NitroPad: Secure Laptop With Unique Tamper Detection

Do you think your computer hardware is secure? Can you rule out that in your absence no one has manipulated your computer? In a world, where most users do not have any real control over their hardware and have to blindly trust the security promises of vendors, NitroPad unlocks a refreshingly new security experience. NitroPad X230 is significantly more secure than normal computers. With NitroPad, you'll have more control over your hardware than ever before while maintaining ease of use.

 

Features

Tamper Detection Through Measured Boot
Thanks to the combination of the open source solutions Coreboot, Heads and Nitrokey USB hardware, you can verify that your laptop hardware has not been tampered with in transit or in your absence (so-called evil maid attack). The integrity of the TPM, the firmware and the operating system is effectively checked by a separate Nitrokey USB key. Simply connect your Nitrokey to the NitroPad while booting and a green LED on the Nitrokey will show that your NitroPad has not been tampered with. If the LED should turn red one day, it indicates a manipulation.
 

Deactivated Intel Management Engine
Vulnerable and proprietary low-level hardware parts are disabled to make the hardware more robust against advanced attacks.
The Intel Management Engine (ME) is some kind of separate computer within all modern Intel processors (CPU). The ME acts as a master controller for your CPU and has broad access to your computer (system memory, screen, keyboard, network). Intel controls the code of the ME and severe vulnerabilities have been found in the ME enabling local and remote attacks. Therefore ME can be considered as a backdoor and has been deactivated in NitroPad.
 

Preinstalled Ubuntu Linux With Full-Disk Encryption
NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS with full-disk encryption. Ubuntu is one of the most popular, stable and easiest to use Linux distributions. Switching from Windows to Linux has never been easier.
 

Optional: Preinstalled Qubes OS For Highest Security Requirements
Instead of Ubuntu Linux, on request you can get your NitroPad with preinstalled Qubes OS 4.0 and full-disk encryption.
Qubes OS enables highly isolated working by means of virtual machines (VM). A separate VM is started for each application or workspace. This approach isolates applications and processes much more than conventional operating systems. Qubes OS keeps your system secure, even if a vulnerability has been exploited in one of the software applications used. Example: If your PDF viewer or web browser has been successfully attacked, the attacker cannot compromise the rest of the system and will be locked out once the VM is closed.
In addition, separate virtual workspaces can be used, such as an offline workspace for secret data and an online workspace for communication. NitroPad with Qubes OS is technically similar to SINA clients (for governments), but remains transparent thanks to open source. Qubes OS is for users who want maximum security.
 

Keys Under Your Control
All individual cryptographic keys are generated directly on the NitroPad exclusively during installation and are not stored by us. However, all individual keys can be replaced by you. Unlike "Secure Boot", the keys for securing the operating system remain under your control and do not depend on the consent of the vendor.
 

Nitrokey USB Key Included
NitroPad comes with a Nitrokey Pro 2 or a Nitrokey Storage 2. Their security features include for example email encryption (PGP, S/MIME), secure server administration (SSH) and two-factor authentication through one-time passwords (OTP). The Nitrokey Storage 2 additionally contains an encrypted mass storage with hidden volumes.
 

Professional ThinkPad Hardware
Based on Lenovo ThinkPad X230, the hardware finish and robustness meet professional quality standards. The famous ThinkPad keyboard with background lighting and TrackPoint allows comfortable working. The used laptops have been refurbished.
 

Out-of-the-Box User Experience
With NitroPad, you don't need to take care of opening the hardware casing to flash the BIOS chip, installing and configuring Linux, or pairing the Nitrokey Pro/Storage. We do this work for you. The Nitrokey is already configured with your NitroPad so that it can be used for tamper detection without any further configuration effort.
 

Security Conscious Shipping
To make it more difficult to intercept and manipulate your NitroPad, the NitroPad and the Nitrokey USB key can be shipped in two separate shipments if desired.

 

Use Cases

For Everyone
NitroPad enables you to detect hardware tampering. For example, if your laptop is being inspected while crossing the border or if you leave your device unattended in a hotel or during travelling, you can check the integrity of your NitroPad with the help of the Nitrokey.
 

For Enterprises
NitroPad can serve as a hardened workstation for certificate authorities and other use cases requiring high-security computers. On business trips, the NitroPad protects against evil maid attacks while the computer is unattended in a hotel or baggage.
 

For Governments
Governments can use NitroPad to protect themselves against advanced persistent threats (APT) without relying on foreign proprietary technology.
 

For Journalists
If you as an investigative journalist are serious about protecting your confidential sources, NitroPad helps you getting there.

 

NitroPad X230 is now available in our Online Shop.

 

More details are available in the product factsheet.

9.2.2021

Comments

Submitted by zap on 11. December 2020 - 1:28
Is there a laptop that can have its intel me deactivated/neutralized and be corebooted that can support 32GB or more? I would tend to doubt this, but it would be pretty cool if so. Although, desktops might be another matter... Just musing about this, sounds interesting.
Submitted by whogoesthere on 13. February 2021 - 16:33
What about the new ryzens? They have 8 cores with ~3.9 GHZ can this be neutralized and then used on a desktop or laptop with 32GB of ram or more? I just need to be able to use my VR Headset in a Qubes environment. OR do you guys know any tutorials or companies doing this?
Submitted by Jan Suhr on 15. February 2021 - 10:58
I'm not aware of any solution for that or company offering such.
Submitted by fire on 1. January 2021 - 19:43
Are you planning to start selling a more recent computer than the x230? I think I have seen on your Twitter that you were working on one. If so, do you know how soon it will be available for purchase from your website and its approximate specifications?
Submitted by Anonymous on 2. January 2021 - 15:24
Does NitroPad X230 can run Debian with the new firmware update? How well does Nitropad X230 run Debian ? How well does NitroPad T430 run Debian? Will Nitropad X230 ever be with Debian as a OS option?
Submitted by Jan Suhr on 11. June 2021 - 15:35
Both NitroPad X230 and T430 support Debian and can be ordered with Debian preinstalled.
Submitted by DocDre on 21. November 2021 - 19:00
So the Heads issue with Debian has been solved?
Submitted by meissner on 21. November 2021 - 19:04
Hard to guess which one exactly you are referring to, but in general Debian on both Nitropads runs without issues.
Submitted by DocDre on 22. November 2021 - 12:11
The one mentioned on page 1 of these comments: "Submitted by Jan Suhr on 27. Mai 2020 - 14:35 The answer depends on the actual operating system. For instance, Debian can't be installed as of now" Finally I would like to know if Debian runs on your NitroPad and if there are any issues with Heads. You seem to offer Debian 10 know, that's why I'm asking. And: what about Debian 11?
Submitted by meissner on 22. November 2021 - 13:03
ah ok, yes, this is all fine by now, the Debian you get pre-installed is working fine - Debian 11 is also on the todo list, no ETA yet
Submitted by DocDre on 22. November 2021 - 18:01
How old are those laptops / batters etc. by the way? Customers seem to left a bit unclear on what "refurbished" exactely means.
Submitted by meissner on 22. November 2021 - 21:05
Most, if not all are produced in 2012, see: https://en.wikipedia.org/wiki/ThinkPad_X_series ... we buy them and mostly replace the ssd and memory based on the order. If the battery and/or keyboard are in a bad state we also replace these
Submitted by Psi on 24. November 2021 - 14:20
Hallo Leute. Wollte fragen: 1) Warum kann man bei euch RAM mit 32 Gb nicht bestellen, denn wenn man QubeOS mitbestellt, ist es besser stärkeren RAM zu haben. Könnt Ihr das demnächst möglich machen? 2) Warum kann man "mit Kamera, aber ohne Mikrofone" nicht mitbestellen? Denn Kamera kann man zur Not einfach mit Aufkleber verstecken. Bei euch steht entweder komplett ohne Kamer und ohne Mikrofon, oder komplett mit. 3) wenn man 2 TB SSD mitbestellt, wieviel Gramm ist es schwerer im Vergl zu 240 Gb SSD? Mir auch wichtig möglichst das geringe Gewicht. Vielen dank für eure Antwort!
Submitted by meissner on 29. November 2021 - 15:50
Hey, 1) leider unterstützen die Nitropads von Haus aus (also die Thinkpads) nicht mehr RAM. 2) das hat den recht praktischen Grund, dass es die Anfrage so noch nicht gab, bitte einfach die Option ohne Mic und ohne Kamera wählen und nach der Bestellung eine E-Mail an [email protected] schreiben mit der entsprechenden Bestellnummer, dann können wir das machen, preislich ändert das aber nichts, weil der Aufwand nahezu identisch ist. 3) SSDs unterscheiden sich bzgl. der Größe nur marginal vom Gewicht (<5g), die Produktbeschreibungen der SSDs sagen sogar das Gewicht ist identisch. Entsprechend ist es für das Gesamtgewicht irrelevant welche SSD Größe man bestellt
Submitted by Mark on 13. April 2022 - 8:17
Kann man bei euch Laptops, zB x230, schon von Anfang an mit absolut neuen Tastaturen und Akkus bestellen?
Submitted by meissner on 14. April 2022 - 12:54
Hey Mark, ja das ist möglich schreib doch bitte direkt an "shop (at) nitrokey (dot) com", am besten gleich mit einem screenshot (aus unserem shop) deiner Wunschkonfiguration.
Submitted by Mark on 16. April 2022 - 9:58
Danke für die schnelle Antwort. 1. Kann man bei euch diese Nitropads mit ganz neuen Lüftern bestellen? Oder mit deutlich leiseren Alternativen der Lüfter der heutigen Zeit? weil die alten Notebooks zu laute Lüfter haben, besonders bei der Arbeit auf qubes. 2. Vllt noch besser, könnt Ihr diese Nitropads ganz ohne Lüfter so gestalten, wie manche Notebooks heutzutage?? Leider kenne mich aktuell nicht so gut mit internem Lenovo Hardwareaufbau aus. 3. Könnt Ihr mechanische "On/OFF" Schalter für Wlan, Camera und Mikro einbauen?? Dann braucht man nicht unbedingt die Webcams, wlan, mikro physisch vom Nitropad zu entfernen. Danke und VG.
Submitted by meissner on 17. April 2022 - 13:46
1. Grundsätzlich sind Kühlsysteme in Laptops sehr speziell und wir bieten da leider keine modifizierten Systeme an, im Zweifel bitte aber in der gleichen Mail wie zuvor empfohlen nochmal nachfragen: neuer Lüfter sollte möglich sein. 2. Nein, das ist leider nicht möglich. 3. Mechanische Schalter für die Peripherie bieten wir nicht an, lediglich den Ausbau dieser.
Submitted by Ben on 16. May 2022 - 8:52
welche externen usb wlan empfangsgeräte, welche modelle, wären mit diesem laptop und mit qubes kompatibel, wenn eigene ausgelotet wird? die gleiche Frage richtet sich auch im bezug des Mini PC von nitrokey?! danke
Submitted by meissner on 16. May 2022 - 12:00
Uns sind keine USB WLAN Adapter bekannt, die nicht gehen. Das heißt natürlich nicht dass es keine Inkompatiblen gibt, dennoch würde ich in der Regel keine Probleme erwarten auf Hardware-seite wie auf der Qubes-seite. Konkrete Marken/Produkte können wir aber leider nicht empfehlen...
Submitted by kj on 16. May 2022 - 14:18
I would recommend replacing the Ubuntu offering with Debian, and also offering Gentoo - this cannot be seriously considered a secure option/company when you're offering Ubuntu which is pretty much as "secure" as Windows against western government full access/telemetry collection. Canonical corporation is under the authority of UK jurisdiction with US Department of Defense assigned CEO.
Submitted by meissner on 16. May 2022 - 16:20
hey, we limit the distributions to what is best applicable and with a good OEM state experience for the user. Debian has limits there and Gentoo is a niche, which would not justify maintaining it due to very minimal demand (you are the 1st one asking). Furthermore please do no speculate on these topics, we are not aware of any proof for your statement and this is also not the right place to discuss this.
Submitted by Friedman on 13. July 2022 - 11:51
Hi, welche teile des nitropads werden neuersetzt und welche teile bleiben alt beim kauf? man möchte gern es längerfristig nutzen, falls man sich dafür entscheidet. Vg
Submitted by meissner on 13. July 2022 - 12:54
Nitropads werden vollständig getestet vor der Auslieferung und es wird getauscht was nötig ist, das gilt für CPU und RAM natürlich. Festplatten natürlich auch entsprechend der Bestellung, Keyboard wird einer Sicht und "Tipp-prüfung" unterzogen und auch ggfs. getauscht. Batterien haben mindestens 70% der maximalen Kapazität.
Submitted by Tim on 26. July 2022 - 10:53
bei den Displays, macht es noch Sinn, wenn man Blickschutzfolie aufkleben möchte, dass man IPS displays bestellt oder kann man es bei TN belassen, oder sind trortz blickschutzfolien die Bildqualität mit IPS trotzdem besser wird? Fürs Arbeiten draußen welche Display ist am besten geeignet? Könnt bitte die genaueren Eigenschaften der Displays zb Hz, etc. beschreiben, genaueres steht nicht in der beschreibung?
Submitted by meissner on 26. July 2022 - 14:50
Hey Tim, ganz grundsätzlich ist der subjektive Eindruck vom IPS Display in jeglicher Hinsicht besser, hier die vollständigen Specs (60Hz, 80°, 300 cd/m²). D.h. auch mit Blickschutzfolie macht das natürlich auch Sinn das IPS Display zu nehmen, gleiches gilt für das Arbeiten draußen. Achso und generell lässt sich die Blickschutzfolie natürlich auch herausnehmen, was insbesondere für das draußen Arbeiten nützlich sein sollte.
Submitted by Pippo on 14. May 2023 - 14:03
Good moorning, is it possibile to know if the O.A., anti tampering and cryptografic meccanisms have an International security certification?
Submitted by meissner on 14. May 2023 - 22:33
No, they don't QubesOS lists this device as a certified device, but apart from that there has not been a formal security certification.

Pages

Add new comment

Fill in the blank.