Can I run my own BIOS on it?
Yes! We will not ship machines with Boot Guard “Verified Boot” activated. While we do implement a firmware verification mechanism on the microcontroller, you can choose not to use it or provision your own signing keys.
Does this device rely on security by obscurity?
No. It is not because tamper-proofing usually results in black boxes that it has to be this way. It is possible to open ORWL to see what’s inside, and there is an easy procedure to allow everyone to directly read most of the firmwares running on the platform without trusting us, enabling independent security audits. You can read more in Security.
Why are some components non-free? (as in freedom)
Openness and transparency is something we believe in, unfortunately with hardware there is currently no choice but to accept compromises.
The software we write will be available, including some code running on the secure microcontroller. In particular, code meant to verify the integrity of the firmwares will be published under a free license (GPLv2 or less restrictive). We cannot promise that all the code will be free, as we have to use embedded NFC and Bluetooth stacks to talk to the keyfob smartcard for example. There is no reason free software could not be written to handle that part; we would happily integrate it, and are ready to help people willing to develop on freeing the platform.
Concerning documentation, most of our components have public datasheets and reference manuals, and two will require you to request them from the manufacturer. The list is available on Resources.
About hardware, the gerber files are already available and the schematics will be published as soon as we freeze the final revision.
Why Intel? Isn’t x86 considered harmful?
This project is about having a standard, physically secure computer that anyone can use – as open as we can make it. All these words are important, and they mean that x86 or flawless out-of-the-box Windows support is not an option. There are reasons if everyone is using x86, even in the security community, among cryptographers or in governmental agencies around the world: mainly compatibility, performance and security. Make no mistake, some of us own Yeeloongs, and others are veterans of the silicon industry. We would love to ship a completely free and usable desktop processor, but know very well that there is no alternative.
Some people seem to think that switching to AMD can solve problems relative to ME, microcode or SMM. It doesn’t, as there are equivalents of these technologies in all recent x86 processors.
Why the MAX32550?
This chip was chosen because it is powerful (108MHz Cortex M3) and offers the highest level of security, with features that you simply cannot reproduce with general purpose microcontrollers. Side channel scan protection, flip-flop based key storage, encrypted SNVRAM, glitching protection, crypto acceleration, die shield with dynamic fault detection, temperature monitoring, integrated real-time clock, true random number generation, and dedicated tamper-sensor mesh monitoring are among these features.