Basically Purism is moving towards “playing games to respect your freedom” mode instead of “exactly what the FSF probably had in mind to respect your freedom” mode, because although Purism probably has good intentions or whatever, the evil governments and corporations don’t actually want users to be able to control their wifi hardware fundamentally.
If you could control your wifi hardware or write your own firmware for it, then you would probably be able to know about what’s really going on in the information war, and that’s just outside the scope of what the powers that be want to give you.
So for a long time, like in my Librem 14, in order to count as RYF-certified Purism was shipping wifi chips that use proprietary firmware burned onto the wifi chip. So the OS doesn’t know about it, the OS can’t change it, and accordingly from an FSF standpoint of “respecting your freedom” whatever is on that wifi card is not software by their definition since it could have been wiring and circuitry for all we know.
But, as I understand it the Librem 5 pioneered the idea of “the firmware jail,” which is to say that the immutable burned memory of the wifi chip firmware was no longer included with the chip. So, Purism shipped these devices with some read only memory that contained a copy of the nonfree firmware, included on their Purism hardware, but in a place that the PureOS can pass it from the read only memory hardware into the wifi chip, thus using a proprietary and nonfree wifi firmware on a nonfree chip but inside of a “freedom respecting” device that can continue to claim to be “freedom respecting” because the OS cannot change the contents of the read only memory that moves into the wifi chip on startup.
This concept that they call “firmware jail” worked on the Librem 5s and people kept buying them and feeling free and not thinking about it – since who among us actually tries to replace our wifi drivers – and so they started shipping firmware jails on the Purism laptops and tablets now as well. Their article also suggested that PureOS has some way to overwrite which nonfree firmware is sent to the wifi chip instead of only sending the one from immutable memory, which their folks described as adding to your freedom since it puts you in control of which binary blob to choose.
I’m not sure if I believe that’s improved freedom in the FSF sense, since now we’re literally saying I’m free to choose which nonfree binary blob to run as though this were software freedom. You know, I’m also free to choose whether I want to use Windows 10 instead of Windows 11, but for some reason the FSF doesn’t endorse that kind of freedom as solving the problem of malicious software.
So, this is my understanding, but I’m just a user. I don’t write my own wifi firmware. Lately I was using a Librem 14 from before the days of the firmware jail. And, accordingly, last time I used it in a public place with wifi enabled – without me even joining any wifi network – the whole screen started to flicker like crazy. Updates to the screen would be interspersed with black gobblety gook, and when I switched off the wifi kill switch to disable networking and rebooted the machine everything went back to normal.
So, one possibility if we think about government contractors using Purism hardware, is that the government folks probably have the wifi firmware source code and benefit from being able to compile their own fork that patches vulnerabilities. And when I use my pre-firmware-jail Librem, there might be unpatched vulnerabilities in the firmware embedded in the wifi chip that can never be patched since the chip does not expose its firmware to the OS. And thus we end up in a world where everyone is equally able to replace the software on their computer, but some of us are more equal than others if they are government employees and have wifi firmware source code. And if those are the Purism customers, they prefer the freedom to replace their wifi blobs and the freedom to have firmware jail.
Long story short, lookup how to load from firmware jail on Trisquel.