ORWL is a physically secure computing platform, applying banking level security to consumer computers. At it's core, ORWL is a latest-generation PC, and can be used by everyone. Running Windows, Linux or Qubes OS, it can replace your desktop computer at work or at home, and requires both a key and a password to be used. ORWL is open, to give you back control over what is yours.
Follow us on Twitter
Get the source on Github
We all have precious information, and we all need to store it somewhere. What happens when you are not around your computer? For system administrators, physicians, lawyers or journalists, information protection is critically important. Sometime it is even a life or death matter. And yet, when it comes to computing hardware used by everybody, every day, we don't even apply the level of hardware security that is routinely used to protect our money. Knowing this, and with a growing public awareness of privacy and security issues, we created ORWL.
While you might think software is the weak link in the security chain, in many cases physical attacks are a vastly easier way to get your information. Attacking a modern browser requires great skill or hundreds of thousands of dollars, but for intrusion professionals, competitors, people you know or work with, compromising your machine and getting access to your data is extremely easy over a simple interface like USB. No IDS will detect it, and you will never know it happened.
What we’ve attempted to do with our ORWL project is to bridge this gap. We implement several classes of protection, some from the banking industry, so that a person can have 99.9% confidence that their machine is untampered. I use “99.9%” due to the fact that even in the banking industry it’s widely acknowledged that there cannot be perfect security. What they attempt to do, and what we’ve attempted to do, is to block access to a level where the expense (in time and money) of circumventing our physical security is substantially higher than the potential value of anything that could be accessed. We truly believe that it would take the resources of a nation state to breach this security, and even then it would take a considerable amount of time.
Standard and reliable
ORWL is using familiar components, with an Intel Skylake CPU (6th Gen Core M), DDR3 memory, a large SSD, USB3 ports and built-in Intel HD Graphics that can display 4K video and accompanying audio via micro HDMI. You can run any operating system you choose. We used Microsoft Windows 10 for initial testing, and we will distribute the first units running Ubuntu Linux.
While ORWL was made to be secure, its design does not sacrifice reliability. It will not fail you by accident, and is made so that it can be disassembled and serviced when it's required.
We are shipping a physically secured but open system upon which nearly any kind of PC can be built. You could start using Tails to publish anonymously, access online services or run any application you want.
ORWL natively supports full hard drive encryption, and we enable this by default. The cryptographic key is generated inside of a high-security microcontroller, and we store this key in a manner that causes it to be deleted in the event that any kind of physical tampering of the system takes place. What this means to you is there is simply no way to dissect the system in a manner that will allow attacker to read your data.
In addition to the hard drive encryption, your operating system and the whole Intel platform that runs it cannot even receive power without going through the security subsystem. The secure microcontroller handles initial boot and perform integrity checks on firmwares before powering up anything else. It is attached directly to the NFC, the accelerometer, and the OLED display. When the user presents one of their NFC key fobs to the reader, and the microcontroller authenticates it, the Intel portion of the system will be powered up and handed the hard drive cryptographic key.
ORWL is addressing the following type of physical attacks:
- ME engine. ORWL is only computer to disconnect USB and HDMI ports until user is 2 factor authenticated and user is present (less than 10m from device). This is managed by secure controller before Intel is booted. So there is no ME engine attacks possible unless user is present and insert something rogue onto the ports…It is important to consider that the ME engine datasheet is not public so any 'SW' solution to any engine attack is not proven to be enough. Video: What is AMT Attack
- USB attacks. There are other entry point to a machine by using USB in some of the multiple functionality small USB computers can simulate. Video: Existing USB /HID Attacks / Tools
- All keys (users ID, SSD encryption keys…) are stored in secure controller. This prevent many attacks such as TPM die opening, and low level attacks on boot or Bios. (SGX for instance is not protected) Keys are released only when user are authenticated. See here for die attacks : http://www.blackhat.com/presentations/bh-dc-08/Tarnovsky/Presentation/bh-dc-08-tarnovsky.pdf
- Temperature attacks and 32k fault injection is also prevented by secure controller. recent example includes unfortunate Article: Frozen TREZOR Data remanence attack
- System is protected under active mesh Article: High Precision Fault Injections where synchronized high pulse are create at specific timing to take over the control of the Chipset.
- The secure controller on ORWL has active die shield preventing anyone to read memory section of the secure controller or to probe/insert electrical signals on the die. Document: Cryptographically secure shields
- ORWL Secure controller is preventing Side channel attacks. These attacks can be performed over the air as presented in this video or using SDA / DPA analysis if attacker can monitor power supply line. So any VPN, login key or encryption keys are exposed on PC without this. https://www.youtube.com/watch?v=4L8rnYhnLt8 and power analysis on Wikipedia
A great deal more details on the security features are available in Security.
Because we think security features would be meaningless without transparency, we made ORWL as open source and open hardware as we could. The information you need to understand what is going on and fit the machine to your needs is progressively being added to this wiki. The gerber files are already on Github, and we will add the schematics as soon as the final revision is frozen.
Because we think verifiability is important, we designed a unique process allowing to read most of the platform firmwares externally (without executing them) and verify what the machine is really running.
Who we are
We developed this product at Design Shift, a company founded in 2009 to develop breakthrough consumer electronics products for the mass market. Over the years we have successfully designed numerous products you might be familiar with, including PCI-PCS 4.0 payment terminals, smartphones and high definition cameras. We are based in Menlo Park, California, and we also have offices in Taiwan, for a closer relationship with our manufacturers.
We built ORWL while partnering with companies like Intel, Quanta, Maxim, Eltan, Alcineo and STMicroelectronics, some of the biggest manufacturer and semiconductor companies in the world.
You can contact us at firstname.lastname@example.org