Purism Launches First Security Key with Tamper-Evident Protection for Laptops

An anonymous reader quotes Softpedia: Purism announced Thursday that its highly anticipated Librem Key security key is now available for purchase as the first and only OpenPGP-based smart card to offer a Heads-firmware-integrated tamper-evident boot process for laptops. Developed in partnership with Nitrokey, a company known for manufacturing open-source USB keys that enable secure encryption and signing of data for laptops, Purism’s Librem Key is dedicated to Librem laptop users, allowing them to store up to 4096-bit RSA keys and up to 512-bit ECC keys on the security key, as well as to securely generate new keys directly on the device. Librem Key integrates with the secure boot process of the latest Librem 13 and 15 laptops…

Designed to let Librem laptop users see if someone has tampered with the software on their computers when it boots, Librem Key leverages the Heads-enabled TPM (Trusted Platform Module) chip in new Librem 13 and Librem 15 laptops. According to Purism, when inserted, the security key will blink green to show users that the laptop hasn’t been tampered with, so they can continue from where they left off, and blinks red when tampering has occurred.


Purism’s web site explains: With so many attacks on password logins, most security experts these days recommend adding a second form of authentication (often referred to as “2FA” or “multi-factor authentication”) in addition to your password so that if your password gets compromised the attacker still has to compromise your second factor.

USB security tokens work well as this second factor because they are “something you have” instead of “something you know” like a password is, and because they are portable enough you can just keep them in your pocket, purse, or keychain and use them only when you need to login to a secure site.