The hardware Purism produces is not RYF certified …
That is currently true. It is also my opinion that the Librem 5 should not be certified RYF.
However, what Purism is counting on is the following “exception” that the FSF specifies in regard to RYF (Respects Your Freedom (RYF) certification requirements | RYF)
However, there is one exception for secondary embedded processors. The exception applies to software delivered inside auxiliary and low-level processors and FPGAs, within which software installation is not intended after the user obtains the product. This can include, for instance, microcode inside a processor, firmware built into an I/O device, or the gate pattern of an FPGA. The software in such secondary processors does not count as product software.
For the Librem 5 Purism seems to be hoping that since the proprietary firmware is resident
to the Wifi module and the cellular modem and only runs on the processors contained
within those modules that those will meet that exemption. IMO it doesn’t because those
two modules were made with the intention to update the firmware. One might note that
there are some RYF certified USB wifi devices and USB BT devices that have embedded firmware just like the above — with the only difference is that they were made in a way that
doesn’t allow the update of the firmware.