Comment by TommyTran732
5 hours ago
Quite frankly, the whole Librem ecosystem is significantly less "open" than GrapheneOS or any desktop Linux variant to anyone who look at things objectively instead of using weird FSF semantics.
Instead of loading firmware in sensible manner like GrapheneOS or desktop Linux distros with the linux-firmware package, they keep PureOS "free of blobs" by having the bootloader inject all of the blobs into memory in an extremely shady manner. Since when was having the bootloader tamper with system memory about freedom and openness?
Oh, and they even have the audacity to market this as the "firmware jail" as if it is any more contained than the linux-firmware package too. Truly impressive stuff.
> Quite frankly, the whole Librem ecosystem is significantly less "open" than GrapheneOS or any desktop Linux variant to anyone who look at things objectively instead of using weird FSF semantics.
You will have a point when your Google phone runs Replicant. Now this is just empty words, i.e., FUD. Which blobs are running on the Librem 5 CPU? Which blobs are running on GrapheneOS CPU?
Which blobs are running on the Librem 5 CPU? Which blobs are running on GrapheneOS CPU?
Both the Pixel and Librem 5 have firmware baked into the SoC that is executed.
On GrapheneOS, the firmware is signed and updated along with the OS.
On the Librem 5, the firmware for Wifi/Bluetooth is stored on a NOR chip, which is read from and mounted into the OS by the initramfs into /lib/firmware.
Not-withstanding the above, Librem 5 components such as the USB controller, touch screen controller, radios, battery, etc simply have closed-source firmware baked in (stored on some flash chip on these components), but it doesn't mean that they are not there or in use.
In both cases, components either do not get proper firmware updates from the OS, or they are too old/low quality to get any firmware updates from the vendors to begin with. Storing firmware on the component is also a less secure approach than having signed firmware loaded by the OS, as it now means that these components have persistent storage which can be attacked.
Aside from all of the above, they also use a dedicated CPU core to run firmware blobs for things like memory training.
In essence, what the Librem 5 has achieved is shuffling proprietary firmware storage around instead of eliminating their existence or execution. It is not any more "free" or "open" than anyone else while also being less secure.
> Which blobs are running on the Librem 5 CPU?
https://source.puri.sm/Librem5/fw
https://source.puri.sm/Librem5/fw/firmware-librem5-nonfree
https://source.puri.sm/Librem5/librem5-fw-jail/-/tree/pureos...
> Which blobs are running on GrapheneOS CPU?
Depends on the phone. Arguably though, GrapheneOS has the legacy of years of thousands of security researchers working to secure Android from third-party network and GNSS modules.
---
Just so you know, I'm not using Librem or GrapheneOS. I'm looking at this objectively and have no skin in the game.
In this case I do not understand why you are ignoring the words of a Librem 5 developer saying that no blobs are running on the main CPU: https://news.ycombinator.com/item?id=47943487
2 replies →