[kop316]

>The Librem 5 does not even support software encryption and no progress has been made toward adding even LUKS encryption.

OSK-SDL has been ported to the Librem 5 to the best of my knowledge (Source: talking to the actual dev working on it).

> The Librem 5 lacks a secure element for any hardware binding on the encryption and so would be entirely dependent on software-only encryption.

You do know it has a smartcard port right? That would be the whole point of having the smartcard: hardware binding encryption! Also see this: https://news.ycombinator.com/item?id=26773309

> Current releases of the Librem 5 have been plagued by thermal throttling issues and poor battery life which in some cases has clocked in at less than 1 hour at idle.

Actual citation needed please, as this contradicts you: https://puri.sm/posts/librem-5-4500mah-battery-upgrade/

> This renders the firmware unupdateable without shorting a connection.

That is simply incorrect: https://source.puri.sm/Librem5/redpine-firmware-nonfree https://source.puri.sm/Librem5/firmware-tps6598x-nonfree

Note how the update procedure doesn't call for "shorting a connection".

> Although the modems and radios are not attached to the host via DMA, they rely on USB for isolation, which simply shifts the trust from the kernel driver to the kernel USB stack, and USB was never designed with distrusting the device plugged into it in mind unlike SMMU/IOMMU, which is specifically designed to mitigate unconstrained DMA.

Do you have a citation for this beyond a repository that says: "Something I should mention off the bat right now is that this repository is a rough draft. Much of the information in it is very work-in-progress, and some of it needs to be looked at."

Being that off the top of my head I am able to contradict the most of your statements (with actual citations), I am skeptical of your claims, as laptops and other portable devices have to worry about rogue USB devices too, and this has been a known issue for over a decade.

It seems almost all your comment is either 1) out of date (And the last commit to the repository you posted to was 11 Feb 2020) or 2) flat out wrong.

tl;dr Did you do any real research on this topic?

[atat7024]

Anyway, to actually answer your question, if you need a source that the Librem doesn't have an IOMMU, then frankly you're out of your depth for this conversation.

[kop316]

...are you going to address, you know, the rest of your comment being factually incorrect?

I am saying the rest of your document you cited was riddled with errors that I could show was wrong off hand (with citations!), so any claims you make that I don't know is right, I treat with skepticism.

I'm unconvinced that you have actually looked through the source of the Librem 5, considering you didn't know it supported encryption! Hell, did you look at their product page? You can see that it has a smartcard on their product page! And yet you claimed it doesn't have "hardware backed encryption".

So either you are a) completely unaware of how to do basic research and citations or b) willfully spreading misinformation.

[atat7024]

> ...are you going to address, you know, the rest of your comment being factually incorrect?

Just have elsewhere.

[kop316]

considering doing ctrl + f "atat7024" proves otherwise, you are simply not worth replying to anymore, seeing as how you cannot conduct basic research or you are willing spreading misinformation.

[atat7024]

I don't currently have time to hotlink the absolute latest from security researchers' IRC chats etc direct to your door.

All I can do is point.

[atat7024]

tl;dr No, I literally said it was from a URL, and provided it...and I'm supposed to trust your info?

[kop316]

The way you cited this URL indicated you believe it to be fact.

https://news.ycombinator.com/item?id=26772189 When you make a claim like that, which I assumed meant your company did some sort of baseline research for this claim. Your reply directly contradicts that statement since your citation is riddled with errors.

I actually sourced all of my info (except for the OSK-SDL one...but I don't exactly know how to source a conversation between two people, so you'll have to trust me on that one. Alternatively, you are welcome to do your own research to counter my claim!). Are there problems with my citations? In the scientific community, this is why we cite sources. I don't have to trust the primary author when their sources are cited!