It does not mean you can not boot it. You always can boot the device without verifying (for example when staying at home) and you can always set up another Nitrokey for this process.

1 Like

Ah, OK Thank you NitroAlex!
-I thought about it as a kind of ‘ignition key’ without which nobody could not only read but even boot the machine. So, instead it is a means to check nobody has changed anything on it, as far as I understand it.
Now ,when you say ‘you can always set up another NK for this process’, does this mean I can set two at the same time, or just that I’ll be able to set another key only if I loose the first one?
Thanks again!

Currently, it is not possible to use two identical Nitrokeys for firmware checking in heads. The firmware is checked via a HOTP secret which is shared by Heads and the Nitrokey.

There is no option to insert this secret in two Nitrokeys yet. Technically, this would be feasible. But in general this is not really an important use-case for us as it is so easy to setup the secret on a backup device and actually it is much more secure in case of loss of device (as the HOTP secret is not physically protected on the Nitrokey).

This is not an urgent question for me, but I don’t fully get the above sentence. Does it mean that tamper detection would be also (or even better?) dealt with using “a secret on a backup device”?