It’s not “most of the phone”. It’s technically a full working pocket PC with (optional) functions of smartphone and wireless communications.

But it’s marketed as a phone, not a computer with phone attachments. This is especially the case since the L5 comes with those things installed.

It’d be one thing if they sold the L5 as a RYF-certified computer with optional non-certified modules for cellular and bluetooth connectivity, but they don’t. They sell it as a mobile phone.

They still will be able to sell it as a mobile phone. It works like one. Just that the certification does not extend to the phone, but only to the computer.

Are you able to use an external SSD with proprietary firmware together with an FSF-certified laptop? How about an external proprietary WiFi module? Will the laptop loose the certification if you sell them together?

Right, but I think being told “it’s a RYF-certified computer with phone attachments” would be a bit of a rude awakening to people who care about such things, especially with how hyped the L5’s openness is. As it turns out, I’m not one of those people, so maybe I have it wrong.

I honestly have no idea. But selling them together isn’t the issue, it’s selling them as a coherent system. Hence, “most of the system” is RYF certified.

I actually think that it is the FSF that has been misleading people, rather than Purism. The FSF should make it clear to the public that its RYF certification allows for secondary embedded processors running proprietary firmware, and that RYF devices may store that firmware in a separate storage location from the main file system. If people understood what the actual rules of RYF are, then they wouldn’t accuse Purism of deceiving them, but the FSF didn’t want to talk about its secondary processor exception, so it leaves the device manufacturers in the horrible position of having to explain to the public that the RYF certification isn’t what they think it is. If a device manufacturer says publicly that RYF devices are allowed to have proprietary firmware in its separate components (WiFi/BT, cellular modem, GPS, USB controller), then it appears to be contradicting the public messaging of the FSF, because the FSF failed to explain the RYF rules properly.

The problem is that that isn’t how hardware works in the modern world. Yes, there are some components that may never need a firmware update, but many components, such as the CPU, GPU, cellular modem, GNSS, WiFi/Bluetooth, etc., do need firmware updates not only for security reasons, but also to stay current with updating standards. Using a buggy processor with the same microcode from 2008 in 2022 is incredibly wrongheaded. The standards for WiFi and cellular modems are so incredibly complex and changing and require their own processor and operating system, so it harms the user and the environment to demand that these components can’t be updated.

Let’s take the example of the BM818 modem, which will probably need firmware updates in order to be able to support VoLTE. If we interpret RYF rules to say that no proprietary firmware updates are allowed, that means that people will have to prematurely junk their devices and keep buying new ones just to get the latest firmware, which is a huge waste of resources and will make most people avoid buying RYF devices, since they simply aren’t useful. A phone that can’t be upgraded to support VoLTE when the 2G and 3G networks are being shut down and a PC that can’t be upgraded to plug the latest security holes like Meltdown and Spectre become useless ewaste.

I was very concerned about these problems when I wrote the FSF asking it to clarify whether RYF allows upgrading of proprietary firmware, since the text is ambiguous on this point, when it used words like “intends” rather than clear language like “not allowed”. Despite repeated emails the FSF never answered me. Maybe the FSF is so disorganized, that there is nobody answering emails at licensing@fsf.org, but I suspect that people at the FSF know that it is insane to not allow firmware updates, and nobody wants to deny the Librem 5 RYF certification for reasons that make no sense in the real world, so they simply refused to answer my question.

I don’t know who is making the decisions at the FSF, but the organization simply does not function when it can’t even answer clear questions about its RYF certification rules. Even Leah Rowe, the founder of Libreboot, thinks that the RYF criteria has major problems. She writes:

OSHW and Right To Repair are not covered at all by RYF (FSF’s Respects Your Freedom criteria), the criteria which Libreboot was created to comply with. RYF also makes several concessions that are ultimately damaging, such as the software as circuitry policy which is, frankly, nonsensical. ROM is still software.

The worst part about the RYF rules is that they often hinder people from working on freeing the firmware (as Leah Rowe and @nicole.faerber point out), which should be the whole point of a RYF device in my opinion. Looking at how much progress the community has made on freeing the firmware for the Quectel EG25-G modem in the PinePhone, I really have to question whether locking away the firmware in separate inaccessible chips and not allowing firmware upgrades is actually counterproductive to our cause. As Nicole Faerber says, we should have criteria for firmware, rather than pretending that it is unchanging hardware, which is frankly denying reality and does nothing to make our devices freer.

Couldn’t FSF certify the device without the WiFi and modem cards?

Doubtful. For example, the FSF doesn’t endorse Debian because Debian has
a non-free repository. Debian’s non-free repository is not default and not required,
but FSF takes offense at Debian providing it at all. The FSF is not always consistent,
but if one applies that same standard to the Librem 5, it shouldn’t be RYF certified in
my opinion.

I actually think that it is the FSF that has been misleading people, rather than Purism. The FSF should make it clear to the public that its RYF certification allows for secondary embedded processors running proprietary firmware, and that RYF devices may store that firmware in a separate storage location from the main file system.

The FSF has made that clear. I cited that exception above. Questions on Bluetooth

What the FSF hasn’t made clear is what they mean by “… within which software installation is not intended after the user obtains the product”. I take it to mean that the user can not
update the firmware without going through an unusual means (e.g. buying a chip
programmer/flasher). I think the ease with which one can update the firmware on
the modem and wifi card for the Librem 5 shows that firmware updates are “intended
after the user obtains the product.”

Yes, it is clear if you take the time to read the FSF’s RYF certification requirements web page, which the vast majority of people won’t do.

However, it is not at all clear from the FSF’s main RYF page:

Respects Your Freedom Certification

The “Respects Your Freedom” certification program encourages the creation and sale of hardware that will do as much as possible to respect your freedom and your privacy, and will ensure that you have control over your device.

The desire to own a computer or device and have full control over it, to know that you are not being spied on or tracked, to run any software you wish without asking permission, and to share with friends without worrying about Digital Restrictions Management (DRM) – these are the desires of millions of people who care about the future of technology and our society.

Unfortunately, hardware manufacturers have until now relied on close cooperation with proprietary software companies that demanded control over their users. As citizens and as customers, we need to promote our desire for a new class of hardware – hardware that anyone can support because it respects your freedom. That is why the Free Software Foundation launched this certification program, to find retailers committed to providing users with devices they can truly own.

Nor is it clear in the description on the “About the Respects your Freedom Program” page:

The “Respects Your Freedom” certification program certifies retailers who sell hardware in a manner that respects the rights of their users and that comes with only freedom inside. In order to gain certification, retailers go through a rigorous review process, in which the Free Software Foundation reviews every aspect of the user experience, from initial purchase through flashing modified versions of firmware. At every level, the retailer must adhere to the program’s strict certification criteria, ensuring that users are never even directed to nonfree software or documentation.

Once they have gained certification, vendors are granted the privilege of using the RYF certification mark on the certified device and associated sales pages. The device is then listed here on our site to make it easy for users to find devices they can trust. Of course, the retailer must continue to adhere to the program’s criteria in order to maintain their certification. If you think there may be an issue with a currently certified retailer, don’t hesitate to let us know at report-nonfree@fsf.org.

Nor did the original press release in 2010 explain the secondary embedded processor exception:

The FSF’s criteria seek to cover all aspects of user interaction with and control of a device: they say the hardware must run free software on every layer that is user upgradeable, allow the user to modify that software, support free data formats, be fully usable with free tools, and more.

FSF license compliance engineer Brett Smith said, “Every software component needed to produce endorsable hardware is now available. We have several GNU/Linux distributions that only include free software, and are completely functional on the right hardware. We have the LinuxLibre kernel that does not include nonfree microcode. And we have cutting edge mobile platforms like Android and MeeGo that are based on free software. In the past we’ve spoken to manufacturers who were interested in making free software-friendly hardware, but they worried about connecting with customers. With our endorsement mark and the strong criteria that back it, we plan to bridge that gap and demonstrate to manufacturers that they stand to gain plenty by making hardware that respects people’s freedom instead of curtailing it.”

I have been following Linux hardware for the last two decades, and I had no clue that RYF devices allowed proprietary firmware until I actually went looking for the RYF certification requirements a couple years ago. We just had a whole discussion on this thread from people who didn’t understand that having proprietary firmware running on secondary embedded processors is allowed by RYF, which is proof that the FSF has done a poor job of explaining to the public what the RYF certification actually means.

You raise a good point. I would completely agree with you If RYF aimed for devices that do a reasonably good job Respecting Your Freedom after considering the components currently available on the market.

But that is not what RYF aims for. RYF aims for devices that really Respect Your Freedom, and updating firmware binary blobs are not compatible with that. If manufacturers care about the RYF standard, then they should eliminate the blobs and provide the firmware source code, and we should try to help make that happen, rather than trying to pressure FSF into abandoning its standard.

FSF has always been radical, and that is what’s special about them. It would be sad to see them fall into resignation that no hardware manufacturers will ever free their firmware.

I deeply appreciate the work Purism is doing, and we need them to keep pushing the boundaries of device-owner freedom, but they cannot do it alone. Chip manufacturers are becoming increasingly crucial to the existence of freedom-respecting devices. The appropriate answer for “Purism can’t reach this unrealistic standard” is not “abandon the standard,” but should be “component manufacturers must change their practices and release the source code for their firmware.”

I would agree with you if you can point to empirical evidence that the RYF as it currently stands is causing any firmware to be freed. As far as I know, there are no examples of RYF actually causing a company to free its firmware. In contrast, I can point to the EG25-G modem as an example where the firmware is being freed because the PinePhone was designed so it was easy to update the firmware and the community was encouraged to hack it. In contrast, we still don’t have instructions from Purism how to update the firmware on the BM818 modem on the L5.

Let’s be realistic. No company is going to release the firmware for a cellular modem, WiFi/Bluetooth or GPU chip out of fear of being sued due to patent violations. It is basically impossible to implement these chips without violating patents, so everyone tries to hide the details as much as possible so their competitors don’t have proof that they are violating their patents.

On the other hand, we do have some hope of actually getting hardware manufacturers to comply with the criteria that @nicole.faerber laid out, so we are much better off demanding something that is obtainable.

At this point, RYF is mostly certifying rebadged antiquated hardware like Thinkpads from 2008, which doesn’t nothing to actually change the hardware industry. If the FSF wants to have any power to influence actual hardware makers and convince them to improve their practices, it must be willing to work with companies that are producing NEW hardware, because they actually have the power to talk to component suppliers and try to convince them to change their behavior. However, making a standard which is impossible for new device makers to comply with means that every company is just going to throw up their hands and say “it’s impossible to work with the FSF, so why even bother trying.”

it is important that we have a RYF standard that allows companies to do business in the real world if we want more documentation from hardware companies, firmware which we have a legal right to distribute and include in distros, firmware which doesn’t need to be executed by the CPU used by the principal operating system, more companies that are willing to collaborate with the FOSS community and reference designs that can be used in open hardware schematics.

If the RYF is interpreted to mean that no proprietary firmware updates are allowed, then we have zero chance of any new computing devices being produced with cellular modem/GNSS or WiFi/Bluetooth chips in them. We might see a Lulzbot 3D printer and other oddities like that, but we will never see a new laptop, tablet or phone with RYF certification, which basically makes RYF pointless, because it isn’t achieving any change in the real world.