What measures have been taken to secure the Umbrel supply chain?

Congrats on the Umbrel v1.0 launch. It looks seriously awesome and I’m now considering blowing some bitcoin on a node, even right at the onset of a bull market.

However, as this is dedicated bitcoin hardware, I’m curious what measures have been taken to ensure the security of the Umbrel supply chain. I’m thinking things along the lines of:

  • Are the Umbrel team doing spot checks on produced units to ensure the devices and internal components have not been tampered with?
  • Have potential hardware-based surveillance threats and backdoors been considered and mitigated?
  • How are devices being secured in storage—both after production (assuming in China), while being shipped, and in the warehouse?
  • Are there any measures users can take to help verify the devices’ integrity after receiving one?

Any reassurance on the above is going to help me decide whether to buy an official Umbrel device (my preference) or attempt the grind of putting Umbrel on some general purpose hardware.

Love the work you guys are doing in making digital sovereingty convenient and non-scary!

Hey @SalmonSpatula, welcome to the community! Those are all great questions — thanks for asking!

  • Absolutely, we’re hands-on with ensuring the integrity of our devices. We conduct thorough spot checks at different stages, from the assembly line to after the units are fully put together. This helps us guarantee that everything is up to our quality standards, untouched, and exactly as it should be.

  • Beyond physical inspections, we’ve developed a series of tests that every unit undergoes after production. These are designed to catch any unwanted surprises hidden in the PCBA, making sure our hardware is secure.

  • During the assembly phase in China, we make sure our team is always on the ground overseeing the process until the devices are on their way to the US. Once in the US, they’re stored in a very well reputed fulfillment center who has stringent security measures, including round-the-clock surveillance.

  • On the topic of verifying your device’s integrity once it’s in your hands, we’re aware that physical checks, like inspecting the shrink wrap on the packaging, and the wrapping sheet around the device might not cover all bases. Though these methods can deter tampering, they might not be foolproof against a highly skilled attacker. For those who want to go the extra mile, we’re more than happy to guide you through reinstalling umbrelOS from the ground up on your device’s internal SSD.

I hope this sheds some light on how seriously we take the security and integrity of Umbrel Home. Thanks again for asking. Cheers!

How reinstalling umbrelOS from the ground up on my device’s internal SSD???