TBF, nobody's going to make that Privacy-Respecting laptop if people reject the "most privacy respecting laptop so far" for not being good enough. Because, we can keep moving the goalposts, here. Librem isn't perfect, and its BIOS isn't fully free. But it's free-er than almost any other laptop being sold that's worth owning, and it even comes with a hardware switch for some key sensors. I could ask for more, but bitching and rejecting the Librem because it's not-good-enough, and buying a laptop with NO respect for me on the basis that "I can just roll my own", continues to send the market the message that: 1) Free software doesn't sell 2) Privacy doesn't sell On 14/09/15 13:37, Travis Biehn wrote:

Oshwm: Seems reasonable. It would be cool if consumers started valuing privacy-oriented products, now the whole plot is lost once a company uses a 3rd party load balancer? Nice.

"Every hardware chip individually selected for being freedom-respecting" Is that in the datasheet for each chip "no backdoors & 100% certified vulnerability free"? Does an Intel chipset laptop manufactured in Shenzen really count as 'thoughtful and freedom respecting'?

“Getting rid of the signature checking is an important step. While it doesn’t give us free code for the firmware, it means that users will really have control of the firmware once we get free code for it.” - Dr. Richard M. Stallman

And without signature checks how will we prevent un-solicited BIOS modification?

Securing their Trisquel derived distro?

RMS doesn't have 'robust against nation state attackers' on his platform for GNU. They're still just trying to get people to comply with the license & refer to it as 'gnu / linux'.

Don't mistake a 'FOSS' laptop for a 'Privacy Laptop' just because they installed a switch for the webcam. The privacy stuff is just the work of marketing.

-Travis

On Mon, Sep 14, 2015 at 1:36 AM, Oshwm <oshwm@openmailbox.org <mailto:oshwm@openmailbox.org>> wrote:

Links go via cloudflare so privacy already abused before even purchasing.

On 14 September 2015 03:11:12 BST, Alfie John <alfiej@fastmail.fm <mailto:alfiej@fastmail.fm>> wrote:

Just saw these this morning:

https://www.crowdsupply.com/purism https://puri.sm/

Although a physical switch to kill the webcam and mic seems obvious, this is the first laptop I've seen with them built in.

Overall thoughts?

Alfie

-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>

-- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey

Absolutely, yes; If you ask first for privacy, and there is a good option for privacy, then that's the correct answer. Privacy without free software is a total joke. Ergo, given a potentially spyware rich platform that *markets* itself as Private, as Google, Apple and Microsoft for example *all do*, or a free software platform which can be trivially and fairly-well rewritten to not be spyware-rich, you choose the latter. It follows that for a privacy respecting laptop, you must necessarily begin with a laptop that can, to some degree of certainty, be wiped clean and installed with trustworthy software. There are many options here; the FSF certify hardware that can be as blob-free as possible. There are also lots of pitfalls, because the Linux architecture in many places implicitly trusts the intentions of device firmwares; it's likely that memory checks aren't implemented well enough on so many layers that you can never be sure without literally CMOSing your own device control hardware. Given all these options and pitfalls, draw a "sanity line" somewhere and pick some hardware that lets you do modern stuff without torturously long waits. In that short-list, the Librem still ranks quite well, I feel. On 14/09/15 16:32, Travis Biehn wrote:

What does 'privacy respecting' even mean?

It's certainly a win for the FOSS crowd but FOSS isn't synonymous with 'Privacy and Security'.

If a product markets itself as 'privacy respecting' (is the Librem /actually/ marketed this way) then it had better back up it's claims.

If someone on cpunks asks if it's a reasonable 'privacy laptop' and the answer isn't a bet-your-life on it yes, then the response should be clearly no, even if it's 'a nice /n/th step'.

-Travis

On Mon, Sep 14, 2015 at 11:15 AM, Cathal Garvey <cathalgarvey@cathalgarvey.me <mailto:cathalgarvey@cathalgarvey.me>> wrote:

TBF, nobody's going to make that Privacy-Respecting laptop if people reject the "most privacy respecting laptop so far" for not being good enough. Because, we can keep moving the goalposts, here.

Librem isn't perfect, and its BIOS isn't fully free. But it's free-er than almost any other laptop being sold that's worth owning, and it even comes with a hardware switch for some key sensors.

I could ask for more, but bitching and rejecting the Librem because it's not-good-enough, and buying a laptop with NO respect for me on the basis that "I can just roll my own", continues to send the market the message that:

1) Free software doesn't sell 2) Privacy doesn't sell

On 14/09/15 13:37, Travis Biehn wrote:

Oshwm: Seems reasonable. It would be cool if consumers started valuing privacy-oriented products, now the whole plot is lost once a company uses a 3rd party load balancer? Nice.

"Every hardware chip individually selected for being freedom-respecting" Is that in the datasheet for each chip "no backdoors & 100% certified vulnerability free"? Does an Intel chipset laptop manufactured in Shenzen really count as 'thoughtful and freedom respecting'?

“Getting rid of the signature checking is an important step. While it doesn’t give us free code for the firmware, it means that users will really have control of the firmware once we get free code for it.” - Dr. Richard M. Stallman

And without signature checks how will we prevent un-solicited BIOS modification?

Securing their Trisquel derived distro?

RMS doesn't have 'robust against nation state attackers' on his platform for GNU. They're still just trying to get people to comply with the license & refer to it as 'gnu / linux'.

Don't mistake a 'FOSS' laptop for a 'Privacy Laptop' just because they installed a switch for the webcam. The privacy stuff is just the work of marketing.

-Travis

On Mon, Sep 14, 2015 at 1:36 AM, Oshwm <oshwm@openmailbox.org <mailto:oshwm@openmailbox.org> <mailto:oshwm@openmailbox.org <mailto:oshwm@openmailbox.org>>> wrote:

Links go via cloudflare so privacy already abused before even purchasing.

On 14 September 2015 03:11:12 BST, Alfie John <alfiej@fastmail.fm <mailto:alfiej@fastmail.fm> <mailto:alfiej@fastmail.fm <mailto:alfiej@fastmail.fm>>> wrote:

Just saw these this morning:

https://www.crowdsupply.com/purism https://puri.sm/

Although a physical switch to kill the webcam and mic seems obvious, this is the first laptop I've seen with them built in.

Overall thoughts?

Alfie

-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>

-- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 <tel:%2B353876363185> miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com <http://peerio.com>: cathalgarvey

-- Twitter <https://twitter.com/tbiehn> | LinkedIn <http://www.linkedin.com/in/travisbiehn> | GitHub <http://github.com/tbiehn> | TravisBiehn.com <http://www.travisbiehn.com> | Google Plus <https://plus.google.com/+TravisBiehn>

-- Scientific Director, IndieBio EU Programme Now running in Cork, Ireland May->July Learn more at indie.bio and follow along! Twitter: @onetruecathal Phone: +353876363185 miniLock: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM peerio.com: cathalgarvey

...

Librem isn't perfect, and its BIOS isn't fully free. But it's free-er than almost any other laptop being sold that's worth owning, and it even comes with a hardware switch for some key sensors. If a product markets itself as 'privacy respecting' (is the Librem *actually* marketed this way) then it had better back up it's claims.

Regardless of the way the marketing team is spinning things, they supposedly have 3 firmware developers trying to make a difference. Outside Bunnie Studios, I don't know of another OEM that is trying to help with this niche market with new hardware (not including refurbished Thinkpads). So I respect that effort. Not sure they'll fully succeed in this model, but perhaps a few models later they will have some decent boxes. It sounds like they have a source license to Intel's Firmware Support Package (FSP), and are modifying it to disable some silicon/firmware features. The results will still be closed-source. Today, nearly all Intel systems are 100% closed-source firmware, via IBVs (Phoenix, AMI, Insyde, and OEMs). Some AMD and ARM systems could provide blob-free firmware. If used in conjunction with fully open source OS/app stack, then you might be able to trust it. Today, I don't see how you can trust any keys/certs in any of the Trusted/Verified/Measured/etc boots, most of the solutions don't seem to have any way for the owner/user to verify, eg, no CRL/OSCP keys. My reading of NIST SP80-147's seems to imply that sysadmins need to be able to verify things, but that doesn't seem viable today. While Purism's marketing may be a bit overboard, I'm hopeful that they're trying. Maybe their next model will use the new RISC-V Raven3 chip, with U-Boot Verified Boot, and ship with full source to CPU/firmware/enclosure, firmware, OS, and apps. To get to that point, we'll probably need to help them fund this current Intel model, to keep Purism alive.... I am not sure why they they need to create yet-another privacy-centric OS, PureOS, and focus on improving and using Qubes/TAILs/Trisqel/Mempo/etc. They're apparently working on a Free Software fork of FSP. I wish this was a shared effort with many more free software developers, perhaps managed by FSF or Linux Foundation, not just a single OEM. More than one Linux OEM could benefit from such an effort, most of them still use COTS 100% closed-source IBVs. Can the current Intel-based solution get certified by the FSF RespectYourFreedom program? I'm not sure. Whatever happens with what they do to the FSP and Intel silicon, if the result is less secure to attackers, that'll be an issue. Many who care about personal freedom and detest blobs seem to ignore security. But Purism cares about privacy and security, so they have to try and deal with both issues. Disabling BootGuard in updated FSP may make it more configurable, but less secure, it seems. Their web site has fancy graphics and tables. I hope they create a list of FSP modifications so we can see what security holes the system may have. I like the kill switch. I'd go further: since many firmware attacks come through suspend/resume, I'd rather just disable that at the HW/FW/OS levels. I'd like to have a fully-lockable enclosure in a laptop, which can cover exposed ports, with a good quality lock, in a metal enclosure. Of course, it would't be able to make it through TSA customs, so probably not commercially viable. :-( If I worked there, I'd tone down the marketing a bit (they have blobs in their firmware, and they're based on an Intel system, they'll never satisfy some of their potential market), perhaps focus on hardware that can be built with blob-free firmware for their next model. And I'd hire LegbaCore to evaluate the hardware before they ship it, for security issues. :-) Looking forward to their next model!

On 09/14/2015 10:29 AM, oshwm wrote:

Maybe manufacturers aren't sure what they should be building in order to genuinely and honestly be able to market as 'Respects Your Privacy'. It sounds simple but when you look at the ultimate level of privacy protection then you are talking about open source hardware, software and manufacturing processes and proper auditing of all of these. For a company to manufacture and market a device under these conditions is likely to be hideously expensive and have a very small customer base who are willing to pay such a large price in cash terms. What might be a good idea is for a community such as this one to create some sort of scale which describes the methods, materials and processes to achieve some sort of scoring which would range from 'NSA Spying Device' (0 out of 10) to 'Complete Privacy Protection' (10 out of 10). This would then allow manufacturers to work to a specific score and advertise as such.

I agree, the FSF RSF program could do more to work OEMs/IHVs and get the message out about their program. But while GPL/GNU platform is nice, RMS doesn't seem to care for Open Source Hardware, just Free Software, so I'm not sure FSF RSF program can be the only source of guidance for OEMs/IHVs. FSF has nearly no specific OEM/IHV advice for "Free Hardware". Except to make it GPLv3. It seems to me that OSHWA doesn't seem to focus on firmware, nor -- it seems to me -- much for business systems. The other open hardware group also doesn't seem to doing much in this area. Today, the main org focusing on 'open hardware' for enterprise systems appears to be Open Compute Project, which is currently a UEFI-centric project. No citizen-centric, privacy+security-centric profile in OCP. I agree, FOSS OS vendors -- Linux Foundation, FreeBSD Foundation, etc. -- should offer some advise to OEMs/IHVs/IBVs as to how to build a decent Linux/BSD-friendly BIOS. Including things like "declarative ACPI", eg, no WBPT tables with Windows binaries in them, other Windows-centric ACPI tables that Linux/BSD doesn't use. The other day on a linaro or edk2 list, some engineers from Red Hat were talking about their decision for what to do with ACPI for Linux for a particular table. This should be thought out for all modern ACPI tables. As well as SecureBoot OS defaults and MSFT keys, and use of coreboot or U-Boot instead of UEFI, in some cases. A list of ARM and Intel and AMD features that can be removed or opted-out or not added, or not enabled, and what privacy/freedom and security case does it help/hinder would be nice. Requiring vendors to provide a changelog, list of all modules/payloads/drivers embedded in firmware image, along with OSCP/CRL URLs for signed code verification. Right now, most people don't know what features their firmware has. Pre-sales data technical data from OEMs/IHVs is terrible w/r/t firmware, they only cover hardware and software. What tools to include or not include in silicon/firmware, like Absolute.com's Persistence, or remote management software (including IPMI, Redfish, DASH/SMASH, etc.) Re: classifications, for UEFI, there already are 3 classes of systems, BIOS-only, hybid BIOS/UEFI, and UEFI-only. UEFI aside, there is TCG Measured Boot, Trused Boot, Solaris Verified Boot, Android Verified Boot, Chrome Verified Boot (Class A and Class B), U-Boot Verified Boot, and other security technologies. It would be nice to have some crypto research comparing the strengths of all modern secure/verified/trusted/measured/etc flavors of boots. And given how crypto is core to trust in most of these, some don't enable any way for user to verify trust, no CRL/OSCP URLs. We have to 'trust' that the firmware's CAs are not behaving like Diginotar. One consumer feature should be the ability to test all keys for validity. There are 3 NIST docs for BIOS recommendations for OEMS/IHVs/IBVs/OSVs for BIOS security: NIST SP800-147, SP800-147b, and SP800-155. NIST guidelines are rather abstract, no pragmatic best practices. The 147 Provisioning stage is something that, as I read the spec, is probably not something that most OEM systems today, especially not the 'golden master' extra level of security, which requires -- as I understand it -- full source to your firmware. There is also CommonCriteria/NSA/IAP BIOS Update Protection Profile (which no vendors meet, AFAIK). Nice read for BIOS attack model perspective. <http://www.niap-ccevs.org/pp/pp.cfm> None of the NIST/NSA docs refer to Intel CHIPSEC. UEFI Forum recommends Intel UEFI OEMs run CHIPSEC to test their systems for security. Hard to believe any enterprise sysadmins are following NIST firmware platform lifecycle model, if they don't know what tools to use. :-) Intel CHIPSEC only works on Intel systems, not x86 clones (AMD, etc.), so no similar firmware security tools for other systems. Linaro may port CHIPSEC to AArch64, they expressed an interest a few months ago, but nothing since then. And no interest, apparently, in AArch32. If no port, what other firmware vulnerability assessment tools are there? Intel CHIPSEC only works on new systems, no tests for older Intel systems. No CHIPSEC for Itanium, either. :-) Without tools that check for the latest vulnerabilities (i.e., the ones that security researchers talked about at last years' DEF CON), the systems won't be built securely. I presume we need more help from FSF, Linux Foundation, OSHWA, and other related orgs, to direct and concentrate 'crowd funding' for efforts to build new Free/Open Hardware (FOHW), like Bunnie has started doing. RMS blessed CrowdSupply as the official source of crowd funding. A baseband chip -- or some SDR equivalent -- for phones would be nice; IMO, OSMOCOMBB isn't progressing fast enough. For years, OEMs/IHVs got a lot of input from Microsoft. For each new OS release, MS had a spec for that year's Windows Desktop/Laptop PC and for the Windows Server PC. FOSS OS vendors, or other communities-of-interest (like privacy-centric cypherpunks) don't give OEMs/IHVs any advice. The Windows Hardware logo, and ability to license/sell Windows, is a great set of carrots. FOSS is free, so no license deals, but community could include a logo program with the guidelines. I'm not aware of much non-Windows advise to OEMs/IHVs like this, besides a few Linux Foundation programs (Carrier Grade Linux, etc.). And none that are updated each year with current hardware/bus/peripheral trends and updates defaults for memory or other new advise from last year (like VM advise after this year's DEF CON). Perhaps an annual award for vendors, to help motivate them, best and worst award. Bunnie wins and Lenovo loses this year, maybe Purism wins next year. As an example, the privacy-centric Italian-based group the "Winston Smith Project" has an annual award for best misuse of privacy by a vendor.

On Sun, Sep 20, 2015 at 10:54:28AM -0300, hellekin wrote:

On 09/14/2015 07:51 PM, Blibbet wrote:

...

RMS doesn't seem to care for Open Source Hardware, just Free Software

That's not true. He cares a lot. But he has a lot on his plate with free software already. The RYF program of the FSF is proof that he cares. But FSF still is a *small* organization, with a large battlefield.

Disclaimer: my other email address is @gnu.org.

Cheers, As all humans, RMS has something to be trolled about. Besides the GNU stuff, IMHO he is underestimated for GCC. Without GCC, besides linux, likely neither *BSD nor Apple would exist in its present form. <TROLL> It was fun trolling *BSD fanbois about GCC, like: Q: Dude/Chick, your BASE still infiltrated by GNU, do you ship GCC? A: Errrr, We'll switch to CLANG soon, just testing Q: What about building ALL ports/packages? A: (silence) (repeat next year). For Apple powerusers, we asked something like: how comes $grep -r __gnu_ / 2>/dev/null returns so many hits? </TROLL>

I do think RMS is complicit with the destruction of GCC though. I know his heart's in the right place about exporting the AST but it's just pushed all the exciting stuff (Rust, Emscripten, etc) to LLVM which is licensed for a tragedy of the commons. On 20 September 2015 16:31:43 IST, rysiek <rysiek@hackerspace.pl> wrote:

OHAI,

Dnia niedziela, 20 września 2015 17:46:18 Georgi Guninski pisze:

...

As all humans, RMS has something to be trolled about.

Ah, my pet peeve with RMS is his support for non-free (!) licenses on anything that is not software. Amazingly, I was able to convice him to change an -ND license to something else once, but that was... rather silly: https://stallman.org/doggerel.html#IveBeenAnsweringMyEmail

I still have not given up, though! ;)

...

Besides the GNU stuff, IMHO he is underestimated for GCC.

Absolutely.

...

Without GCC, besides linux, likely neither *BSD nor Apple would exist in its present form.

<TROLL> (...) </TROLL>

This, unfortunately, is slowly coming to an end, with llvm gaining more and more ground. I love competition, but I fear possible proprietarization of llvm and a large part of the FLOSS ecosystem: http://ebb.org/bkuhn/blog/2014/01/26/llvm.html

inb4 compiler wars

-- Pozdrawiam, Michał "rysiek" Woźniak

Zmieniam klucz GPG :: http://rys.io/pl/147 GPG Key Transition :: http://rys.io/en/147

-- Sent from my Android device with K-9 Mail. Please excuse my brevity.

I think that the best privacy respecting laptop around would be a Libreboot computer that has the camera, microphone, and harddrive physically removed and runs Tails on a DVD so that neither the operating system nor the BIOS can be altered without physical access to the computer. The version of Libreboot on the laptop must be write protected, which would mean that updates would need to be externally flashed to the BIOS chip, but this prevents any attempted BIOS alteration from happening via software. Tamper proof stickers or glitter nailpolish could be applied to detect whether the device has been opened while out of your possession. There's no way to flash the Bios chip without opening the device. Preferences and files that the user wants to keep across amnesiac sessions would be saved on a LUKS encrypted USB thumb-drive. Libreboot will soon have reproducible builds which would allow users to compare the Libreboot ROM on their device against the reproducible build of the ROM. I would suggest that all Libreboot supported motherboards should be x-rayed and the x-rays should be published online under creative commons licenses so that users could have their own motherboards x-rayed to provide some sort of hardware verifiability which is currently very much lacking. Here's more info about Libreboot, which is a Coreboot fork that takes out all of Coreboot's proprietary blobs: http://libreboot.org/faq/ Here's the Free Software Foundation's announcement that the Libreboot x200 earned their Respect Your Freedom certification https://www.fsf.org/news/libreboot-x200-laptop-now-fsf-certified-to-respect-... Laptops that run Libreboot with operating systems that don't comply with the GNU Free System Distribution Guidelines (GNU FSDG) https://www.gnu.org/distros/free-system-distribution-guidelines.html don't have FSF's RYF certification. https://www.fsf.org/resources/hw/endorsement/respects-your-freedom So until Tails creates a version that complies with the GNU FSDG or until someone creates an operating system forked of a Free Distro https://www.gnu.org/distros/free-distros.html that has all of Tails' security features included we are all stuck with having to chose between security and freedom in our operating systems. We can code our way out of this false dichotomy though, if we want it. https://labs.riseup.net/code/issues/5393 https://mailman.boum.org/pipermail/tails-dev/2015-June/009023.html https://mailman.boum.org/pipermail/tails-dev/2015-June/009024.html If you believe that the security features in Tails aren't worth the trade off of having fully free software or if you believe that Tails running as a DVD instead of a USB stick isn't necessary, it is important to also note that Libreboot's GRUB payload allows you to boot fully encrypted harddrives and USB live systems by decrypting them within the GRUB instance on your Bios chip and then booting the decrypted OS. This means that the boot sector on the operating system or USB live system can now also be fully encrypted when not in use. Does anyone on this list think that Librem+PureOS is more free & secure than Libreboot+Tails as I described it here? Peace & Blessings, Jah Love On Mon, 14 Sep 2015 18:29:07 +0100 oshwm <oshwm@openmailbox.org> wrote:

Maybe manufacturers aren't sure what they should be building in order to genuinely and honestly be able to market as 'Respects Your Privacy'. It sounds simple but when you look at the ultimate level of privacy protection then you are talking about open source hardware, software and manufacturing processes and proper auditing of all of these. For a company to manufacture and market a device under these conditions is likely to be hideously expensive and have a very small customer base who are willing to pay such a large price in cash terms. What might be a good idea is for a community such as this one to create some sort of scale which describes the methods, materials and processes to achieve some sort of scoring which would range from 'NSA Spying Device' (0 out of 10) to 'Complete Privacy Protection' (10 out of 10). This would then allow manufacturers to work to a specific score and advertise as such.

cheers, oshwm.

On 14/09/15 17:09, Blibbet wrote:

...

...

...

Librem isn't perfect, and its BIOS isn't fully free. But it's free-er than almost any other laptop being sold that's worth owning, and it even comes with a hardware switch for some key sensors. If a product markets itself as 'privacy respecting' (is the Librem *actually* marketed this way) then it had better back up it's claims. Regardless of the way the marketing team is spinning things, they supposedly have 3 firmware developers trying to make a difference. Outside Bunnie Studios, I don't know of another OEM that is trying to help with this niche market with new hardware (not including refurbished Thinkpads). So I respect that effort. Not sure they'll fully succeed in this model, but perhaps a few models later they will have some decent boxes.

It sounds like they have a source license to Intel's Firmware Support Package (FSP), and are modifying it to disable some silicon/firmware features. The results will still be closed-source.

Today, nearly all Intel systems are 100% closed-source firmware, via IBVs (Phoenix, AMI, Insyde, and OEMs). Some AMD and ARM systems could provide blob-free firmware. If used in conjunction with fully open source OS/app stack, then you might be able to trust it.

Today, I don't see how you can trust any keys/certs in any of the Trusted/Verified/Measured/etc boots, most of the solutions don't seem to have any way for the owner/user to verify, eg, no CRL/OSCP keys. My reading of NIST SP80-147's seems to imply that sysadmins need to be able to verify things, but that doesn't seem viable today.

While Purism's marketing may be a bit overboard, I'm hopeful that they're trying. Maybe their next model will use the new RISC-V Raven3 chip, with U-Boot Verified Boot, and ship with full source to CPU/firmware/enclosure, firmware, OS, and apps. To get to that point, we'll probably need to help them fund this current Intel model, to keep Purism alive....

I am not sure why they they need to create yet-another privacy-centric OS, PureOS, and focus on improving and using Qubes/TAILs/Trisqel/Mempo/etc.

They're apparently working on a Free Software fork of FSP. I wish this was a shared effort with many more free software developers, perhaps managed by FSF or Linux Foundation, not just a single OEM. More than one Linux OEM could benefit from such an effort, most of them still use COTS 100% closed-source IBVs.

Can the current Intel-based solution get certified by the FSF RespectYourFreedom program? I'm not sure.

Whatever happens with what they do to the FSP and Intel silicon, if the result is less secure to attackers, that'll be an issue. Many who care about personal freedom and detest blobs seem to ignore security. But Purism cares about privacy and security, so they have to try and deal with both issues. Disabling BootGuard in updated FSP may make it more configurable, but less secure, it seems. Their web site has fancy graphics and tables. I hope they create a list of FSP modifications so we can see what security holes the system may have.

I like the kill switch. I'd go further: since many firmware attacks come through suspend/resume, I'd rather just disable that at the HW/FW/OS levels. I'd like to have a fully-lockable enclosure in a laptop, which can cover exposed ports, with a good quality lock, in a metal enclosure. Of course, it would't be able to make it through TSA customs, so probably not commercially viable. :-(

If I worked there, I'd tone down the marketing a bit (they have blobs in their firmware, and they're based on an Intel system, they'll never satisfy some of their potential market), perhaps focus on hardware that can be built with blob-free firmware for their next model. And I'd hire LegbaCore to evaluate the hardware before they ship it, for security issues. :-)

Looking forward to their next model!