Introducing the Librem 11

Yeah, I had to go back and edit my lengthy comment above to include the pricing difference between the Librem 11 and the most similar iPad. The Librem 11 is about half the price of the iPad!

1 Like

Aren’t ThinkPenguin devices blobless?

1 Like

Here is more information I forgot to post from the “general” Matrix room (this should answer some of the questions asked here).

First, the summary:

  • It will ship with Crimson.
  • The compositor/UI will be Wayland with Phosh.
  • Jonathon is optimistic the battery runtime performance can be improved 2x, though don’t take this as a promise. More may be possible but disabling ME tends to limit power saving.
  • It supports ACPI S3.
  • PureBoot provides firmware to the OS via the PureBoot “Blob Jail” feature.
    • Here is a refresher on what the blob jail is (source):

      The firmware jail is a region in NOR flash that is read only from the kernel. We flash the jail during phone production and it gets loaded into /lib/firmware/ by the initramfs. This way, the firmware shows up in the rootfs, while allowing PureOS to stay pure.

  • CPU throttling is set to start at 60 C at the die but this is customizable from the firmware. Reportedly, the device gets warm but not uncomfortably hot.
  • Known issues include:
    • Fingerprint reader is not supported by fprint yet.
    • Using TV HDMI audio when plugged from boot
    • Intermittent issues with Bluetooth audio
    • Dragging tabs with touch in Firefox doesn’t work
    • Keyboard cover doesn’t work in SeaBIOS (but these devices ship PureBoot anyway which works)

Note: There are jumps between some of the quotes because those messages aren’t significant to this thread so I’ve also attached screenshots at the bottom.

The Librem 11 will also be the first Librem device to ship with Crimson by default

beside the battery life,what is not working well yet?

That is a question for Jonathon Hall but I believe that with the newer kernel from Crimson, everything is working pretty smoothly. I think the fingerprint reader is not fully supported yet.

Yes that’s right, I’ve tested a ton of things like USB-C (2.x/3.x/DP alt mode/PD), SD card, cameras, touch, pen, keyboard, audio in/out, accelerometer, etc. We’ve just added support in Phosh to automatically show the virtual keyboard when the physical keyboard is detached and vice versa.

Some of the things I have noted that have issues are: using TV HDMI audio when plugged from boot (works if plugged later, works on my PC monitors but has issues with some actual TVs), intermittent issues with Bluetooth audio (may depend on the audio device), fingerprint reader isn’t supported by fprint, dragging tabs with touch in Firefox doesn’t work, keyboard cover doesn’t work in SeaBIOS (but these devices ship PureBoot anyway which works).

What sort of battery performance can be expected once optimisations are done? Threefold? Fourfold?

That’s pretty hard to guess :grin: Disabling ME also tends to limit power saving. My wild guess, please don’t quote me, I am pretty optimistic we can get to roughly 2x the current run time. More may be possible, hard to say.
I will throw out there that it works great with a USB-C battery pack on flights with 12V PD

Under X and touch Firefox needs MOZ_USE_XINPUT2=1 but you will have done that already.

This is Wayland with Phosh

Does the tablet support ACPI S3? Not many devices nowadays do, that’s why I am asking. S0 runs down the battery fast on (non-) standby.

Yes it does support S3. Currently we’re getting about 24 hours runtime there, I think that can be improved also.

I noticed it has Intel WiFi, is the firmware handled similarly to the SparkLAN Librem5 WiFi cards, with some firmware jail?

Yes, PureBoot provides firmware to the OS via the PureBoot “Blob Jail” feature

how’s the heat generation? does the tablet become hotter than it should?

I have it set to 60 C right now, which is a very good balance IMO, it has enough thermal headroom for good interactive performance without getting uncomfortable if you really crank it. If you crank it, it’ll get warm but not crazy hot.

(Firmware can set the thermal control circuit activation temperature, default is 100 C but we can basically choose when the CPU starts to throttle to control heat, it’s pretty good at holding that temperature)
That’s 60 C at the CPU die by the way, so the surface isn’t that warm


7 Likes

This indicates they are using non-Free firmware. In my opinion a “blob jail” doesn’t RYF. I wonder why the FSF hasn’t chimed in on this. There appear to be (at least) three ways of getting the system to use proprietary firmware blobs:

  1. Traditional: The OS, as directed by the driver (usually FOSS), reads the blob from the filesystem (at boot) and loads+activates that driver into the device (e.g. wifi chipset).
  2. Librem 5 with the redpine wifi. Same as (1) but the driver reads the blob from flashable memory on the redpine device instead of the filesystem.
  3. “Blob Jail”. Same as (1), but the blob is passed by the boot firmware to the OS at boot.

IMO none of these should qualify for RYF since the OS is complicit with the filesystem/boot firmware/device in loading/activiting the proprietary firmware. These “workarounds,” to me, don’t offer freedom from proprietary blobs — it’s just games to try to be included as an exception to the “no proprietary software” RYF rules. And, IMO, the FSF is doing nobody any favors by not clarifying their exception. Respects Your Freedom (RYF) certification requirements | RYF

However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.

2 Likes

Nicole Faerber has addressed this topic a few times and she does not personally agree with the FSF’s
stance, at least at the time of writing.

Edit: Here are some more posts Nicole has made with regards to RYF:

2 Likes

I agree with Nicole too, but from a much more recent post.

I do not place much value in the FSF and its RYF certification: while the ideals behind them are admirable, they are not doing anything towards liberating firmware or hardware; their future heavily relies on refurbished/used products. In contrast, Purism has made efforts to neutralize/disable Intel ME and worked on PureBoot across their Librem laptops/tablet; firmware development and reverse-engineering are the main reasons why I chose to financially support Purism moreso than any other organization.

3 Likes

IIUC there’s no GPS on that tablet? Isn’t that odd?

3 Likes

Purism do not put any efforts to neutralize/disable Intel ME to be honest, Purism just used Russian technologies for that.

What reverse-engineering? can you tell me one?

I really nervous with Purism, why? seems that Purism is falling in the Evil-Opensource, why? opensource it use at user commercially, why? Money, why? Evil :wink:

2 Likes

See post 16 above.

Interesting to note that they just announced a significant price drop for Evergreen. (I don’t know what that might do for expectations regarding the price of Fir.)

As much as I appreciate your taking the time to copy that info into the forum … I really think Purism should be providing this information on the product page and/or the shop page and/or the FAQ.

One reason why I asked what the capacity of the built-in battery is.

That’s a question that I asked also.

Due to the absence of a cellular modem in the Librem 11, I can imagine using the Librem 11 in conjunction with the Librem 5 (via hotspot). So now I just need a “(local) network GPS” service. At an admittedly quick look, that doesn’t seem to be an option in geoclue. This is probably a niche idea.

3 Likes

No, they do put in effort, as explained in this post and the Librem 11’s disabled Intel ME status.

The post above hints at various articles, but if you want to feel overwhelmed like I did many years ago, here is a technical post from Youness Alaoui/kakaroto, who no longer works at Purism. Note that the article I am linking is from the Wayback Machine, because soon after it was posted, Intel politely contacted Purism to remove it.

https://web.archive.org/web/20180403000121/https://puri.sm/posts/intel-fsp-reverse-engineering-finding-the-real-entry-point/

4 Likes

If you read the article you linked, the “neutralization of the IME” was attributed to the me_cleaner project and that it was disabled via the HAP bit (which is not a big deal and, these days, is the least you can do). I hope you’re aware that, despite early announcements, Purism was actually not able to neutralize the IME in the Librem 14 (it’s only disabled via that HAP bit). You should also be aware that ever since Matt DeVillier quit, Purism does not have a firmware expert. Also, in regard to coreboot on the Jasper Lake chipset (in the Librem 11), you should thank Intel as the primary contributor not anyone from Purism AFAIK.

To be clear, almost all employees who work for Purism don’t work at Purism. They are almost all employed as independent contractors (Form 990) who work remotely.

I also want to note that a lot of the issues with the Librem 14 have been due to the fact that EC firmware is tricky. Should they be applauded for developing their own EC firmware (from a base begun by System76)? Maybe. But one could argue that they are using customers as beta testers ([librem 14] how to update EC firmware to ec-2021-06-04_ef9fd3c - #3 by NineX )… and now that Matt is gone they are struggling to support that choice. Update on Librem-EC 1.12 – Purism .

P.S. Did anyone else note that Purism has deprecated their “Core Team” page??? The Core Team – Purism

2 Likes

Yes, although I argue it is still a big deal considering the lack of other modern examples outside of Purism; I do agree it is the least Purism can do.

I was aware when I purchased mine a few years ago: my justification then was that it uses a relatively modern CPU; better quality control of the hinges (compared to reviews of the Librem 13v4/15v4); revised hardware kill switches design; and liberated EC firmware (as you mentioned) in spite of some regression with the boot firmware status.

That depends on your definition of a firmware expert: I am grateful for @jonathon.hall continuing work on Coreboot, PureBoot, and the EC firmware.

Do you have a citation for that? I would love to read about what Intel has done for Coreboot on Jasper Lake.

I will reflect that change into my dialogue next time - thank you for pointing it out.

@NineX chose to attempt to flash the EC firmware on their own when there was no official procedure set; Purism did not ask them to become a beta tester.

That being said, I have no issues with those outside of Purism who have interest in contributing to test out firmware, such as the recent PureBoot “Restricted Boot” hotfix.

Yes, I made a very recent post about it, among other deprecated pages.

1 Like

Assuming it will be done through a USB A female to USB C male adapter.

1 Like

Possibly, but I prefer not to assume or speculate anything; when it comes to security, especially regarding root of trust, I want clarity.

1 Like

Same here.

1 Like

Lack of other modern examples outside Purism? I thought that all of the Linux HW vendors offer to disable the IME via the HAP bit. On some systems it’s not default because it limits some of the power savings features … but the vendor supplies the tools for their users along with the appropriate warning.

I thought you would have known after reading the link from Youness Alaoui since it was about FSP == Intel’s Firmware Support Package … which is exactly the infrastructure needed for coreboot. In any case, in regard to Jasper Lake in particular you can see this Coreboot Seeing Tigerlake + Jasperlake Activity, Experimental Razer Icelake Laptop Support - Phoronix (there’s also a 2021 article) … or simply look at the coreboot contributions like https://review.coreboot.org/c/coreboot/+/42471 from Intel devs. Also, here is an early video of a talk from System76 devs about their work with Intel on Coreboot on Icelake ( https://www.youtube.com/watch?v=YbKSkPVz89o) … which was what Intel continued for their work on Jasper Lake. Also, here’s an article about the Intel engineers work for coreboot on alder lake.

My intent was to show that everyone who bought a Librem 14 was a beta tester. i.e. The links were there to show that the original EC firmware had lots of issues and that fixes were necessary for even basic functioning of the fan, etc.

It’s why it’s hard to even know who Jonathon Hall is and what job he’s contracted for.

2 Likes

I should be more specific: Intel 10th generation and later. I do know the Dasharo FidelisGuard Z690, NovaCustom NV41 series, and NitroPC Pro have options to disable the Intel ME with HAP and/or HECI, but I have not thoroughly researched any of the other Linux vendors outside of Qubes-certified devices, let alone other manufacturers.

Thank you for the links, I did happily read them all except for the YouTube one, since I no longer use it anymore; it also looks like you meant to share an article about Intel’s contributions to Coreboot on Alder Lake, do you still have the reference?

I did not have any issues with my Librem 14 ever since I got it, so at the very minimum my experience is an exception to your broad claim. I even mention about my (hardly notable) experience on the Qubes OS Forum with my own HCL report.

With the Wayback Machine, you can learn that they are a Firmware Developer, but you can always look at their GitLab contributions and/or ask/verify them yourself in the Matrix chat rooms; I was made aware of them from their forum and blog posts regarding firmware support/development.

Yeah i do not have any issue with my Librem 14 either. Librem 14 is amazing!
Thank you :pray: Purism for make the best Gnu+Lnx laptop to date, however there is one laptop on the horizon that could replace the L14, i will not say name, but is coming.

Purism HKS & GNU :heart:

1 Like

The Librem 16, of course.

1 Like

One should not have any problem with the HAP bit on the low power chipsets of 10th generation and later. I think System76 has a Raptor Lake laptop with coreboot and the HAP bit set. System76's Coreboot Open Firmware Manages To Disable Intel ME For Raptor Lake - Phoronix (from the article it looks like System76’s HAP bit works for Alder Lake and possibly earlier chipsets) . All the Linux vendors are doing this because Intel is enabling this on their low power line. The speculation is that the reason Intel is doing this for the low power line is because this is the Chromebook space. Intel Prepares Raptor Lake Code For Coreboot - Phoronix .

COREBOOT

In addition to getting Intel’s Alder Lake hybrid processors ready for the Linux kernel and other areas of the operating system stack, Intel’s open-source engineers have continued their trend in recent weeks of upstreaming more Alder Lake work into Coreboot.

[
Edit:

Here’s a link non-Youtube link to the talk I linked in. System76 + Intel - A Production Laptop for Open Firmware Hacking - OSFC
]

2 Likes