Comment by lrvick
9 months ago
> I can't believe this amazing software is free in all senses of the word.
I wish that were true, but if you delete the 100s of binary blobs (many with effectively root access) copied from a stock donor vendor partition the phone won't function at all.
There is no such thing as a fully open source and user controlled Android device today.
It's not all grim. GrapheneOS utilizes IOMMU to isolate the baseband and sandbox the wireless components. Even with binary blobs, the wireless radios cannot read encrypted traffic.
https://grapheneos.org/faq#baseband-isolation
Sure, it's not perfect, but it's still really, really good. Even with the binary blobs that are on it, Graphene phones have been impossible to unlock via commercial cracking tools since 2022.
https://osservatorionessuno.org/blog/2025/03/a-deep-dive-int...
Laptops, desktops, smartphones or tablets are closed source hardware with closed source firmware in general. There are products marketed as if they're open source devices which are in fact closed source hardware with almost entirely closed source firmware. The software on top being open source is frequently misrepresented as the device itself being open source, which isn't the case. Not shipping important firmware updates in the OS provides assurance of insecurity while not changing the fact that the hardware and firmware is closed source. It has to do with a loophole defined in a certain ideology around software, not open hardware or privacy/security.
Let's not allow the perfect to be the enemy of the good. GrapheneOS does what it can to isolate those things as much as possible. It even makes good use of hardware features such as the IOMMU. It's a huge improvement on the status quo, even though it's not going to pass FSF RYF certification.
FSF RYF certification is anti-freedom, anti-privacy and anti-security. Pretending hardware is open because there aren't closed source components which are / can be updated doesn't make sense. They certify closed source hardware with closed source firmware. In many cases, privacy and security has been crippled to obtain the certification by preventing important firmware upgrades. Not shipping firmware updates in the OS doesn't mean the firmware isn't there and doesn't make the hardware or firmware open source. GrapheneOS wants to have actual open source hardware and firmware, not what the FSF is peddling. We certainly don't want to block people getting important firmware upgrades needed to defend devices. FSF heavily misleads people about these topics for ideological reasons.
I agree with you. I think FSF RYF is a pointless certification since firmware isn't going away anytime soon. I'm not a fan of their "it's part of the wiring if you can't upgrade it" compromise either since it doesn't achieve their goals and makes the situation even worse.
It would be nice if the firmware itself was free software so that it could be shipped alongside the Linux kernel, maintained indefinitely and we could customize it however we want. The hardware is supposed to do what we want it to do, not what the manufacturer lets us do.
I don't like the fact every single device out there has entirely separate computers inside them running unknown proprietary software. It feels like our operating systems aren't operating the system anymore, it's like they're just some user app sandboxed away from the real system. This presentation explains what I mean:
https://youtu.be/36myc8wQhLo
It's an imperfect reality. Security by isolation of devices via IOMMU addresses real concerns such as devices being able to access RAM via DMA. It's great that GrapheneOS is doing this.
Was there ever? And is the situation improving or worsening?
I am alright with things that allow for improvement, at least in theory
Anyways, we as informed consumers are hopefully all agreeing on striving for an open mobile OS and open hardware. For those of us, who consider themselves democratic, that is even an imperative.
Not sure what the situation is with Librem, Pine and Joola/SailfishOS, maybe those qualify?
The Librem 5 and Pinephone are closed source hardware with closed source firmware. It's a misconception that they're open source. They have open source drivers, not hardware and firmware.
SailfishOS is not open source itself. It's far less open source than Android which has the Android Open Source Project with the whole base OS.
8 replies →
I tried librem and pine a year or so ago. As long as it is basic phone use ( phone, text ), it is ok for daily use. That said, the experience is nowhere near ok experience in terms of speed or responsiveness, when compared to most basic android phones. I do not know if that changed since, but librem left a bad taste in my mouth based on how they seem to operate. Pine, by comparison, was a lot more honest about its limitations.
Replicant was the last time we had fully open Android devices. We have regressed.
All of those were closed source hardware with tons of closed source firmware. Not shipping firmware updates doesn't mean the firmware doesn't exist. There aren't open source devices in general. It's not specific to smartphones.
2 replies →
Laptops, desktops, smartphones or tablets are closed source hardware with closed source firmware in general. There are products marketed as if they're open source devices which are in fact closed source hardware with almost entirely closed source firmware. The software on top being open source is frequently misrepresented as the device itself being open source, which isn't the case. Not shipping important firmware updates in the OS provides assurance of insecurity while not changing the fact that the hardware and firmware is closed source. It has to do with a loophole defined in a certain ideology around software, not open hardware or privacy/security.
Plenty of laptops exist you can get away with running fully open source and auditable firmware, and a few that are mostly open hardware too, by the MNT Reform team.
The Precursor is the only pocket computer platform that is maximally open hardware, software, and firmware but you revert back to the 90s in terms of power as a consequence with alpha quality software today. If Bunnie is successful with his IRIS approach and making custom home-user-inspectable ASICS then maybe a middle ground path can be forged in the next few years.
For now the only modern computing experience with fully open hardware and software I am aware of are the ppc64le based devices by Raptor Engineering, but at a very high cost due to low demand, with huge form factor and no power management. I still own one anyway because we have to start somewhere.
For those that want this story to get better, please buy and promote the products of the few people trying to break us out of dependence on proprietary platforms.
> Plenty of laptops exist you can get away with running fully open source and auditable firmware, and a few that are mostly open hardware too, by the MNT Reform team.
MNT Reform has a regular closed source ARM SoC as the main component along with a bunch of other closed source components. The chassis, board and boot chain being open doesn't make a device mostly open hardware. Anything simply using an ARM or x86_64 SoC at the core is not truly mostly open. It's a closed source system (the SoC) with open source components between it and other closed source components like radios, a display controller, SSD, etc. The same applies to other ARM and x86_64 laptops. They're built around closed source components even if the board many components go in and the boot chain is open source.
Having an open source boot chain and not requiring loading proprietary firmware from there or from the OS doesn't mean the device has open firmware. It's conflating not needing to load firmware with the firmware not existing or being open, which isn't the case.
> The Precursor is the only pocket computer platform that is maximally open hardware, software, and firmware but you revert back to the 90s in terms of power as a consequence with alpha quality software today. If Bunnie is successful with his IRIS approach and making custom home-user-inspectable ASICS then maybe a middle ground path can be forged in the next few years.
This is far closer to being how you're describing other platforms. However, it does have closed source components including the FPGA and Wi-Fi. It's as close as it gets to being open hardware and that has a huge cost. Platforms simply using a closed source ARM SoC and many other closed source components are not anywhere close to being open. This is what it takes to get close, and it's not fully there.
> For now the only modern computing experience with fully open hardware and software I am aware of are the ppc64le based devices by Raptor Engineering, but at a very high cost due to low demand, with huge form factor and no power management. I still own one anyway because we have to start somewhere.
It's the motherboard that's open source. The IBM CPUs used with it are not open hardware.
> For those that want this story to get better, please buy and promote the products of the few people trying to break us out of dependence on proprietary platforms.
Laptops with a nearly completely closed source SoC / CPU are not a fully open platform, especially when it's an SoC providing most of the functionality. Talos II has a lot of functionality on their open motherboard vs. an ARM SoC with most of it on the SoC, but either way the CPU being closed source is still the most core component being closed source.
3 replies →
As opposed to using what, hand gestures? There is simply no production ready hardware with non-proprietary software at all.
Yes, which is a huge problem. This is a big part of why Android phones suck so much ass - you're often stuck on old versions of android because the hardware vendors are too lazy to update their proprietary bullshit blobs that barely fucking work.
And now you're running a two year old phone and it's effectively obsolete.
If they would just upstream their firmware into the Linux kernel, you could upgrade these phones for years and years. Until the hardware is actually physically incapable of running the latest features.
Some vendors, like Google, promise to provide updates for a long time. But it's just that - a promise. There's no technical guarantee or mechanism for this, it's purely based on trust.
> As opposed to using what, hand gestures
As opposed to "being free in all senses of the word", which is what the comment was talking about.
People go through all sorts of weird mental gymnastics about this. The FSF at one point took the position that binary blobs were cool so long as they could not be upgraded, because then you could pretend they weren't software at all, but just part of the wiring. I've seen this odd line of thought attributed to RMS himself, but here's an FSF statement, from when he was running it: https://www.fsf.org/blogs/community/task2-openmoko
No production ready -mobile- hardware, I would agree.
The Precursor is promising, but software is not there yet.
I sit down at my desktop computer and send emails and type messages like this one. Then I get up from my desk and spend time with my family offline and present. It's pretty great.
This is also the case with mainline linux though. Good luck using Nvidia graphics with only FOSS components.
Even more FOSS friendly graphics vendors like AMD and Intel rely on binary firmware.
Laptops, desktops, smartphones or tablets are closed source hardware with closed source firmware in general. There are products marketed as if they're open source devices which are in fact closed source hardware with almost entirely closed source firmware. The software on top being open source is frequently misrepresented as the device itself being open source, which isn't the case. Not shipping important firmware updates in the OS provides assurance of insecurity while not changing the fact that the hardware and firmware is closed source. It has to do with a loophole defined in a certain ideology around software, not open hardware or privacy/security.
Indeed, mainline linux distros aren't free software either
I have run nvidia cards without proprietary drivers for years. Nouveau.
With the right hardware choices running blob-free linux is pretty straightforward.
7 replies →
[dead]