An open source, physically secure personal computer.

Aug 19, 2016

Qubes OS, Secure Key Fob, and USB Fuzzing

Hello, backers! First, thanks for all your support in the first week of the campaign. We’re thrilled to have fielded so many questions and engaged in so many discussions with you all. Here’s a summary.

Qubes OS

It’s no surprise that people concerned about hardware security are also concerned about software security. So naturally, when discussing ORWL, a lot of people bring up Qubes OS. From the beginning, we specifically chose hardware that works well with Qubes, including VT-d and VT-x support. We’ve successfully installed and booted Qubes OS, though are still investigating a network initialization problem. Once we have everything working, we’ll post a more detailed update. We’ve added a new section to the campaign page describing how ORWL works with Qubes.

Secure Microcontrollers and Key Fob

We’ve had a bunch of people interested in how exactly the two microcontrollers (one in ORWL and one in the key fob) interact over NFC and Bluetooth, the security mechanisms in place, and how their firmware can be verified, modified, and reflashed. We’ve added some details about the key fob and our plans for supporting end-user development on ORWL. We’ll post progress as campaign updates here and you can always keep up-to-date on the ORWL wiki.

USB Fuzzing

We added some information on how ORWL protects against USB fuzzing attacks — it simply disconnects the USB data lines when the key fob is out of range.

Get in Touch

Whether you have questions about different security vulnerabilities, suggestions for new features, or comments on the project in general, don’t hesitate to get in touch. In the meantime, we’ll be working hard to bring you some more updates and demos showing off what ORWL can do.

Sign up to receive future updates for ORWL.

Subscribe to the Crowd Supply newsletter, highlighting the latest creators and projects