Comment by kuhsaft
19 hours ago
I think you misunderstand what the Purism Firmware Jail is. I don't blame you though. They seem to make it purposefully misleading. It doesn't isolate what runs in the OS. It just isolates the OS updates from the non-free blob updates. The OS still runs the non-free blobs. It just loads it from separate flash.
https://github.com/linuxboot/heads/blob/c859c28b88b7bc197c16...
It is you who is confused here. The first link is completely irrelevant to the Librem 5, and the second one points to a thread where the actual information present has been written by me.
The only non-free piece of code executed by the ARM Cortex-A53 cluster on the Librem 5 is the SoC's mask ROM bootloader. Once the control is passed to u-boot/ATF there is not a single non-free blob that runs there. Some peripherals may need blobs to be uploaded onto them to work, such as DP, DDRC and one of the used Wi-Fi cards (handled by ROM/u-boot/Linux respectively), while others boot from their own internal memories. Not all of those firmwares are non-free, but most are.
In the end, as I said earlier, the assessment depends on where you draw the line. I happen to draw it at the main CPU and the blobs that need to run within the user-controlled OS, which are unacceptable for me and which aren't present on the Librem 5.
Ah. I see. So the blobs are loaded into the separate microprocessors. Either way, it's the same as pretty much any modern phone, where the modem (and other secondary processors) are running some proprietary firmware and is communicating with the OS processor.
I don't see how it's different from running a free open-source ASOP OS. On the mainstream Android devices, the wireless hardware is also isolated and communication is done via IOMMU.
There's some debate as to whether using the USB stack for communication to the modem in the Librem 5 is less secure than IOMMU as well.
Pretty much any modern phone is also full of blobs that run on the main CPU to ensure basic functionality, with only a handful of exceptions. Just consider how many features stop working or get severely degraded on various phones when you use a clean AOSP build on them (provided that you can do it at all in the first place). Android's driver infrastructure effectively encourages non-free blobs in "vendor" partitions, and many things are purposely moved from the GPLv2 kernel to the userspace so they don't have to be copylefted. If you want to run a non-Android OS on these devices you either have to fill the gaps yourself or use these blobs through compatibility layers.
> at that point you still are trusting external communication to those devices with their proprietary blobs
Just as you do with any kind of peripheral, whether it implements what it's doing purely in hardware or with an embedded microcontroller.
> There's some debate as to whether the USB stack for communication to the modem is less secure than IOMMU as well.
You can have "some debate" on absolutely anything, but that doesn't yet mean it makes any sense. You have communication protocols on top of IOMMUs as well which are subject to exactly the same security considerations as potential exploits in the USB stack, so whatever debate you're referring to is unlikely to be held in good faith. I wonder why you mention it unprompted, as it's fairly off-topic here.
17 replies →