Similarly, they seem to have choosen the Wifi and Bluetooth chips as well because they have no downloadable firmware, and the isolation for the baseband probably ensures the same there: https://puri.sm/posts/librem5-2018-09-hardware-report/
If those would have meaningful updates is a good question, and clearly it only applies to some of the firmware, but I suspect that's what the exagerated original claim is based on.
Is there any way to mitigate this if one wants to keep Wifi and Bluetooth?
I guess if one really wanted to be pure then, they could just keep the second (of three, see below) hardware switches off, and even possibly de-solder a connection, to ensure they aren't accidently flipped on.
Hardware Switches:
- cameras and microphone
- WiFi and Bluetooth
- cellular baseband
(When all three switches are off, power is also killed to sensors a la "Lockdown Mode")
Purism can't guarantee someone won't try to flash that firmware. so the best solution they came up with was to create a parallel chip to store the firmware they have vetted to be safe and to overwrite the modem or wifi firmware with their version of the binaries anytime a change to the other firmware is pushed through
Is there any way to mitigate this if one wants to keep Wifi and Bluetooth?
I guess if one really wanted to be pure then, they could just keep the second (of three, see below) hardware switches off, and even possibly de-solder a connection, to ensure they aren't accidently flipped on.
Hardware Switches:
- cameras and microphone
- WiFi and Bluetooth
- cellular baseband
(When all three switches are off, power is also killed to sensors a la "Lockdown Mode")