Berlin, January 8, 2020
The Nitrokey GmbH introduces the NitroPad, a laptop for high security requirements. Compared to normal computers, NitroPad enables much more control over the hardware and data while maintaining ease of use. For example, NitroPad is highly protected against manipulating the hardware.


## Features

# Tamper detection through Measured Boot
Due to the combination of the open source solutions Coreboot, Heads and Nitrokey USB hardware, it is possible to verify that the laptop hardware has not been tampered with in transit or in one's absence (so-called evil maid attack). The integrity of the TPM, the firmware and the operating system is checked by a separate Nitrokey USB key. Having connected the Nitrokey to the NitroPad while booting, a green LED on the Nitrokey will show that the NitroPad has not been tampered with. If the LED should turn red one day, it indicates a manipulation.


# Deactivated Intel Management Engine
Vulnerable and proprietary low-level hardware parts are disabled to make the hardware more robust against advanced attacks.
The Intel Management Engine (ME) is some kind of separate computer within all modern Intel processors (CPU). The ME acts as a master controller for the CPU and has broad access to the computer (system memory, screen, keyboard, network). Intel controls the code of the ME and severe vulnerabilities have been found in the ME enabling local and remote attacks. Therefore, ME can be considered as a backdoor and has been deactivated in NitroPad.

# Preinstalled Ubuntu Linux with full-disk encryption
NitroPad ships with a preinstalled Ubuntu Linux 18.04 LTS with full-disk encryption. Ubuntu is one of the most popular, stable and easiest to use Linux distributions, so that Ubuntu facilitates switching from Windows to Linux.

# Optional: Preinstalled Qubes OS for highest security requirements
Instead of Ubuntu Linux, on request, the NitroPad is available with preinstalled Qubes OS 4.0 and full-disk encryption.
Qubes OS enables highly isolated working by means of virtual machines (VM). A separate VM is started for each application or workspace. This approach isolates applications and processes much more than conventional operating systems. Qubes OS keeps the system secure, even if a vulnerability has been exploited in one of the software applications used. Example: if the PDF viewer or web browser has been successfully attacked, the attacker cannot compromise the rest of the system and will be locked out once the VM is closed.
In addition, separate virtual workspaces can be used, such as an offline workspace for secret data and an online workspace for communication. NitroPad with Qubes OS is technically similar to SINA clients (for governments), but remains transparent thanks to open source. Qubes OS is for users who want maximum security.

# Keys under user control
All individual cryptographic keys are generated directly on the NitroPad exclusively during installation and are not stored by the Nitrokey GmbH. However, all individual keys can be replaced by the users. Unlike "Secure Boot", the keys for securing the operating system remain under the users' control and do not depend on the consent of the vendor.

# Nitrokey USB key included
NitroPad comes with a Nitrokey Pro 2 or a Nitrokey Storage 2. Their security features include for example email encryption (PGP, S/MIME), secure server administration (SSH) and two-factor authentication through one-time passwords (OTP). The Nitrokey Storage 2 additionally contains an encrypted mass storage with hidden volumes.

# Professional ThinkPad hardware
Based on Lenovo ThinkPad X230, the hardware finish and robustness meet professional quality standards. The well-known ThinkPad keyboard with background lighting and TrackPoint allows comfortable working. The used laptops have been refurbished.

# Out-of-the-box user experience
With NitroPad, the users don't need to take care of opening the hardware casing to flash the BIOS chip, installing and configuring Linux, or pairing the Nitrokey Pro/Storage. The Nitrokey team does this work for the users. The Nitrokey is already configured with the NitroPad, so that it can be used for tamper detection without any further configuration effort.

# Security-conscious shipping
To make it more difficult to intercept and manipulate the NitroPad, the NitroPad and the Nitrokey USB key can be shipped in two separate shipments if desired.

## Use cases

# For everyone
NitroPad enables detecting hardware tampering. For example, if the laptop is being inspected while crossing the border or if the device is left unattended in a hotel or during traveling, it's possible to check the integrity of the NitroPad with the help of the Nitrokey.

# For enterprises
NitroPad can serve as a hardened workstation for certificate authorities and other use cases requiring high-security computers. On business trips, the NitroPad protects against evil maid attacks while the computer is unattended in a hotel or baggage.

# For governments
Governments can use NitroPad to protect themselves against advanced persistent threats (APT) without relying on foreign proprietary technology.

# For journalists
For investigative journalists who are serious about protecting their confidential sources, NitroPad helps them getting there.

NitroPad X230 is now available in Nitrokey's online shop.
https://shop.nitrokey.com/shop/product/nitropad-x230-67

More details are available in the product fact sheet.
https://www.nitrokey.com/files/doc/NitroPad_X230_factsheet.pdf

Nitrokey GmbH
Jan Suhr (CEO)
Rheinstr. 10 C
14513 Teltow, Germany
info@nitrokey.com
+49 30 1205 3434

ABOUT NITROKEY

Nitrokey is a German IT security startup committed to open source hardware and software. Nitrokey develops and produces USB keys for data encryption, email encryption (PGP/GPG, S/MIME), and account logins (SSH; two-factor authentication via OTP, FIDO U2F; passwordless login via FIDO2). Additionally, secure laptops for high security requirements are also produced by Nitrokey.