Can I have somewhere exported full status of phone, with all it’s data as backup? Can I have it encrypted in a way, that I’ll decrypt it by the same key? So I have it on USB encrypted, and when I get new phone with this OS, it’s decrypted by my passwords, and all my data are there…
Are data at phone even encrypted with some bulletproof system, like there’s non bruteforcable storage of key for encryption?
Can microphone have power turned off by hardware switch?
Can LibremOS be installed on some different ARM devices if it’s ARM?
The Librem 5 doesn’t yet have partition encryption, but it is coming. I assume that Purism will use LUKS, and the default is to use 256-bit AES, which is pretty hard to crack.
There is a PureOS port for the PinePhone that can be used, but “clover” (the guy who maintains the port) says that he won’t bother updating it until PureOS switches to bullseye. However, 70% of PinePhones are using the Phosh mobile environment, that was developed for the Librem 5.
The third hardware kill switch cuts the circuit to the microphones. See SW5 (p10) and AUDIO_POWER_KEY (p20) in the schematics.
Yes, the problem is not with the encryption technology, it is how to unlock the device without requiring a keyboard like Linux distributions normally do. A smart card might play a role, which will be nice due to its ability to stop brute force attacks. I suppose that you could encrypt the home directory now and carry a small USB keyboard with you if you ever need to reboot the phone, but I expect that very few would want to do that.
Because it is a Linux distribution, there should be tools that already let you produce an encrypted backup file. Even if there were not a GUI, I know of some common command line utilities that should work. I expect that it would be sufficient to just backup the /home/purism directory. I am not sure what is stored outside of /home/purism. Probably WiFi access point credentials and a few minor things, like system settings/preferences. You could backup every file, but that might confuse something in the operating system if restoring on top of different versions / settings. If I wanted to do a full system backup, I would use the dd tool to capture the entire internal storage and compress and encrypt it to a USB drive. Restoring it might be challenging unless you can boot from USB or SD: Librem5 sd and boot order
Display keyboard code can be done in boot loader before encryption. Somehow it’s possible. It’s just reading hardware adresses and writing adresses. It’s not a hard deal. It should be functional even there.