I understand that this model might be a bit outdated, but such a Librem 13v2 is what I have, and I don’t plan to by another Purism device for now. So I read about the firmware jail, and I even went through the Pureboot repo, and saw that Librem 14 has an additonal line in it’s config, says export CONFIG_SUPPORT_BLOB_JAIL=y. I suppose modifying the source and add support for older models shouldn’t be that hard, but it’s strange that Purism did not do that.
What I’m thinking is, what is stopping librem 13 and it’s siblings from having this feature?
The NOR flash size might be a significant issue, but I’m not sure if librem 13’s NOR flash may actually has enough space for the blob? (for informative purpose, the librem 13 NOR flash size is 8M, librem 14 is 16M, GPT told me that.)
Anyway, playing with Pureboot is really fun though. It taught me a lot about coreboot and openPGP stuff, along with Pureboot itself’s security mechanics.
Firmware for what component? A lot of chatter is about the WiFi card so in that case what WiFi card does your Librem 13 have and does that WiFi card even need firmware? (The logical answer to that would be: whatever WiFi card you have, no, it does not need firmware - and that would explain in part why Purism did not retrofit this functionality to the boot of the Librem 13.)
um, in fact I am talking about Intel AX200, since they implemented the jail especially for this card.
Original WiFi card is some sort of ar9271, which sure does not need one. I am thinking about replacing it with AX200, and I thought upstream Pureboot would include the jail for legacy devices, but no luck. That is why I posted this.
Fair enough. I meant: your Librem 13 in its current state.
I would guess that if you keenly want to use an Intel WiFi card then you don’t need the firmware jail. You just need the firmware (in any place that it can be loaded from). The firmware jail is neat but if your highest priority is changing the WiFi card, I don’t believe you would need the firmware jail. If you have a full Pureboot setup then you could even be able to extend the boot integrity protection to cover the WiFi card’s firmware file on disk.
Well. I was just playing with it anyway. My top priority is to explore purism’s newest approach against the fact of our limited Wifi card choice, trying to understand it’s nature and limits. I have already fully aware of this device’s capabilities, and won’t use it as a daily driver, but still a good toy for me.
If your highest priority is exploring, so you really do want to use the firmware jail, unfortunately I don’t have the details of how it works but I believe that the firmware jail is exported as some kind of file system and then it is mounted into the disk’s file system so that it shows up in the right place. You would need to get the details from someone who knows how it works.