I am selling my phone to a friend and I want to completely wipe the phone to be in a factory default state. How do I accomplish this on the Librem 5 phone?
I think what you need is “Reflashing the Phone”:
3 Likes
That depends.
Normally when you sell a phone, you don’t only want to revert to factory default state but you also want to do a secure erase on all existing content. So, for example, you really want to erase your contacts and your call log and any insecurely stored passwords and any insecure documents … well, really it’s easier just to erase the whole disk.
It isn’t obvious to me that “reflashing the phone” achieves that. (In practice it might, if you haven’t done much with the phone. In theory, I suspect it doesn’t.)
As such, I would
- boot Jumpdrive
-
shredthe eMMC drive from the host system - then reflash the phone
This will likely take many hours.
This assumes running amber or running byzantium but without full disk encryption.
Obviously also remove the uSD card if there is one installed.
A corollary: if you use full disk encryption (Byzantium), all you need to do is destroy the encryption header. The data will be unrecoverable afterwards. The destruction is guaranteed when you reflash.
1 Like
I have had to send back one of my L5 to Purism based on a RMA and I did backups and removals as:
cd /home
tar cfz home-purism.tar.gz purism
tar cfz etc-NetworkManager-system-connections.tar.gz /etc/NetworkManager/system-connections
copied over by SCP the resulting backups to my laptop and did some removals as:
syncevolution --delete-items backend=evolution-contacts --luids '*'
sudo -s
cd /home
rm -rf /home/purism
mkdir /home/purism
chown purism:purism /home/purism
rm /etc/NetworkManager/system-connections/*
At the end pulled out my SIM and my OpenPGP card and sent the L5 away.
As a general concept, definitely. It is vastly faster to securely erase an encrypted disk because of this.
However there is just a niggling concern that customers will have flashed originally without changing the underlying encryption key (i.e. without re-encrypting) - as distinct from changing the encryption passphrase - in which case reflashing before sale may not change the underlying encryption key, in which case reflashing isn’t as comprehensive as it should be.
Of course it could be argued that if you don’t re-encrypt then your phone was never secure in the first place (e.g. never secure in the event of loss or theft) but if the intention is to hand the phone over voluntarily (e.g. on sale) then that argument is not entirely satisfactory.