Insurgo had engaged itself in the adventure of facilitating security accessibility and received NlNet funding to do exactly that. Now it wants to get developers involved and expand funding. The goal of this is to bridge the gap between reasonably secure OS (QubesOS) and slightly more secure hardware (Heads) to help privacy-focused users and those that are vulnerable. But we need to prepare for the future now! Insurgo has challenged the status quo that has been prevalent since 2015 and has made it possible for OEMs to preinstall QubesOS, thanks to the Heads Open Source Firmware (OSF) and his own PrivacyBeast QubesOS certified branch, not yet merged upstream, due to the lack of time and resources of a single man effort needing additional collaboration. The integrity of the firmware and boot files is already remotely sealed and can be attested over smartphone (TPMTOTP) and from the bundled Librem Keys/Nitrokey Pro 2 (HOTP), prior to shipping. Thanks to HOTP-enabled USB security dongles bounded to shipped products, the user can visually validate that the hardware they've received is in OEM attested state, prior to complete reownership which is regenerating all required secrets from a trustable recovery environment (Heads OSF) thanks to a re-ownership wizard that guides the user until completion. This is just the beginning of the adventure and the road ahead requires your help. Insurgo wants to propel this movement forward. |