I actually think that it is the FSF that has been misleading people, rather than Purism. The FSF should make it clear to the public that its RYF certification allows for secondary embedded processors running proprietary firmware, and that RYF devices may store that firmware in a separate storage location from the main file system. If people understood what the actual rules of RYF are, then they wouldn’t accuse Purism of deceiving them, but the FSF didn’t want to talk about its secondary processor exception, so it leaves the device manufacturers in the horrible position of having to explain to the public that the RYF certification isn’t what they think it is. If a device manufacturer says publicly that RYF devices are allowed to have proprietary firmware in its separate components (WiFi/BT, cellular modem, GPS, USB controller), then it appears to be contradicting the public messaging of the FSF, because the FSF failed to explain the RYF rules properly.
The problem is that that isn’t how hardware works in the modern world. Yes, there are some components that may never need a firmware update, but many components, such as the CPU, GPU, cellular modem, GNSS, WiFi/Bluetooth, etc., do need firmware updates not only for security reasons, but also to stay current with updating standards. Using a buggy processor with the same microcode from 2008 in 2022 is incredibly wrongheaded. The standards for WiFi and cellular modems are so incredibly complex and changing and require their own processor and operating system, so it harms the user and the environment to demand that these components can’t be updated.
Let’s take the example of the BM818 modem, which will probably need firmware updates in order to be able to support VoLTE. If we interpret RYF rules to say that no proprietary firmware updates are allowed, that means that people will have to prematurely junk their devices and keep buying new ones just to get the latest firmware, which is a huge waste of resources and will make most people avoid buying RYF devices, since they simply aren’t useful. A phone that can’t be upgraded to support VoLTE when the 2G and 3G networks are being shut down and a PC that can’t be upgraded to plug the latest security holes like Meltdown and Spectre become useless ewaste.
I was very concerned about these problems when I wrote the FSF asking it to clarify whether RYF allows upgrading of proprietary firmware, since the text is ambiguous on this point, when it used words like “intends” rather than clear language like “not allowed”. Despite repeated emails the FSF never answered me. Maybe the FSF is so disorganized, that there is nobody answering emails at licensing@fsf.org, but I suspect that people at the FSF know that it is insane to not allow firmware updates, and nobody wants to deny the Librem 5 RYF certification for reasons that make no sense in the real world, so they simply refused to answer my question.
I don’t know who is making the decisions at the FSF, but the organization simply does not function when it can’t even answer clear questions about its RYF certification rules. Even Leah Rowe, the founder of Libreboot, thinks that the RYF criteria has major problems. She writes:
OSHW and Right To Repair are not covered at all by RYF (FSF’s Respects Your Freedom criteria), the criteria which Libreboot was created to comply with. RYF also makes several concessions that are ultimately damaging, such as the software as circuitry policy which is, frankly, nonsensical. ROM is still software.
The worst part about the RYF rules is that they often hinder people from working on freeing the firmware (as Leah Rowe and @nicole.faerber point out), which should be the whole point of a RYF device in my opinion. Looking at how much progress the community has made on freeing the firmware for the Quectel EG25-G modem in the PinePhone, I really have to question whether locking away the firmware in separate inaccessible chips and not allowing firmware upgrades is actually counterproductive to our cause. As Nicole Faerber says, we should have criteria for firmware, rather than pretending that it is unchanging hardware, which is frankly denying reality and does nothing to make our devices freer.