The write-protect switches on the motherboard are not currently functional? I thought they would just send a 5V signal to the write-protect pin on the corresponding chips, why do they need firmware to do their job?
Comment on what the firmware does for this: New Post: Librem 14 Security Features
If I want to add items to my order (Qubes, Librem key, etc) do I do that when I want, or when I get an order verfication I have reached the front of the queue?
This could apply to the L14 or L5 (OpenPGP card).
Also what are the options for customising the build? (I don’t want to, but for completness of an answer)
The laptop looks slick.
I don’t understand the Librem key behavior at around 1:30 in the video.
It blinks red twice, then it blinks green around 10 times, and then there is an error in Heads on the verification of /boot
Isn’t the Librem key supposed to blink only red in this case?
Or maybe blink green if it checks only the integrity of the firmware but not the boot partition (considering that if the firmware is intact, the firmware itself can check the integrity of /boot)
How come the Librem key blinks red and then green at the same boot? Are the initial two red blinks just to test the red led? If not, then what?
I adjusted my order by emailing firstname.lastname@example.org with my order number in the subject and the request summary. Per: How to properly send emails to Purism
I had my additional order items added in less than 24 hours. It was pretty easy to execute soup to nuts.
they’d ground the write protect pin, as it’s !WP (ie, active low)
the !WP pin being active simply means you can’t change the flash protection registers on the chip itself. Those registers enable/disable software write protection, and set the memory address range(s) which are protected by the software WP. So in order for the WP switch to do anything, one needs to set the address range(s) to protect, enable software WP, then set the switch. Currently (mainline/upstream) flashrom does not support this (ChromeOS’ fork of flashrom does however) though work is being done to enable this functionality
The Librem Key firmware defaults to using the red LED as its activity light, so for instance when you encrypt/decrypt/sign something, the red LED is what blinks quickly to show the smart card working. In this case what you are seeing is PureBoot probe for the Librem Key and initialize it, which triggers that red activity light.
Then after it is detected, PureBoot authenticates to the key and succeeds, so it blinks the green led for a number of seconds. If there had been tampering, you would have seen a red LED that blinks constantly and indefinitely, until you remove the Librem Key.
And yes, the blinking is only for the integrity of the firmware and once you can trust the firmware (green LED) you can then trust the GPG keyring that’s in that firmware that subsequently verifies the files in /boot and outputs that to the screen. Once you can trust the firmware you can also trust the output on the screen.
However I agree that using the red LED as the default activity light isn’t ideal, and it’s a common source of confusion–it’s just a default we inherited from Nitrokey. Of course if we switched the activity LED to be green, I suppose you could potentially trick someone into thinking the green LED is blinking (everything is OK) by triggering activity. I suppose the ultimate solution might be a third LED color strictly for activity.
The ideal time is when we contact you over email to confirm your current shipping address. At that point you can work with the team to link orders together or to add things to your existing order. This is true both for L14 and L5 although the standard practice for L5 accessories has been to have the customer place a 2nd order for the accessories all together, and on our side we then link the orders together so they ship together (and refund any shipping for the second order).
Laptop looks good. Can it be charged via USB-C? Not a fan of the old school barrel connector.
Great video! Nice pace.
- If the Librem Key can be used to manage your own certificates, secrets, OTP, etc. I’d be interested in seeing this demonstrated.
- I like the thinner bezel of the screen. It makes the notebook look much more like a Lenovo X1 Carbon. (Librems need to be sexy, sexier than today!)
- Will there ever be a touchscreen version, or even a convertible (2-in-1) notebook of that size?
Yes! This is mentioned in more than a few places. The USB c port supports power delivery.
Wow this L14 laptop it is too much beautiful, just easily open the bottom cover and coreboot chipset is there, definitely is the best X86 machine on the world!.
I just waiting that L14 is on stock to order quickly. P U R I S M