Main Page

From ORWL
Jump to: navigation, search

Welcome to the ORWL Wiki!

Orwlld.png

ORWL is a physically secure computing platform, applying banking level security to consumer computers. At it's core, ORWL is a latest-generation PC, and can be used by everyone. Running Windows or Linux, it can replace your desktop computer at work or at home, and requires both a key and a password to be used. ORWL is open, to give you back control on what is yours.

Buy it on Crowd Supply

Follow us on Twitter or Google+

Get the source on Github

Why ORWL

We all have precious information, and we all need to store it somewhere. What happens when you are not around your computer? For system administrators, physicians, lawyers or journalists, information protection is critically important. Sometime it is even a life or death matter. And yet, when it comes to computing hardware used by everybody, every day, we don't even apply the level of hardware security that is routinely used to protect our money. Knowing this, and with a growing public awareness of privacy and security issues, we created ORWL.

While you might think software is the weak link in the security chain, in many cases physical attacks are a vastly easier way to get your information. Attacking a modern browser requires great skill or hundreds of thousands of dollars, but for intrusion professionals, competitors, people you know or work with, compromising your machine and getting access to your data is extremely easy. No IDS will detect it, and you will never know it happened.

It’s surely an understatement to say that many security professionals have a cynical view of what can be done regarding physical access. It takes very little reading to find dozens of versions of the statement “once somebody has physical access to your computer, it’s game over”. The result of this feeling varies from person to person, and it ranges from simple acceptance to the extremely paranoid approach of ensuring your PC is kept in a secure lock box any time it’s out of your sight, and if you ever slip: wipe it of all data, get rid of it, and start again. It’s hard to tell if anybody seriously follows that path, but it’s definitely beyond what I’m prepared to do to ensure my own data is secure.

What we’ve attempted to do with our ORWL project is to bridge this gap. We implement several classes of protection, some from the banking industry, so that a person can have 99.9% confidence that their machine is untampered. I use “99.9%” due to the fact that even in the banking industry it’s widely acknowledged that there cannot be perfect security. What they attempt to do, and what we’ve attempted to do, is to block access to a level where the expense (in time and money) of circumventing our physical security is substantially higher than the potential value of anything that could be accessed. We truly believe that it would take the resources of a nation state to breach this security, and even then it would take a considerable amount of time.

Standard and reliable

ORWL is using familiar components, with an Intel Skylake CPU (6th Gen Core M), DDR3 memory, a large SSD, USB3 ports and built-in Intel HD Graphics that can display 4K video and accompanying audio via micro HDMI. You can run any operating system you choose. We used Microsoft Windows 10 for initial testing, and we will distribute the first units running Ubuntu Linux.

While ORWL was made to be secure, its design does not sacrifice reliability. It will not fail you by accident, and is made so that it can be disassembled and serviced when it's required.

We are shipping a physically secured but open system upon which nearly any kind of PC can be built. You could start using Tails to publish anonymously, access online services or run any application you want.

Physically secure

ORWL natively supports full hard drive encryption, and we enable this by default. The cryptographic key is generated inside of a high-security microcontroller, and we store this key in a manner that causes it to be deleted in the event that any kind of physical tampering of the system takes place. What this means to you is there is simply no way to dissect the system in a manner that will allow attacker to read your data.

In addition to the hard drive encryption, your operating system and the whole Intel platform that runs it cannot even receive power without going through the security subsystem. The secure microcontroller handles initial boot and perform integrity checks on firmwares before powering up anything else. It is attached directly to the NFC, the accelerometer, and the OLED display. When the user presents one of their NFC key fobs to the reader, and the microcontroller authenticates it, the Intel portion of the system will be powered up and handed the hard drive cryptographic key.

A great deal more details on the security features are available in Security.

Transparent

Because we think security features would be meaningless without transparency, we made ORWL as open source and open hardware as we could. The information you need to understand what is going on and fit the machine to your needs is progressively being added to this wiki. The gerber files are already on Github, and we will add the schematics as soon as the final revision is frozen.

Because we think verifiability is important, we designed a unique process allowing to read most of the platform firmwares externally (without executing them) and verify what the machine is really running.

Who we are

We developed this product at Design Shift, a company founded in 2009 to develop breakthrough consumer electronics products for the mass market. Over the years we have successfully designed numerous products you might be familiar with, including PCI-PCS 4.0 payment terminals, smartphones and high definition cameras. We are based in Menlo Park, California, and we also have offices in Taiwan, for a closer relationship with our manufacturers.

We built ORWL while partnering with companies like Intel, Quanta, Maxim, Alcineo and STMicroelectronics, some of the biggest manufacturer and semiconductor companies in the world.

You can contact us at info@design-shift.com