NitroPC - Powerful and Secure Mini PC

We are excited to publish our new NitroPC - A secure mini PC with latest Intel i7 CPU (10th generation) and fully open source firmware and software.

Powerful, Up-to-Date Hardware
The NitroPC has a current 10th generation Intel Core i7-10510U processor with up to 4.9 GHz and an m.2 SSD with 6 Gb/s, and can thus be used for performance-hungry applications such as programming/compiling and graphics applications. Of course, this also makes it sufficiently equipped for office and web applications.

Open Source Firmware/BIOS
The firmware ("BIOS") consists of the open source systems Coreboot and Tianocore UEFI. This enables independent security audits of the firmware and prevents undetected backdoors. In addition, the PC boots quickly and future enhancements are possible. All PC operating systems including Windows can be used.

Disabled Intel Management Engine
Vulnerable and proprietary low-level hardware parts are disabled to make the hardware more robust against advanced attacks.
The Intel Management Engine (ME) is a type of separate computer within all modern Intel processors (CPU). The ME acts as a master controller for your CPU and has extensive access to your computer (system memory, display, keyboard, network). Intel controls the code of the ME and severe vulnerabilities have already been found in the ME that allow local and remote attacks. Therefore, ME can be considered a backdoor and is disabled in NitroPC.

Preinstalled Ubuntu Linux With Disk Encryption
NitroPC ships with a pre-installed Ubuntu Linux 20.04 LTS with full disk encryption. Ubuntu is one of the most popular, stable and easy-to-use Linux distributions. Switching from Windows to Linux has never been easier.

Optional: Pre-Installed Qubes OS for Highest Security Requirements
Instead of Ubuntu Linux, you can get your NitroPC pre-installed with Qubes OS 4.0 and full disk encryption.
Qubes OS enables highly isolated working by means of virtual machines (VM). A separate VM is started for each application or workspace. This approach isolates applications and processes much more than conventional operating systems. Qubes OS keeps your system secure, even if a vulnerability has been exploited in one of the software applications used. Example: If your PDF viewer or web browser has been successfully attacked, the attacker cannot compromise the rest of the system and will be locked out once the VM is closed.
In addition, separate virtual workspaces can be used, such as an offline workspace for secret data and an online workspace for communication. NitroPC with Qubes OS is technically similar to SINA clients (for governments), but remains transparent thanks to open source. Qubes OS is for users who want maximum security.

Sealed Enclosure
To make it difficult to tamper with your NitroPC, the case screws are individually sealed. We will send you photos of the seals, which you can use to verify if the case has been opened without authorization during transport or at a later time.

Use Cases

For everyone
With NitroPC, you don't have to rely on the security of proprietary BIOS firmware or the backdoor Intel Management Engine. Instead, the secure NitroPC is based entirely on open source software. NitroPC comes with hard disk encryption pre-installed and - if desired - the highly secure Qubes OS. Since it has a powerful 10th generation Intel i7 processor, the NitroPC is also suitable for power-hungry applications.

For Enterprises
The NitroPC can serve as a hardened workstation for Certificate Authorities and other use cases that require high-security computing.

For Government
Government agencies can use the NitroPC to protect against Advanced Persistent Threats (APT) without relying on third-party proprietary technologies.

For Journalists
If you're an investigative journalist serious about protecting your confidential sources, NitroPC can help.

As a Mini Server

The NitroPC is suitable as a small server for home and office.
 

NitroPC at Shop

16.2.2021

Comments

Submitted by Nick on 16. February 2021 - 19:34
Does it support the measured boot like the thinkpads?
Submitted by Jan Suhr on 16. February 2021 - 20:05
No, that's not possible because the PC doesn't contain a TPM.
Submitted by Jan on 16. February 2021 - 23:21
OK, no TPM, that's a bummer. The other thing I was expecting was an included Nitrokey, used as a token to decrypt the hard drive (with or without PIN). Obviously with an optional passphrase as alternative, in case the key is damaged or lost. Why not propose this as an option, or is it a bad idea to set up a system like that?
Submitted by Jan Suhr on 17. February 2021 - 10:52
It's actually a very good suggestion! We didn't find the time yet to prepare an OEM installation like that. But we have it on our roadmap.
Submitted by Mike on 16. February 2021 - 23:34
Is it possible to operate the PC only with Coreboot, or is the combination Coreboot AND Tianocore prerequisite?
Submitted by Jan Suhr on 17. February 2021 - 10:50
Always a combination of Coreboot with a payload (such as Tianocore in this case) is required.
Submitted by Mike on 17. February 2021 - 12:00
Thanks for your quick reply. Ok, sounds pretty plausible. Now I got it:) So replacing the payload with grub or seabios would also work? PS: Thanks for bringing out such great devices.
Submitted by Jan Suhr on 17. February 2021 - 12:08
Yes. Thanks to the beauty of open source, you could easily compile such firmware yourself.
Submitted by Joe on 17. February 2021 - 11:56
First of all congrats for this product, I have been unsuccssfully looking for sth like this quite a while! I'm missing details what kind of RAM and even more important M2 SSDs are shipped. With which RAM options are only one or both RAM slots occupied (looking at the 32GB option). Is there any option to buy it barebone (without RAM/M2), in case I have both components already ? Thanks !
Submitted by Jan Suhr on 17. February 2021 - 12:07
It's SO-DIMM DDR4 2666 MHz RAM and (except for 8 GB) both RAM slots are used. We use various SSD brands, mostly Intenso, Kingston, and WD. We don't offer a barebone.
Submitted by MrChromebox on 17. February 2021 - 19:40
curious, seems your firmware build script is applying me_cleaner to a ME firmware image which already has the HAP bit set, so it's effectively a no-op. Or is there something else I'm missing?
Submitted by Jan Suhr on 17. February 2021 - 21:12
According to me_cleaner the HAP bit is not set in the initial image. Where do you see it is set already?
Submitted by MrChromebox on 17. February 2021 - 23:54
sorry, should have been more clear, since the HAP bit is set in the flash descriptor. But for CML-U Premium SKU, the HAP bit is at offset 0x172 of the IFD. Not sure the PR for me_cleaner handles all the various SKUs for CML-U/H, so it might be setting the wrong bit.
Submitted by Jan Suhr on 20. February 2021 - 8:26
This is not the final code yet and we will push the release tag next week. That should clarify.
Submitted by MrChromebox on 17. February 2021 - 23:59
yeah upon further examination the PR as-is doesn't work for CML-U. See dt-zero's comment on 2019-12-18
Submitted by Lovecat on 26. February 2021 - 3:16
This is the same Librem Mini from Purism, isn't it?
Submitted by Jan Suhr on 26. February 2021 - 7:16
Yes, both have the same hardware.
Submitted by Black on 12. March 2021 - 23:44
So whats the actual difference? More OS to choose from? Is it cheaper? Even though there is not much difference, it is great that you offer these devices to more people. I support your collaborations.
Submitted by Black on 12. March 2021 - 23:47
"latest i7 CPU" - Well, Tiger Lake was already released.
Submitted by Max on 16. March 2021 - 20:59
It would be better if you write users when buying a Nitro PC with Qubes OS: Enter Xfce Terminal. Sudo cryptsetup luksChangeKey /dev/nvme0nlp3 Then you can enter new password for the disk. I first had to find the name of the disk with Sudo fdisk -l I am happy with my Nitro PC.
Submitted by Jan Suhr on 17. March 2021 - 8:56
Thank you for the pointer. Indeed we forgot to add this step to the documentation. Now it is mentioned here: https://docs.nitrokey.com/nitropc/qubes/index.html
Submitted by Lupo on 18. March 2021 - 16:10
Können 2 Bildschirme an dem NITROPC angeschlossen und betrieben werden? Can 2 screens be connected to the NITROPC and operated?
Submitted by Jan Suhr on 18. March 2021 - 20:09
ja
Submitted by Andre on 9. April 2021 - 3:40
Is it cooperation with purism company? Where it is made/assembled?
Submitted by Jan Suhr on 9. April 2021 - 8:26
No cooperation with Purism. It's OEM hardware manufactured in Asia.
Submitted by Paul Menzel on 11. April 2021 - 14:05
Thank you for offering devices with coreboot based firmware. Unfortunately, “Open Source Firmware/BIOS“ is a little misleading, as the Intel’s proprietary Firmware Support Package is included, doing most of the early initialization. So, some people call coreboot a wrapper around FSP in this case. It’d be great, if you clarified that. Also, it’d be great, if you upstreamed the coreboot port (probably as a variant of the Puri.sm Librem Mini).
Submitted by Jan Suhr on 12. April 2021 - 13:19
I do agree that it's important to provide transparent information about our products. But at the same time “Open Source Firmware/BIOS“ is a heading in a marketing material which is explained in the subsequent text in more detail. How exactly should this be rephrased to be more clear?
Submitted by PjS on 21. June 2021 - 21:25
So I presume that would mean PureOS would not run on the unit?
Submitted by meissner on 22. June 2021 - 14:07
Without having looked deeper into it, I would assume there is no reason for PureOS to not run on the device. It simply has not been tested explicitly and there is currently no plan offer it as a preinstalled OS.
Submitted by reichhart on 13. April 2021 - 0:47
Height is 38mm - means less than 1U (1 3/4 inch). Do you provide mount brackets? Höhe ist 38mm und damit weniger als eine Höheneinheit (ca. 44mm). Bieten Sie auch Montagewinkel an?
Submitted by Jan Suhr on 14. April 2021 - 13:06
Yes, the NitroPC includes mount brackets.
Submitted by Anonymous on 9. May 2021 - 10:51
Hello, is there any chance that we could see the more powerful i7-10710U CPU in future NitroPCs? Purism offers a laptop with with the processor in question, so i'm wondering if it's at all possible for you to do the same?
Submitted by Jan Suhr on 10. May 2021 - 10:51
Sooner or later, yes. But no specific plans as of now.
Submitted by Anonymous on 14. May 2021 - 10:20
Why didn't you go with that processor in the first place?
Submitted by Jan Suhr on 14. May 2021 - 10:32
When the NitroPC was developed Intel Core i7-10510U was the latest one.
Submitted by Cyril on 16. May 2021 - 17:01
Think of the ME as having 4 possible states: 1.Fully operational ME: the ME is running normally like it does on other manufacturers’ machines (note that this could be a consumer or corporate ME image, which vary widely in the features they ‘provide’) 2. Neutralized ME: the ME is neutralized/neutered by removing the most “mission-critical” components from it, such as the kernel and network stack. 3. Disabled ME: the ME is officially “disabled” and is known to be completely stopped and non-functional 4.Removed ME: the ME is completely removed and doesn’t execute anything at any time, at all. How much is IntelME destroyed on NitroPC (Is neutralized, disabled or removed)?
Submitted by Jan Suhr on 17. May 2021 - 12:05
We neutralize and disable Intel ME by using me-cleaner.
Submitted by stephan on 21. May 2021 - 21:15
wie lassen sich BIOS/Firmware-updates durchführen? gibt es ein git für downloads der Firmware?
Submitted by Jan Suhr on 21. May 2021 - 21:33
Bisher haben wir noch keine Firmware-Aktualisierung erstellt. Wenn es so weit ist, werden wir das Update als Datei bereitstellen
Submitted by stephan on 22. May 2021 - 8:28
Aber gerade bei open source software gibt es ja sicher eine quelle und eine anleitung, um auch die aktuelle Version selbst zu flashen, so wie z.B. github.com/Nitrokey/ubuntu-oem zur Erklärung, wie ubuntu vorbereitet wird. Gibt es auch die Möglichkeit, beim Start Optionen im Bios zu verändern (wie bei anderen Rechnern mit F2)?
Submitted by Jan Suhr on 25. May 2021 - 11:53
https://github.com/Nitrokey/coreboot-builder Unser UEFI bietet nicht viele Einstellungsmöglichkeiten, aber die lassen sich mit ESC aufrufen.
Submitted by stephan on 25. May 2021 - 19:59
vielen Dank für die superschnelle Antwort - läuft. wie kann ich nun firmware.rom nutzen, um das bisherige BIOS zu ersetzen? uefi shell, flash.sh? welche befehle?
Submitted by Jan Suhr on 26. May 2021 - 9:47
Wenn wir ein erstes Firmware-Update bereit stellen, wird es auch eine entsprechende Anleitung geben. Bis dahin: Es geht in der EFI Shell und von Linux aus mittels "flashrom -p internal" wofür zuvor je nach kernel-version "iomem=relaxed" dem kernel übergeben werden muss.
Submitted by Stephan Becker on 19. November 2021 - 9:31
inzwischen gibt es ja für die baugleiche Version seit einigen Wochen ein Firmwareupgrade (source.puri.sm/firmware/releases/-/tree/master/librem_mini_v2). gibt es neue Planungen für den nitropc?
Submitted by meissner on 21. November 2021 - 18:27
Aktuell gibt es noch keinen Plan bzw. Nöte für ein Firmwareupgrade. Unsere ist auch nicht ganz vergleichbar mit den Librem Firmwares, da wird Tianocore benutzen (ein UEFI Bios) und der librem mini benutzt SeaBios.
Submitted by Sralnik on 30. June 2021 - 1:50
Do you have a scheme of a hardware so we can personally verify that no sneaky anal probe applied?
Submitted by meissner on 30. June 2021 - 12:25
If you mean a schematic of the motherboard, then no, sorry. Really, open hardware for such recent CPUs is a totally different level, we have to trust our OEM vendor here.
Submitted by Anthony on 8. July 2021 - 11:52
Hi guys, is this device support thundertbolt?
Submitted by meissner on 10. July 2021 - 12:34
No, sorry no full thunderbolt support. But USB3 TypeC devices work without issues.
Submitted by George on 30. July 2021 - 6:52
Does it do anything to prevent eavesdropping on the video signal?

Pages

Add new comment

Fill in the blank.