Unlike our Android and Apple phones, the Librem 5 will come with root privileges out of the box. It wasn’t until after I irretrievably damaged my PC OS (both Windows and Linux) several times, and re-installed the OS from scratch several timed, before I got really good at hacking on my pc to be able to fix almost anything and to make a pc do things that most people never learn how to make a pc do. You make a lot of mistakes before you get good at something. Sometimes damage to an OS can’t be fixed using a keyboard alone. Getting your Librem 5 phone to do new things that have never been done before should be half of the fun of owning the phone. With Apple and Android you’re safe. You are locked out of doing anything that might damage the OS.
So here is my question. With the Librem 5, when (not if but when) you mess up your OS beyond being able to fix it, will there be a relatively easy way for the phone owner to reinstall the OS from scratch, or will the phone have to go back to Purism for repair? If the user can reinstall the OS, how will it be done (USB to pc, JTAG, serial connection, something else)? If not, will Purism do these OS re-install repairs for free?
So apparently, the USB port will be bootable and we will have access to an ARM version of PureOS to build an installation media with? For those in the Aspen batch, the shipping window is near the end. If I were in the Aspen batch and had received my phone yesterday, I might be in need of re-installing the OS today. Has Purism already posted the Librem 5 image somewhere yet? Note: I don’t expect to have my phone until Evergreen. But some people should be needing this support sometime very soon, assuming that there was an Aspen batch.
In general I would be interested on the partition layout of the EMMC. As outlined in one of my blog postings, modern smartphones have quite many partitions. The worst thing you could do with root privileges (and I’ve actually done it once to a phone) is to damage the (GPT) partition table or even erase the whole EMMC. In this case, you need images with the contents of all partitions plus the GPT header.
If there was some recovery system you could boot on the Librem 5 from USB to reflash the EMMC completely from some image that would be great. However, booting stuff from USB without proper verification is a security issue and I haven’t read whether and how this is going to be addressed on the Librem 5 yet.
I don’t think there is a publicly available Librem 5 image for download yet, but I expect it will show up relatively soon.
You absolutely won’t have to send your phone to Purism to reinstall the OS. They know people want to tinker and also try out Plasma Mobile and UBports instead of PureOS - so that requires being able to install things yourself.
Until the image is publicly posted, I’m sure phone owners could email support and receive an image.
There are images automatically build by the Jenkins CI which are named “librem5 amber-phone image”. I would assume these are for the phone (there are also different images for the devkit). Additionally, there are settings files flashing the phone in the librem5-devkit-tools repository. The process is documented for the devkit in the developer documentation but maybe its the same for the phone. Its not very user friendly (but meant for developers anyway) but I guess Purism will develop an easier system later. Of cause all of this is speculation since its no where officially documented for the phone and at least I do not have phone to test it…
The process for the phone is modeled after the process for the dev kit.
Booting over USB or microSD will not be supported by default (while it is a Linux phone, the lower levels are not very similar to x86 PCs yet), which gets rid of most accidental bricking issues and any potential security problems.
Flashing the image will be done by attaching the Librem5 to another computer, and running the flashing program with a downloaded OS image there. This will be doable even with a totally wiped L5.
The partition layout is pretty simple on the current images: MBR partition table, a boot loader at a magic location, a /boot partition, and a root partition. There’s been some work to get the boot loader into an area more difficult to brick and allow GPT, but it stalled.
PS. Booting from USB/SD will not be impossible, but it will need some boot loader changes which we so far aren’t planning to have.
Even for non-tinkerers there needs to be a documented process that is feasible for a sensible but non-technical user to use to blow everything away and start again.
A related question might be: Come the day, hopefully many years down the track, that someone wants to sell a Librem 5, what is the procedure for securely erasing everything and starting again?
Despite the fact that it might be difficult for anyone except Apple to completely stuff your iPhone, both of the above questions have simple user-friendly answers on the iPhone. (However I am not clear on whether Apple really understands “secure erase” and being closed source there is no way to verify.)
Is that Linux only or is it available for Windows too? I doubt many early adopters will care whether it is available for Windows but eventually …
That’s 50% funny - 50% sad.
On the threshold of my last device escaping the clutches of Big Tech, and the phone is stuck with something rather limited and introduced by Microsoft? IBM? in the early 80s.
What’s wrong with MBR? If the device really has just 3 partitions and 32G of eMMC flash to partition? MBR uses less spaces and thus leaves more space for u-boot and stuff. Using GPT just because it’s more “modern” is not a convincing argument for me in this case.
Anyways, if you really erase the EMMC device (e.g. with dd) I see no way to recover from that if you can’t boot from USB/microSD unless the lower-level bootloader that runs before u-boot (stage-0?) allows for booting some image supplied via the usb (cable) connection. But then, I wonder how this is going to be secured since such bootloaders are typically tiny and lack the capability for cryptographically verifying payloads.
I assume it works more or less the same as it does on a certain Android phone where I have completely removed Android and installed Ubuntu.
The benefits of GPT over MBR, and the reasons for its introduction, are well documented. I have no doubt that in this specific device at this time MBR is adequate. However my comment was more whimsical than intended for serious analysis regarding the differences.
I wouldn’t think that a recovery partition on the phone would be a good idea. I would rather use that space for something else that is useful for more user memory. With an open phone, why not just use the lowest level possible of a bit-by-bit transfer to erase and re-write the drive space (I know it’s actually flash memory space). The boot loader could live somewhere else (another chip) and be just barely smart enough to facilitate restoring the main drive space from an external pc. I don’t care about Security of the physical access (as opposed to remote hacking). If the police ever take my phone away from me, it’ll never have anything illegal on it anyway.
The phone would be stuck if it was impossible to change. But it is. The need for MBR comes from where low-level, booting code (the one you can’t change because it’s burned into the CPU) works. But this can be overridden, like the effort I linked. Want to change it - come and help.
What do you mean by that exaclty? If you install UBPorts, afaik only a few of the partitions (boot, recovery, system, data and cache) get flashed. The bootloader, the GPT and other stuff (such as radio) remain untouched.
What I was talking about is if you zero the eMMC. If I understood you correctly @dcz, the low-level boot code expects to read data from one of the MBR partitions (probably to load the next bootloader such as uboot). However, if I wipe the whole eMMC, this data won’t be there anymore. Since the device also seems to have an SPI NOR Flash (at least the devkit), I assume it will boot from there. But will the final phone also have that?