Ok, thanks. Will Byzantium support configuring the smart card out of the box? So if I currently have a smart card inserted and configured in my Librem 5 running amber, will installing Byzantium configure it automatically or is that still a manual step?
It will be of yours, I think (key that is based on passwd
provided). Let me (just) provide some food for thought (not official answer): out there, within Linux Phone(s) World , there is solution called /pinephone/installer/ image (that includes, for end-user, option to enable encryption) so I’m expecting that very similar (or almost identical to the Mobian or pmOS ones) installer
type PureOS one will be available/applicable for Librem 5 as well (actually just expanding your question here), that might have another packaged “form” but that up front install or encryption setup option will be included (of course, IMHO).
And you are cherry picking. I don’t have bluetooth keyboard. I only tested 3 devices that were available to me and it worked with Laptop and only one way. I was able to receive a file sent by the laptop. But the L5 could not send anything back. It cannot pair with the other two bluetooth speakers that I have so it’s very much broken for me.
Is this the official launch? If not then I will wait.
As he says
It is fully official as long as you install from scratch instead of upgrading.
Does it flash with encryption and does it flash with a unique key?
Is there anything special with the smartcard reader in Byzantium?
I tested https://source.puri.sm/angus.ainslie/ttxs-firmware
And imported my public key.
But running gpg --card-status returns:
gpg: selecting card failed: No such device
gpg: OpenPGP card not available: No such device
I know that the phones flashed at factory are getting unique keys, but I don’t know whether that’s integrated with the flashing scripts yet (haven’t worked on that part personally). If not, you can always reencrypt it afterwards - I heard it only takes a few minutes.
Were you previously running Amber and was it previously working with Amber?
I tested Byzantium for quite sometime, so I am not sure if it would work in Amber.
If it also should work under Byzantium with this scripts (or I get no feedback) I would flash back to Amber to test it.
Did you run the smartcard_setup.sh
script?
I’m definitely not totally across this stuff myself but that script appears to create, among other things, /etc/reader.conf.d/libccidtwin
which on my phone contains among other things
DEVICENAME /dev/ttymxc2:SEC1210
and the named device exists. That script also creates a service, pcscd.service
, which appears to require a fairly specific command to run (that starts the STM32 microcontroller).
What about on your phone?
Adding: The above is on Amber. Maybe it’s the same. Maybe it’s different.
Yes, I ran the reflash and afterwards that script.
I also have an /dev/ttymxc2
Well I don’t want to break my rare linux phone so I should probably wait for instructions from the company.
I’d expect that Purism eventually create a way to reflash/upgrade the phone from Amber to Byzantium without having to use a USB cable and a “workstation”, i.e reflashing/upgrading on the phone “in place”. Anything less than that is frankly unacceptable from a user point of view. You should not need a separate computer to get the upgrade / reflash to Byzantium if you’re currently on Amber.
Upgrading from amber to Byzantium could probably be done very easily without an other computer if you don’t care about encryption
But adding encryption to the whole disk in the process, there is no easy way (their reflashing solution IS the easy way)
Maybe you could use a livecd/liveusb on the L5 and then proceed from that live launched OS
Did someone already tried a live OS from CD or USB on the L5 ? which OS ?
Would it be more acceptable for you @tq44 ?
Unless you have a dock for it, I think it would be nightmare-ish to do it from the phone in a live OS
I am too used to rolling release distros.
Does anyone know any good article that describes how Debian (and therefore PureOS) schedules it’s releases and how they are determined?
https://www.debian.org/releases/
This gives a little info, but I am more interested in the why. What I mean is, with Arch, a program is updated, a developer packages it, and the user downloads the updates.
But with Debian, who decides, and why, that program X version 10.x will go into testing, but 9.0.1 bugfixes still get into stable?
I feel like I don’t understand it enough to even ask the correct question.
Is updating from Debian 9 to 10 just a matter of changing repos in /etc/apt/sources.list
?
Yes, that was the point of my first sentence
When you do that it only upgrades the packages versions, so you could go from amber to byzantium the same way (if Purism made it possible, I didn’t tried it)
But it can’t provide the encryption of the full disk at the same time, you have to set the encryption when installing the OS
The L5 should have had encrypted disk when shipped, that was one of the initial security promise, but Purism decided to ship the L5 before full disk encryption was available (I’m glad they did ! )
Now for those who received it with amber (non-encrypted phones), they will have to go to the reflasing process IF they want the secure phone they expected
I didn’t tried the reflashing script yet but, connecting the L5 to a computer and executing a script to install byzantium with full disk encryption seems to me pretty neat