[TommyTran732]

Because it's true, and I know what he said, I am not confused at all. Did you not read anything at all?

On the Librem laptop, the tampering is done by PureBoot and inject into /run/firmware. The other user was linking the stuff with the laptop.

*On a Librem 5, it is stored on a separate chip, then they read it with the initramfs, then mount it on top of the regular filesystem at /lib/firmware*.

Like I said, it's just shuffling stuff around.

Here is the actual code, if you care enough to read it: https://source.puri.sm/Librem5/librem5-fw-jail/-/blob/pureos...

If you can't read code, here is the marketing material: https://puri.sm/posts/shipping-new-sparklan-wifi-cards-with-...

If you don't know that the firmware for components/peripherals can either be uploaded to them by Linux or just stored on some flash chip on the component, read: https://www.chromium.org/chromium-os/developer-library/refer...

[seba_dos1]

For the record, the "jail" only exists so PureOS (or any other distro) does not have to distribute any blobs within its repositories or include them in their images - though distros still can if they choose to, like postmarketOS does for example. There's very little difference between a firmware blob that's stored in a peripheral's internal flash, NOR flash or OS rootfs when it comes to user freedom, in the end it gets executed the same way on the same hardware. Having a separate place for these blobs only simplifies their management and allows to put a clear distinction of what's free and what's not. The important thing is that, regardless of whether the "jail" is used or not, there's not a single blob that runs on the user's CPU within the user's system on the Librem 5, which isn't a unique property for a phone but rare nevertheless; the peripherals are a different thing and Purism has never claimed that there are no blobs there (in fact, the existence of e.g. the DDRC blob was being highlighted already in very early development).

(also, the NOR flash itself already had to be there because that's what TPS65982 boots from, so the "jail" is just using the 4MB storage that would otherwise remain mostly empty)

[fsflover]

I'm tired of arguing with you. I see no effort from your side to come to some understanding or to clarify anything. Here's why.

> On the Librem laptop, the tampering is done by PureBoot

What do you mean by "tampering" here? Is uploading firmware to peripherals a "tampering"? Why is this a problem, compared with other devices? Does anybof those blobs run on the CPU? I don't understand what you are trying to say.

> If you don't know that the firmware for components/peripherals can either be

I do know. How is this relevant? I never denied that the device does have some proprietary blobs.

[TommyTran732]

> I see no effort from your side to come to some understanding or to clarify anything.

Accusing me of your own sins.

> What do you mean by "tampering" here? Is uploading firmware to peripherals a "tampering"? Why is this a problem, compared with other devices? Does anybof those blobs run on the CPU? I don't understand what you are trying to say.

On the laptop, messing with the system memory (/run) and dumping firmware packages in there instead of just shipping it with the OS using a sensible approach like the linux-firmware package is a hack-job and nasty practice. And since it's messing with system memory, that's your "tampering" right there.

On the phone, once again, instead of using a normal, sensible approach like the linux-firmware package on desktop Linux or the vendor partition on Android, they just store the firmware in some chip, then have the OS (or more accurately, the initramfs) mount the content of the chip using overlayfs in /lib/firmware anyways. It's another implementation of the same hackjob. That, and they combine it with using peripherals whose firmware are stored inside of internal flash chips so the OS doesn't have to be shipped with firmware packages that it then needs to load into the peripherals.

What does this entire exercise do for freedom or openness? *Asbolutely nothing*. It's called shuffling the firmware storage around so you can market the OS as "blob free" when it's literally meaningless. If anything, it makes it harder to audit and figure out which firmware version is being run than if the firmware were to be shipped along with the OS.

---

To dumb it down a notch if you really do not understand what I am trying to say:

This makes about as much sense as if I were to take the SSD out of my laptop, destroy the M.2 socket, then advertise it as a "storage free and OS free laptop". To use the laptop, you must plug in external storage through the USB port and load up an OS. But hey, since there is no SSD or OS on the "main" part of the laptop, I am now qualified for some made up certification and can advertise my stuff as "freeing" the user from the shackles of the evil storage system and nastiness of having an OS. Definitely more "open" than other laptops.

[fsflover]

> This makes about as much sense as if I were to take the SSD out of my laptop, destroy the M.2 socket, then advertise it as a "storage free and OS free laptop".

I like your comparison and I agree that it doesn't make much sense technically. However it also doesn't make the Librem 5 less secure or usable, too. Also, it brings people's attention to the problem of non-free software, which it seems you completely neglect. In short, this is more good than bad. See also: https://news.ycombinator.com/item?id=25504641

[kuhsaft]

A bit aggressive, but understandable.

> If anything, it makes it harder to audit and figure out which firmware version is being run than if the firmware were to be shipped along with the OS.

Yep. https://docs.puri.sm/Hardware/Librem_5/Maintenance/Modem.htm...

"These files are controlled by a third-party and are not publicly accessible. Contact Purism Support to request these files for a firmware update"

---

Don't bother arguing with fsflover. They're a Purism evangelist that refuses to view things objectively.

https://hn.algolia.com/?dateEnd=1777075200&dateRange=custom&...

https://hn-wrapped.kadoa.com/fsflover

---

Damn. They even argued with marcan (Hector Martin known for Asahi Linux) in 2022. At this point I'm guessing they're a bot.

https://news.ycombinator.com/item?id=29841267

---

For fsflover, what Purism is doing is moving the non-auditable part of the OS onto a separate storage device so that they can claim that the OS is "Fully Auditable" and FSF certified even though the non-auditable and non-free part is mounted into the OS filesystem during boot. It's deceptive marketing and you're spreading that marketing.

Other open mobile OSes aren't trying to hide the fact that there needs to be proprietary components for hardware.

The only thing I concede is that the drivers are FOSS, which is why some performance and functionality is degraded compared to phones using non-free drivers. You could develop an AOSP phone using the same FOSS drivers as well, you'll just have the same issues.

[TommyTran732]

> what Purism is doing is moving the non-auditable part of the OS onto a separate storage device so that they can claim that the OS is "Fully Auditable" and FSF certified even though the non-auditable and non-free part is mounted into the OS filesystem during boot.

Yup, that's part of it.

But remember, even if they didn't do it, there's still a matter of them by using components with internal flash storage for the firmware instead of shipping firmware with the OS and letting the OS upload them. Like that's not a hackjob like the /lib/firmware or /run/firmware stuff or anything, but it's not like it's any more "open" than any other system, if not being a bit more opague. Of course the marketing would still be deceptive then.