← Back to context

Comment by fsflover

10 hours ago

> A GrapheneOS phone is just as open as the Librem 5.

No, it's not. Try to run a completely free OS on you hardware (like Replicant) and watch the lack of camera, GPS and more.

Related discussion for other: https://news.ycombinator.com/item?id=47942070

16 comments

fsflover

Reply
555244466  7 hours ago

The Librem 5 uses a bottom of the barrel, standard industrial CPU from 2017 with no updates. It is no more open than a Google Pixel or any other mobile device. it lacks proper updates, isolated radios, and any form of hardening. The kill switches are also useless if your device is fully compromised and turned into a spying device, all of your data is already gone. The only thing the switches do as a last resort is block voice recording, which is an improper way of doing it since speakers are essentially just microphones in reverse.

  • fsflover  6 hours ago

    > CPU from 2017 with no updates

    This is false. Please stop writing false statements without any links. NXP promises to produce the i.MX 8M Quad until Jan. 2033. The support will be even longer.

    > it lacks proper updates

    This is FUD.

    > isolated radios

    They are isolated with USB. This might be slightly weaker than IOMMU, but for me the benefit of freedom is worth it. There is no shared memory.

    > it lacks proper updates, isolated radios, and any form of hardening

    FUD and false information. Please stop this.

    > The kill switches are also useless if your device is fully compromised

    This is false again. It doesn't matter how much my device might be compromised. The attacker will not get any access to the shut down sensors, radios or voice/video, if I use the three kill switches.

    > since speakers are essentially just microphones in reverse

    Librem 5 speakers do not support this.

    • kuhsaft  4 hours ago

      Not OP, but

      > This is false. Please stop writing false statements without any links. NXP promises to produce the i.MX 8M Quad until Jan. 2033. The support will be even longer.

      I think they meant that the processor itself is old. It supports ARMv8 and is lacking the enhanced memory protection and execution features of the ARMv9-A processors on newer phones.

      > This is false again. It doesn't matter how much my device might be compromised. The attacker will not get any access to the shut down sensors, radios or voice/video, if I use the three kill switches.

      The problem is that your device can be compromised quite easily and without you knowing. The kill switches are moot at that point.

      6 replies →

TommyTran732  7 hours ago

Quite frankly, the whole Librem ecosystem is significantly less "open" than GrapheneOS or any desktop Linux variant to anyone who look at things objectively instead of using weird FSF semantics.

Instead of loading firmware in sensible manner like GrapheneOS or desktop Linux distros with the linux-firmware package, they keep PureOS "free of blobs" by having the bootloader inject all of the blobs into memory in an extremely shady manner. Since when was having the bootloader tamper with system memory about freedom and openness?

Oh, and they even have the audacity to market this as the "firmware jail" as if it is any more contained than the linux-firmware package too. Truly impressive stuff.

  • fsflover  6 hours ago

    > Quite frankly, the whole Librem ecosystem is significantly less "open" than GrapheneOS or any desktop Linux variant to anyone who look at things objectively instead of using weird FSF semantics.

    You will have a point when your Google phone runs Replicant. Now this is just empty words, i.e., FUD. Which blobs are running on the Librem 5 CPU? Which blobs are running on GrapheneOS CPU?

    • TommyTran732  4 hours ago

      Which blobs are running on the Librem 5 CPU? Which blobs are running on GrapheneOS CPU?

      Both the Pixel and Librem 5 have firmware baked into the SoC that is executed.

      On GrapheneOS, the firmware is signed and updated along with the OS.

      On the Librem 5, the firmware for Wifi/Bluetooth is stored on a NOR chip, which is read from and mounted into the OS by the initramfs into /lib/firmware.

      Not-withstanding the above, Librem 5 components such as the USB controller, touch screen controller, radios, battery, etc simply have closed-source firmware baked in (stored on some flash chip on these components), but it doesn't mean that they are not there or in use.

      In both cases, components either do not get proper firmware updates from the OS, or they are too old/low quality to get any firmware updates from the vendors to begin with. Storing firmware on the component is also a less secure approach than having signed firmware loaded by the OS, as it now means that these components have persistent storage which can be attacked.

      Aside from all of the above, they also use a dedicated CPU core to run firmware blobs for things like memory training.

      In essence, what the Librem 5 has achieved is shuffling proprietary firmware storage around instead of eliminating their existence or execution. It is not any more "free" or "open" than anyone else while also being less secure.

    • kuhsaft  4 hours ago

      > Which blobs are running on the Librem 5 CPU?

      https://source.puri.sm/Librem5/fw

      https://source.puri.sm/Librem5/fw/firmware-librem5-nonfree

      https://source.puri.sm/Librem5/librem5-fw-jail/-/tree/pureos...

      > Which blobs are running on GrapheneOS CPU?

      Depends on the phone. Arguably though, GrapheneOS has the legacy of years of thousands of security researchers working to secure Android from third-party network and GNSS modules.

      ---

      Just so you know, I'm not using Librem or GrapheneOS. I'm looking at this objectively and have no skin in the game.

      3 replies →