It has been a while since I posted here (marriage tends to do that to priorities in life), but I thought some of you might enjoy this one.
I stumbled across the “Bootloader Unlock Wall of Shame”, when researching how to unlock a phone, where mobile phone makers are ranked in the categories of “Just terrible!”,”Avoid at all costs”, “proceed with caution” and “Safe for now”.
This list struck me as odd, because the Librem 5/Liberty doesn’t fit any of those categories. Purism’s phones are effectively “Safe forever”, because they don’t even have bootloader locks, so there is no way that Purism can take away your right to unlock them.
I filed a bug report, asking that a “Safe forever” category be created for Purism and Pine64. You can read my bug report here:
The whole idea of locking the bootloader seems alien to the FOSS world, because security is based on transparency and the ability of the user to verify if something has been changed in the system. There can be arguments as to which approach to security is “better”, based on your perspective, but I know that I prefer to live in a world based on transparency and user empowerment, rather than a world that is locked down at the behest of a small number of giant tech corporations.
Both Pinephone, PinephonePro it has a Libre Bootloader, however Librem 5 do not have a Libre Bootloader but unlocked, so Pinephone can not be on same level as Librem 5.
Lock, Unlock, Libre
I would be careful in any attempt to put any Pine devices in the “Safe" category for anything. Perhaps Purism might not want to not be listed in the same category as Pine. Pine appears to want to ride on Purism’s development work and to sell their phones as very inexpensive. But the Pine Phone is not designed with security in mind. The Pine products are only “free” (as in no Google, no Microsoft, no Apple) because the business interests of those companies are not represented in the Pine phone. But that doesn’t mean that Pine cares to preserve your privacy. There are firmware blobs and other proprietary elements built in to the Pine phone design because the Pine company doesn’t care that they are there. Beware ! The Pine phone is only as safe as it has to be to remain low cost and not blatantly ignoring major security issues that most people care about. Purism’s Librem and Liberty phones border on being radical when it comes to security. But we can at least trust their products’ Security and privacy issues.
What you say may be true in more general contexts but the context here is exclusively “bootloader unlock”.
So either it’s not locked out of the box or it’s locked out-of-the-box but you can unlock it or it’s locked out-of-the-box and that’s the way it is staying.
And it relates only to the very low level / early boot code and process. Before blobs and dodgy drivers or even kernel bugs are even relevant in most cases.
Yes, Lost-Entrepreneur439’s decision to lock the issue really was the coward’s way to end the discussion. I would have responded that locking the bootloader is not the only way to provide security for a phone, and Linux phones whose only proprietary code is their firmware do have some security advantages compared to phones whose principal repository is filled with malware.
To use Lost-Entrepreneur439’s logic, the vast majority of PCs and servers on the planet are inherently unsafe because they don’t come with the bootloader locked by default. Most of the 4.23 million people using official LineageOS builds are also unsafe, because most of them haven’t relocked their bootloaders after installing LineageOS, but apparently that is OK, according to Lost-Entrepreneur439.
