Most active commenters
  • creshal(7)
  • nextos(3)
  • throwaway7767(3)

←back to thread

Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop

(arstechnica.com)
154 points walterbell | 25 comments | 15 Dec 15 07:52 UTC | HN request time: 1.354s | source | bottom
Show context
INTPenis ◴[15 Dec 15 09:24 UTC] No.10736741[source]
Since I'm completely surprised by this project and very attracted to it I thought it was best to google around for some perspective. Found this http://www.pcworld.com/article/2960524/laptop-computers/why-...

Among other things. My first question was, is the hardware open? Couldn't find an answer to that.

Edit: Apparently revision 2 of Purism will possibly have Coreboot.

replies(3): >>10736758 #>>10736798 #>>10736827 #
creshal ◴[15 Dec 15 09:52 UTC] No.10736827[source]
The CPU uses proprietary, binary microcode blobs.

The graphics chip needs proprietary, binary firmware blobs.

The ethernet chip needs proprietary, binary firmware blobs.

The BIOS is a proprietary, binary firmware blob.

"Respects your freedom" my ass. The only difference to a whitebox laptop is marketing. Dell's or Lenovo's linux offerings are just as "free".

(And chromebooks with Coreboot are, technically, more free than both.)

replies(4): >>10736975 #>>10737206 #>>10739064 #>>10739904 #
1. nextos ◴[15 Dec 15 11:40 UTC] No.10737206[source]
Actually, a RockChip based Chromebook like C201 is completely free except for the 3D acceleration. Not even CPU microcodes. And it's dirty cheap.

I wonder why Purism didn't simply commission such a machine with the right 3D chip instead of going with a non-free and expensive option.

I would also love similar initiatives in the mobile space, but I reckon it is more challenging. Neo900 and Pyra are kind of cool though. And I'm hoping Jolla open sources Sailfish OS later this month or early new year.

replies(4): >>10737228 #>>10737541 #>>10740311 #>>10745038 #
2. creshal ◴[15 Dec 15 11:45 UTC] No.10737228[source]
> I wonder why Purism didn't simply commission such a machine with the right 3D chip instead of going with a non-free and expensive option.

Because they can sell the "expensive" option (which, for the OEM itself, isn't even too expensive) at a much higher premium.

> I would also love similar initiatives in the mobile space, but I reckon it is more challenging.

In the mobile space it would be an even bigger exercise in futility: There is no, and will never be, a baseband chip with a free firmware. The FCC made that pretty clear back in the OpenMoko days – use our NSA-approved proprietary blob or you'll never sell in the developed world.

replies(4): >>10737623 #>>10737654 #>>10737849 #>>10738650 #
3. revanx_ ◴[15 Dec 15 13:10 UTC] No.10737541[source]
Would love to know where you got this information from as in Chromebook C201 has no hardware blobs except for 3D acceleration.
replies(1): >>10737850 #
4. rtpg ◴[15 Dec 15 13:30 UTC] No.10737623[source]
what's the story on OpenMoko? I have a hard time seeing the FCC directly saying something like that, and google isn't showing anything...
replies(3): >>10737905 #>>10739482 #>>10739568 #
5. Gregordinary ◴[15 Dec 15 13:38 UTC] No.10737654[source]
The FreeCalypso project is working on free baseband firmware with an older TI Chipset. If I recall from their mailing list, which is fairly active, they have voice calls working now. It will of course not be a smartphone, and it'll be GSM only.

https://www.freecalypso.org/

replies(1): >>10737680 #
6. creshal ◴[15 Dec 15 13:43 UTC] No.10737680{3}[source]
How do they plan to get it FCC certified? Without FCC certification, it may not be legally used outside shielded testing environments.
replies(1): >>10737807 #
7. Gregordinary ◴[15 Dec 15 14:12 UTC] No.10737807{4}[source]
I'm actually not sure, recently joined the mailing list and have been passively monitoring.

Would it make a difference if the chipset being used was already used for a cellphone that was FCC certified? If I put DD-WRT on my router, do I need to re-apply for FCC certification? (Wondering)

replies(1): >>10737897 #
8. nextos ◴[15 Dec 15 14:22 UTC] No.10737849[source]
But see how the Neo900 guys have worked this out. They isolate the baseband chip, and handle it as a threat, which is a very good model I think.
replies(1): >>10737907 #
9. nextos ◴[15 Dec 15 14:22 UTC] No.10737850[source]
http://www.libreboot.org/docs/hcl/c201.html

Well, also the wifi requires a blob, but one can use small usb adapters sanctioned by FSF, and blobfree.

10. creshal ◴[15 Dec 15 14:30 UTC] No.10737897{5}[source]
I'm not sure whether the certification guidelines for wifi and cell devices are the same.

For Wifi it's surprisingly strict:

• Every antenna+transmitter configuration has to be certified separately (that's why Lenovo and other laptop vendors have Wifi card whitelists and refuse booting with uncertified chips installed).

• The software that directly drives the hardware must be certified to conform to the transmission power limits etc.

For DD-WRT and others neither is a problem, because the hardware combination has been certified by the router vendor, and DD-WRT uses the wifi chip vendor's firmware blob to drive the hardware, which is certified by the vendor.

replies(2): >>10738577 #>>10738715 #
11. ansible ◴[15 Dec 15 14:32 UTC] No.10737905{3}[source]
That was an attempt at a Linux-based phone before Android. It is very old (close to 10 years?).
replies(1): >>10738208 #
12. creshal ◴[15 Dec 15 14:32 UTC] No.10737907{3}[source]
It's a good model to limit the damage a hijacked baseband chip can do, yes. But it is still not "free".
13. rtpg ◴[15 Dec 15 15:18 UTC] No.10738208{4}[source]
Was more wondering about the accusation that the FCC shot down the effort. Google seems to show that it launched something, can't find any trace of controversy
replies(1): >>10738470 #
14. creshal ◴[15 Dec 15 15:58 UTC] No.10738470{5}[source]
The project itself didn't fail because it – that was just due to Android being more attractive by the time it was working –, but they never managed to opensource the baseband firmware for that reason.
15. lmns ◴[15 Dec 15 16:15 UTC] No.10738577{6}[source]
>DD-WRT uses the wifi chip vendor's firmware blob to drive the hardware, which is certified by the vendor.

At least for many Atheros-based chipsets they use ath9k instead of the vendor blobs.

16. throwaway7767 ◴[15 Dec 15 16:26 UTC] No.10738650[source]
If someone were to develop an open-source replacement firmware for a baseband chip, the hardware project could use that chip but ship with the manufacturers firmware. It would then be on the users to reflash if desired. I doubt the FCC can do anything about that, people are already doing this with the TI Calypso replacement firmware.
replies(2): >>10738753 #>>10739407 #
17. throwaway7767 ◴[15 Dec 15 16:37 UTC] No.10738715{6}[source]
> Every antenna+transmitter configuration has to be certified separately (that's why Lenovo and other laptop vendors have Wifi card whitelists and refuse booting with uncertified chips installed).

Are you sure about that? The fact that not every vendor has such a lock suggests to me that there is no legal requirement for it.

18. creshal ◴[15 Dec 15 16:44 UTC] No.10738753{3}[source]
Oh, they cannot prevent you from installing the firmware… but if anyone catches you using it in the wild, you're in deep REDACTED.

E.g., If you're worried about the police monitoring your communications, giving them a perfectly legal reason to detain you is likely not your preferred course of action.

replies(2): >>10738951 #>>10739082 #
19. throwaway7767 ◴[15 Dec 15 17:17 UTC] No.10738951{4}[source]
Sure, but assuming there isn't a serious bug in the baseband causing other spectrum users grief, how likely is it that someone will check your phone's baseband for tampering?

If you're a person of interest, the police can come up with a better reason to detain you than this.

20. jessaustin ◴[15 Dec 15 17:37 UTC] No.10739082{4}[source]
In this case we're not really worried about police monitoring. The police aren't magical, yet. If they're trying to surveil without the target's knowledge, and the first attempt fails, they'll try something else. If no electronic surveillance works, they'll find another way to investigate, or they'll prioritize other investigations. They really have no way to catch random people with unauthorized firmware, so long as that firmware generally follows FCC guidelines.

However it may be that other, less Constitutionally-constrained parties would have the ability to dragnet for nonstandard firmware to highlight people for more intense scrutiny. The police could use a parallel construction based on that. Then they could say that unauthorized firmware on a seized phone establishes some sort of criminal intent.

21. hackuser ◴[15 Dec 15 18:21 UTC] No.10739407{3}[source]
Here are a few possibilities I've come across:

* OsmocomBB (http://bb.osmocom.org/trac/)

* An old HN discussion: https://news.ycombinator.com/item?id=7064187

* OKL4, a hypervisor, is used widely in basebands. AFAICT It was developed by Open Kernel Labs and was open. It seems to have been acquired by General Dynamics and I don't know it's current status (does anyone know more about it?) (https://gdmissionsystems.com/cyber/products/trusted-computin...)

22. hackuser ◴[15 Dec 15 18:32 UTC] No.10739482{3}[source]
Some follow-on and related projects:

* GTA04 by OpenPhoenux (http://projects.goldelico.com/p/gta04-main/)

* Neo900 (http://neo900.org/)

* QTMoko (http://qtmoko.sourceforge.net/)

* SHR (http://shr-project.org/)

23. wawi ◴[15 Dec 15 18:46 UTC] No.10739568{3}[source]
The OpenMoko project sort of fizzog'ed, but you can get a good kick out of the OpenPandora (and new: OpenPyra) projects, which the GTA04/neo guys have helped along a bit, I think ..

http://openpandora.org/

24. drudru11 ◴[15 Dec 15 20:39 UTC] No.10740311[source]
They needed x86 virtualization. The cheaper ARM systems don't support that (yet).
25. madez ◴[16 Dec 15 15:55 UTC] No.10745038[source]
The Chromebook C201 is not offered in my country, i.e. Germany. Any ideas where to get it from?