Comment by kuhsaft
3 hours ago
> Which blobs are running on the Librem 5 CPU?
https://source.puri.sm/Librem5/fw
https://source.puri.sm/Librem5/fw/firmware-librem5-nonfree
https://source.puri.sm/Librem5/librem5-fw-jail/-/tree/pureos...
> Which blobs are running on GrapheneOS CPU?
Depends on the phone. Arguably though, GrapheneOS has the legacy of years of thousands of security researchers working to secure Android from third-party network and GNSS modules.
---
Just so you know, I'm not using Librem or GrapheneOS. I'm looking at this objectively and have no skin in the game.
In this case I do not understand why you are ignoring the words of a Librem 5 developer saying that no blobs are running on the main CPU: https://news.ycombinator.com/item?id=47943487
I'll take his word that no blobs are running on the main CPU. But the process itself is error prone. It's mounting flash storage with blobs into the filesystem of the OS. The OS can load modules directly from the storage.
> There is not a single non-free blob in the OS that runs there once the bootloader is up (unless you put some there by yourself, which you're of course free to do).
"unless you put some there by yourself, which you're of course free to do" also means unless someone else puts one there.
---
I think the "firmware jail" loader also uses Smart Direct Memory Access (SDMA)?
---
You can run blobs on the main CPU with strong isolation with TEE and other hardware security features.
The SOC still has firmware baked in as per usual.
And the firmware for Bluetooth/Wifi is loaded in by having the initramfs read it from the NOR flash, mount it in /lib/firmware, then it is business as usual like a desktop Linux distribution.
It's not something special. It's just a hackjob. They shuffle the files around and made it much harder to update.
https://source.puri.sm/Librem5/librem5-fw-jail/-/blob/pureos...
https://puri.sm/posts/shipping-new-sparklan-wifi-cards-with-...