[kscz]

I'm a bit confused on the comment "Modern phones (and all the flagship phones) have had separation between their basebands and APs for years; a modern smartphone baseband is essentially a USB peripheral."

As far as I can tell [0], the flagship phones (i.e. everything except the iPhone) are pretty heavily invested in the Qualcomm integrated baseband CPU + general purpose CPU [1]. And unless something has changed radically in recent years, the baseband CPU has had direct DMA access to the same memory as the main CPU, and thus any vulnerabilities or backdoors in the baseband CPU have the ability to directly access memory.

With the rising prevalence of devices like the LimeSDR [2] putting the ability of intercepting and communicating with the baseband CPU, vulnerabilities in the baseband like this one [3] are even more of a risk than before.

I don't think anyone is arguing that Purism is going to have produced the world's most secure software, but the design space they've put themselves in allows them to be audited internally and externally - something that while you say "Apple and Google have spent a lot of money on it" I can't really verify that it's lead to a quality product. As flaws like Intel Management engine fiascoes have shown [4], even heavily audited code can have terrible flaws. The thing people don't like about the current approach with cell phones is that if the phone is too old you just have to throw it away because no one will update it. Purism is offering you something where you can throw away just the vulnerable modem or wifi card, and keep your phone. Even if you don't know of a flaw, you could purchase a different vendor's M.2 4G LTE card and swap it in, and make your attack surface different than other owners of the Librem 5.

There are other things which Purism will doubtless be way worse at catching/auditing, but honestly this is going to be like Linux: the benefit in terms of security is going to be that you are one of maybe 1,000 people using that device in that specific configuration, and you won't be worth exploiting.

[0] https://en.wikipedia.org/wiki/List_of_Qualcomm_Snapdragon_sy...

[1] https://www.qualcomm.com/media/documents/files/snapdragon-80...

[2] https://myriadrf.org/projects/limesdr/

[3] https://arstechnica.com/information-technology/2016/07/softw...

[4] https://www.wired.com/story/intel-management-engine-vulnerab...

[seba_dos1]

Even though I generally agree with your comment, I don't know where you got that replacement part from. AFAIK Librem 5 is not supposed to be modular and I certainly wouldn't pledge my money for such project unless it set its fundraising goal many times higher than they actually did. In devices like that, there's not much you can do to achieve hardware modularity without fighting with lots of constraints everywhere. The best I expect to see in similar devices is what Dragonbox Pyra does (and what Neo900 planned to do) - a sandwich with two PCBs, with one having the CPU and expected to be upgraded, and other one containing stuff that doesn't need to be upgraded as often, like various sensors, baseband etc. It wouldn't work for Librem 5 though, as it seems to be already very space constrained.

Librem 5's design makes it relatively easy to safely disable and not use the part you think is vulnerable, but you can't really replace them - that would put this project into a completely different budget category.

[kscz]

Sorry, you're absolutely correct - I had misinterpreted the dev board layout screenshots as the final phone layout screenshots.

That'll teach me to post after I should be asleep!