Language Selection

English French German Italian Portuguese Spanish


Syndicate content Purism
High-quality laptops that protect your freedom and privacy
Updated: 31 min 30 sec ago

Librem 5 Dogwood Update 3

Friday 10th of July 2020 05:39:49 PM

The Librem 5 Dogwood batch has finished our manufacturing and is finalizing testing and fulfillment all from Purism headquarters before shipping to those who are part of this batch.

With this launch of Dogwood, we see user-facing software improvements. One of the biggest visual differences is app thumbnails are displayed when switching between apps.

The cellular network can now be configured directly from the top drop-down menu.

On startup, you’ll be greeted with a new splash screen.

Dogwood has seen the most hardware changed of any batch. The CPU has been flipped to the opposite side of the PCB (now facing the screen). This has been instrumental to better heat dissipation as well as more reliable charging.

Dogwood PCB CPU side up

The battery shipping with dogwood is 3600mAh, roughly 80% more battery than previous batches. Combined with early kernel optimizations usage is now measured in multiple hours, and with additional kernel work will continue to see leaps forward.

A diffuser has been added between the screen and the indicator light. This makes notifications easier to notice at extreme viewing angles and overall better appearance.

The volume buttons have become a volume rocker increasing usability.

In previous versions, the headphone jack was recessed and not centered. In Dogwood it’s now flush with the top of the phone and centered in the frame.

Once we finish the verification process and ship out Dogwood, we can focus on the delivery and production of the Evergreen batch and Librem 5 USA.

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the-people stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } }

The post Librem 5 Dogwood Update 3 appeared first on Purism.

Mobile App Stores and the Power of Incentives

Thursday 9th of July 2020 09:23:24 PM

Recently I was reading an article on Vox by Sara Morrison that explained how some of the hidden trackers in modern smartphones work and how they are used to capture and sell your data. This article was written in the context of the growing awareness of location data tracking in smartphones as that data has been used to map COVID-19 responses by the public:

In the earlier days of the coronavirus pandemic, an animated map from a company called Tectonix went viral. It showed spring breakers leaving a Florida beach to return to their homes across the US, as a series of tiny orange dots congregating on a beach in early March scattered across the country over the following two weeks.

“It becomes clear just how massive the potential impact of just one single beach gathering can have in spreading this virus across our nation,” the video’s narrator said. “The data tells the stories we just can’t see.”

But there was another story there that most of us can’t see: how trackers hidden in smartphone apps are the source of incredible amounts of specific data about us, much of which gets sent to companies you’ve never heard of. This has been going on for years and is an essential part of the mobile app economy. But it took the Covid-19 pandemic to bring some of these companies, and what they’re capable of, to the forefront.

The whole article is a fascinating read and I recommend checking it out, but I wanted to spend some time in this article talking about a sentence that jumped out at me in the above quote:

This has been going on for years and is an essential part of the mobile app economy.

The Power of Incentives

If you want to understand how a system works and especially if you want to change how a system works, look to the incentives. Human behavior is driven by a series of rewards and punishments, carrots and sticks, and the same holds true for business. While you can certainly look to regulations or user education to change behavior, ultimately those measures just factor in to the risk/reward calculations a business or user takes.

For instance, delivery drivers in big cities routinely flout parking regulations. Why would they do that when it’s against the law and can cause a fine? Enforcement isn’t guaranteed (you only get fined if you get caught) and the added cost of complying with the law is much greater than the cost of the occasional ticket.

This means if you want to change how businesses treat privacy, you have to change the incentives that drive them. Applied to the mobile app ecosystem, even with privacy regulation, privacy settings, and user prompts, companies will weigh the risks and costs of getting caught against the reward of capturing and selling user data and as long as the reward is enough, many will take the risk.

The Most Powerful Incentive: Money

The fact is, the current app ecosystem on Android and iOS is designed to facilitate the collection and selling of user data. Every incentive points a developer in this direction. This ecosystem is full of free (as in cost) but proprietary software that makes money either by showing you targeted third party ads (customized based on your shared personal data) or by collecting and selling your data to third parties to add to their own databases. In particular with Android the (free to vendors) OS itself along with the complete Google software suite (which vendors are required to install to be part of the ecosystem) are also funded by collecting and selling user data.

Users also find money to be a powerful incentive. When browsing through the hundred different apps that all perform the same function, there is a strong incentive to pick the free app with ads over the $1.99 one, even if the free app might capture your data (after all, there’s no guarantee the $1.99 app won’t too). Of course, since the applications are almost universally proprietary software, you can’t really know for sure what data they collect, only whether they ask for permission.

The Second Most Powerful Incentive: Laziness

The path of least resistance provides a powerful incentive. User interface designers understand the power of defaults and the same goes for software development. The above Vox article goes into quite a bit of detail on the various Software Development Kits (SDKs) that companies have provided to make it easy to develop mobile apps. Most applications have a common set of features, and using an existing SDK means you don’t have to reinvent the wheel.

Of course these SDKs also make spying on users the path of least resistance, as it’s much easier to just request full permissions for your app on a user’s phone than it is to start with no permissions and figure out which ones you truly need. Why does a flashlight app need access to your location and contact list? Since so many applications are designed with selling user data in mind, even a well-meaning, ethical, privacy-conscious developer might find it hard to identify and remove all third party tracking if they base their application on existing examples and popular SDKs.

Users also find laziness to be a powerful incentive. Many application developers take advantage of this by requiring users to opt-out of tracking, often via hard-to-find settings buried deep within the application. Many if not most users don’t bother to tweak their privacy settings, and many companies share your data without your consent.

Fixing the Incentives

A large part of our work at Purism is focused on creating a healthy, ethical, privacy-preserving alternative to the current mobile app ecosystem. This is one of many reasons why the Librem 5 doesn’t run Android nor iOS but instead runs PureOS–the same secure, privacy-preserving, Free Software Foundation-endorsed operating system that we use on our Librem Laptops and Librem Mini.

While users are free to install any third-party applications they want, applications in our PureOS Store must be free software and protect user privacy. As Purism’s founder and CEO Todd Weaver says: “Every line of code is a moral decision.” Making privacy and free software a default changes the incentives to encourage ethical behavior by developers. It’s much harder to hide tracking features in your application if anyone can inspect the code and create a version that removes those features.

Todd testifying to California Assembly

Purism is also working to change incentives through targeted regulation. Requiring applications to make tracking “opt-in” instead of “opt-out” would go a long way toward protecting privacy by default. Purism is part of a group of organizations including the EFF and DuckDuckGo who have asked the California legislature to require companies to get consent before using user data.

Of course, the strongest way to change the current app ecosystem is by changing the financial incentive. That’s where you come in. Each technology choice you make is a vote for the future you want to see. Voting with your dollar to support companies like Purism that are building hardware and software that protect your privacy sends a message to other companies that privacy matters to you and if they want you as a customer, it should matter to them too.

The post Mobile App Stores and the Power of Incentives appeared first on Purism.

Librem 14 Launch FAQ

Tuesday 7th of July 2020 09:45:36 AM

There has been a lot of excitement ever since we announced the Librem 14 last week. There has also been quite a few questions. In this post we’ll go through some of the most Frequently Asked Questions for those of you still deciding whether to pre-order and take advantage of our $300 off sale:

Q: When will the Librem 14 ship?
Early Q4 2020

Q: How long will the sale continue? Are there coupon codes?
A: We haven’t set an official date yet, but will make an announcement on social media and on this site at least a few days before the sale ends. The discount is automatically applied at the shop while the sale is active, no coupon codes are necessary.

Q: How many RAM slots are there?
A: Two. There is a small chance during final mechanical design testing that we have to drop back to one, but we are confident from our early MD testing it will work so are offering two RAM slots, up to 64GB of RAM.

Q: What about international keyboard layouts?
A: At the moment we will only be providing the Librem 14 with the current keyboard layout. We might consider other keyboard layouts at some point in the future if there is sufficient demand to justify keeping a large number of that layout in stock.

Q: What is the screen brightness? How far can you open the screen lid?
A: The screen brightness is 300 cd/m2 and you can open the screen lid almost 180°.

Q: What are the video out options? What about Thunderbolt?
A: The Librem 14 will be able to drive up to two 4k displays using the HDMI2 port and the USB-C port. The USB-C port will have power delivery and DisplayPort support but will not be a Thunderbolt port.

Q: What is replaceable?
A: Like with previous Librem laptops, the RAM, disk, WiFi module and battery are replaceable. The WiFi module is the same one we’ve used in past laptops.

Q: Will there be other CPU options (such as cheaper, less powerful i5 CPUs) for the Librem 14?
A: All Librem 14s will use the i7 10710U CPU.

Q: Does each M.2 socket have its own x4 PCIe-3.0 connection?
A: Yes!

Q: Will Coreboot, PureBoot and the Librem Key work on the Librem 14 like on the Librem 13 and 15?
A: Yes.

Q: What about my very specific question about other specifications?
A: We are working to squeeze as much power and as many features as we can into the Librem 14. We will provide more detailed specifications on anything we haven’t yet put on the Librem 14 product page as final specifications are confirmed.

The post Librem 14 Launch FAQ appeared first on Purism.

Getting Started with the Librem Mini

Monday 6th of July 2020 11:36:38 PM

With the Librem Mini shipping, we put together this short quickstart guide so you can know your hardware before it arrives. Dive into how the Librem Mini protects your digital freedom as well as look at the technical specs here.

In the box, you should expect to see the Mini itself, as well as a power adapter. All of which are covered by a one-year warranty. Enjoy the peace of mind that comes from expert support staff ready to ensure your Mini runs well. PureBoot

For those that need a tamper-evident way to power-on their Mini, the PureBoot bundle secures your freedom and boot process. In addition to the Mini and power adapter, you’ll receive a Librem Key and a Librem Vault.

If you’re still thinking about buying a Librem Mini, take a look at what you can do with the hardware and order your Librem Mini now.

The post Getting Started with the Librem Mini appeared first on Purism.

Librem Mini Shipping with Active Cooling

Friday 3rd of July 2020 05:44:07 PM

There’s nothing like making a public announcement to ensure that a situation will change. That’s certainly been true in the case of our Librem Mini. Just over a week ago we announced the Librem Mini was ready to ship and highlighted one issue we intended to solve with a future software update:

If you ordered a Librem Mini, you will receive an email confirming your order status and shipping information. As with any newly brought to market product, the Librem Mini running PureOS will have software updates to apply as we continue to refine the firmware. One forthcoming software update that we want to bring to your attention concerns the fan speed control, as currently the CPU is passively cooled and may throttle down under heavy load. Full active cooling will be coming in a firmware update so we highly recommend following our published announcements. If you are uncomfortable with applying a firmware update using our coreboot firmware update tool, you also have the option for Purism to hold the order until we release that software update. If you desire that, let us know when we contact you to confirm shipping information, otherwise you will be enjoying your Librem Mini soon!

Well it turns out that while we were contacting all of the Mini customers to determine whether they wanted their Mini immediately, or whether they wanted to wait for a firmware update, we resolved the fan speed control issue! As we ship out all of the Librem Mini orders, they will all have fully-updated firmware and active cooling.

Thank you everyone for your patience and if you were waiting for active cooling to place your own Librem Mini order, order now!

The post Librem Mini Shipping with Active Cooling appeared first on Purism.

Librem 14 Thoughts From a Librem 13 Early Adopter

Thursday 2nd of July 2020 07:54:33 PM

I’ve been involved with Purism in one way or another since almost the beginning. Originally I found out about Purism and Todd back in 2014 before the end of the original Librem 15 crowdfunding campaign when I reviewed the Librem 15 prototype for Linux Journal Magazine. While the Librem 15 was far too big for my tastes, I was really impressed with Todd and his mission and started helping out a bit behind the scenes with advice (and later on, with early PureOS install tools). When the original Librem 13 campaign was announced, I immediately asked to review it for Linux Journal as it was right up my alley in terms of form factor. My Linux Journal review summed up my feelings pretty well:

I want one. Maybe I’ve just spent too long on older hardware but it’s nice to be able to use a laptop with modern specs without having to compromise on my Open Source and privacy ideals. The Librem 15 was definitely too big for me but while the Librem 13 is bigger than most of my personal laptops, it’s about the same size as a modern Thinkpad X series (but thinner and lighter). I’m more than willing to add an inch or so to the width in exchange for such a nice, large, high-res screen. Even though my X200 is technically smaller, it’s definitely heavier and just feels clunkier.

I ended up backing the crowdfunding campaign. The Librem 13v1 I got in 2015 was actually also one of the first prototypes for our anti-interdiction service, with hand-written custom text over stickers covering the plastic around the laptop and with pictures of that and the motherboard sent to me out of band. One interesting thing about the Librem 13v1 was what an improvement it already was over the Librem 15v1 I had reviewed only about six months before. It had the darker anodized finish that we now associate with Librem laptops and in my opinion had even better build quality than the Librem 15v1. It was also different from more recent Librem 13 revisions: it had hardware kill switches on the display hinge instead of the side, and it had a pop-down RJ45 jack with a Gigabit network card.

Early Librem 13 kill switch prototype

Five years later, that Librem 13v1 is still serving as my personal laptop and is still running strong although I did invest in a RAM upgrade a year or so back to better handle recent RAM-hungry QubesOS upgrades.

Librem 13 Generations

Now that I work at Purism, I’ve used just about every generation of Librem 13 laptop either as a lab device or as my own work laptop. Each Librem 13 generation added improvements and refinements such as upgrading the CPU, moving the hardware kill switch to the side of the laptop, integrating a TPM chip by default for PureBoot and replacing the RJ45 jack with a USB-C port.

Of course most of the changes to the Librem 13 were incremental. The overall appearance of the laptop has been the same throughout the generations like you might expect–why reinvent the wheel with each revision? Yet sometimes it does pay to revisit a design and start fresh. Planning for the Librem 14 allowed us the opportunity to start from scratch and design a “dream laptop” based on our own wishlist combined with the wishlists you have given us over the years. This dream laptop is precisely what we built with the Librem 14.

Introducing the Librem 14

There are many things about the Librem 14 that remind me of the first generation of the Librem 13. By popular demand we have brought back the gigabit Ethernet card with an integrated RJ45 jack. Even though I use wireless networking as well, whenever I need to backup my laptop I always plug it directly into my local gigabit network. And as someone who recently got gigabit Internet access, I have even more reasons to connect to a physical cable.

We added the RJ45 port while retaining the existing HDMI, USB-A ports and USB-C ports, but in the case of the USB-C port, it now supports video out as well as power delivery so I can either charge it with the same standard barrel connector I use for the rest of my Librem laptops, or use a USB-C charger.

Kill Switches Are Back On Top

After we moved the hardware kill switches to the side of the laptop, we heard from a number of you that you preferred the kill switches on the laptop hinge. For some this was because it was easier to see the state of the kill switches without having to bend your head over to the side of the laptop. Others commented that sometimes they’d accidentally flip a kill switch when inserting the laptop into a backpack or sleeve.

Regardless of the reason, we hear you and we’ve moved kill switches for the Librem 14 back on top so you can easily see the state of your webcam/microphone and WiFi devices at a glance and know that they will retain their state when you put the laptop away.

14″ Screen in a 13″ Footprint

Laptop footprint is very important to me. I’ve owned ultraportable laptops like the Toshiba Libretto 50CT and the Fujitsu P2110, and a 13″ laptop is right at the upper end of what I personally consider “portable” and a “laptop” (although of course tastes and lap sizes vary). As we worked on the design for the successor to the current generation of the Librem 13, one of the things that came up was screen size. I personally would not have been in favor of increasing the Librem 13 footprint to accommodate a 14″ screen, but current advances in laptop design meant we were able to squeeze a larger screen in the same footprint by reducing the size of the bezel. A win for everyone.

Seriously? Six Cores in a Laptop?

I admit that personally, the new i7-10710U CPU is what I’m most excited about with the Librem 14. While some desktop use cases may not necessarily take advantage of parallelization, I use QubesOS (a high security OS that makes heavy use of virtual machines to isolate applications from each other) as my primary OS both personally and professionally. While Qubes still runs fine on my five-year-old personal Librem 13v1, and also runs well on the Librem 13v4 I use for work, using Qubes means you might end up running four to six (or more) web browsers at the same time, each isolated into their own virtual machine. Modern, bloated web applications spread across multiple browsers with virtualization overhead can take a toll as they share time on a 2-core CPU so I’m looking forward to seeing how Qubes performs when each browser can have a core of its own.

Stay Tuned

We are all very excited about the Librem 14 and have so much more we want to share with you about it. Over the coming weeks we will be publishing more information about specific features in the laptop (along with some surprise features we haven’t announced yet!) so watch our site for more information. Do take advantage of the early-bird pricing for the Librem 14 while it lasts and pre-order now!

The post Librem 14 Thoughts From a Librem 13 Early Adopter appeared first on Purism.

Purism Launches Librem 14, Successor to Security-focused Librem 13 Product Line

Thursday 2nd of July 2020 08:00:21 AM

SAN FRANCISCO, July 2, 2020 — Purism, a security-first hardware and software maker, has launched the Librem 14 laptop for pre-order, the successor to its popular Librem 13 laptop line. The Librem 14 was designed based on Purism’s experience with four generations of Librem 13 laptops along with customer feedback. It retains popular security features such as hardware kill switches to disable the webcam/microphone and WiFi and supports PureBoot, Purism’s high security boot firmware. The laptop comes preloaded with PureOS–Purism’s operating system endorsed by the Free Software Foundation.

The most distinctive feature of the Librem 14 is the new 14″ 1080p IPS matte display which, due to the smaller bezel, fits within the same footprint as the Librem 13. Other upgrades and improvements include:

  • Intel Core i7-10710U CPU with 6 cores, 12 threads
  • Gigabit ethernet card with built-in RJ45 connector is back by popular demand
  • Support for two external monitors via HDMI and USB-C
  • USB-C power delivery in addition to the standard barrel connector

Customers also have the option of leveraging Purism’s anti-interdiction services for added security in transit to verify hardware has not been tampered with during shipment.

“I am beyond excited to see the Librem laptop journey arrive at the build quality and specifications in the Librem 14. This fifth version of our line is the culmination of our dream device rolled into a powerful professional laptop. We have invested heavily so every customer will be proud to carry our laptops, and the Librem 14 will be the best one yet.” — Todd Weaver, CEO and founder of Purism.

The Librem 14 is available for pre-order now with an “early bird” base price of $1199 and will ship in early Q4 2020. For more details on pricing and hardware specifications for Librem 14 visit

The post Purism Launches Librem 14, Successor to Security-focused Librem 13 Product Line appeared first on Purism.

Librem 5 May 2020 Software Development Update

Monday 29th of June 2020 05:01:48 PM
Librem 5 May 2020 Software Development Update

This is another incarnation of the software development progress for the Librem 5. This time for May 2020 (weeks 19-22). Some items are covered in more detail in separate blog posts at The idea of this summary is so you can have a closer look at the coding and design side of things. It also shows how much we’re standing on the shoulders of giants reusing existing software and how contributions are flowing back and forth between upstream and downstream projects. This quickly gets interesting since we’re upstream for some projects (e.g. Calls, Phosh, Chatty) and downstream for others (e.g Debian, kernel, GNOME). So these reports are usually rather link heavy pointing to individual merge requests on or to the upstream side (like e.g. GNOME’s gitlab).

Adaptive Apps

This section features improvements on adaptive apps, GTK, and underlying GTK based widget libraries like libhandy:

Short and instant messaging

Chats (aka Chatty) handles SMS and instant messaging via XMPP. It has experimental support for various other formats via libpurple. Cleanups and bug fixes continued during May:

  • Introduce a ChattyMessage class to handle different message types consistently: chatty!326
  • Cleanup ChattyConversations: chatty!332
  • Emit ‘avatar-changed’ if associated buddy avatar changes to handle avatar updates: chatty!333
  • Utils: Format time as per the current user settings: chatty!334
  • API to get and/set encryption and use it to simplify encryption handling: chatty!335
  • Window: Fix selection flicker when chat is updated: chatty!336
  • List-row: Limit message preview to a single line: chatty!338
  • Window: Set selected flag for row only if not folded: chatty!339
  • Chat: Strip client information from get_name(): chatty!340
  • Use ChattyAvatar in main window headerbar and user info dialog: chatty!341
  • pp-buddy: Avoid updating avatar often: chatty!342
  • Silence compiler warnings: chatty!343
  • Tests: Don’t set MALLOC_PERTURB_: chatty!346
  • Window: Show an error dialog if creating SMS with modem missing: chatty!347
  • pp-account: Use purple_core_get_ui() to get ui string: chatty!348
  • Fix various memory leaks: chatty!350 chatty!372
  • Manager: Make sure the user sees errors right away: chatty!353
  • Different UI fixes crammed into one merge request: chatty!354
  • New-chat-dialog: Reset search text when showing dialog: chatty!356
  • New chat dialogs: Handle pressing ‘Enter’: chatty!357
  • Don’t allow messages rows to get the focus. This eases keyboard navigation: chatty!361
  • Use GObject properties and signals more: chatty!374
  • Settings-dialog: Call idle users that (not offline): chatty!375
  • Use GAppliation more. This makes chatty more a regular GTK+ application: chatty!376
Lurch plugin

The lurch plugin is responsible for OMEMO encryption within libpurple:

  • Notify user when a message can’t be decrypted instead of silently dropping it: lurch!5
  • Unbreak the build and run tests during the build: lurch!6
Phone Calls

Calls (the app handling phone calls) now shows notifications on missed calls and emits haptic feedback and saw a long list of translation updates (fa, sv, uk, it, ro, fr, pt_br, jp , thanks Danial Behzadi, Anders Jonsson, Yuri Chornoivan, Antonio Pandolfo, Daniel Șerbănescu, Valéry Febvre, Rafael Fontenelle and Scott Anecito) but there were other small improvements:

  • Build calls against Debian bullseye to make it future proof: calls!112
  • add gbp.conf to make releasing less error-prone: calls!121
  • po: Update po file list and make sure fail CI if we forget to do so in the future: chatty!345
  • Skip i18n for plugins: calls!132
  • Stop busywork for translators: calls!133
Compositor and Shell

This section highlights progress in Librem 5’s GTK based graphical shell name Phosh and its wlroots based compositor Phoc:

  • Blank the display on idle: phosh!300. This finally glues the wlr-output-power-management protocol and GNOME Settings daemon’s power plugin together and can be seen in here.
  • Translations were updated for uk and zh_TW – thanks YuriChornoivan and Yi-Jyun Pan!
  • Phosh now triggers more haptic feedback e.g. on button release and when selecting an activity from the overview
  • We fixed way too early unblank: phoc!151
  • Nícolas F. R. A. Prado fixed compilation with -Wswitch: phoc!148
  • Phoc now automatically enables new outputs to make them ‘plug and play’ again: phoc!152 (diffs)
  • We made test execution in CI more robust to not frustrate developers: phoc!149
On-Screen Keyboard Gnome Control Center (Settings) / GNOME Settings daemon

Sadiq enhanced several panels upstream:


Feedbackd is responsible for haptic, audio (and later) LED-based feedback:

  • Feedbackd now picks up the configured sound theme: feedbackd!18
  • Feedback is now ended/canceled when invoking lfb_uninit: feedbackd!19 This makes sure feedbacks are stopped when an app quits
  • Rasmus Thomsen fixed a compile race that could lead to build failures: feedbackd!15
Linux Kernel

The process of upstreaming our Linux kernel work progress is covered in a separate report. The current one is for Linux 5.7 so this is mostly about downstream improvements:


These were the releases during May for projects we’re upstream:


If you made it down here and want to start contributing join us on matrix. We certainly welcome patches and issue comments on If you want to grab an issue and can’t think of a particular problem, check the easy and help wanted tags in our GitLab instance. See you next month.

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the-people stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now


The post Librem 5 May 2020 Software Development Update appeared first on Purism.

Librem Mini is Shipping

Tuesday 23rd of June 2020 04:25:14 PM
The Librem Mini is Shipping!

We were excited to see so much interest from the community in our Librem Mini pre-order campaign and we hit our initial goals within only three weeks. Since then we’ve been testing hardware and porting coreboot over and now we are ready to start shipping Librem Mini pre-orders to customers.

As you may know the Librem Mini is revolutionary in that it supports Purism’s PureBoot out-of-the-box in addition to our default coreboot firmware and can work with the Librem Key for ultimate security. It is the ideal home server or secure workstation, and is fully backed by the support of Purism.

If you ordered a Librem Mini, you will receive an email confirming your order status and shipping information. As with any newly brought to market product, the Librem Mini running PureOS will have software updates to apply as we continue to refine the firmware. One forthcoming software update that we want to bring to your attention concerns the fan speed control, as currently the CPU is passively cooled and may throttle down under heavy load. Full active cooling will be coming in a firmware update so we highly recommend following our published announcements. If you are uncomfortable with applying a firmware update using our coreboot firmware update tool, you also have the option for Purism to hold the order until we release that software update. If you desire that, let us know when we contact you to confirm shipping information, otherwise you will be enjoying your Librem Mini soon!

If you were waiting until the shipping announcement to place your order, now’s the time! Click here to order your Librem Mini, to be shipped within approximately 10 business days.

The post Librem Mini is Shipping appeared first on Purism.

PureBoot Bundle

Thursday 18th of June 2020 05:06:19 PM

Secure boot was one answer to preventing and detecting tampering on your computer. This specification has plagued Linux users for years and is only now supported in some distros of GNU/Linux. At Purism, we took a different approach while still securing the boot process. PureBoot is the result of building on top of free software tools with the goal of a good security story that respects your rights.

PureBoot uses common cryptography tools that allow users to self-sign their own OS, instead of having to pay a 3rd party to create those keys, a user can generate them on their own computer and back them up as the user sees fit.

We dive into PureBoot in detail in our documentation and blogpost. If this is the kind of development you want to see happen, take a look at our shop. Our products set a new kind of bar for what we expect our electronics should and shouldn’t do.

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the-people stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

The post PureBoot Bundle appeared first on Purism.

Librem 5 Dogwood Update 2

Wednesday 10th of June 2020 05:48:04 PM

When we wrote our last Dogwood update, we were nearing the end of the testing process:

At this point we have successfully verified almost all of the components with only a handful left to go and we feel we are pretty close to being able to greenlight the remaining Dogwood PCB production within a week so we can start shipping a few weeks after that.

“Almost all” turned out to be a key phrase. Since that post, we discovered a new antenna issue outside of the GNSS one we reported before, along with a microphone regression (in both cases something we weren’t expecting, but that were related to the new PCB design). This set us back a couple of weeks as we dove into troubleshooting these unexpected issues. Now though, we have firm ship dates. We will manufacture all Dogwood phones this week and next, begin individual order packaging and fulfillment immediately with first shipments going out the first week of July.

What about Evergreen and Librem 5 USA?

As far as Evergreen and Librem 5 USA shipping dates go, while there are parts of that process that are running in parallel to Dogwood, there are other parts (such as moulds and FCC/CE testing on the final mass-produced PCB) which must wait until after the final Dogwood phones have arrived and have been thoroughly evaluated. Before we commit to a revised shipping date for Evergreen and Librem 5 USA, we’d like a few more weeks to complete the evaluation of the final Dogwood phones.


The post Librem 5 Dogwood Update 2 appeared first on Purism.

Librem Mini Update: Hardware is Here, Finishing Coreboot

Monday 8th of June 2020 06:50:11 PM

In our last Librem Mini Update we mentioned that the hardware should be arriving around the end of May and we’re happy to announce that our estimates were mostly on track: we received the first Librem Mini batch a bit over a week ago!

In parallel we have been working hard to port coreboot to the Librem Mini like we’ve done with the Librem 13, Librem 15, and Librem Server. We were hoping the timing would work out so that we would be done before the hardware arrived or at least within a few days of the arrival. Unfortunately we need a little more time to finish the firmware and right now we are just waiting to complete the porting process.

Once coreboot is done we will be able to start shipping to all of our backers immediately. We’ll continue to keep you posted on our progress including when we will start shipping, which will hopefully be very soon. We are really excited about the Librem Mini so expect to see more posts on the potential of this hardware in the coming weeks.

The post Librem Mini Update: Hardware is Here, Finishing Coreboot appeared first on Purism.

Taking the Sting out of Stingray

Wednesday 3rd of June 2020 07:00:41 PM

The recent announcement that the DEA (Drug Enforcement Agency) was authorized to conduct covert surveillance on protestors got me thinking about how one could protect oneself against that kind of mass surveillance both in general and specifically in the context of attending or documenting (or just being near) a protest. It made me particularly thankful that we designed the Librem 5 to have a cellular hardware kill switch and in this post I’m going to give a quick overview of Stingray technology, the implications of its use at a protest, how the use of aerial stingrays (aka “dirtboxes”) extends its mass-surveillance capabilities, and how the Librem 5’s hardware kill switches give you control over where, when and how you are surveilled.

Our customers are from all walks of life and as such face a wide range of threats ranging from every-day risks from using the Internet all the way to customers concerned about nation state actors. We develop our security measures with all this in mind and try to strike the right balance between strong security (like our anti-interdiction services and PureBoot) and convenience (hardware kill switches). We also believe strongly that the customer, not us nor anyone else, should be in control of their computers and in control of their privacy, and this along with our commitment to Free Software guides all of our design decisions.

Your phone is the most personal of your personal computers and contains sensitive files like photos, videos, contact lists and message logs. It is also packed full of sensors that are incredibly useful when used for your benefit, but incredibly damaging to your privacy when used against you. This risk is why we not only included hardware kill switches in the Librem 5 to disable the cellular modem, WiFi/Bluetooth, and the cameras and microphone, we added the ability to combine all the hardware kill switches to enter “lockdown mode” and disable all of the remaining sensors. This article on lockdown mode elaborates on the potential threats with the sensors on a phone and describes how lockdown mode can help.

This past week has seen nationwide protests in the United States over the death of George Floyd and along with it, state and federal responses. One of the more concerning developments from a privacy perspective came on June 2nd when it was reported by BuzzFeed News that the DEA (Drug Enforcement Agency) had been authorized to extend their traditional jurisdiction over drug enforcement to “conduct covert surveillance” on people participating in protests. There is speculation that this includes the use of aerial Stingray technology (known as “dirtboxes”) that extends the surveillance power of a traditional Stingray device housed inside of a van to the range of an aircraft to identify which phones (and therefore which people) attended a protest, potentially city-wide.

What’s a Stingray?

A Stingray (or IMSI catcher or cell site simulator) is essentially a cellular man-in-the-middle device that allows the attacker to identify all of the phones in the area around the Stingray. The device is often used by the DEA to track an individual who is under surveillance. Of course Stingray use isn’t limited to the DEA and the ACLU maintains a list of states and departments who own the technology. The EFF has a great guide that describes Stingrays in more detail, but in summary Stingrays work by pretending to be a cellular tower. Phones are designed to connect to the cellular tower with the strongest signal, so when a Stingray is near, all of the phones within its range automatically connect to it and the Stingray then forwards on their connection to the real cellular tower. Each phone has a unique set of identifiers including an IMEI number that identifies that specific phone hardware and an IMSI number that identifies the SIM card (the specific cellular plan including phone number) and this is how the Stingray can tell who it is monitoring.

To surveil a particular suspect, Stingrays are used inside of a van that drives around an area and by measuring the changing signal strength of the suspect as they drive around, they are able to pinpoint their location with much more accuracy than they can get strictly from pulling location information from a cellular provider.

A Wired article on the subject of Stingrays and dirtboxes describes it this way:

Stingrays are often deployed by law enforcement from cars and vans. By driving the stingray around in a vehicle and gathering a wireless device’s signal strength from various locations in a neighborhood, authorities can pinpoint where the device is being used with much more precision than they can get through data obtained from a mobile network provider’s fixed tower location. The tools can pinpoint a phone’s location down to an apartment building or complex. At that point agents can switch to a handheld device that operates in the same way but lets them move inside to determine the exact apartment or office location of the targeted phone.

Of course Stingrays aren’t selective in terms of who connects. It forces all phones in the area to connect so their use becomes a dragnet that sweeps up everyone else in the area. This would make them particularly effective as a way to monitor protests as they can capture information about all of the protestors who are within range of the device. Indeed there is evidence that the Chicago Police Department used a Stingray to monitor protestors, in particular a protest organizer, during the 2014 protests of the Ferguson grand jury decision.

This week’s story that the DEA has been authorized to conduct covert surveillance of protestors, likely with dirtboxes, extends the power and range of the traditional Stingray in a van to surveil a few city blocks to the ability to surveil a whole city from the air. This means that not only can they track all of the people who attend a protest, they can track all of the people who break curfew orders and along with them any essential workers or other bystanders who happen to be walking home.

Snitches Get Switches

There are a number of countermeasures against Stingray surveillance ranging from putting the phone in a pouch that acts as Faraday cage, to attending protests with a burner phone or SIM. Each of these approaches presents their own issues, especially given that in a protest phones are often used to document violence whether from looters or law enforcement.

With the Librem 5 hardware kill switches, you have a convenient way to shut down the cellular modem completely and quickly, yet retain the ability to use the rest of the phone as normal. If you are documenting a protest this means you can safely record video to upload at a later time, or even leave the WiFi on and stream video over local wireless access points while still not being tracked by mass surveillance. If you are walking home from work you can flip the cellular switch off and still listen to music on the walk home on a Bluetooth headset. In the event you need to make an emergency call where you are willing to be tracked, you can always flip the switch back on and quickly reconnect to the cellular network.

What About Airplane Mode?

Another option in place on all modern phones is the ability to enter airplane mode. With airplane mode the OS asks the cellular modem and WiFi card to power themselves off. While this, in theory, would prevent that phone from being tracked with a Stingray, it’s not without its risks. The first risk is that this approach depends on software, not hardware, to succeed. The cellular modem could, in theory, simply ignore the request. A compromised OS could also pretend to enter airplane mode without sending any signals to the hardware. Also while on some phones the cellular modem and the CPU are on different chips, on many phones the cellular modem is integrated and is always on, even if it’s not necessarily transmitting. The second risk is related to convenience. Many phones do allow you to enter airplane mode from the lock screen but that doesn’t necessarily extend to other sensors like the GPS. Being able to disable the cellular modem with a switch (or all sensors when triggering lockdown mode with all switches) allows you to trigger it without looking, even when the phone is still in your pocket.

Take Control of Your Surveillance

At Purism we think that you should be in control of your computer and in control of your privacy. You should have control over where and when you are tracked. By adding convenient security features like hardware kill switches into our Librem laptops and the Librem 5 phone we ensure that the control over whether your cameras or microphones are recording or whether your WiFi, Bluetooth or cellular modems are broadcasting is completely in your hands.

Preorder now

The post Taking the Sting out of Stingray appeared first on Purism.

Librem 5 Timeline Recap

Wednesday 27th of May 2020 07:26:21 PM

Now is a great time to say “Thank you” to all our supporters, as you will see from the timeline recap video, it takes an immense amount of dedication and support to accomplish great things.

Purism has since 2014 been dedicated to bringing the world new kinds of devices, in 2017 Purism started on the long journey of building a mobile phone hardware with accompanying software, this is the timeline of the Librem 5 journey. The Librem 5 has a built-in ecosystem that corrects the issues that have cropped up in other platforms. We want to build secure products that protect your digital privacy without you needing to change a single setting.

Keep in mind that hardware is hard, changing the world for the better is arduous, and that it takes an entire team of dedicated experts working with a supportive community who persevere through many obstacles to create innovative and unique products. This timeline attempts to enshrine both how difficult the challenge is to make a secure phone from scratch, write a mobile operating system that can run on a laptop, desktop, or mobile device. All of that while maintaining a firm idealistic approach to user freedom, privacy, and security.

Our blogs make a pretty good timeline on their own, and Caliga in our forum has even collected all of the relevant blog entries here.

High-level Timeline Summy

Progress on upstreaming the kernel code is very noticeable when you compare how many lines of code we still change vs where we started. Back in 2017 we needed to add around 102,298 lines to 1,447 files for Linux version 4.18. That number has dropped to around 40,024 lines added to 156 files. As we continue to work in the open and with the community, this number will keep falling.

More recent progress is showcased on our blog. You can also register here to follow along.

Discover the Librem 5

Purism believes building the Librem 5 is just one step on the road to launching a digital rights movement, where we—the-people stand up for our digital rights, where we place the control of your data and your family’s data back where it belongs: in your own hands.

Preorder now

.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } }

The post Librem 5 Timeline Recap appeared first on Purism.

Librem 5 April 2020 Software Development Update

Tuesday 26th of May 2020 10:38:32 AM

This is another incarnation of the software development progress for the Librem 5. This time for April 2020 (weeks 14-18). Some items are covered in more detail in separate blog posts at The idea of this summaries is so you can have a closer look at the coding and design side of things. It also shows how much we’re standing on the shoulders of giants reusing existing software and how contributions are flowing back and forth. So these reports are usually rather link heavy pointing to individual merge requests on or to the upstream side (like e.g. GNOME’s gitlab.)

Short and instant messaging

Chats (aka Chatty) handles SMS and instant messaging via XMPP. It has experimental support for various other formats via libpurple.

  • Arnaudd Ferraris fixed a bug where new SMS wasn’t shown: chatty!331
  • Internal refactoring by Sadiq continued
    • Add chat-view: chatty!310
    • Muc-info-dialog: Move invite code from chatty-conversation: chatty!312
    • Conversation: Simplify getting colors: chatty!313
    • Muc-info-dialog: Use ListBox to list users: chatty!314
    • Window: Simplify creating new chat dialog: chatty!315
    • Drop some unused code and functions: chatty!316
    • Add message-row and use it: chatty!317
    • Remove libfolks and libgee dependency: chatty!318
    • Avatar: Fix typo in property name: chatty!319
    • Add chatty message and use it: chatty!326
    • Move some error dialogs to the application class: chatty!327
    • Move more purple code to manager: chatty!328
    • Manager: Fix a (so far dysfunctional) check: chatty!329
    • Info-dialogs: Use chatty-chat to populate data: chatty!330
Lurch plugin

The lurch plugin is responsible for OMEMO encryption within libpurple:

.wp-caption { width 100% !important; }
.wp-caption img {
margin: 0 auto !important;
max-width: 500px !important;
.column-6:after { content: ""; min-height: 225px; /* padding-bottom: 30%; */ display: block; } .column-6 img { bottom: -0px; } @media only screen and (min-width: 600px) { .column-6:after { display: none; } .column-6 img { bottom: 0px; } } Phone Calls

Calls (the app handling phone calls) can now be translated via the GNOME infrastructure thanks to Claude Paroz: calls!110. This prompted a Persian translation by Danial Behzadi.

Compositor and Shell

This section highlights progress in Librem 5’s GTK based graphical shell name phosh and its wlroots based compositor phoc:

  • Thanks to Claude Paroz Phosh’s translations moved to the GNOME infrastructure: phosh!487
  • Use a symbolic icon for the PolicyKit authentication prompt: phosh!485
  • There’s a patch that enables the shell to provide haptic feedback on top/home bar presses, app launch, and window close: phosh!423
  • Cleanup the compositor configuration file name to not cause confusion: phosh!491
  • Avoid excessive g_strdup() usage and plug leak on WiFi signal strength changes: phosh!489
  • Arnaud Ferraris fixed some typos in the source code that showed up when preparing the Debian upload: phosh!492
  • Rafael Fontenelle fixed the DOAP file’s repository URL: phosh!495
  • phosh: Update i18n files and add a check so that we don’t forget to add new files including translations to the i18n infrastructure: phosh!497
  • Allow to skip build and test in CI and only produce Debian packages. This can save some time when one only needs a package to install: phosh!498
  • Thanks to Zander Brown, phosh now has a notification list persisting unseen notifications: phosh!463
  • Thanks to Arnaud Ferraris phosh’s systemd unit dropped the hard-coded user name and directory making it more portable: phosh!493
  • Arnaud Ferraris fixed the long date format when using a French locale: phosh!501
  • Danial Behzadi contributed a Persian translation: phosh!499
  • Rafael Fontenelle updated the Brazilian Portuguese translation: phosh!496
  • Phoc now has a small testlib to ease adding automatic tests. This (among other things) allows to take and compare output content to saved screenshots: phoc!143 This also adds test to exercise some of the layer-shell related code.
  • Triggered by a compile warning that showed up when working on the above we fixed an issue in upstream Wayland so client and server headers can be included at the same time:
  • We now provide add test coverage information: phoc!144
  • Based on work by Arnaud Ferraris update the copyright information phoc!146 in preparation for an upload to Debian.
Debian Packaging / Upload

Arnaud Ferraris reworked phosh’s, phoc’s, and feedbackd’s packaging to make it suitable for inclusion in Debian. This complements wlroots and libhandy giving a more complete mobile stack in upstream Debian.

Gnome Control Center (Settings) / GNOME Settings daemon
  • There’s a merge request for editing wired connections re-enabling more parts that were previously disabled because they weren’t adaptive.
  • Sadiq submitted a patch to upstream GNOME Settings that allows to show a QR code when enabling hot spot mode so it becomes easy for other devices to connect.
System-Level integration feedbackd

Feedbackd is responsible for haptic, audio (and later) LED based feedback:

  • Allow to set feedback level per application: feedbackd!12 This allows e.g. the shell and on screen keyboard to use only haptic feedback
  • We backported some packaging improvements from Debian: feedbackd!13
Linux Kernel

The process of upstreaming our Linux kernel work progress is covered in a separate report. The current one is for Linux 5.5 and 5.6 so this is about downstream improvements:

  • Linux 5.6 is now the default kernel version for Librem 5 and devkit based on this tree It is also getting point release (and hence security) updates on a regular basis:

  • In order to keep up with kernel development 5.7 based release candidate kernels are also available. These follow closely the release candidates tagged by Linus and are and installable on the phone as linux-image-5.7.0-1-librem5.

  • Improvements based on upstream devfreq support for clocking down the DRAM makes it possible to use the powersave governor instead of handling that in userspace.

  • Work continued in mainlining the needed parts of the display stack. We put out v11 of the NWL mipi host controller driver and tested Laurent’s mxsfb rework that will give us alpha planes

  • It’s now possible to read the (built-in) firmware version of the touch controller: linux-next!97

  • Martin did some initial cleanups for the phone device tree working towards a state that can be submitted for upstream inclusion: linux-next!125

  • NXP currently uses a downstream for of the arm trusted firmware to implement clocking down DRM but it would be good if the kernel would at least boot without that).

Librem 5 base packages
  • Make it harder for apt to remove important packages: librem5-base#28

  • Releases

    • [librem5-devkit-tools 0.0.10](librem5-devkit-tools!146 including above mentioned devfreq changes but also additions to the automatic tests. We could also drop the *no_supertile= workaround for etnaviv by fixing this properly in the compositor.
    • librem5-base 17 Pulled in udisks2 (so GNOME Settings can display storage details) and gthd (so GNOME Usage can show thermal information).

If you made it down here and want to start contributing join us on matrix. We certainly welcome patches and issue comments on If you want to grab an issue and can’t think of a particular problem, check the easy and helpwanted tags in our gitlab instance. See you next month.

The post Librem 5 April 2020 Software Development Update appeared first on Purism.

Librem 5 Update: Fresh Dogwood Pictures

Thursday 21st of May 2020 08:02:41 AM

As we mentioned in our Dogwood update post, we have been busy testing the significant changes that have gone into the Dogwood batch. In the previous post we just showed a few pictures of the board with some testing wires attached but we figured you’d like to see more. Now that we are about ready to wrap up testing we wanted to share some additional Dogwood pictures. Like with previous batches Dogwood is a small batch process. We’ll see mass-production processes with the next batch Evergreen.

Dogwood with exposed back showing updated flash and camera location, cover for wifi and cellular modem, and updated battery. Dogwood with the new cover removed, showing the slots for the WiFi card, cellular modem, and battery. Dogwood back cover New-to-Dogwood internal wifi and modem cover Dogwood with the full-length cover removed and main PCB exposed Dogwood internal plastic frame to align the battery and M.2 cards. Includes M.2 hold down clips. Dogwood PCB with camera and coax alignment frame installed Dogwood frame with USB C PCB, screen, speakers and heat sink compound installed

We are really excited about all the progress we’ve made in Dogwood since our Chestnut batch. Stay tuned for more updates about specific improvements in Dogwood and if you are still haven’t ordered your Librem 5 now’s the time!

The post Librem 5 Update: Fresh Dogwood Pictures appeared first on Purism.

Anti-interdiction Update: Six Month Retrospective

Wednesday 20th of May 2020 07:33:39 PM

It was only six months ago that we formalized our anti-interdiction services so instead of being a “hidden menu item” that you had to ask about, it was available as a drop-down along with the PureBoot Bundle. While some vendors offer tamper evident tape to their boxes, to my knowledge we are the only hardware vendor to offer such a complete suite of custom anti-interdiction measures including:

  • Glitter nail polish on screws
  • Customized tamper-evident tape on a bag surrounding the laptop and its box
  • PureBoot Bundle (to detect firmware/OS tampering) with a custom PIN
  • Shipping the Librem Key and laptop separately (optionally to separate addresses) to further frustrate interdiction
  • Customized threat model coordinated over encrypted email
  • Sending pictures of the laptop measures we performed over encrypted email

We’ve processed a lot of orders between now and then and I thought now would be a good time to look back on the last six months and talk about how the program has gone so far and what I’ve learned.

A close-up of the unique pattern of blue glitter nail polish on the center screw. Surprisingly Popular

When we first announced formal anti-interdiction services I expected it to be a fringe upgrade that only a small number of people in high threat situations would pick (like me actually, we tested an early version of the anti-interdiction procedure before the days of PureBoot and before I worked at Purism with my personal Librem 13v1 order). I have been surprised by just how many people from all walks of life have upgraded to our anti-interdiction services. While some people are definitely picking it because they are in a high threat situation, others just want the peace of mind that comes with knowing their laptop won’t be tampered with in transit without their knowing about it. We’ve also seen orders from Enterprise customers who are considering adding this service to all their future orders.

Glitter is Gold

The glitter nail polish measure is also very popular and just about every anti-interdiction order opts for glitter nail polish on either the center screw or all screws of the laptop. We offer a range of colors customers can choose from and our customers have selected just about every option at this point, with silver and blue the most popular (although orange is my personal favorite–it looks great against the black finish).

Anti-interdiction glitter nail polish on all screws Diverse Threat Models

One of the other things that surprised me (but maybe shouldn’t have) was the diverse set of threat models I saw from anti-interdiction customers. For each anti-interdiction order, we work with the customer to figure out their threats and build a simple threat model that we address with the custom anti-interdiction steps we pick. At first I expected most of the anti-interdiction customers would be the ultra-paranoid who are already familiar with encrypted email. So far I’ve seen a wide range of threats from very low (the customer is just curious about the procedure and wants peace of mind) to very high (the customer has already experienced interdiction in the past by a strong adversary).

The custom nature of this process means we can adapt the measures to the threat and as you might expect the average case has fit somewhere between the two extremes. For instance, communicating over encrypted email isn’t strictly required depending on your threat. In the case the customer doesn’t have the means or expertise to set up encrypted email, we adapt how we communicate so that it’s still reasonably secure even without encryption. In that case we only disclose sensitive information (such as pictures or a custom PIN we’ve generated for the customer) after they have received the hardware. On the other hand the average customer tends to have some familiarity with email encryption and often already has a key set up, but doesn’t necessarily have a specific threat in mind.

Process Keeps Getting Faster

Adding anti-interdiction measures to our laptops is rather labor-intensive between all of the email back-and-forth and all of the extra steps we perform. We have tried to set a price that captures all of that extra, custom labor and when we processed some of the first orders I did question whether we charged enough. The first few orders took a lot of extra effort and time and as a result the first anti-interdiction customers often had to wait an extra few weeks to get their order depending on how fast they responded to emails.

As time has gone on patterns have emerged and the whole process has become more streamlined and faster so that now, adding anti-interdiction adds only a small delay. Most of the delay simply comes from the fact that most customers choose to wait to ship their laptop until they have confirmed they have received the Librem Key.

What’s Next

Six months on I would have to say that the anti-interdiction service has been a success. We have processed far more orders than I initially thought and for a very diverse range of customers. Now that the process has become more streamlined we should be able to complete future anti-interdiction orders even more quickly and are looking for other ways we can make it even faster. We have also expanded anti-interdiction services beyond laptops and adapted it to Librem Server, Librem Mini, Librem 5 and Librem 5 USA. If you want to find out more about our anti-interdiction services, check out this blog post.

The post Anti-interdiction Update: Six Month Retrospective appeared first on Purism.

Purism and Linux 5.7

Tuesday 19th of May 2020 08:25:48 AM

Following up on our report for Linux 5.5 and 5.6 this summarizes the progress on mainline support for the Librem5 phone and its development kit during the 5.7 development cycle. Our contributions improved support for the hardware found on our Devkit as well as phone components like the accelerometer and GPU.

Devkit updates

We have greatly improved support for the Librem 5 Devkit by describing more hardware components that will work with mainline Linux right now. Along with fixing the Wifi hardware killswitch and smaller improvements, the proximity sensor and audio codecs have been added:

IMU sensor

The following small addition concludes the work on supporting the accelerometer on the devkit and adds the correct mount matrix that describes how it is oriented on the board.

Vivante GPU

The GC7000 GPU on the imx8mq often failed to enter power saving mode when idle. This was fixed with the help of Lucas Stach with the following series:

This improves the power consumption of the Librem 5 considerably when in active use.

Misc fixes

We enabled runtime power management for the Librem5’s light and proximity sensors

Mainline redpine wifi driver saw a minor bug fix


Have a look at our Linux tree to see what is currently being worked on and tested (or help if you feel like joining the fun :). For the upcoming release we’ll be able to operate the full display stack on the Librem 5 Devkit with mainline Linux, and possibly have a basic device tree description for the phone, so stay tuned.

The post Purism and Linux 5.7 appeared first on Purism.

Your Own Personal Enclave: The Smart Card Reader on the Librem 5

Thursday 14th of May 2020 02:14:43 PM

There are many unique features in the Librem 5 that make it stand out when compared to other smartphones. The easily-accessible hardware kill switches with lockdown mode, removable WiFi and cellular modules, and the fact it uses the same PureOS operating system as our laptops get the most attention. These are great examples of how Purism approaches innovation differently from most tech companies. We favor open standards and build solutions that put the user in control, not us. While that’s often meant we’ve had to avoid proprietary off-the-shelf solutions and do things ourselves, in other cases it’s meant using existing tried-and-true open technologies like OpenPGP smart card readers in a new way–as a secure enclave fully in the user’s control.

We recently got the smart card reader functioning on our Librem 5 Dogwood batch and I realized we haven’t talked much yet about the smart card reader. In this post I will discuss why we decided to add an OpenPGP smart card reader to our phones and how we intend to use it.

What’s Smart About Smart Cards?

Smart cards are ubiquitous technology. You can find them in everything from modern credit cards to USB security tokens like our Librem Key. The idea behind smart cards is to have a discrete and tamper-resistant chip that can store secrets securely and perform a set of cryptographic operations using those secrets without having to expose the secrets outside of the smart card. Data goes in, the smart card uses its secrets to manipulate that data, and modified data goes out.

In the case of an OpenPGP smart card, the secrets you store are private GPG subkeys like you might use to encrypt or decrypt email or files, or sign code you are contributing to. While you can store GPG keys on your local hard drive (and many people do), storing them on an OpenPGP smart card (such as on a USB security token like the Librem Key) adds a few extra layers of security.

The first layer of security a smart card adds is by preventing keys from being copied. Once a private key is copied onto a smart card, it can never be copied back out. If an attacker were to compromise your computer, they could make copies of your GPG private keys in your ~/.gnupg directory on their own computer and attempt to brute force the password. If they were able to guess the password you used to secure those keys, they could use the keys to sign and decrypt things on your behalf on their own computer. Yet if those keys were on a smart card and the smart card were inserted the most they could do is sign and encrypt/decrypt things on your behalf while they had access to the computer–and only if they could guess your PIN. They couldn’t make copies of the key and use it elsewhere and the moment you removed your key from the computer they would no longer have access.

The second layer of security a smart card adds is that it performs cryptographic operations with your keys on the smart card itself. Your private keys are never copied into system RAM even temporarily.

Finally, a smart card becomes an authentication factor referred to as “something you have” like a physical key or an identification card (a password is “something you know”). The portable nature of smart cards means that you can keep them with you at all times and since they can only be in one place at a time, they can prove that the user has possession of authentic secrets.

Why Put a Smart Card In a Smart Phone?

While desktop and laptop computers sometimes have smart card readers, and there are a number of specialized handheld devices used for point of sale and other functions that contain smart card readers, to our knowledge the Librem 5 is the only smartphone to have one. We recognized the value of smart cards for storing secrets securely when we developed our Librem Key for use with our laptops. Since a person’s phone arguably stores even more sensitive information than their computer, we felt it was important that it have some way to protect that information with strong secrets on a tamper-resistant chip.

Dogwood PCB CPU side down. The smart card reader is on the bottom left side of the main board next to the red wire. Smart Card or Secure Enclave?

Phones need a way to protect against attackers who might root the device and extract cryptographic secrets from RAM and many phones today that solve that problem with a discrete chip known as a secure enclave. The chip behaves in many ways like a smart card in that it stores secrets and has a set of cryptographic operations it can perform but these chips are permanently soldered onto the PCB.

Along with any user secrets secure enclaves also tend to store certificates provided by the vendor. This is because in addition to handling your secrets securely, they also enforce the vendor’s secure boot and software verification system. By storing these certificates in the secure enclave they can make sure that you only run authorized firmware, software, and even can only attach authorized 3rd party hardware to the device. The reason you see secure enclave chips on modern smartphones has more to do with enforcing vendor control over the hardware and software and less to do with protecting your own secrets.

When we set about to solve the problem of secret storage on the Librem 5, we decided against a permanent secure enclave chip in favor of a smart card reader for a few reasons:

  • While there are exceptions, many secure enclave implementations are closed hardware that run proprietary firmware.
  • We believe users should own their own hardware so we weren’t interested in technology that risked removing control from the user.
  • Smart card readers are well-understood, ubiquitous and open technology with free software implementations.
  • Smart cards are removable and replaceable by the owner at any time and are relatively inexpensive to replace.

So you can think of a removable smart card like your own personal secure enclave fully under your control.

Librem 5 Smart Card Use Cases

Having an integrated smart card reader in the Librem 5 opens up all sorts of possibilities. Here are a few of the use cases we are already working toward with the Librem 5.

Secure GPG Key Storage

The obvious first use case for a smart card is to provide the owner a secure place to store their GPG keys. While you can already do this with some other smart cards it requires you to store keys on a separate USB security token with Near Field Communication (NFC) capabilities. On other smart phones whenever you want to perform GPG operations you have to take out your security token and hold it up to the phone. While that is a secure workflow, it’s also somewhat inconvenient–especially if you use GPG frequently. Our approach combines the convenience of storing your GPG keys on the local file system with the security of storing them on a smart card.

Simple Disk Unlocking

We intend for the Librem 5 to feature disk encryption for the root disk and at the moment all of the standard tools are there like you would have on any Linux computer. The one missing bit left to be developed is software we can fit inside the initrd file to allow the owner to enter their disk unlock passphrase on the touchscreen since unlike a normal Linux computer the Librem 5 doesn’t have a physical keyboard.

On our laptops we already have mechanisms within PureOS that allow you to unlock your disk with GPG keys on a Librem Key. Once configured, you get prompted for your GPG PIN at boot and the smart card decrypts a GPG-encrypted file that contains the LUKS disk unlock secret. After we complete the software to allow passphrase entry on the Librem 5 touchscreen at boot, it will be simple to add the ability to unlock with your GPG keys instead.

Secure Authentication

GPG provides three different classes of subkey you can store on a smart card. The first type of key is for encryption, the second is for signing and the third is for authentication. The authentication subkey is often not created and isn’t in wide use, but it’s something you can use for secure authentication for services such as SSH and there are already plugins in place to allow this kind of functionality. This would mean you could store SSH authentication secrets safely on your smart card and SSH from your Librem 5 to remote machines without risking that your SSH private key might be copied and reused by an attacker.

General-Purpose Secret Protection

We can also take advantage of the smart card to provide a general method to protect other secrets on the device by encrypting them with your GPG keys stored on the smart card. You might use this not only to encrypt local files or entire removable SD cards, but you could also use it to protect a local password vault or other sensitive files.

Recoverable Secrets

Given so much can depend on the secrets stored on a smart card, it’s important that you be able to backup and restore it in case a smart card chip fails or is lost. Because the smart card is removable and it uses standard GPG keys, you can use the same standard methods to backup and restore GPG private keys like you would with a laptop and a Librem Key. If a secure enclave chip fails you are out of luck, but because the smart card is not only removable, it is relatively inexpensive, you can easily create a backup smart card when you first set your keys up and store it in a safe place along with a thumb drive that contains your full set of private keys.

User Personas

The workflow I’m most excited about with smart cards on the Librem 5 is the idea of user personas. You can configure the Librem 5 so that all of the things that make up a person’s unique identity on the Librem 5 are removable: the cellular modem (IMEI), the cellular SIM card (IMSI), the WiFi card (MAC address), the microSD card (personal files and settings), and the smart card (user secrets).

A common problem people have with their smartphone is how to handle their sensitive data when they travel. When you travel you are not only more likely to lose your phone or have it be stolen, you also risk a customs official searching through or even copying your data as you cross a border. While some people have come up with elaborate steganography or safe word approaches to attempt to smuggle data across borders, the most secure approach is one where you travel only with data you can afford to lose such that you can fully comply with any customs agent requests. This is where user personas come in.

If you think of a user persona like a traditional user on a Linux system you can imagine a scenario where that user’s home directory is stored on a removable microSD card and secured with GPG keys on a smart card. You can then get a different pair of microSD cards and smart cards for each user persona you want to set up.

For instance you might have a “normal” persona that contains your personal contact list, personal social media account secrets, your personal calendar, work files and similar information. All of these files, settings and secrets would be protected by GPG keys on a smart card. To set up a new persona you could then store (or backup) all of that information on a microSD card and wipe that user account clean.

Travel Persona

For travel you can then create a “travel” persona that contains only the files, accounts, contacts, and calendar entries you need for your trip. These files and settings can be protected with a different set of GPG keys you have stored on a separate smart card. Then if your phone gets lost or stolen or if a customs agent searches it, the only files and settings that are at risk are the ones you explicitly need for travel. If you want to go an extra step you could even swap out the cellular modem (for instance if you are a US citizen traveling to Europe you might swap the US version of our cellular modem for the EU version so you have access to more European cellular frequencies). Then when you arrive you can get a local prepaid SIM and be on your way with a completely compartmentalized travel persona. When you return from your trip you can swap back in your personal microSD card and smart card and restore your personal persona.


I hope now that you are as excited as I am about the possibilities an integrated smart card reader gives you with the Librem 5. We constantly aim to balance your freedom, security and privacy and develop solutions that provide you not only with strong security, but also full control over your own hardware. We feel the OpenPGP smart card reader in the Librem 5 is another example of a strong but open security method that puts all the keys in your hands.

The post Your Own Personal Enclave: The Smart Card Reader on the Librem 5 appeared first on Purism.

Librem 5 Dogwood Update

Tuesday 12th of May 2020 09:45:24 PM

Summary: We are almost at the end of the Dogwood board verification and have found and fixed a number of issues with the initial Dogwood boards. We believe we will be able to complete testing and start shipping Dogwood phones out within a few weeks. We have also been working on Evergreen in parallel to procure the remaining components we need for mass production.

We know the community is eager to hear any updates we might have about the Librem 5. Like with our Birch and Chestnut updates, we are trying our best to give you correct information for each batch with a reasonable level of confidence without venturing into speculation or guesses. This is especially important when it comes to reporting hardware updates as it can take time and iterations to trace down a problem into the component or mistake that caused it and often first guesses for a root cause prove to be incorrect.

Like everyone else we have been impacted by the COVID-19 pandemic and back in February we published an overall shipping update based on the best information we had at the time including dates for Dogwood:

  • End of March: Librem 5 Dogwood internal hardware revision for the Purism team
  • End of April: Librem 5 Dogwood batch for customer pre-orders

We started receiving the internal Dogwood hardware revision a bit later than expected in April and started the work to test and verify the changes. As we mentioned in our Breaking Ground post, the Librem 5 is an entirely new phone built from the ground up and that means significantly more testing and tweaking than with an off-the-shelf design. Unlike with Birch and Chestnut batches, which only had minor tweaks on the previous batch based on problems we uncovered during testing, Dogwood represented a much larger change–a CPU flip to the other side of the PCB to help with heat dissipation–that meant a full redesign of the PCB layout.

Dogwood PCB CPU side up

We knew it would take longer to test Dogwood compared to Birch and Chestnut and budgeted extra weeks for the tests assuming we didn’t come across any major issues. Once testing was complete we would apply any fixes and then send out the remaining Dogwood batch to customers. Like with Birch and Chestnut we wanted to bring you along for the ride and give you updates as we have them, but up until now there honestly hasn’t been all that much to report except that the testing was in progress. This kind of testing of every component in a long checklist is tedious work and is only interrupted with a bit of excitement when something doesn’t work as expected and you must drop everything to figure out why.

Dogwood Hardware Fixes

It’s been about a month since we started that verification and as expected we did find some issues with the initial Dogwood boards. Overall the glitches we found have been minor from a design and fix perspective such as an incorrect MOS FET transistor part and a minor mistake in the CPU power supply, but were glitches which resulted in odd and sometimes much larger problems in the functionality of the device ranging from damaging the USB section of the CPU in one case and disabling an entire I2C bus in another! It’s taken more time than expected to trace through these problems and then apply and test fixes especially in the case of the CPU since it required reworks in the PCB that were difficult to make on the existing boards and new CPUs.

Dogwood PCB CPU side down

Another system we have been looking into since Birch is GNSS (aka GPS). GNSS is a pretty delicate thing, the GNSS satellite signals are so weak, it’s like trying to spot an 80W light bulb in orbit (that’s about the energy equivalent). What is received on the ground here on earth is usually below the noise level of the antenna and takes pretty significant signal processing to get data from it. This means that the GNSS antenna signal path must be pretty close to perfect.

Besides this with Chestnut we discovered that ST Micro, the manufacturer of the TESEO LIV3 GNSS multi constellation receiver we are using in the L5, silently changed the recommendations for the antenna input electronics design. Now in Dogwood we see that GNSS reception still wasn’t great so we went back to suppliers and the drawing board, applied some more changes and are now finally getting a fix!

Of course, now is the time to apply all of these fixes, before we go into mass production. As you might expect, changes are much more complicated with larger volumes, which is why we chose the public small batch approach to begin with and invited you to come along with us for this ride. At this point we have successfully verified almost all of the components with only a handful left to go and we feel we are pretty close to being able to greenlight the remaining Dogwood PCB production within a week so we can start shipping a few weeks after that. While this has been going on we have also been working in parallel on Evergreen to complete procurement of the components we’ll need for mass production.

What’s Next

Now that we are almost to the end of Dogwood hardware verification, soon we will be able to shift focus from testing individual components on a PCB to evaluating Dogwood and the CPU flip in particular as a whole. We know many people are curious about the impact of the CPU flip on heat dissipation and we intend to publish more detailed analysis soon in a future update.

The post Librem 5 Dogwood Update appeared first on Purism.

More in Tux Machines

Microsoft slips Bing search into Android through Outlook

If you use Outlook for your Android phone’s email and calendars, you might see an unexpected sales pitch for Microsoft’s search engine. Android users have discovered that Outlook slips a “Bing search” option into the long-press menu you see when you select text. Tap it and it will open your default browser with a Bing query for whatever words you had selected. It’s helpful, but likely not what you wanted if you live in a Google-centric world. The menu option doesn’t appear for everyone, and some have reported success in getting rid of it by uninstalling Outlook. It might not even be visible if you reinstall the app. It doesn’t appear to be available when you install other Microsoft apps beyond Bing. Read more Also: Microsoft caught sneaking Bing search onto phones with the Outlook app Microsoft's clever trick to get Android users search on Bing instead of Google

My Linux story: breaking language barriers with open source

My open source journey started rather late in comparison to many of my peers and colleagues. I was pursuing a post-graduate degree in medicine in 2000 when I managed to fulfill a dream I’d had since high school—to buy my own PC. Before that, my only exposure to computers was through occasional access in libraries or cyber cafés, which charged exorbitant prices for access at that time. So I saved up portions of my grad student stipend and managed to buy a Pentium III 550 Mhz with 128MB RAM, and as came standard in most computers in India at that time, a pirated version of Windows 98. Read more

5 things to look for in an open source alternative to SharePoint

We're entering a collaboration platform renaissance as remote work becomes the norm for enterprises large and small. Microsoft SharePoint—a collaboration platform available on premises or in the cloud—is the de-facto standard for corporations and government agencies. However, SharePoint implementations are infamous for the challenges that prevent their completion. Combine those common speedbumps with shrinking IT budgets and rising collaboration requirements because of remote work, and open source alternatives to SharePoint become well worth a look. Read more

German bill provides network traffic redirection to install state trojans

Preliminary note: This post primarily affects users falling under German jurisdiction, but may apply to other countries as well, where similar laws are already in place or about to be introduced. Unfortunately, some primary sources are German only. According to current status and local knowledge, the German government is about to establish a law that provides the redirection of network traffic through a intelligence agencies' infrastructure in order to exploit security vulnerabilities and, for example, to install a certain type of malware known as Staatstrojaner (state trojans). The bill lists both end-user devices and servers as potential targets, and requires "telecommunication service providers" to establish and maintain infrastructure for transparently redirecting traffic of certain users, households, or IP addresses. "Telecommunication service providers" covers any company providing telecommunication services, thus ranging from cable, DSL or fiber providers to mail, VoIP and messaging vendors. Ultimately, even backbone providers or internet exchanges are covered by this definition. [...] The state trojan was meant to be the ultima ratio when it was introduced in 2009. It could only be used by the Federal Criminal Police Office (Bundeskriminalamt) in case of international terrorism and preventing terrorist attacks. Once such laws were introduced, governments usually get a taste for it. As of today, any police authority may use it even in cases of less severe crimes than terrorism such as counterfeiting money or violations against the Narcotics Act (Betäubungsmittelgesetz, e. g. drug consumption or trafficking). As you can see, compromising devices became increasingly common as a measure at law enforcement agencies. It is probably going to be extended to intelligence agencies within a short amount of time. For obvious historical reasons, the German state only gives certain rights to police and intelligence agencies to avoid too much power being concentrated in one organisation, which could turn it against their people. [...] At IPFire, we fight to protect your network. Frankly, this was complicated enough before governments legalised hacking by intelligence agencies. This German bill will not make anything more secure. Instead, it will turn defense against security vulnerabilities even more into an arms race. This is not an example of "the opposite of good is good intentions". This is beyond dangerous. Imagine, for example, cyber criminals or foreign intelligence agencies (ab)using that redirection infrastructure in order to deploy their malware. Perhaps they will be able to take advantage of some zero day exploits left on some servers in that infrastructure as well (the CIA suffered from a similar breach in 2017). With a blink of an eye, arbitrary malware could be placed on a significant amount of computers compromised that way. Ransomware attacks such as WannaCry or NonPetya come to mind... Imagine compromised machines being vulnerable to other attacks as well, as some security measures have been turned off. Image surveillance abuse. Imagine future governments abusing this feature for persecution of unwanted people or political opponents - with a view at current political events, one may be concerned about personal liberties being restricted. [...] We will start next week by providing advice on whom to trust and how to establish a security-focussed mindset. Afterwards, we focus on specific technical aspects and advise how to configure IPFire machines as secure as possible - as it already implements effective mitigations against those attacks. Read more