So we have this really annoying catch 22, where people like this author report on real security and tamper protection systems as bad -- yet without them, the device would actually be prone to different actors attempting to own devices remotely.
Every security mechanism in place on modern computing hardware can be viewed as being either cryptographically important or encumbered against users. The fact of the matter is that it's extremely hard to build a platform that's resistant to all types of attack without also encumbering real users and real benefits of device ownership.
At some point, I just want to throw my hands up and ask why people continue to buy these devices if they dislike them so much. I can understand wanting to tinker and wanting to hack. But voluntarily forking over money just to complain about why that platform isn't an open box amazes me. It's plenty easier to buy a hackable and open by default platform than it is to buy a closed one and try to turn it into an open one.
Backdoors for every state actor ...
It is incredibly easy to make ridiculously hard to find backdoors in both software and even more so in hardware, and early versions have been caught (including the US and Chinese governments). The odds of finding "v2" or, more likely "v50" backdoors are bad. Very bad.
Pray tell, where can I buy a laptop (of new, rather than vintage, manufacture) without blobs and master keys?
This blog post asserts that it was imposed by the NSA. Where is the evidence for that? The only source seems to be what appears to be speculation by some person on IRC.
>20:23 <asciilifeform> from my pov, it's nsa rootkit
It's hard to take this post very seriously when there's disinformation like this.
Whereas if Google is putting chips into their Chromebooks of their own initiative, that is no indication that Google is getting power over Windows, iOS, Mac, or Linux computers.
It's not just some person on IRC, it's the author. He's citing himself.
The Cr50 device is a classic “Fritz chip” — i.e. a hardware “policeman”, built into a computing device [...], so as to specifically and deliberately act against the purchaser’s interests, by subverting the Laws of Sane Computing in these three ways:
Prevention of the full control of the machine by its physical owner, typically by inhibiting attempts to install modified firmware. [...]
Enablement of one or more types of “NOBUS” back door (Official NSA terminology! “No One But US“, [...]
Prevention of a clueful hardware owner’s attempts to “jailbreak” — to disable, remove, or circumvent the Fritz chip itself.
This also inhibits attempts by malicious third parties to install modified firmware on your machines.
For Chromebooks we traditionally tried to find a middle route: locked down by default, since most people care more about nobody tampering with their device than about the ability to do so themselves. For the others, there's dev mode (easy to get at, but with scary notifications, to make tampering obvious) and the write-protect screw (hard to get at, no tamper notification).
Hooking up cr50 into the write-protect line allows to develop a best-of-all-worlds approach:
* still locked down by default for people who don't want to think about their device's firmware security.
* simple to get at (but complicated enough that drive-by attacks remain infeasible), even with form factors that aren't service friendly (eg. glued chassis - firmware folks have no voice in these decisions).
* the ability to implement tamper evidence checks through remote attestation, even if the scary screens were disabled.
Compared to everything else on the market, I think it's a very user friendly set of trade-offs, both for power users and computers-are-appliances folks.
(disclosure: Chrome OS firmware developer)
The Cr50 accepts firmware updates at all times, but only when signed with Google's RSA key.
Does anyone know which Google/ChromeOS features this chip is used for, or what the justification for it is?
https://www.chromium.org/chromium-os/tpm_firmware_update
Edit: this is what Chrome devices use it for https://www.chromium.org/developers/design-documents/tpm-usa...
I recommend to actually read Google's published Cr50 sources -- no reason to take my word for it. All of the functionality I described -- and more -- is there, plain as daylight, with comments. Including the backdoor pubkeys.
Any calls to Google reCaptcha v1 API will not work after March 31, 2018 [1].
[1] https://developers.google.com/recaptcha/docs/faq#what-happen...
I would like to see some more details.
