Not exactly on this topic as it appears to be a hit-piece about the company making the phone. There's been a few hit-piece comments here on HN made by new accounts on other Librem 5 posts too.
Anyway, I'm not an expert about most of that stuff, but they wrote:
They have ensured by design that what remains of proprietary firmware on the phone can't be updated, because they want a FSF Free hardware certification, and that's the only way to get that and have non-free firmware components. Not updateable non-free firmware is tolerated as being "part of the hardware" in a way, updateable firmware is software and required to be open.
Similarly, they seem to have choosen the Wifi and Bluetooth chips as well because they have no downloadable firmware, and the isolation for the baseband probably ensures the same there: https://puri.sm/posts/librem5-2018-09-hardware-report/
If those would have meaningful updates is a good question, and clearly it only applies to some of the firmware, but I suspect that's what the exagerated original claim is based on.
Is there any way to mitigate this if one wants to keep Wifi and Bluetooth?
I guess if one really wanted to be pure then, they could just keep the second (of three, see below) hardware switches off, and even possibly de-solder a connection, to ensure they aren't accidently flipped on.
Hardware Switches:
- cameras and microphone
- WiFi and Bluetooth
- cellular baseband
(When all three switches are off, power is also killed to sensors a la "Lockdown Mode")
Purism can't guarantee someone won't try to flash that firmware. so the best solution they came up with was to create a parallel chip to store the firmware they have vetted to be safe and to overwrite the modem or wifi firmware with their version of the binaries anytime a change to the other firmware is pushed through
Anyway, I'm not an expert about most of that stuff, but they wrote:
> They aren't shipping firmware updates.
Uh... the phone hasn't even been released yet!