Meet ORWL. The first open source, physically secure computer
If someone has physical access to your computer with secure documents present, it’s game over! ORWL is designed to solve this as the first open source physically secure computer. ORWL (pronounced or-well) is the combination of the physical security from the banking industry (used in ATMs and Point of Sale terminals) and a modern Intel-based personal computer. We’ve designed a stylish glass case which contains the latest processor from Intel – exactly the same processor as you would find in the latest ultrabooks and we added WiFi and Bluetooth wireless connectivity for your accessories. It also has two USB Type C connectors for any accessories you prefer to connect via cables. We then use the built-in Intel 515 HD Video which can output up to 4K video with audio.
The physical security enhancements we’ve added start with a second authentication factor (wireless keyfob) which is processed before the main processor is even powered up. This ensures we are able to check the system’s software for authenticity and security before we start to run it. We then monitor how far your keyfob is from your PC – when you leave the room, your PC will be locked automatically, requiring the keyfob to unlock it again. We’ve also ensured that all information on the system drive is encrypted via the hardware on which it runs. The encryption key for this information is managed by the secure microcontroller which also handles the pre-boot authentication and other security features of the system. And finally, we protect everything with a high security enclosure (inside the glass) that prevents working around our security by physically accessing hardware components.
Any attempt to get physical access to the internals of your PC will delete the cryptographic key, rendering all your data permanently inaccessible!
…
The ORWL is a good illustration that good security policies can lead to unforeseen difficulties.
Or as the blog post brags:
Any attempt to get physical access to the internals of your PC will delete the cryptographic key, rendering all your data permanently inaccessible!
All I need do to deprive you of your data (think ransomware), is to physically tamper with your ORWL.
Of interest to journalists who need the ability to deprive others of data on very short notice.
Perhaps a fragile version for journalists and a more resistance to abuse version for the average user.
Enjoy!