0

I was looking into buying a NitroKey. To my surprise I found the following statement in the brochure:

Keep a Secure Operating System With you at all  Times

Securely boot Windows or Linux directly from Nitrokey Storage. Nitrokey Storage encrypts and protects the system against manipulation, such as the installation of surveillance software via „Evil Maid“.

I am familiar with keeping a bootloader, kernel and initramfs with encryption keys on a USB stick to prevent tampering. But such a storage by itself is unencrypted, otherwise the bootloader + kernel cannot be loaded by the system.

But in this case I'm a bit confused how it works. Most sources I found regarding its encryption mechanism, is that an application on the host should ask you the device PIN to decrypt files on the storage. So unless it ships with some internal boot-loader logic, how is it bringing up a system in a state to can ask the PIN? Is the NitroKey really boot a system in a revolutionary new way?

I've tried looking for secondary sources to this claim, but no avail:

  • Nitrokey FAQ, does not say anything related to booting
  • Firmware update guide tells to --suppress-bootloader-mem, which gives me the sensation there is a bootloader. (Google found me this link based on the word boot probably)
  • Installation guide, nothing there.
  • A forum thread from people who imagine that booting from a stick means running a complete OS from it, instead of offloading the OS to encrypted hard drive. No clear answer there either.
  • More mentions about a bootloader, but not what it does.
Improve this question
0

2 Answers 2

Reset to default
0

Although not exactly what you may be looking for (and a year later, so you may have found a way or given up on the idea), the fact that you can setup the unencrypted partition on a nitrockey storage to be readonly (hardware backed) is enough to me regarding "a secure boot process".

Although still not encrypted, as long as you don't provide the Nitrokey's admin password (not even the "User" one), it'll stay readonly, hope that'll be tamper-proof enough for you (there shouldn't be any sensitive data in these elements anyway, so being encrypted should not be the goal in itself).

Improve this answer
4
  • Is that info mentioned somewhere? Or are you using the Nitorkey yourself?
    – Tim
    Commented Jul 17, 2019 at 9:41
  • I have a Nitrokey Storage myself, and use the readonly partition to always have the nitrokey app different versions (GNUnux/Windows) in case I must use it on a "new" machine. I've been thinking about using this partition as a /boot for a while, but never got around to try it out (it provides 2Go, so enough for a boot partition if you don't play aound too much with different kernels). I don't know if the Storage 2 provides the same functionality though.
    – frenchbeard
    Commented Jul 18, 2019 at 18:08
  • Ok, sounds great!
    – Tim
    Commented Jul 19, 2019 at 7:30
  • Haven't check its behaviour as a boot partition, so... test it out before doing anything drastic :)
    – frenchbeard
    Commented Jul 22, 2019 at 21:21
0

Just going on the brochure, it seems that this is almost over reach - I expect that the same functionality which provides plausible deniability leaves part of the disk unencrypted and able to boot without requiring keys as per a normal USB key. (I expect there is additional functionality providing a secure enclave, and the underlying disk may also be encrypted in a way transparent to the USb interface, but that's irrelevant to this particular claim)

The key is that they specified an "evil maid" attack - which means someone compromising the system with physical access when you are absent. Because you can always take your key with you, you can ensure the OS boots cleanly bypassing any malware added to a boot loader on the unattended PC.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .