Is that true for PostmarketOS on the Librem 5? I thought that for the most part the process of installing PM to the Librem 5 was to copy over a system image. It’s my understanding that this does not update the non-Free firmware since that firmware is embedded on the modules and isn’t part of the image.
Also, the Purism forums provide lots of scripts to update non-Free firmware for their Wifi module and cellular modem. What do you say about the ethics of that? Is your issue that updates to this non-Free firmware is provided by the installer??? Honestly, since Purism has chosen to embed non-Free firmware in their hardware, I would be more upset that they don’t include the option to update that in their installer.
original WiFi module - nope, no need to load firmware (works out-of-the-box)
second WiFi module - firmware goes in jail and there is some mechanism for updating the jail - yeah, there’s plenty of room to argue about the rights and wrongs, FSF logic, etc. behind that … but it is probably outside the scope or control of Purism (if they want to play by the FSF’s rules)
cellular modem - not really, Purism intentionally provides no scripts for this - but there is a mechanism and certain select customers who had a problem with interoperation between the modem and their choice of MNO/MVNO (and contact Purism Support) have been walked through that mechanism
My phone has the original WiFi module and hence the firmware jail doesn’t even exist.
Yes, these two modules (assuming not physically removed) contain blackbox (potentially dangerous) firmware, which is why the modules are isolated. (This applies whether the firmware can be updated or not.)
As a corollary then … all network traffic must be encrypted, since it is being handed to blackbox firmware. I leave it to “you” to consider the extent to which that is achieved by any given customer.
And I repeat that what I said was absolutely true:
Also, the Purism forums provide lots of scripts to update non-Free firmware for their Wifi module and cellular modem
You pointed out that there is “no need to load firmware”. That’s also true because it’s embedded. Nonetheless, the Purism forums provide scripts to update the firmware.
I will note that the Librem 5 has not been certified RYF yet. I would argue that it shouldn’t be certified RYF since I believe it has been demonstrated that Purism has an intention that the firmware be updated after purchase. IMO, the questions from Purism employees (e.g. at the time, dos) about firmware versions, followed with how to update that firmware demonstrates that intention.
Say, in respect of the new WiFi card and its firmware, that depends on whether the shenanigans with the firmware jail are acceptable in respect of RYF certification. That’s up to them not you and me.
It is always dodgy to speculate about someone’s “intention” since a poster is typically not a mind-reader.
However, it cannot be inferred that that is Purism’s intention.
The point is … the new WiFi card won’t work at all without firmware. Therefore the firmware has to come from somewhere. (This contrasts with the old WiFi card, which card is able to manage its own firmware internally.)
The clean inference is that Purism’s “intention” is that the new WiFi works at all. Hopefully that is so obvious that noone would dispute that “intention”.
I don’t know whether any customer ever has actually updated the version of the firmware in the firmware jail. (That would require that a later version of firmware even exists.)
I don’t know whether any Purism employee has ever posted actual instructions for how to do it.
If you are saying that those things have occurred then I guess the onus is on you to link to posts that demonstrate your points.
Or you could link to a post from Purism or other Purism documentation where Purism states an intention, even if not providing the resources for how to actually do it.
What can be seen - and this gets into grey areas - is that it is possible to upgrade from the old WiFi card to the new WiFi card and as part of that process you (the customer) will have to create the firmware jail with the firmware file for the new card.
In attempting to mind-read Purism’s intention, how do you separate the intention that the customer can upgrade from the old card to the new card from the intention that an enterprising customer might thereafter be able to upgrade the firmware (were a newer blackbox firmware version to become available)?
The FSF will need to infer an intention to decide whether it’s an RYF device. And certainly they will base that on evidence just as I have. Remember that Debian isn’t an FSF approved distro simply because they have a non-Free repository available (even though it is disabled by default) and FSF judged that the availability implied their intention. And the RYF exception for embedded firmware is about intentionRespects Your Freedom (RYF) certification requirements | RYF .
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
Or I can personally decide that in my judgment it is not deserving of a RYF certification. I can do that regardless of the FSF’s decision … if they ever make one. As far as I know, the FSF already decided that it wasn’t RYF and neither Purism nor the FSF has revealed this. Questions about this have been around a long time: RYF certification L5 and IMO the long wait looks bad.
If interpreted literally and strictly, that would virtually rule out all even vaguely recent Intel x86 CPUs - and it is not clear that mandating ongoing security flaws in Intel CPUs is in the interests of the customer.
Regardless though, it may be that, if using PureOS, no matter how many times you do apt up* or anything else in PureOS, you will never get either Intel microcode updates or SparkLAN WiFi card firmware updates or firmware updates for the old WiFi card.
So you can say that the intention of PureOS is that none of these things will ever get updated i.e. as per the RYF wording. If the user does a sneaky behind the back of PureOS then PureOS doesn’t stop the user doing so because, after all, the user owns his or her own computer. This isn’t a walled garden where the manufacturer decides what you can and can’t do with your computer.
So, say, in respect of Intel CPU microcode, for mind-reading the intention, you first need to decide whether you want to mind-read
Intel, or
Purism (PureOS), or
the customer.
My mind-reading says that Intel’s intention is that you really do update the microcode after obtaining the product, as and when an update is available.
As a customer, no mind-reading required. My intention would be that if a microcode update became available, I would take the update - because the horrible bugs being fixed may have a cost that outweighs the benefits of not taking the update.
(Obviously Intel microcode has no relevance to the Librem 5.)
I’m not sure why you went into Intel CPU microcode. It’s worth noting how few latops ( Laptops | RYF ) and mainboards ( Mainboards | RYF ) are RYF certified. Basically, all of the laptops are based off of the Lenovo X200. I think it’s because they use GNU-boot which, while downstream of coreboot, does not facilitate the update of Intel microcode. https://www.phoronix.com/news/GNU-Boot-Second-Fail . Certainly I don’t see any Purism laptops with RYF.
… which raises the question as to what exactly is certified. The operating system? The hardware? The company? One/all employees and contractors of the company? The repo? Any combination thereof?
Well, “missing package” tells you all you need to know. Intentionally missing package. Intention.
If you look on my phone, you will find no such desktop file, no such deb file, no firmware file.
And it is still intentionallynot distributed even today (per the official documentation).
The “Respects Your Freedom” certification program encourages the creation and sale of hardware that will do as much as possible to respect your freedom and your privacy, and will ensure that you have control over your device.
and it is designed as a promotion for retailers who sell such devices
That is why the Free Software Foundation launched this certification program, to find retailers committed to providing users with devices they can truly own.
You misunderstood. My link was for the thread and especially the message where someone included an instructions from Purism support for updating the proprietary firmware.
And then you seemed to not grasp the intention behind the code and links in Purism’s software repository for flashing firmware Librem5 / firmware-tps6598x-nonfree · GitLab (that’s the PD controller). That is intention. They also have code for flashing your cellular firmware and links to it.
I’ll replace that with “contractors”. It doesn’t make too much different in my mind.
It is my understanding that everyone who works at Purism except for the officers are 1099s (i.e. independent contractors). I suppose we could get @JCS to verify his status. I’m assuming that he is a 1099 employee, but I believe he has said that he works for Purism.
… which they intentionally make difficult by not posting the link. It is true that a customer posted a link (which was very likely not supposed to happen).
Purism support specifically requested that I do not disclose the instructions for updating the modem firmware, so I have respected their wishes until @lakei’s post mentioned above was created and after most of the original Purism support employees have already left.
That appears to have been updated to: Actually, Purism doesn’t really mind if you distribute the instructions. You are just not allowed to distribute the underlying files without which the instructions are useless.
But the instructions I have seen have links to the files from the vendor. That makes the instruction not worthless. They wouldn’t distribute the instructions if they were worthless would they?
Purism is approved by the vendor to privately/individually provide firmware update packages to fix customer issues, but these resources are not intended for public dissemination.
The firmware update documentation itself is not controlled, so I added the instructions to the official documentation for convenience, and simply omitted the links to the protected files.
