Yesterday I went to the local maker meetup group. I ended up talking to a guy named Carl about an idea I had recently for a “hardware isolated laptop.” The idea would basically be to reproduce Qubes in hardware with several Raspberry Pis (or something similar) in a single laptop.
We ended up discussing it all evening. He hadn’t used Qubes so he didn’t really understand the requirements, but he kept coming up with different ideas and approaches.
Today I did some “actual research” and it turns out there’s some off-the-shelf parts that sound pretty plausible.
The key component is the “lapdocks” they make for smart phones these days. It just has a HDMI input and USB output (for the keyboard and trackpad). I also found some HDMI KVMs (which I don’t think existed when I searched for them a few years ago).
I see two possible approaches. One uses a KVM, whereas the other uses networking and some sort of remote desktop to one “dom0” machine. The main differences come down to hardware requirements (battery draw, weight, and space) and isolation levels (obviously a KVM will give you better separation).
I was hoping for 6 Raspberry Pis in one laptop, but now I see that’s pretty unrealistic. A $90 KVM only has 4 ports, and Pis are pretty bulky. It also sounds appealing to save one HDMI/USB pair for an external input, so for example I could hook up my headless Mac Mini. (In fact, forget the Pis. Just using it for the Mac would be pretty awesome.)
- Lapdock ~$100
- KVM ~$100
- 3x RPis ~$120
- Cables $20
- SD cards or other storage $50+
- Batteries for the Pis $50?
So it’s probably doable for under $500.
For the case, I’d probably talk off the bottom of the lapdock’s existing case and 3D-print a new one that was deeper to hold the Pis and KVM. The problem there is that I think the Pis are pretty thick and the whole thing would end up being like 2 inches thick or something. The lapdock by itself is very thin and light (since it doesn’t have much internal hardware), so in theory something better should be possible.
An alternative to the Raspberry Pi might be those Android “TV sticks” the kids are using these days, or something else like that. I’m not too particular about the hardware requirements.
Now it seems like the biggest problem is… copy and paste. Of course that means giving up full isolation. Someone who hasn’t used Qubes (or an original iPhone…) might not appreciate how important copy and paste is, but I think it’s pretty critical, at least between some of the machines. At least one should be fully isolated, probably.
My use of Qubes honestly boils down to only two “security zones.” I use more VMs than that, but for very marginal security benefit. But I still need copy and paste between them.
It seems reasonable to connect the machines over ethernet and just run a web server on each one that lets you share data. Obviously that becomes your biggest attack vector. On the other hand, maybe it makes sense to use the trusted machine as a firewall for the untrusted machine anyway (running sshuttle)…? Or maybe that’s where the third machine comes in.
Personally I’d probably trust an off the shelf web server more than all of Qubes’ custom inter-VM communication protocols. HTTP servers aren’t really that much more complex, and they get a lot more attention. Plus it’d be more hackable (in a good way, by the user).
Carl expressed some interest in building these things for profit… Now that I’ve thought about it some more, I honestly think the idea has legs.
For a security-focused project like this, you absolutely have to release open plans… And frankly since it’s so easy to build it’s practically an Instructables guide rather than a complex hardware project. But I think plenty of lazy and mildly paranoid people might be willing to buy pre-assembled ones. Although $500 each might be a bit high.
I said I’d be back next week so maybe I’ll talk to him about it some more…
And whether I build one or not, I want one of these lapdock things. They’re pretty cheap by themselves (and apparently even cheaper used).