Discussion About A Lot Of Things (New TPM Feature, Next Line of Librems, BlackHat 2017, Roadmap, Etc)


#1

I wanted to make a discussion thread for a bit of a slew of different subjects. I’ll split them up nicely.


The TPM Feature

I’m of course speking of the new Trusted Platform Module chip now available with Librems. I read the Tom’s Hardware article linked, but it didn’t seem to answer for me what it really means for the end-user.

I’m curious to know more about the TPM and how it works in layman’s terms. Is it basically a chip that encrypts everything and you need to enter a password on boot similar to having a machine password set in the BIOS?

Or is it’s job basically to just secure the “deep system stuff” (BIOS, Bootloader, etc) without requiring user input? Maybe it’s something else more advanced?

I read things about it handling passwords and such for you. What does it mean for those of us that already use something like KeePass to generate and handle our passwords?

I’ve just never heard of TPM and don’t have any experience with it, so just wanting to know what it really does and what behavior you’d have to change to use it in layman’s terms first before I get into the nitty and gritty details about it.


BlackHat Europe 2017 & Potential For New Librem Revisions For 2018

I originally had hoped that Purism would release a new revision of laptops in time for Christmas. But remembering what the blog post neutralizing the Intel Management Engine said, I recalled that BlackHat Europe 2017 was mentioned for December.

After remembering that I reconsidered that maybe a new revision for Christmas wouldn’t make sense when the that event should reveal more for you to put into your next revision. It’d be best to wait until after that event and maybe hope for some interesting new additions for the next lines of Librems come out in early 2018 as a result of the exchange at BlackHat Europe.

I made some threads about increasing the performance of your laptops, especially the Librem 15 (because we already know the Librem 13 is going to get a boost), and while I was probably asking for a bit too much at first, I do hope that your next revision will include at least a quad-core processor and ethernet port for the Librem 15. I think the price-to-performance ratio of your laptops needs to be addressed a little - it’s a major reason why I’ve been hanging back for a while rather than jumping to buy, hoping you improve the hardware specs in a later reivision. Dropping over $2,000 on a computer that runs on a dual core just doesn’t really sound like a good value - almost like you’re getting punished for being a tinfoil hat really.


Goals For Next Year

I know that there’s really no knowing how much you can fit into a year, but I’m really hoping for an explosion of progress following BlackHat Europe that’ll be reflected into the next revision of Librems.

I’m hoping to hear more progress on actually removing the Management Engine, as well as eventually - a blobless Coreboot (Pureboot, anyone?).


Looking At The Bigger Picture - The Purism Purist Standard

I kind-of want to get a solid grasp of exactly how far into the roadmap you currently are.

  • It seems that you’re really making progress through potentially what is the hardest block of your roadmap. Would I be right to say you’re roughly halfway through it now? There are five steps listed for the Coreboot step that you’re currently on - Embedded Controller (EC), Firmware Support Package (FSP), Video BIOS (vBIOS), Management Engine (ME), and BIOS & Board. To clarify exactly where you are right now, how much % done would you say you are on each of these steps?

  • I assume that FSF RYF Certification is a rather bureaucratic step and how quickly you’ll be able to attain that after meeting the requirements just depends on how fast the Free Software Foundation handles it.

  • After that you have the Drive Firmware to deal with. How involved do you expect that step to be? Will it be nearly as big as this Coreboot step has been?

  • Lastly there’s the Schematics step. By what I can understand this would require cooperation from the manufacturers of all the parts in the system and… realistically that could be “never”. I figure that the roadmap may get rather stuck at this point. I mean, is that something that any computer manufacturer ever been able to do? But hey, that gives you something else to shoot for for the rest of Purism’s existence I guess. With all of the other steps handled, I figure this is no big deal.


My Own Plans

I’ve personally decided that I’m going to buy the next revision if it has a decent quad-core processor in it, regardless of all else (well, unless something big like the warrant canary disappearing happens). I used to think that I wanted to wait until you reach your “Purist Standard”, but who knows how long that may take - maybe never, due to the Schematics step.

However, I would like to ask - as you make more progress on the Management Engine and Coreboot, will it all be applicable via software update? The only thing I’m nervous about is that purchasing early is that at some point some update will come out that users can’t reasonably install themselves.

Welp, anyway, that about covers all I wanted to ask about and discuss. Thank you for your time and any answers you may provide.


Trustworthy Peripherals? Things To Get Alongside a Librem
#2

I kind-of want to get a solid grasp of exactly how far into the roadmap you currently are.

Seconded. I would like more regular communication than a blog post every two months.


#3

I like the idea of putting a demo Librem notebook to a BlackHat conf where they try to break into the devices. Would be a nice test and a good commercial for you


#4

We’re all pretty overloaded lately (and some may have noticed I haven’t been able to participate much in the forums in recent times), but I have at least given the roadmap page a round of updating (and rewriting) today to be absolutely, absolutely sure we can’t possibly be criticized for “misleading” people etc. (it’s not easy to write something in a 100% accurate and non-confusing way and make it understandable and attractive to the general public, especially as the situation keeps evolving and improving).

The roadmap’s graphics haven’t been updated, they’re super old and I don’t have the source (or time!) for that, we’ll be trying to rethink and redesign it with @francois-techene & friends later.

I’m not sure how to answer your questions about the TPM myself (maybe some others can help). The TPM is a pretty advanced piece of hardware, and currently (Q4 2017, Q1 2018) we’re simply providing the hardware, not a easy-to-use “turn-key” hardware+software “product/solution”, as stated in the initial announcement. That announcement explains what it’s meant for in general, but does not explain how to use it in practice (that’s a technical post for later, when we figure out the way to offer and support it as a “turn-key” solution).

Considering it took us over a year of work and back-and-forth with the FSF to get PureOS endorsed (and with lots of public bashing on community mailing lists), I would cautiously say RYF might take a while… or not. I have no idea for the time being.

So far that has been the case, and should continue to be the case (there was a thread in this forum here about the coreboot installation+updating script, if you hadn’t seen it…).

As for the rest of your questions, I don’t know (yet). You may also be interested in the 2018 new year announcement :wink: