Project update 11 of 23
We’ve been very busy over the last few weeks answering everyone’s questions. We have been overwhelmed with the number of contacts and thankful for so much interest and the many requests. Some of this feedback has driven our approach to security reviews and encouraged us to strengthen some parts of the product! We have made a lot of important progress that we want to share.
We have received the alpha port of Coreboot from Eltan. It’s stable, and they’re working on implementing our extra features. This is a really exciting first step that will ensure as much transparency as possible regarding the deepest parts of our machine. The next steps will see the full communications between secure microcontroller and Intel system implemented, including the SSD self-destruct tamper protection!
In previous phases it’s been clear that the units get hot. Intel markets our processor for fanless designs, but with the security shell blocking many forms of passive cooling, it’s become obvious that we need a fan so we can ensure full performance from our processor. Below is a picture of the device under test using a thermal camera. This is much warmer than we expected from early simulation…
We rolled up our sleeves and did some thermal engineering to cool it down, and to keep the microprocessor in its comfort zone. We’ve changed the bottom cover to machined metal with vent slots, and we’ve added a fan and increased the height of the device a little. We have received the 2nd generation of this fix and it outperforms our expectations. We are continuing to fine tune the openings and fin design to maximize cooling while minimizing noise. It’s been a really interesting challenge pulling heat away from the processor without any holes in the shield, but the work has really paid off! We will send a second update to share the 1st pictures with you…. as soon as we have actual photos of parts rather than CAD renderings. In the meantime, here is a rendered taste. It’s not at all obvious, but a lot has changed inside - stay tuned!
We have worked with the factory and we are scheduling the next run of 300 units. The thermal change, some bugs exposed by the Coreboot port, and many unexpected details have put us behind our original plan, but we have a clear path ahead! We are now looking at kicking off material preparation and manufacturing setup. We expect devices shipping to you on April 17, 2017. We’re very sorry for the delay, but think you’ll be happy with the end result.
Security is clearly fundamental to the whole project. One of the most common points of inquiry surrounds what kinds of third-party review we plan for the project. Obviously, a big reason for having an open design is so everybody can review it, but we are also putting several professional teams in place for various kinds of reviews.
Penumbra remains the official FIPS 140-2 reviewer. They are currently re-testing the physical barriers on live prototypes. Next steps include formalizing the process with NIST (National Institute of Standards and Technology, administrators of the FIPS 140-2 program) and pushing ahead with documentation, and full review of crypto algorithms in addition to proof of the entropy supported by the True Random Number Generator, and more.
In addition to Penumbra, we’re in the process of engaging several other security review companies with various specialties. We’ll share those arrangements as they solidify.
While it’s true we’ve been working hard on ORWL, it’s no excuse not to be more communicative, especially with our backers. We have a lot of exciting work in progress and we promise to post more updates. We’ll shoot for one update every two weeks and see how it goes. As always, thanks for all your support and don’t hesitate to get in touch with any questions or suggestions.