←back to thread

Qubes OS will ship pre-installed on Purism’s security-focused Librem 13 laptop

(arstechnica.com)
154 points walterbell | 5 comments | 15 Dec 15 07:52 UTC | HN request time: 0s | source
Show context
INTPenis ◴[15 Dec 15 09:24 UTC] No.10736741[source]
Since I'm completely surprised by this project and very attracted to it I thought it was best to google around for some perspective. Found this http://www.pcworld.com/article/2960524/laptop-computers/why-...

Among other things. My first question was, is the hardware open? Couldn't find an answer to that.

Edit: Apparently revision 2 of Purism will possibly have Coreboot.

replies(3): >>10736758 #>>10736798 #>>10736827 #
creshal ◴[15 Dec 15 09:52 UTC] No.10736827[source]
The CPU uses proprietary, binary microcode blobs.

The graphics chip needs proprietary, binary firmware blobs.

The ethernet chip needs proprietary, binary firmware blobs.

The BIOS is a proprietary, binary firmware blob.

"Respects your freedom" my ass. The only difference to a whitebox laptop is marketing. Dell's or Lenovo's linux offerings are just as "free".

(And chromebooks with Coreboot are, technically, more free than both.)

replies(4): >>10736975 #>>10737206 #>>10739064 #>>10739904 #
nextos ◴[15 Dec 15 11:40 UTC] No.10737206[source]
Actually, a RockChip based Chromebook like C201 is completely free except for the 3D acceleration. Not even CPU microcodes. And it's dirty cheap.

I wonder why Purism didn't simply commission such a machine with the right 3D chip instead of going with a non-free and expensive option.

I would also love similar initiatives in the mobile space, but I reckon it is more challenging. Neo900 and Pyra are kind of cool though. And I'm hoping Jolla open sources Sailfish OS later this month or early new year.

replies(4): >>10737228 #>>10737541 #>>10740311 #>>10745038 #
creshal ◴[15 Dec 15 11:45 UTC] No.10737228[source]
> I wonder why Purism didn't simply commission such a machine with the right 3D chip instead of going with a non-free and expensive option.

Because they can sell the "expensive" option (which, for the OEM itself, isn't even too expensive) at a much higher premium.

> I would also love similar initiatives in the mobile space, but I reckon it is more challenging.

In the mobile space it would be an even bigger exercise in futility: There is no, and will never be, a baseband chip with a free firmware. The FCC made that pretty clear back in the OpenMoko days – use our NSA-approved proprietary blob or you'll never sell in the developed world.

replies(4): >>10737623 #>>10737654 #>>10737849 #>>10738650 #
1. throwaway7767 ◴[15 Dec 15 16:26 UTC] No.10738650{4}[source]
If someone were to develop an open-source replacement firmware for a baseband chip, the hardware project could use that chip but ship with the manufacturers firmware. It would then be on the users to reflash if desired. I doubt the FCC can do anything about that, people are already doing this with the TI Calypso replacement firmware.
replies(2): >>10738753 #>>10739407 #
2. creshal ◴[15 Dec 15 16:44 UTC] No.10738753[source]
Oh, they cannot prevent you from installing the firmware… but if anyone catches you using it in the wild, you're in deep REDACTED.

E.g., If you're worried about the police monitoring your communications, giving them a perfectly legal reason to detain you is likely not your preferred course of action.

replies(2): >>10738951 #>>10739082 #
3. throwaway7767 ◴[15 Dec 15 17:17 UTC] No.10738951[source]
Sure, but assuming there isn't a serious bug in the baseband causing other spectrum users grief, how likely is it that someone will check your phone's baseband for tampering?

If you're a person of interest, the police can come up with a better reason to detain you than this.

4. jessaustin ◴[15 Dec 15 17:37 UTC] No.10739082[source]
In this case we're not really worried about police monitoring. The police aren't magical, yet. If they're trying to surveil without the target's knowledge, and the first attempt fails, they'll try something else. If no electronic surveillance works, they'll find another way to investigate, or they'll prioritize other investigations. They really have no way to catch random people with unauthorized firmware, so long as that firmware generally follows FCC guidelines.

However it may be that other, less Constitutionally-constrained parties would have the ability to dragnet for nonstandard firmware to highlight people for more intense scrutiny. The police could use a parallel construction based on that. Then they could say that unauthorized firmware on a seized phone establishes some sort of criminal intent.

5. hackuser ◴[15 Dec 15 18:21 UTC] No.10739407[source]
Here are a few possibilities I've come across:

* OsmocomBB (http://bb.osmocom.org/trac/)

* An old HN discussion: https://news.ycombinator.com/item?id=7064187

* OKL4, a hypervisor, is used widely in basebands. AFAICT It was developed by Open Kernel Labs and was open. It seems to have been acquired by General Dynamics and I don't know it's current status (does anyone know more about it?) (https://gdmissionsystems.com/cyber/products/trusted-computin...)