Language Selection

English French German Italian Portuguese Spanish


Syndicate content Purism
High-quality laptops that protect your freedom and privacy
Updated: 13 hours 55 min ago

Purism’s CEO Todd Weaver Testifies at California Congressional Privacy Commission

Thursday 21st of February 2019 12:09:34 AM

Thank you Chairman Chau and committee members.

My name is Todd Weaver, and I think you’ll find I’m an unusual witness here today, while I may be sitting side-by-side with impressive privacy protection groups, I am here as the CEO of a rapidly growing technology company based in California.

I am here calling for much stronger consumer privacy protections – starting with giving consumers the power to opt IN rather than opt OUT of sharing their personal data.

I am here to tell you it’s time for California’s extraordinary tech industry to stop harvesting and “sharing” our most personal private data without our meaningful consent and knowledge.

I am not here to tell you AB 375 (or stronger) protections are tough to implement, history is filled with wrongdoers complaining that doing right will put them out of business only to comply and thrive later. Incidentally, this same tech industry complained about Europe’s GDPR that certainly did not put them out of business.

I am here to tell you the new law (or stronger) is easy to technically comply with – if we companies simply begin to honor our customer’s privacy rights and design our services to be privacy-protecting rather than privacy-exploiting.

I started Purism, when I came to realize that my two young daughters, like all children, need convenient products and services that protect them, rather than exploit them.

As a technologist, I understand painfully well how much the technology sector can exploit my kids with ease.

That’s why I started this social purpose company founded on privacy-protection principles. Purism is already manufacturing in California and assembling these laptops shown right here, including the operating system, applications, and bundled services.

We will also this year be manufacturing a privacy-designed phone with bundled services that comply with AB 375 and go even further with opt-in by default for all offered services.

We have been growing by triple digits annually, reflecting the huge built up consumer demand from parents and professionals and enterprises just like you who simply want to keep their and their children’s lives private and secure.

This is done by a simple approach: privacy by design.

As AB 375 seeks to make clear, privacy is a right, and your every location and every communication and every webpage and every search stored permanently should not be exploited to use needed services online.

I strongly suggest the time has come for Californians to take back their constitutional right of privacy on the Internet, and urge you to substantially strengthen the privacy protections afforded by AB 375.

For your and my childrens’ sake, Thank you.

The post Purism’s CEO Todd Weaver Testifies at California Congressional Privacy Commission appeared first on Purism.

How Purism avoids the FaceTime™ remote camera viewing

Friday 15th of February 2019 07:59:56 PM

With the Major iPhone FaceTime bug that lets you hear the audio of the person you are calling… before they pick up, it’s probably a good time to remind everyone how Purism gives you peace of mind – because with Purism, your device protects you by default.

Hardware Kill Switches.

What this means is that there’s a physical switch that severs the circuit to your webcam and microphone.

Because you cannot really trust software you cannot verify. And since Apple’s FaceTime is not Free Software – with its source code released so that anyone can verify their security claims, like the one we use at Purism – how can you trust what cannot be verified?

At Purism, both our Librem laptops, and the upcoming Librem 5 phone include this rather simple switch, that makes it remarkably easy to guarantee that the camera and microphone have no electrical circuit enabled.

See? Powerful simple privacy protection built into all Purism products by default.

The post How Purism avoids the FaceTime™ remote camera viewing appeared first on Purism.

How to Avoid the Frightful 5 Big Tech Corporations

Tuesday 5th of February 2019 05:12:24 PM
So you’re wondering…

You’re starting to question the moral values of Big Tech. You and your friends probably have a growing feeling of creepiness about the tech giants who have — like a poorly-acted villain — told you one thing, and given you another.

Society – all of us – was told by these rising tech giants that “Everybody’s doing it, it’s easy: just do it,” and even though the masses – again, all of us – were skeptical, also generally thought, “Okay, I may be the product… but I am in control.” Until, of course, you weren’t in control.

Big Tech have two business models: one is to exploit your private life for profit, the other to lock you into their products and services. Some even have both. Consequently, nearly everyone wants to leave Facebook – it’s just that nobody wants to leave it for Facebook 2.0. And that highlights the larger, deeper, and more menacing issue in digital society: that your digital civil rights are under constant, relentless attacks from Big-Tech.

Why is that?

That’s because Big Tech have a legally bound requirement to exploit you to maximize profit. They have been structured specifically to lock people up, to make it impossible to leave. Society’s technology genius is not lacking, its moral genius is.

Big Tech is rotten to the core, they’re maximizing shareholder value without values. And that has to change.

Is it changing?

Counter to every attempt by Big Tech, you still do retain the control to switch away from platforms under their control. Leaving the harmful tech companies is a process of recognizing what is abusive in your relationship with them – and theirs with you; switching to something that aligns with your core values will bring you joy. If everyone used, bought, and shared ethical products, we would all be living in digital utopia.

Avoiding Big Tech that harms you is much easier when you know what you actually want.

What do you want?

Like most people, you probably want convenient products that allow you to participate in digital society, products where you are also respected and protected by default. And you probably recognize that the current tech giants will not — and cannot — provide that.

I created Purism to solve this giant problem. We are solving it. And with your support, we will advance the digital civil rights movement. One that changes technology for the better.

What model can compete against Big Tech?

The steps it takes are pretty clear: and even though they are difficult, Purism is farther along than you may currently think. We have the momentum to realize our dreams, here is our model:

Step #1 is simple: avoid Big Tech in products and services.

Step #2 is to manufacture hardware without purposeful backdoors that exploit users, and therefore society.

Step #3 is to release all software source code under Free Software licenses, designed to protect and respect society

Step #4: Focus all development on values that better society, ensuring individual digital civil rights are fully respected.

And finally step #5, to release services that do not exploit, do not lock-in, and do not control people.

Doesn’t that sound like a really good business model in, and for, technology?
“Maximize Society’s Values.” — Todd Weaver, Purism SPC
sounds an awful lot better than the current Big Tech model,
“Harm People for Profit.” — Big-Tech.

This rotten core of locking people into products and booking them into an exploitative platform needs to become a thing of past regret.

Social purpose companies mean advancing social good first, returning the power to the people.

Decentralized protocols mean decentralized power, returning control to the people.

Free Software means freedoms that benefit society, returning control to the people.

Secure hardware means private data is kept private, returning control to the people.

And all this means any future product or service that you use or join must be from an organization that does social good, uses decentralized protocols, that advances freedom in software and security in hardware. Can you imagine how awesome society will be if technology does all that?

It’s within your power to help society – by avoiding Big Tech, by using products and services that respect your digital civil rights.

Thank you.

Learn more about Purism products that do all this.

For more information on what Purism is doing across hardware, software, and our upcoming services, subscribe to our newsletter:


You will receive an automated e-mail you will need to reply to to confirm your subscription.

The post How to Avoid the Frightful 5 Big Tech Corporations appeared first on Purism.

Purism announces a partnership with GDquest to develop adaptive game tutorials

Monday 4th of February 2019 07:14:45 PM

We are happy to announce our forthcoming partnership with GDquest – one that we hope will make the world a happier, more fun place.

Libre/indie game designers might like to know that Nathan Lovato – game design expert, founder and game design instructor at GDquest – will be making a series of tutorials, explaining how to make adaptive games with high-quality libre game engine Godot; tutorials showing how games can both be created and released on the Librem 5 smartphone, and later submitted to the PureOS store.

The first of the three video tutorials will focus on how to create a mobile game for GNU/Linux. It will also help conceive and design a 2D mobile game, and tackle design issues that are unique to mobile games – such as having a small screen, dealing with touch controls and any performance and usability issues. By loading Flossy Gnu in Godot, the tutorial demonstrates how these performance and usability issues are to be addressed. Specific tips for GNU/Linux in general, and for the Librem 5 in particular, are of course also to be noted and discussed.



The second tutorial will deal with sideloading your newly created game onto your Librem 5, starting by demonstrating how to build “Flossy Gnu” on your Librem laptop – or on any other GNU/Linux laptops; how to copy and install it onto your Librem 5 smartphone, play it – and hopefully have plenty of fun with it. It’ll also suggest how to install a new build when you update your game.

The third and last (but not least) video tutorial will be all about publishing to the PureOS store. It’ll demonstrate how to publish source code and assets for a reproducible build, and how to submit the game for inclusion in the PureOS store after that.

GDQuest is producing more tutorial videos as part of their ongoing crowdfunding campaign. There are only a few days left to back the project. Join us in supporting them!

Get in touch with Nathan Lovato at GitHub, at GDquest, or at his pro SNS account

Image credit: MooGNU Copyright 2012 /g/ CC-BY-3.0

The post Purism announces a partnership with GDquest to develop adaptive game tutorials appeared first on Purism.

Purism Origin Story

Thursday 31st of January 2019 05:37:37 PM

One of the most common questions we get asked is why I started Purism. And given the growing importance of Purism’s mission amid the barrage of news about how large tech companies are surveilling and exposing their users, it seemed like an opportune time to share our origin story, and why I felt it was important to create this alternative to the status quo.

When my first daughter was born, in 2007, her birth had a profound impact on me. Like many parents, I was instantly catapulted into a stance of protection over my child, and felt the weight of responsibility for this little person’s life.

My second child was born 20 months later in 2009, only multiplying the impact my decisions would make on our family.

There are so many issues one must consider as a parent. Parenthood is possibly the single most philosophical decision-making journey a person can undergo, so it should come as no surprise that as new parents, my wife and I were researching decisions from diapers to food, housing, clothing, school districts and… technology.

And as I’ve come to find, that last topic has become the most critical one over the last decade. Like a lot of parents, I set off to research what technology choices could be made for my children as they would grow to adulthood.

But unlike a lot of parents, I am an expert on software, hardware, and what goes on behind the curtain to bring these products to market. And I know it’s not pretty.

As my children were growing, I could see that within a few years they and their friends would be wanting a mobile phone; they would want to use Internet services to chat, record personal videos and share experiences with friends. Like most parents, I had questions and concerns about the current state of big-tech products and services, about their exploitative business practices.

But, unlike most parents, I knew at that time there was no way to change these companies, no way they would come to embody important moral values like respecting me, my kids, and their friends.

I then thought, so what tech future would I like to see instead? What would that future look like for me, my family, for my kids’ friends? What would that look like for all of society? For example, what would be needed for owning a mobile phone that fully respected our rights to privacy and freedom?


So deeper and deeper I went, to dissect and answer that question to the fullest possible extent. Let’s take a simple request that combines a lot of issues into one: “I’d like that, when I am chatting with my child, there’s actually only the two of us in the conversation.”

This should be so simple – but it is nowhere near the case. At each layer of the existing mobile phones, that conversation is shared with a growing list of participants who have unfettered access to my, and my child’s, digital life.

The application author [Facebook (and its subsidiaries, Whatsapp, Instagram), Snapchat, et al.], even with unverified encryption in a proprietary app, controls that data. The operating system vendor (Apple or Google) controls that data. The network provider (Sprint, AT&T, Verizon, et al.) controls that data. And, of course, governments also have influence over any of those organizations. And so this is one ugly tech stack of privacy invasion, a gordian knot to unravel simply in order to have a private conversation with my child.

I could certainly elaborate, providing example after example of simple requests that are impossible to accomplish with today’s mobile phones, but will summarize it in the following list: GPS location data permanently stored and shared, all photos, videos, and message history also stored and shared, browsing searches tracked indefinitely, every interaction with every person ever, never deleted – just to name a few of a mile-long list of issues.

These tech-stacks of exploitation were not really built by accident. They are wired into the business models of every tech company in the space; not a single one advances moral values over their shareholder value. And so I knew there was no way to get to have individual freedom and control from the current phone hardware or from its OS vendor (Apple or Google). I unfortunately knew there was no way to respect the digital civil rights of society by playing the silicon valley exploitation game.

That to solve all these problems with technology, I would have to start from scratch.

I also knew that starting with a mobile phone (without immense silicon valley investment) would be very difficult, so I had to come up with a plan. I needed to start from the ground-up. I needed to create an ethical computer manufacturing company first, and then expand.

So I set off and wrote a business plan:

That all was the original plan for Purism in 2014. Let’s measure the progress: Laptops, check. OS, check. Endorsements, check. Iterate, check. Phone campaign, check. App store, check… And starting in 2019 – the year of ethical services bundle (coming soon) and of the delivery of the Librem 5 phone.

2019, the year my children will own a mobile phone that protects them.

2019, the year I will have accomplished a major goal I set out to, nearly 5 years ago.

2019, the year we spread technological social good from tens-of-thousands to magnitudes more.

The post Purism Origin Story appeared first on Purism.

Librem 5 Hardware Update

Friday 25th of January 2019 01:17:09 AM

The Librem 5 Developer Kit started arriving in the hands of developers, and focus was shifted towards supporting the growing number of developer requests – we want to make sure that shared advancements are truly shared across the developer community, it exciting to see the rapid progress being made. Much of the work being done aims at making the kit work as well as possible for all kinds of developers. And even those working on non-critical issues at the moment are busy enjoying the discovery of all the capabilities of the dev kits.

We are keeping track of issues by tagging them with the devkit tag in GitLab – a summary of which can be found at this overview.

The release of the dev kit has increased the (already profound) interest in the Librem 5 phone, giving rise to many new questions in the forums – many of which have been answered elsewhere. If you have a question about the dev kit or the phone, the FAQ is always a good place to start looking for answers; the recently-added What are the phone specs? should hopefully clear up the current state of specs and understand what we are going to ship later in the year.











The post Librem 5 Hardware Update appeared first on Purism.

Music Player Lollypop added to PureOS Store for Librem 5 Phone and Laptops

Thursday 24th of January 2019 11:13:14 PM

Let us introduce you to our very first application: A Music Player

Last week, you might have noticed we announced the creation of an application ecosystem – a rich, secure and free ecosystem of desktop and mobile apps for our Librem products. More details will be revealed as soon as we come to some key decisions regarding how it should be built; but for now, everything will revolve around Flatpak, which we believe is the best technology for what we want to achieve today. We are eager to partner with the Flatpak community, and hope to rapidly build an app store centered around our core values – Free Software and Reproducible Builds.

This post is the first in a series which will announce applications that have either been ported to the Librem 5 at various stages or will work on the Librem 5. It’s also meant to inspire you to write applications for Librem devices on PureOS Store – and help us build great store apps for everyone to use.

And then there’s Lollypop – with the Lollypop music player, you can listen to music on your Librem 5 phone, on Librem laptops, or in any device running PureOS. You can enjoy your music, read the lyrics, trigger the party mode; connect to, or ListenBrainz. You will, of course, find it in Purism’s PureOS Store – coming soon.

To know more about Lollypop, visit the website.

Help us build a great store app that everyone can use – develop an app for Librem devices on PureOS Store. Find out more at our developer page.

The post Music Player Lollypop added to PureOS Store for Librem 5 Phone and Laptops appeared first on Purism.

Purism announces PureOS Store

Thursday 17th of January 2019 10:06:33 PM

Purism is pleased to announce PureOS Store, a secure alternative to proprietary app stores that respects your privacy and freedom. While there is much to do before we go live, we are well into building the infrastructure and refining the policy. PureOS Store will be a vibrant hub for both mobile and desktop apps.

We envision PureOS Store as the primary community interface for app developers to contribute to the wider ecosystem, without having to understand the underlying technology like packaging or the mechanism of pushing apps upstream. We want to incentivize developers to create software that meets community values with the ultimate goal of incorporation into PureOS itself.

Apps in the PureOS Store will be evaluated on an ascending scale, with maturity ranging from development and beta levels to a fully-endorsed and default app in PureOS. Correlating “badges” will be utilized to quickly and clearly display the status of a given app, while also reflecting on the software’s freedom, privacy, security, and ethical design.

PureOS Store Badge Concept

This will not only facilitate trust in the ecosystem, but will empower users to make informed choices about apps before installing them.

In this way, anyone using Librem hardware or PureOS can understand that the software they rely upon is developed, packaged, and distributed in a socially-conscious manner. The values of PureOS Store reflect the values at Purism and, in fact, those we all would like to see in society.

In addition, we believe PureOS Store can facilitate the distribution of software across Librem devices that run PureOS, from laptops to mobile. We hope to develop real convergence — apps that “just work” regardless of which device they’re running on. Distributions like Debian that run on multiple silicon architectures have always held the promise of convergence, but most efforts at achieving this goal have fallen short. Purism is in the unique position of producing a Free and Open-Source Software (FOSS) laptop and smartphone, enabling an entire ecosystem based upon PureOS and our social values.

Stay tuned for more announcements as we get closer to launch.

The post Purism announces PureOS Store appeared first on Purism.

Purism Supports Software Freedom Conservancy

Tuesday 15th of January 2019 04:42:31 PM

We live in a dangerous world where privacy and security are more important than ever. In order for software to be trusted, the source code must be available to verify — a simple trust and verify model. Purism is proud to release all of our source code under Free Software licenses that not only empower users but are vital to protect their privacy and security. We favor licenses with strong copyleft like the GNU General Public License version 3, and will release software under the GPLv3 or an FSF-approved license we inherit. Our code can be studied, verified, and shared, whether you use our Librem line of products or not.

Software Freedom Conservancy is a vital and important part of the Free Software ecosystem that we at Purism and billions of people worldwide rely upon. Without organizations that protect and enforce the terms expressed in software licenses, our digital rights are at risk. Conservancy continues to play a central role in legal battles to safeguard these freedoms.

License enforcement is only part of the story, and Conservancy assists its member projects by handling all matters other than software development and documentation, so the developers can focus on what they do best: improving the software for the public good. Many of these member projects play a critical role in the advancement of privacy and security, such as the Reproducible Builds project and coreboot, one of the standout security features of Purism’s Librem laptops and upcoming smartphone.

Purism is delighted to contribute $1,000 USD to support Software Freedom Conservancy. Their funding drive ends today and we urge everyone who utilizes Free Software as part of their daily workflow or toolchain to donate to Conservancy and help them reach their fundraising goals.

Donate Today!

The post Purism Supports Software Freedom Conservancy appeared first on Purism.

Librem laptops now at Version 4

Monday 14th of January 2019 01:53:24 PM

We are excited to announce Version 4 of our Librem laptops! Our Librem 13 and Librem 15 will now be upgraded with a 7th Gen Intel Core i7-7500U Processor with integrated HD Graphics that still works with coreboot. In addition, the Librem 15 display will be upgraded to 4K resolution. Upgraded models are available now for purchase whether you pick Librem 13: the road warrior or Librem 15: the desktop replacement.

7th Gen Intel Core CPU

More speed is always good. The base frequency will increase 200Mhz, jumping to 2.7 GHz and with Intel’s Turbo boost, this new CPU max speed will increase from 3.1 GHz to 3.5 GHz. Even with the speed increases, the Thermal Design Power (TDP) will still remain at 15 Watts allowing us to run cool and keep battery life optimal. All of this while still working with coreboot, the fast and secure open source BIOS.

HD Graphics 620 GPU

The new 7th Gen Intel Core Processor brings with it upgraded integrated graphics, the Intel HD Graphics 620. This has the same core clock speed as the previous 520, but with 8 more texture mapping units giving the 620 a faster texture fill rate. Shader performance is generally more relevant here and with 192 Shader processing units compared to the previous 24, the HD Graphics 620 will deliver a smoother and more efficient experience with up to 4K video playback.

4K video playback, 4K Display

The Librem 15 screen upgrades from HD to Ultra HD, with a 4K display! With the 15.6 inch screen now supporting a higher resolution (3840 x 2160), there will be more pixels per inch (PPI). More pixels per inch translate to a sharper display. Better for both work and play.

New Hardware, Same Price

These hardware updates, including the 4k display on the Librem 15 all come without increasing the base price. The Librem 13 still starts at $1399 and the Librem 15 at $1599. Don’t forget that we also offer interest-free financing so you can split that cost over six or twelve monthly payments.

The post Librem laptops now at Version 4 appeared first on Purism.

How We Designed the Librem 5 Dev Kit with 100% Free Software

Thursday 10th of January 2019 01:06:44 AM

Today we’re going to cover the journey of designing the Librem 5 Developer Kit and how we used 100% Free Software in its development.

Our dev kit’s design is released under the terms of the GNU GPLv3+, its hardware Git repository can be found here:

KiCad as The Obvious EDA of Choice

Before the development of the dev kit began, it was not completely clear which path we would take to produce the design, specifically, which Electronic Design Automation (EDA) tool would be used. Initially, the idea was to modify FEDEVEL’s i.MX 6QP OpenRex board, which would have satisfied the dev kit’s basic requirements, but we quickly met two major issues: it used the archaic i.MX 6QP, and even worse was that it was designed in the proprietary EDA suite Altium. Luckily, I had prior experience designing electronics using the EDA tool KiCad, so Purism had the opportunity to create a dev kit design which used 100% Free Software. KiCad was also an obvious choice not only due to its freedom respecting license (GNU GPLv3+), but also because it is a very capable electronics design suite that even outperforms several pricey proprietary tools out there.

Selecting Components Which Met The Requirements

The first step when designing our dev kit involved searching for components which met the requirements that we defined in our campaign. In addition to meeting the specs outlined in the campaign, while searching for components, we decided to add quite a few extra bells and whistles; including:

  • a charge controller (BQ25896)
  • 18650 battery holder for an optional li-ion battery
  • USB-C
  • mini-HDMI
  • SD card controller & micro-SD slot (since the i.MX 8M only has two uSDHC controllers)
  • ethernet/RJ45
  • audio codec
  • earpiece speaker
  • microphone
  • CTIA/AHJ 4-pole 3.5mm headphone jack (with selection between on-board and external mic)
  • GPG smart card reader & slot
  • haptic/vibration motor
  • user/software-controllable LED
  • volume & power buttons
  • hardware kill switches & boot-mode switch
  • 16Mb SPI NOR flash
  • a real-time clock (RTC)

We also added the to-be-expected through-holes for a UART debug header which is unpopulated by default (serial over USB works on the default image shipped with your dev kit). Hint: If you are not comfortable with a soldering iron then you may be able to use a press-fit header on these through-holes, search for the part-number Autosplice 23-1063. We included an SMD 2×5 JTAG footprint on the board and verified its functionality during our prototype phase; if this is something you’re interested in playing around with then have a look for the part-number GRPB052VWQS-RC.

For the WWAN/baseband modem and the Wi-Fi + BT we knew we needed to go with some sort of modules, surface-mount or otherwise. Early on, Nicole had the brilliant idea of using mPCIe and M.2 modules so as to make the dev kits modular and future-proof. We eventually nailed it down to the mPCIe SIMCom SIM7100A/E baseband modem module and the M.2 RedPine RS9116 Wi-Fi+BT module.

Beginning the Schematic Drawing

Initially, when the research phase was effectively over and we had to begin bringing our ideas into life, the i.MX 8M Quad had just recently become available on the market. In order to get a head-start in the development, add some extra modularity and future-proofness, we decided to go with a System-On-Module (SOM), which includes the SoC, SDRAM, eMMC, and PMIC. However, even in the early stages of our development when we began drawing the schematics, there were SOMs we were interested in that still didn’t get to their first production run. At around mid-April we established a natural relationship with EmCraft who were just getting into their first big SOM production run and were close to releasing its Hardware Architecture spec sheet. We determined that EmCraft’s SOM and their general resources were exactly what we needed. Once the specific SOM we were going to use was nailed down we were able to really begin cranking through the design.

The process of defining the specific components to be used on the dev kits was done concurrently with drawing the schematics. The entirety of our design was done using Git as our revision control system.

Figure 1: An early revision of the dev kit’s schematics from May 2nd (Git commit hash 023915d5)

After the schematic drawing was completed, we then exported our netlist file, getting us that much closer to the physical implementation of the dev kit.

HP_DET Simulation

In addition to using KiCad for the design of the dev kit, we also used a free software tool called Qucs-S and the free software SPICE-compatible simulation kernel called Xyce to simulate our headphone detect circuit, which included a zener diode used to protect the respective GPIO from too high or too low of input voltage from the audio codec’s HP DAC output. The combination of Qucs-S and Xyce allowed us to use the MMSZ4688T1G diode’s SPICE model in a circuit that best represented the physical conditions of nothing being inserted into the 3.5mm jack but the HP DAC output being active.

Figure 2: Qucs-S + Xyce simulation of the HP_DET circuit

This simulation, as well as the simple DC case where the 3.5mm jack’s internal switch is open and only the 1MΩ pull-up to 3V3_P, the optional internal pull-up, and the zerner are present allowed us to prove that this protection method would work.

Creating Footprints

Around mid-June, when the Bill-Of-Materials (BOM) was complete and we began placing orders for the components, we were generating footprints for everything (chips, connectors, modules, etc). The process of creating these footprints involved going through each IC’s recommended land pattern as defined in their datasheet and quadruple checking to make sure everything was correct.

Figure 3: BQ25896 charge controller’s footprint (U301 on the dev kit board, found underneath the SOM)

Using KiCad’s amazing 3D viewer, we were able to give nearly every component a 3D model so as to help establish a tangible visualizer for the progress being made.

Figure 4: BQ25896 charge controller’s 3D view Beginning Floorplanning, Routing, and Updating KiCad

Early on, a rough floorplan was made to help us establish how much board area was needed (90x180mm) and where the various larger components would go (connectors, receptacles, card slots, mPCIe & M.2 sockets, modules, etc). After really getting into the layout, some things continued to move around but were quickly pinned down on their specific locations.

In late-June we began routing, starting with the USB-C receptacle (commit a1bfc689). This marked the beginning of our layout process.

Figure 5: First commit with routing involved Figure 6: What the USB-C routing eventually became Figure 7: Early rats nest before component placement & routing

The routing process involved a delicate balance between working as quickly as possible while making sure everything done properly without error, including carefully routing controlled-impedance tracks and sensitive analog lines.

Initially we were unsure how many layers were needed and whether we needed components on both sides of the board. We knew that EmCraft’s i.MX 8M baseboard used 8-layers and had components on both sides, but we were pretty confident that we could at least cut down on the number of layers. We quickly realized that since we were going to have some components on the “back” of our board (display side), including the display connectors, proximity/ambient light sensor, user LED, speaker, and microphone, there would certainly be components on both sides of the board. Having components on both sides made the layout process somewhat easier since this freed up some space for where we could place the SPI NOR flash, smart card reader, RTC, 2.8V LDO, various ICs, passives, and other components. As for the number of layers, we decided to cut it down to 6-layers and would only add 2 additional layers if we were to hit a gridlock and not be able to route some nets; luckily this never happened and we were able to stick with just 6.

We opted to use a common stack-up which provides the best balance between ease of routing and reduces unintentional radiated emissions. The dielectric substrate that was used was NAN YA’s NP-180TL copper clad laminate, which has a relative permittivity of ~4.11 at our average operating frequency of ~1.7GHz. Our RF feedline calculations for the board’s microstrip and coplanar waveguide (CPW) feedlines using this stackup can be found in the Git repo.

Figure 8: Dev kit stack-up

Before we began implementing the dev kit in KiCad we were not too sure if we wanted to use the nightly builds or stick with the somewhat older 4.0.7 stable release. Even though the nightly builds had several desirable features, we decided to go with the stable release so as to not have to frequently update KiCad and risk being on different versions. After getting a small dent into our layout, KiCad 5.0.0 was released! On July 16th we managed to update our dev kit project to KiCad 5.0.0 (specifically commits 4f70b865 and a4e3de8a) without much hiccup. Luckily, this update coincided with our switch from most passive components being 0603 to being 0402, since KiCad’s new passive footprints are a bit different than the old default ones, the pads having rounded corners which is more effective for lead-free solder.

After the updating the project to 5.0.0 we were able to focus heavily on getting through the layout and were able to get the unrouted net count down to 0 within a month (August 14th, specifically commit 9b4dd2e0).

Figure 9: DRC on August 14th commit 9b4dd2e0 showing no unrouted nets and everything passing

When all nets were routed and the Design Rules Check (DRC) was passing, we were able to go back and tidy everything up for the next week or so.

Our most useful resources when laying out the board were the ICs’ layout reference found in either their datasheet or their evaluation board and Toradex’s Layout Design Guide which can be found here:

Figure 10: The final state of the layout (copper filled zones hidden) Exporting Manufacturing Files and Sending Them Off For Fabrication

After the layout was considered complete, we had to export all of the necessary manufacturing files used to fabricate and assemble the boards. Exporting the Gerber files was straightforward since KiCad makes this step quite easy. However, our assembly house requested that we also provide a fabrication and assembly drawing which took more involvement to produce.

We mostly used gEDA’s Gerbv to preview our design’s exported Gerber files. A neat web tool that uses Gerbv and ImageMagick as its renderer is Gerblook, here’s a static link to our dev kits in Gerblook:

Figure 11: Dev kit’s Gerbers as viewed in Gerbv

In order to generate a proper assembly drawing, we made use of KiCad’s F.Fab/B.Fab layers to show the locations, outlines, polarity, and reference designators of all components on the board. By using each of the footprints’ F/B.Fab layers we were able to generate the final drawing by printing F.Fab and B.Fab onto separate PDFs and combining them afterwards.

Figure 12: SOM side of the assembly drawing

The fabrication drawing was even more involved. To produce this, we needed to export the fabrication notes found on the Cmts.User layer along with the board’s outline as one DXF file and then export all of the drill marks as another DXF file. After these two files are generated, they are then combined and adjusted inside a footprint drawing. Then, once we have this special “footprint” that combines the two DXF files, we hide just about everything in the layout and import this special “fab” footprint (without saving this temporary layout). At this point, everything we need is found on the Dwgs.User layer; so we are able to print this along with the frame reference onto a final fabrication drawing PDF.

Figure 13: Drill markings in the fabrication drawing

Each of these files and documents are used along with the IPC-D-356 netlist (which allows the fabrication house to do a flying probe test on the boards to make sure there are no short/open circuits), a component placement list CSV file (for the assembly house to know where and what orientation all components are placed), and finally a manually-edited GenCAD file (which is used by the assembly house to program their solder paste machines for our board).

Testing Prototypes

After all of the final manufacturing files were delivered to the fabrication and assembly firms, we answered any questions they may have had during the process, and tweaked anything that may need to be adjusted based on their feedback. At around late August, the files were sent off and we were anxiously waiting for our design to hit the fabrication floor in Shenzhen. Unfortunately, as outlined in an earlier blog post, several unforeseen circumstances such as severe weather and most of China observing Golden Week, we saw significant delays in the production of our prototypes. Due to these delays we decided to switch to a domestic factory for the fabrication of our prototypes, which managed to get the boards to us two weeks faster than the ones being made overseas.

Figure 14: Prototype v0.1.2 dev kit panel (before assembly)

After the small batch of prototypes were assembled they were quickly shipped to team members for debugging and software development. Luckily, due to constant review of the design from several parties as well as persistent scrutinization, there were very few errors found in the prototype’s hardware design (three relatively minor layout/netlist adjustments and one mechanical fix). For the following two months the prototypes were used to help bring the software to a more polished state.

Final Production and Shipping

At around early-to-mid November, after making the minor adjustments needed to the hardware design, and once we were at a comfortable state where nearly every hardware subsystem was validated, we went through the process of re-exporting and delivering the manufacturing files to our hand-picked fabrication and assembly house for the final build. At this point, a few of us at Purism used December 10th-22nd as a dedicated time to help with the assembly, testing, packing, and shipping of the final units which went out to backers (many of which were delivered before Christmas!).

Figure 15: Final v1.0.0 dev kit panel (before assembly)

Figure 16: Fully assembled dev kit compared to the 3D view (display side)

Figure 17: Fully assembled dev kit compared to the 3D view (SOM side)

The entire process was quite an intense time crunch but it was well worth it, especially after we see what the community is able to produce with our efforts. Some have even already begun designing 3D printed cases for the dev kit. We look forward to seeing what cool software and uses you come up with for these awesome boards! Feel free to share all of the cool stuff you develop for the dev kit by emailing us at, if it’s super awesome we may just have to share it on a future blog post.

Now our efforts are focused getting the Librem 5 phone out the door. So until next time, stay inventive!

The post How We Designed the Librem 5 Dev Kit with 100% Free Software appeared first on Purism.

End of Year Librem 5 Update

Wednesday 9th of January 2019 08:00:12 AM
End of the Year Report – Librem 5 – Things are awesome

Hello everyone! We have accomplished so much in the last 3 months and need to share, so prepare yourself for a dense update on the Librem 5 phone, PureOS, and software applications.

As you know, we have a number of important components in the Librem 5 that we will try outline.


Let’s start off with the Calls application.  The calls application is what allows us to place phone calls and what makes the phone a
phone.  In these past few months, we’ve been making this application work wonderfully.  Below is a demo of the calls application receiving a phone call.  So the basic support for the calls application is complete and we’re working making a great design.  We’ve successfully implemented important basic features like ring tones.

If you’re interested in following the work, we’ve included the merge
requests for calls below and important issues that were created:

Merge Requests – flatpak: enable access to dconf config – new-call: set input hints and purpose of SearchEntry – mm-provider: clarify warning a bit – history-box: add empty view – add i18n support – add test for origin and calls – add calls-application class – add a call window and header bars – display dialer on startup – post ui change cleanups – add call window and header bars – flatpak support – fixed memory leak – pay attention to the addition and removal of a modem – flatpak: Don’t build the libhandy Glade catalog – cleaned up ringtone ringer – providers in calls are now plugins – updated calls icons – flatpak building – changes to support impending call history changes

Issue Requests – memory leak in find_call_holder – memory leak in set_focus – memory leak in calls_call_window_add_call – transferred TODO list to gitlab issues – investigation into evolution data server/sqlite – DTMF fails with error Rejected send message


Hægtesse is a daemon to transfer audio data between a modem and PulseAudio.  It currently only supports the SIMCom SIM7100 modem but may be useful for other modems.  The purpose of Hægtesse is to monitor the modem and when a call is initial to configure PulseAudio automatically for a phone call.  This is a necessary component for phone calls.

Issues – fills log when /dev/tty4 is not present

Merge Requests – Hægtesse listen to udev for the appearance of the audio TTY – Add full GPLv3 text – Build with gitlab-ci – fix build on PureOS


Libhandy is a library that extends GTK+ to be used on mobile profiles.  With libhandy, you can port any GTK3 or higher app that you have into a mobile profile.  If you have an application written in GTK3, reach out and we’d be happy to help you port it to libhandy.  To find out more about libhandy go here: for our roadmap.

Here is an example of GNOME Web (epiphany) ported libhandy

Documentation and example code.

Libhandy has had made significant advancements these months with several releases made.

Libhandy is currently being used to port many core GNOME apps to the librem5

Merge requests: – HdyDialer: Apply ‘keypad’ style class – Don’t invoke signal handlers on finalized HeaderGroups – add i18n support – doc fix – HdyHeaderGroup signal disconnections – few documentation fixes – enabling l10n – g_auto* documentation – drop Jenkinsfile – Syntax highlight HACKING – Init public GObject types in hdy_init() – fixes to MacOS Build – Add measure() methods – drop direct access to event fields – renaming margins for GTK4 support – make HdyDialer a descendant of GtkBin – fix a mention of a HdyLeaflet in the docs – unstability acknowledgement documentation improvements – normalize and document private header guards – adding hdysearchbar – remove useless libhandy options from example flatpak – document more coding style – reproducible build of libhandy – hdy_init() docs improvements – add transfer none to hdy_init() –  fix HdyHeaderGroup references – example: put the content in a scrolled window – add many row widgets – leaflet: clear the children list on disposal – build: set the shared object install directory – update for MinGW compatibility – build: dont’ use -fstack-protector-strong on mingw64 – update docs skeleton

Issues: – HdyTitleBar broken with .devel window in org.gnome.Sdk//master – issues compiling on OSX


Librem5 devkit tools are the set of tools to enable the devkit that was recently shipped out to crowdfunding supporters.


Virtboard is our virtual keyboard used on the Librem 5.  Work has been on-going in enabling the virtual keyboard mostly focusing on making this input working under wayland.  The UX experience is still on-going.  Feedback is of course encouraged.

Merge requests Unbreak virtboard crashing when using GCCs stack protector Update input-method protocol make virtboard fully hidden virtboard translations convert to glib mainloop added multiple layouts


Chatty is our combination SMS and encrypted communication app.  Chatty currently works with SMS and with the help of libpurple we can also have E2E encrypted communication as promised before.

We currently can successfully send SMS between phones.  Below is a demo of the chatty doing some emoticons.  You might recall last post we showed chatty doing real SMS.  The UX experience is still on-going and continues to evolve.  Follow along in this issue –

Chatty’s proposed Icon for how the UX is coming along.

Merge requests Add some basic gitlab-ci fixing the Flatpak manifest porting the window to Glade Remove arm special casing don’t access inexistent header bar Use glib’s logging Don’t ignore compiler warnings Fix build with a default set of warnings enabled Enable and fix more compile warnings Fix crash during message parsing Make text in chat bubble copyable Fix new messages not being displayed Prepare chatty for translations Fix time format display Add Debian packaging – add Debian packaging – don’t use network when verifying appdata files Suggested closing the old project – improve chatty UI


Most of our design is being done in GNOME upstream except of course for the UX experience in the Librem 5 specific component.  Purism believes deeply in working in the upstream and we work closely with GNOME’s designers.  Below are a number of design mockups that were conceived for various GNOME apps to work with libhandy.

Adaptive View Switcher Design mockups


GNOME TODO mobile mockup


GNOME Notes Mockup Adaptive Mockups for GNOME TODO – Adaptive Mockups for GNOME Notes – proposal for adaptive view switching modes (commited to implement by Adrien) – new app icons for GNOME

In addition, a lot of work has gone in to designing parts of GNOME like the control center to work in a mobile context.


WLroot is the Wayland implementation for the Librem5 and which phosh our UX shell runs on.  Mostly working on getting libinput working.  We did some investigations on using rust bindings, but turned out that it was more work with very little advantage.

Merge requests: – update debian packaging – input-method and text-input support to the Librem5 – wlroots update

Issues: – rootston freezes on ssh log out – rootston often freezes


Phosh is the actual visual look and feel of the Librem 5.  The most significant work here is being able to detect idle and dim the screen automatically when not on battery power.  Some work on the lock shield was also done and various UX fixes and features.
For more information see the merge requests before.

Merge requests Update translations from zanata – Drop hard coded weston-terminal from favorites – Add a poweroff button to the settings menu – use actual values for transform instead of looking at rotation property – make sure setting buttons stay circular

Issues  – look into full screen blank support on lock

Upstream Work

Purism knows it stands on the shoulders of giants.  We would not be be successful without our upstream partners.  We make sure that our technical debt is as small as possible, preferring to work in upstream as much as a matter of course.  Below is a list of the work we have done in the various upstreams that we depend on.  This is not an exhaustive list of projects since we do other upstream work for our laptops as well.

We are very proud of our upstream work and being part of these upstream projects. – Debian’s libgtk-4-dev Needs to depend on libvulkan-dev – Kept pushing making the WiFi panel adaptive – Moving the app menu – contact deselection on creation fix – using HdyHeaderGroup – using HdyTitleBar – Suggested to not show dashed border in keyboard-navigable selected elements when no keyboard is available – Helped Javier set up the initiative – don’t let the wlr_output handle the fullscreen view in case – Support input method and text input  – reviewed fix for text input protocol – fixed a text flickering – GtkActionBar for the commit tool bar – fixing the diff options sliding direction – Suggested to not destroy existing property bindings – Suggested to support property bindings – Fix bug with full screen views and overlays (otherwise it will cause trouble with full screen video/pdf vs the lock screen – xwayland spurious crashes – securing wayland protocols – start of adaptive – supplementary call operations – tried to solve input method complications in gnome-shell – librem 5 clock application – blog post on Capitole du libre conference – transient window notification fix to 3.24 – flatpak build fix for lollypop – make title bar more adaptive – make search bar adaptive – 4 adaptive panels for GNOME settings – make shell more adaptive – Wifi panel adaptive – icon mismatch – implement new network connection editor design – policy: call method name should be SendDtmf rather than SendTone – make debug less verbose – WIP: Update 0.2 – rework wwan plugin after upstream feedback


This effort can never survive without documentation.  In that regard, welcome David Boddie to the Librem 5 team working on documentation for the Librem 5.  The whole team, while focusing on their development, are equally aware of the role of documentation and have worked diligently in making sure that people create applications for the Librem 5.  With two members working exclusively on documentation and developer experience, we hope to make writing applications for the Librem 5 as easy as it can be.  Feedback in improving our documentation would be most welcome!

A lot of focus was made on creating documentation on how to create Librem 5 applications with sample code.

Issues – Upate GNOME Builder section

Merge requests – GTK+ limit the documentation to libhandy 0.0.3 – update qemu – update email lists to be – add stack picture and more intro – GTK+: add links to the GTK+ and libhandy docs – GTK+: Note to adjust label’s xalign when ellipsized – collection of simple PyGObject examples – document phosh’s supported DBus APIs – document some trivial phosh apis – added small descriptions of KDE-related technologies

Phone hardware/Dev Kit

The recent shipping of the Librem 5 dev kit represents countless hours of work with an aggressive schedule.  Nicole, Eric, and Petra, along with dedicated operations staff, worked continuously for a week to package all the dev kits to be shipped out to our dev kit backers.

When it comes to software and hardware freedom, we not only do the talk, we do the walk.  Everything in the dev kit, is licensed under the GNU GPL v3+.  We have released the schematics for the dev kit and all source files.  We encourage you to participate and bring your talents and join us!

By now everyone who ordered a dev kit would have received it and are working on the hardware to get it fully enabled from the LCD panel to user-controlled LEDs.  We will be sharing more photos and videos of the dev kits in action as more and more community members advance the software around them.

In the meanwhile, our matrix channel has become a hot bed of activity as people prod and poke their dev kits, asking questions and following along with the devleopment of the phone.

As for the phone, we have confirmed the BOM (Bill of Materials) and the sourcing of parts, we are only finalizing the I.MX 8M or 8M Mini by benchmark testing. Once we have approved the design (also planned in January) we can create the necessary molds and stamps.

January is going to be really busy for Purism as we split time between the dev kit advancements and then pivoting to the Librem 5 phone hardware, but we welcome the excitement around what we’re doing.  We will have a retrospective post on the dev kit tomorow (2019-01-09), so stay tuned for that!

Short Summary of the work:
– Moved to Kernel 4.18.11
– Reworked device tree for dev kit
– add texture support on GC7000,
– PureOS now building on our build server using Laniakea build system
– a mechanical issue was discovered with the M.2 module not sitting flush against the board so a taller M.2 connector was used on the final dev kit design
– RedPine fixing the W_DISABLE# issue, they will use a bodge wire for our 340 dev kit units so that the HKS works as anticipated
– Fixed various issues in the nwl-dsl (mipi) driver
– picture of working HDMI –
– Fixup several bugs in the imx8ms mipi dsi layer

– Initial (WIP) LCD panel driver
+ Look at haptic sensor. Driven by the kernel’s joystick force feedback
interface (and therefore exposed to userspace as an input
device). We’ll need write a tiny driver for that.

Purism in the Public

Purism employees are not hermits and you can find them at various conferences.  Here are some of the things our employees have done.

– Dorota: Gave a talk based on Rust+Wayland research, dutifully credited Purism (video incoming… at some point):

– Adrien and Francois were at Capitole du Libre, running the GNOME booth there.

FOSDEM – A number of us will be at FOSDEM doing talks and hanging out.  More information on what our plans are for FOSDEM in another post.


That’s all for now!  Stay tuned on these pages for new applications, the retrospective on the dev kit, and other features!  Things are rolling fast!  Thank you to our fans for making 2018 a wonderful year and looking forward to 2019!  It’s going to be awesome!  Thank you for a great year!

The post End of Year Librem 5 Update appeared first on Purism.

Privacy & Security Reading List

Sunday 23rd of December 2018 09:19:02 PM

If you’re traveling this weekend, nestled in front of the fire, or just trying to offset the effect of sugar-coated holiday specials, we’ve got a reading list for you. These picks were recommended by team members at Purism and reflect our dedication to digital privacy, security, and freedom. With daily headlines about Big Tech scandals like Facebook’s clandestine data-sharing, there’s no better time to read up on these topics.

The choices below are listed in no particular order and, wherever possible, we link to author websites and privacy-respecting sources.

Reading about surveillance capitalism may not warm your heart, but it could put a fire in your belly and encourage you to #DemandFreedom in 2019.

The End of Trust – McSweeney’s Issue 54 (Nov. 2018)

Compiled by the team at the Electronic Frontier Foundation (EFF) for McSweeney’s, this collection features writing by luminaries like Cory Doctorow, Gabriella Coleman, Edward Snowden, Bruce Schneier, and many more. Among the gems within is a conversation between artist Trevor Paglen and journalist Julia Angwin, with Paglen having this to say about the intersection of freedom and privacy:

“I think I had the sense of growing up within structures that didn’t work for me and feeling like there was a deep injustice around that. Feeling like the world was set up to move you down certain paths and to enforce certain behaviors and norms [didn’t] work for me, and realizing that the value of this word formerly known as privacy, otherwise known as liberty, plays not only at the scale of the individual, but also as a kind of public resource that allows for the possibility of, on one hand, experimentation, but then, on the other hand, things like civil liberties and self-representation.”

Click Here to Kill Everybody: Security and Survival in a Hyper-connected World – Bruce Schneier, W. W. Norton & Company (Sep. 2018)

Schneier’s latest book is a sobering account of the pitfalls of modern technology. It covers a lot of ground, such as the huge gap between security and implementation in Internet-of-Things devices. The author has a gift for raising questions that cause the reader to rethink the underlying technology behind seemingly-simple tech, like network-connected baby monitors:

“They’re surveillance devices by design, and can pick up a lot more than a baby’s cries. Of course, I had a lot of security questions. How is the audio and video transmission secured? What’s the encryption algorithm? How are encryption keys generated, and who has copies of them? If data is stored on the cloud, how long is it stored and how is it secured? How does the smartphone app, if the monitor uses one, authenticate to the cloud server?”

American Spies: Modern Surveillance, Why You Should Care, and What to Do About It – Jennifer Stisa Granick, Cambridge University Press (Jan. 2017)

Granick gives the reader a real sense of just how big, and just how pervasive, U.S. intelligence programs really are. The author doesn’t stop with government programs, however, and calls out Big Tech for its major role in population surveillance:

“Spying is thriving not only because of technology, but also because of modern business models. Much of the modern privacy problem is the result of people giving up their data – knowingly or otherwise – to obtain cool new products and services.”

Nothing to Hide: The False Tradeoff between Privacy and Security – Daniel J. Solove, Yale University Press (Jan. 2013)

This is a now-classic rumination on the deeply important role of privacy in autonomy and freedom. It quickly demolishes the “nothing to hide argument”, a constant refrain in today’s privacy debates, and continues to shed light on social and legal dimensions of surveillance. Here, Solove highlights contradictory perceptions of audio and video snooping:

“The electronic-surveillance statutes strongly protect against the government’s eavesdropping on your conversations but don’t protect against the government’s watching you. This distinction doesn’t make a lot of sense. Video surveillance involves similar threats to privacy as audio surveillance. As one court noted: ‘Television surveillance is identical in its indiscriminate character to wiretapping and bugging. It is even more invasive of privacy… but it is not more indiscriminate: the microphone is as ‘dumb’ as the television camera; both devices pick up anything within their electronic reach, however irrelevant to the investigation.'”

Dragnet Nation: A Quest for Privacy, Security, and Freedom in a World of Relentless Surveillance – Julia Angwin, Times Books (Feb. 2014)

Angwin is no stranger to the many facets of surveillance capitalism, and this book is just as prescient now as it was five years ago. In that time, the author’s concerns have been validated, with the pace of Big Tech’s blunders only escalating. Angwin keeps the human element in constant view, giving vital context to headlines about privacy and data catastrophes:

“Skeptics say: ‘What’s wrong with all of our data being collected by unseen watchers? Who is being harmed?’ Admittedly, it can be difficult to demonstrate personal harm from a data breach. If Sharon or Bilal is denied a job or insurance, they may never know which piece of data caused the denial. People placed on the no-fly list are never informed about the data that contributed to the decision. But, on a larger scale, the answer is simple: troves of personal data can and will be abused.”

Free Software, Free Society, 3rd Edition – Richard M. Stallman, Free Software Foundation (Oct. 2015)

Stallman’s status as an icon in the Free/Libre world is often the focus of press. Bootstrapping GNU and the Free Software movement was no small feat, but there is too little focus on Stallman’s writing. The author’s philosophy is grounded in practical concerns and explained with a clear and mindful tone that few writers possess. This most recent edition of Stallman’s collected essays describes just how important liberty is in the contemporary digital context:

“If ‘cloud computing’ has a meaning, it is not a way of doing computing, but rather a way of thinking about computing: a devil-may-care approach which says, ‘Don’t ask questions. Don’t worry about who controls your computing or who holds your data. Don’t check for a hook hidden inside our service before you swallow it. Trust companies without hesitation.’ In other words, ‘Be a sucker.’”

Defending Politically Vulnerable Organizations Online – Sean Brooks, Center for Long-Term Cybersecurity (July 2018)

In this report from the Center for Long-Term Cybersecurity (CLTC), Brooks provides a broad overview of the cybersecurity landscape. This is a great introduction for industry professionals and consumers alike, though it focuses on civil organizations that are often targeted for political reasons. The report’s citations are a valuable resource in their own right, providing context as well as technological solutions. The author is quick to point out lackluster investment in cybersecurity in both the public and private spheres, describing the vicious cycle this creates:

“The broad asymmetry between attackers and defenders online is unsurprising; politically vulnerable organizations lack resources and are therefore particularly under-protected. This problem is not unique to politically vulnerable organizations. Many public and private organizations have underinvested in cybersecurity and have become soft targets for criminals and other bad actors. Online attackers have continued to develop their offensive capabilities, exacerbating the mismatch.”

Bad Blood: Secrets and Lies in a Silicon Valley Startup – John Carreyrou, Penguin Random House (May 2018)

This story of the rise and fall of biotech startup Theranos is a page-turner, described here with all the detail of investigative journalism. Carreyrou’s most interesting passages are those where the author describes the culture of Silicon Valley, where fraudulent CEO Elizabeth Holmes was desperately trying to fill the mold of her Big Tech heroes:

“For a young entrepreneur building a business in the heart of Silicon Valley, it was hard to escape the shadow of Steve Jobs. By 2007, Apple’s founder had cemented his legend in the technology world and in American society at large… to anyone who spent time with Elizabeth, it was clear that she worshipped Jobs and Apple.”

The Doomsday Machine: Confessions of a Nuclear War Planner – Daniel Ellsberg, Bloomsbury USA (Dec. 2017)

Decades after the legendary whistleblower disclosed the Pentagon Papers to the American public, Ellsberg’s warnings will still ring alarm bells and shock the reader. Through first-hand accounts, the author chronicles the nuclear program of the 1960’s and the dangers of the present day, describing the contrasting roles of secrecy and transparency, as well as their relationship to trust:

“Like discussion of covert operations and assassination plots, nuclear war plans and threats are taboo for public discussion by the small minority of officials and consultants who know anything about them. In addition to their own sense of identity as trustworthy keepers of these most-sensitive secrets, there is a strong careerist aspect to their silence.”

The Participatory Condition in the Digital Age – Electronic Mediations Book 51 (Nov. 2016)

This collection of articles spans the gamut from street protests to online “hacktivism” to Free and Open-Source collaboration. The editors expertly summarize the transdisciplinary tone of the volume in an introductions that’s worth contemplating in its own right. Among other issues, Gabriella Coleman describes Kate Crawford’s work on the power and scale of spying:

“Ubiquitous surveillance facilitated by [information and communications technology or ICTs] – what Crawford designates as ‘algorithmic listening’ – and the gathering of personal data currently operated by web-based corporations (commercial surveillance) and governments (the NSA program, for example) are not simply matters of privacy but also of scale and lack of accountability.”

Privacy and Big Data: The Players, Regulators, and Stakeholders – Terence Craig & Mary Ludloff, O’Reilly Media (Sep. 2011)

Published at a time when “Big Data” was more of a buzzword than a factor of everyday life, this book is a quick and easy introduction to the perils of the data economy. The lessons would seem dated if they weren’t still applicable, and there’s perhaps nothing more prescient than the fact that data can not only be sold by Big Tech to business partners, it can be given away:

“While the IP stakeholders have been busy redefining “privacy” for their own ends, Google, Yahoo, Facebook, and others have been equally busy making billions of dollars collecting your data and using it for targeted advertising. Of course, any company or organization that collects data can offer it for sale or free.”

Habeas Data: Privacy vs. the Rise of Surveillance Tech – Cyrus Farivar, Melville House (May 2018)

Farivar exposes the role of common, household tech in the global surveillance apparatus, diving into the court cases and legal precedent that shapes the scope and limits of privacy and security. Above all, the author steeps his analysis in history, with quotes from legal heavyweights like Louis Brandeis, here discussing wiretaps in a famous dissenting opinion:

“‘The progress of science in furnishing the Government with means of espionage is not likely to stop with wiretapping,’ Brandeis wrote. ‘Ways may someday be developed by which the Government, without removing papers from secret drawers, can reproduce them in court, and by which it will be enabled to expose to a jury the most intimate occurences of the home.'”

The post Privacy & Security Reading List appeared first on Purism.

Librem 5 dev kits are shipping!

Tuesday 18th of December 2018 10:09:19 PM

The Librem 5 dev kit’s hardware is done and shipping! We are beyond excited for our backers to receive their dev kits before year-end. Our entire PureOS Librem 5 development team will getting the same dev kits, upgrading the generic i.MX 6 boards (which most of the demos you have seen have been based on) to the Purism i.MX 8M based dev kit.

We aim from this point forward to have a community assisted development environment. There is still a lot of work required to make the dev kit truly functional for Librem 5 development, so we need your assistance. The frenetic pace of development continues and it’s astonishing how much we’ve accomplished in the two months since we’ve put the hardware together. But the path is still long and arduous.

Our backers who are receiving the dev kits will also have access to a Matrix channel for dev kit owners. This channel will be staffed by our engineering team who will be on hand to answer questions, work with the community on merge requests, and be available for those who are using the dev kits. But by no means is this an exclusive channel and all of you are welcome to join in as well! Please join our forum that was set up for questions and answers on the dev kit.

With about four months to go until we ship the phones, we are going to need the community to help in the final sprint to the finish line. So we look forward to your help with testing, feature requests, and of course code!

2019 is going to be an amazing year with the introduction of the first privacy and security focused mobile phone and we can’t wait to get it in your hands.

As always, we are incredibly grateful for all of the support you’ve shown us and we’re working hard to do right by your belief in us. We hope to see some of you in our Matrix channels going forward. Till then onward and upward!


Update: here’s a link to our bug tracker with the main issues we’re trying to resolve with the devkit right now” at the end of the blog post

P.s.: You will note that there is a promotion this holiday season. For those of you who are in the market for a phone and a laptop, check out our “Have A Secure Life” Laptop and Phone bundle read further about having a secure life.

Furthermore, the phone’s early-bird preorder pricing at $599 will end soon; after January 7th the preorder price will rise to $699 to cover our expenses for the phone. The money coming from this will be used to fund further engineering of the phone and to help people from the community to work on upstream projects.

The post Librem 5 dev kits are shipping! appeared first on Purism.

“It’s a Secure Life” holiday bundles

Sunday 16th of December 2018 07:00:32 PM

The holidays are around the corner. Are you one of the millions of shoppers who aren’t finished buying presents? It’s easy to panic and impulse buy, but that can lead to gifts that no one is happy with and, worse, expose your loved ones to Big Tech snooping. These days, even gag gifts are linked to surveillance devices—the world’s favorite talking fish is now a mouthpiece for Amazon’s eavesdropping Alexa. Sure, you’d have to buy a spy speaker to go along with it, but that’s becoming a common accessory that may soon be as required as alkaline batteries were in the 90’s.

All this pressure to conform and bring spy hubs into homes is a strange phenomenon: it’s occurring while the U.S. has near-monthly Congressional hearings on Big Tech’s blunders and at a time when consumer desire for privacy is at an all-time high.

At Purism, we believe that privacy is more than a choice—it’s a requirement. We make beautiful, functional, smart computer hardware that puts you in control with the safety, security, and verification that there is no built-in tracking or surveillance. We protect the supply chain from boot to browser, giving you the tools you need to safeguard your digital life.

From now until January 6th, we’re introducing “It’s a Secure Life” bundles. Enjoy 15% to 18% off on bundles containing the Librem 5 smartphone (preorder), the Librem 15 laptop, and the Librem Key. To benefit from this, simply add the two or three qualifying items (a Librem 15, a Librem Key, and, optionally, a Librem 5) to your cart and you will see a coupon automatically applied for you. There are many combinations possible, so this promotion’s rebates can be summarized roughly as follows:

  • Save from $350 to $467 on the full bundle comprised of the Librem 15, Librem 5 and Librem Key
  • Save from $250 to $358 on the Librem 15 + Librem Key only bundle

The amount of base price savings depend on your keyboard configurations and the choice of a TPM model or not. In particular, there are still a few non-TPM UK models or German TPM models that are on clearance, where additional price savings will compound with the rebates mentioned above.

Don’t buy dodgy tablets and smartphones, gag gifts, or toy robots that record the conversations of children. You and your loved ones can start off 2019 with a secure digital life instead, pioneering the path to privacy with Purism.

The post “It’s a Secure Life” holiday bundles appeared first on Purism.

Break Free from Privacy Prison with Purism

Monday 10th of December 2018 07:50:33 PM

As 2018 comes to a close, people around the world have to face the stark truth of surveillance capitalism. Nearly all consumer products — speakers, phones, cars, and perhaps even mattresses — are recording devices, storing metrics on our movements and behavior. The New York Times just published a detailed report on location tracking in leaky Android and iOS apps. That’s just a fact of life when people use smartphones, right? Wrong. In 2019, Purism’s Librem 5 smartphone will be proof that no one has to live with spies in their pockets.

If anything has changed since Facebook’s Cambridge Analytica scandal, it’s that more and more people are jumping ship from the Frightful Five: Google, Amazon, Facebook, Apple, and Microsoft. At Purism, we offer an alternative to the polluted software ecosystems of these tech giants.

Our code is Free and Open-Source Software (FOSS), the industry standard in security because it can be verified by experts and amateurs alike. The software on our Librem laptops and our upcoming phone stands on a strong, foundational chain of trust that is matched by hardware features such as kill switches. These switches give people the added assurance that their devices won’t record or “phone home” to advertisers, spies, and cyber criminals. Turn off WiFi, microphone, and webcam on the Librem 5 and they’re off, no question about it.

Purism’s combination of trustworthy hardware and software is a win for privacy advocates, enterprise, and the so-called average user. We believe that everyone deserves privacy and that security, freedom, and autonomy are closely linked. To build a libre and privacy-respecting world, however, we need to fathom the scope of the problem and meet it head-on.

The Times exposé follows the movements of Lisa Magrin, a school teacher. On Ms. Magrin’s trips to school, location markers were recorded “more than 800 times” often in her classroom. But it doesn’t stop there: “An app on the device gathered her location information, which was then sold without her knowledge. It recorded her whereabouts as often as every two seconds… While Ms. Magrin’s identity was not disclosed in [phone] records, The Times was able to easily connect her to [a spot on the map].”

Think that’s invasive? Apps continued to track Ms. Magrin while she traveled to a Weight Watchers meeting, to a dermatologist, hiking with her dog, and to her ex-boyfriend’s home. Many people know that tracking is ubiquitous, but facing the stark results is a harrowing experience.

Privacy researchers have known the pitfalls of ever-listening sensors for a long time, so I wish I could say this is news to me. My research at Yale Privacy Lab has explored smartphone spying in detail, and I’ve personally dug into the privacy pitfalls of everything from Google’s bogus location settings to snooping billboards. This time last year, Yale Privacy Lab collaborated with the researchers at Exodus Privacy and utilized the excellent Exodus scanner to reveal just how polluted the mobile app ecosystem really is.

What do I mean when I say “polluted”?  Apps that are submitted to either Google Play or the iOS App Store contain hidden trackers in the form of Software Development Kits (SDKs). These are clandestine snippets of code that ask for invasive permissions such as camera, network, and microphone control. Such tracker SDKs may collect and transmit location, personal information, and behavioral analytics.  In some cases, these hidden snippets of code react to ultrasonic tones that are silent to humans, allowing retailers and marketers to track the proximity of users as they walk around malls and retail outlets. These hidden “anti-features” have been a standard part of both Google and Apple’s app store model, communicating with spying Internet-of-Things devices such as iBeacons.

I work at Purism because I know we can solve this problem. Big changes are on the horizon in society at large, and people are fed up with surveillance capitalism. Purism offers replacements for the privacy prisons of the Frightful Five. You don’t have to become a luddite to enjoy them, either — our products are as beautiful as they are secure.

Take a stand, #DemandFreedom, and join the world that we’re making.

The post Break Free from Privacy Prison with Purism appeared first on Purism.

Make Today Cybersecurity Monday with Deep Discounts at Purism

Monday 26th of November 2018 06:41:59 PM

I’m typing this on a Librem 15 laptop, a secure computer from Purism. On Cyber Monday you can get a deep discount on your own Librem, gaining the assurance that your device is secure, private, and malware-free. Make today a Cybersecurity Monday and get peace-of-mind as well as beautiful hardware.

The “proof of the pudding is in the eating”, and Purism devices are much more than a treat. For decades, the IT security industry has understood that software must be verified to be trusted, and that such trust can only be provided by Free and Open-Source Software (FOSS). Way back in 1999, security expert Bruce Schneier made the observation: “In the cryptography world, we consider [FOSS] necessary for good security; we have for decades… For us, [FOSS] isn’t just a business model; it’s smart engineering practice.”

At Purism, our laptops and upcoming Librem 5 smartphone have this “smart engineering practice” baked-in — the operating system is 100% FOSS and we’ve replaced the sketchy proprietary BIOS with coreboot. PureOS meets the high standards of the Free Software Foundation’s endorsement, giving you the assurance that it contains no secret, unverifiable, proprietary code.

Cybersecurity firms have witnessed big changes in the digital landscape and a series of high-profile data breaches like the one last week at Amazon. However, the basic security principles have stayed the same.

When there are questions about spying microchips at Apple and Amazon, for example, security analysts look at the supply chain as the suspect. At Purism, we protect the digital supply chain. Our pioneering development of the Librem 5 smartphone requires us to validate each component, taking an active role in the design and testing of the device from the silicon and schematics on up.

If you take cybersecurity seriously, you need to steer clear from the ever-creepier Amazon gadgets and get Purism in your life. Beyond trust and assurance, you get the simple features you need to make security easy. The Librem line of laptops features hardware kill switches for webcam, microphone, bluetooth, and WiFi, and the Librem 5 smartphone will have them too. Our Librem Key is a one-of-a-kind USB security token, and doesn’t just offer multi-factor authentication, it tells you if your device has been tampered with via a green or red LED.

Show your friends, your family, your co-workers, or your clients that you care about cybersecurity. Purism devices mean business, and we don’t mess around when it comes to privacy, trust, and assurance.

The post Make Today Cybersecurity Monday with Deep Discounts at Purism appeared first on Purism.

Initial Split payments financing options now available

Friday 23rd of November 2018 07:05:00 PM

It is no secret that our hardware products are not only high-quality but also involve a lot of R&D overhead to make the Librem laptops and phones possible: our software & firmware development and support (and any additional R&D to enable us to grow and better serve you) has to be paid out of the margins we make on each sale, whether from the base configurations or the accessories and upgrades. It’s the reality of our cost structure as a manufacturer involved in providing a turn-key, integrated hardware+software solution, so these are simply the economics we have to deal with. Our business model isn’t cheap to run.

Most people find our offering to be of great value and are willing to vote with their wallets without hesitation, but there are also those who, while they are supportive of our goals and hold our products in high respect, simply cannot financially (or emotionally!) afford to shell out the money “all at once” to make a purchase. Some people have tighter cash flows and need to manage their budgets over the long term, and that’s quite understandable.

So today, I’m happy to announce that we have made a leap forward in catering to those who need more flexibility, by using SplitIt to offer split payments as an option. We are hoping to also add other financing partners in the future if we see interest from our customers, so let us know if this is a positive change for you or the people you know.

What this system allows you to do is to get one of our products and pay it over time, interest-free (to the extent that you honor your credit card payments, otherwise your credit card company will charge interest to you, of course). We are not the ones handling the split payment, SplitIt and your bank or credit card company do.

So, as an example, if you buy a Librem 13 “base configuration” at the regular price of $1399 (remember, today is Black Friday and we have a sale going on, so it’s actually less than that), instead of paying the entire amount in a single transaction you can choose to pay the same amount divided by twelve months, that is 12 payments of roughly 117$ on your credit card. Of course, financial responsibility still applies and you need to make sure you can afford the monthly payments for the duration of your chosen term (6 or 12 months, depending on what you choose).

We hope many will find this new feature useful! Of course, if you choose to make use of this payment strategy, please make sure to read the “Customer’s Terms and Conditions” section of SplitIt’s Terms & Conditions page.

— Jeff, on behalf of the marketing and finance departments

The post Initial Split payments financing options now available appeared first on Purism.

Give the Gift of Privacy with Purism’s Black Friday Deals

Thursday 22nd of November 2018 07:57:00 PM
Give the Gift of Privacy

2018 has been a rough year for digital privacy, but this is the home stretch. Many shoppers will be looking for retail therapy this holiday season, scanning retail shelves and storefronts across the Web. When the shopping’s over, and the presents are opened, what will you have given your friends and loved ones? Will you have saddled them with spying “smart home” appliances, mobile app trackers, and eavesdropping speakers?

Tech doesn’t have to give people the agita of home surveillance—give the gift of privacy this holiday season. All Purism laptops will be on sale from Black Friday through Cyber Monday. And you can even pay with monthly installments now!

Why support Purism? To start, it’s a Social Purpose Corporation dedicated to privacy, security, and freedom. Your digital rights come before the interests of investors, and we have a strong commitment to technology that doesn’t spy on you, track you, or expose you to malware and viruses. When you buy Purism devices, you get:

  • hardware features built for your privacy such as physical kill switches for the webcam, microphone, bluetooth, and WiFi;
  • the benefit of secure and verifiable software, from the moment you boot your device to the time you spend in your Web browser;
  • an economic vote signalling demand for security, privacy and freedom, supporting our R&D efforts. Indeed, you are not just buying hardware: the margins we make on hardware sales are what pays our team of 30+ people to do software, firmware and hardware enablement work around coreboot, PureOS, the Librem 5 phone platform, and services and support.

Our Librem line of laptops ship with PureOS, an operating system that meets the high standards of the Free Software Foundation’s endorsement, and coreboot as a replacement for proprietary BIOSes. The Librem 5 smartphone will ship with it too, raising the bar for private and secure mobile devices worldwide and challenging Apple and Google to meet that standard.

When Apple CEO Tim Cook was deriding Facebook for it’s dismal privacy record, he said Apple was “not going to traffic in your personal life” and that privacy is a “human right” and a “civil liberty”. At Purism we agree with this sentiment, but we also ask Apple to take a long look in the mirror. Macbooks contain a “security” microchip that contains secret, unverifiable, proprietary code. The T2 chip not only means the “Hey Siri” voice assistant is always listening, it can also brick your Mac if you don’t follow Apple’s repair rules.

iPhones, it turns out, are just as bad as Google’s Android when it comes to tracking you. In one experiment, an iPhone was found to be making contact hundreds of times with Apple’s servers and third-parties, while the user was sleeping and the phone was “inactive”. Worse, Apple invented the iBeacon standard that is now used worldwide to track the movements and proximity of users to each other, to smart digital signs, and to products in malls and grocery stores. Though Apple has been able to dodge privacy criticisms with hand-waving and clever marketing, Tim Cook was on the defensive this week when asked about the company’s relationship with Google.

In 2018, the world has had to face the reality that surveillance tech tries to track and monetize our every move. Make room for Purism on your shopping list and you make a change for 2019, distancing yourself from the data merchants watching everyone, even in their sleep.

The post Give the Gift of Privacy with Purism’s Black Friday Deals appeared first on Purism.

Protecting the Digital Supply Chain

Tuesday 13th of November 2018 08:21:44 PM

You first learn about the importance of the supply chain as a child. You discover a shiny object on the ground and as you reach down to pick it up your parent says “Don’t touch that! You don’t know where it’s been!” But why does it matter whether you know where it’s been? When your parents know where something came from, they can trust that it’s clean and safe for you to play with. When they don’t, their imagination runs wild with all of the disgusting bacteria and viruses that might taint it.

The food supply chain is important. Food is sealed not just so that it will keep longer, but also so that you can trust that no one has tampered with it between the time it left the supplier to the time it goes in your grocery bag. Some food goes even further and provides a tamper-evident seal that makes it obvious if someone else opened it before you. Again, the concern isn’t just about food freshness, or even someone stealing food from a package, it’s about the supplier protecting you from a malicious person who might go as far as poisoning the food.

The supply chain ultimately comes down to trust and your ability to audit that trust. You trust the grocery and the supplier to protect the food you buy, but you still check the expiry date and whether it’s been opened before you buy it. The grocery then trusts and audits their suppliers and so on down the line until you get to a farm that produces the raw materials that go into your food. Of course it doesn’t stop there. In the case of organic farming, the farmer is also audited for the processes they use to fertilize and remove pests in their crops, and in the case of livestock this even extends to the supply chain behind the food the livestock eats.

You deserve to know where things have been whether it’s the food that sustains your physical life or the devices and software that protect your digital life. Tainted food can make you sick or even kill you, and tainted devices can steal your data and take over your device to infect others. In this post I’ll describe some of the steps that Purism takes to protect the digital supply chain in our own products.

The Firmware Supply Chain

A lot has been written recently about threats to the hardware supply chain in light of Bloomberg’s allegations about hardware implants that intercepted the BMC remote management features in certain SuperMicro server hardware. While all of the vendors have denied these allegations (and Bloomberg stands by its story), everyone acknowledges that whether this particular incident happened, this kind of implant is certainly possible.

A crucial point that many are missing, and one that leads me personally to doubt the Bloomberg story, is that while a hardware implant is possible, it’s unnecessary–the BMC firmware and IPMI protocol have a long history of vulnerabilities and it would be a lot easier (and stealthier) for an attacker either to take advantage of existing vulnerabilities or flash a malicious firmware, than risk a hardware implant. An attacker who is sophisticated enough to deploy a hardware implant is sophisticated enough to pick a safer approach.

Why is attacking the firmware safer than implanting hardware? First, firmware hacking is easier. Firmware used to be something that was flashed onto hardware once and could never be overwritten. In those days it might have been just as easy to add a malicious chip onto the motherboard. Now most firmware is loaded onto chips that can be written and overwritten multiple times to allow updates in the field, so anyone along the hardware supply chain could overwrite trusted firmware with their own.

Second, firmware attacks are harder to detect. Hardware attacks risk detection all along the supply chain whenever someone physically inspects the hardware. Motherboards have published diagrams you can compare hardware against, and if a chip is on the board that isn’t in a diagram, that raises alarms. Since so much firmware is closed, it’s more difficult to detect if someone added malicious code and it’s certainly something you can’t detect by visual inspection.

Finally, firmware attacks offer deniability. It’s hard for someone to explain away a malicious chip that’s added onto hardware unannounced. If firmware vulnerabilities are detected, they can almost always be explained away as a security bug or a developer mistake.

How Purism Protects the Firmware Supply Chain

Purism has a number of strategies it uses to protect the firmware supply chain. The first strategy is to limit the overall threat by reducing the amount of proprietary firmware on our hardware as much as possible. We select the hardware components in our laptops such as the graphics chip and WiFi card so that we can run them with free software drivers that anyone can audit. Like a dairy that only packages milk from antibiotic-free cows, we can avoid a lot of other audit worries by starting with a clean source.

The next area we focus on is the Intel Management Engine (ME). Like all modern Intel-based hardware, our laptops include the Intel Management Engine, but we intentionally exclude Intel’s Active Management Technology (AMT) to avoid the risk posed by that proprietary out-of-band management software. We then neutralize and disable the ME so that only a small percentage of the firmware remains on the chip, further reducing the avenues for attack. Whether a dairy gets antibiotic-free milk or not, it still pasteurizes it to kill any unseen microbes in the raw milk.

The other important piece of firmware on a laptop is the BIOS. Since it runs before the operating system, it’s a tempting piece of code to attack because such a compromise can easily hide from the OS in a regular system and survive reboots. We protect the BIOS firmware from supply chain attacks both upstream and downstream from us and next I will describe our approaches.

The motherboards’ BIOS chip arrives to us with a proprietary BIOS from the supplier. To protect against any upstream attempts to replace that default BIOS with something malicious we overwrite it with our own coreboot BIOS. This further reduces the amount of proprietary firmware in the BIOS since with coreboot the bulk of the BIOS is free software. Even though the Intel Firmware Support Package (FSP) proprietary blob still remains we still greatly reduce the risk (and aim to liberate or replace the FSP as well). It’s like repackaging food in BPA-free plastic when you aren’t sure about the make-up of the original packaging.

That leaves how we protect you from attacks on the BIOS that might occur either during shipping or after you have the computer in your possession. For this we are working to offer the combination of the Heads tamper-evident BIOS that sits on top of coreboot and our Librem Key USB security token and we are starting a private beta program right now to get feedback before a wider release. With Heads combined with the Librem Key, we can configure a shared secret between the computer and the Librem Key at the factory and ship the devices separately. If someone tampers with your computer during shipping or at any point after you receive it, you will then be able to detect it with an easy “green is good, red is bad” blinking light on the Librem Key. Think of it like a pop-up tamper-evident seal on a jar of food.

The Software Supply Chain

While the hardware and firmware supply chain attacks get a lot of focus due to their exciting “spy versus spy” nature, software supply chain attacks are a much greater and more present threat today. While many of the hardware and firmware attacks still exist in the realm of the hypothetical, software attacks are much more real. Vendors have been caught installing spyware on their laptops, in some cases multiple times, to collect data to sell to advertisers or to pop up ads of their own. When you can’t audit the code, even a computer direct from the factory might be suspect.

With proprietary operating systems, there’s the risk that comes from not being able to audit the programs you run. A malicious developer or a developer hired by a state actor could add backdoors into the code with no easy way to detect it. This isn’t just a hypothetical risk as the NSA is suspected in a back door found in Juniper’s ScreenOS.

If you decide that you can trust your OS vendor you might be comfortable relying on the fact that OS vendors sign their software updates these days so the OS can be sure that the software came directly from the vendor and wasn’t tampered with while it was being downloaded. Yet applications on proprietary operating systems come from multiple sources, not just the OS vendor, and in many cases software you download and install from a website has no way to verify that it hasn’t been tampered with along the way.

Even if you only use software signed by a vendor you still aren’t safe from supply chain attacks. Since you don’t have access to the source code, there’s no way to prove that the signed software that you download from a vendor matches the source code that created it. When developers update software, their code generally goes to a build system that converts it into a binary and performs tests on it before it packages it, signs it, and makes it available to the public. An attacker with access to the build system could implant a back door at some point in the build process after source code has been checked in. With this kind of attack, the malicious code might go unnoticed for quite some time since it isn’t present in the source code itself yet the resulting software would still get signed with the vendor’s signature.

How Purism Protects the Software Supply Chain

Purism has a great advantage over proprietary software vendors when it comes to protecting the software supply chain because we can offer a 100% free software operating system, PureOS, on our laptops. By only installing free software on our laptops, all of the source code in the operating system can be audited by anyone for backdoors or other malicious code. For processed food to be labeled as organic, it must be made only from organic sources, and having our operating system certified as 100% free software means you can trust the software supply chain all the way to the source. Beyond that, all of the software within PureOS is signed and those signatures are verified every time you install new software or update existing software.

Unlike proprietary software, we can also address the risk from an attacker who can inject malicious code somewhere in the build process before it’s signed. With Reproducible Builds you can download the source code used to build your software, build it yourself, and compare your output with the output you get from a vendor. If the output matches, you can be assured that no malicious code was injected somewhere in the software supply chain and it 100% matches the public code that can be audited for back doors. Think of it like the combination of a food safety inspector and an independent lab that verifies the nutrition claims on a box of cereal all rolled into one. We are working to ensure all of the software within PureOS can be reproducibly built and to provide you tools to audit our work. Stay tuned for more details on that.


The supply chain comes down to trust and your ability to audit that trust. Unfortunately all too often a company’s economic incentives run counter to your trust. This is why Purism is registered as a Social Purpose Corporation (SPC) so we can put our ethics and principles above economic incentives. We also continue to improve our own ability to audit the supply chain and isolate (and ultimately eliminate) any proprietary code that remains. Beyond that we are also working to provide you the tools to audit the supply chain (and audit us) yourself, because while we feel you should trust us, your security shouldn’t have to depend on that trust alone.

The post Protecting the Digital Supply Chain appeared first on Purism.

More in Tux Machines

Games: Surviving Mars and OpenMW

Kernel and Security: BPF, Mesa, Embedded World, Kernel Address Sanitizer and More

  • Concurrency management in BPF
    In the beginning, programs run on the in-kernel BPF virtual machine had no persistent internal state and no data that was shared with any other part of the system. The arrival of eBPF and, in particular, its maps functionality, has changed that situation, though, since a map can be shared between two or more BPF programs as well as with processes running in user space. That sharing naturally leads to concurrency problems, so the BPF developers have found themselves needing to add primitives to manage concurrency (the "exchange and add" or XADD instruction, for example). The next step is the addition of a spinlock mechanism to protect data structures, which has also led to some wider discussions on what the BPF memory model should look like. A BPF map can be thought of as a sort of array or hash-table data structure. The actual data stored in a map can be of an arbitrary type, including structures. If a complex structure is read from a map while it is being modified, the result may be internally inconsistent, with surprising (and probably unwelcome) results. In an attempt to prevent such problems, Alexei Starovoitov introduced BPF spinlocks in mid-January; after a number of quick review cycles, version 7 of the patch set was applied on February 1. If all goes well, this feature will be included in the 5.1 kernel.
  • Intel Ready To Add Their Experimental "Iris" Gallium3D Driver To Mesa
    For just over the past year Intel open-source driver developers have been developing a new Gallium3D-based OpenGL driver for Linux systems as the eventual replacement to their long-standing "i965 classic" Mesa driver. The Intel developers are now confident enough in the state of this new driver dubbed Iris that they are looking to merge the driver into mainline Mesa proper.  The Iris Gallium3D driver has now matured enough that Kenneth Graunke, the Intel OTC developer who originally started Iris in late 2017, is looking to merge the driver into the mainline code-base of Mesa. The driver isn't yet complete but it's already in good enough shape that he's looking for it to be merged albeit marked experimental.
  • Hallo Nürnberg!
    Collabora is headed to Nuremberg, Germany next week to take part in the 2019 edition of Embedded World, "the leading international fair for embedded systems". Following a successful first attendance in 2018, we are very much looking forward to our second visit! If you are planning on attending, please come say hello in Hall 4, booth 4-280! This year, we will be showcasing a state-of-the-art infrastructure for end-to-end, embedded software production. From the birth of a software platform, to reproducible continuous builds, to automated testing on hardware, get a firsthand look at our platform building expertise and see how we use continuous integration to increase productivity and quality control in embedded Linux.
  • KASAN Spots Another Kernel Vulnerability From Early Linux 2.6 Through 4.20
    The Kernel Address Sanitizer (KASAN) that detects dynamic memory errors within the Linux kernel code has just picked up another win with uncovering a use-after-free vulnerability that's been around since the early Linux 2.6 kernels. KASAN (along with the other sanitizers) have already proven quite valuable in spotting various coding mistakes hopefully before they are exploited in the real-world. The Kernel Address Sanitizer picked up another feather in its hat with being responsible for the CVE-2019-8912 discovery.
  • io_uring, SCM_RIGHTS, and reference-count cycles
    The io_uring mechanism that was described here in January has been through a number of revisions since then; those changes have generally been fixing implementation issues rather than changing the user-space API. In particular, this patch set seems to have received more than the usual amount of security-related review, which can only be a good thing. Security concerns became a bit of an obstacle for io_uring, though, when virtual filesystem (VFS) maintainer Al Viro threatened to veto the merging of the whole thing. It turns out that there were some reference-counting issues that required his unique experience to straighten out. The VFS layer is a complicated beast; it must manage the complexities of the filesystem namespace in a way that provides the highest possible performance while maintaining security and correctness. Achieving that requires making use of almost all of the locking and concurrency-management mechanisms that the kernel offers, plus a couple more implemented internally. It is fair to say that the number of kernel developers who thoroughly understand how it works is extremely small; indeed, sometimes it seems like Viro is the only one with the full picture. In keeping with time-honored kernel tradition, little of this complexity is documented, so when Viro gets a moment to write down how some of it works, it's worth paying attention. In a long "brain dump", Viro described how file reference counts are managed, how reference-count cycles can come about, and what the kernel does to break them. For those with the time to beat their brains against it for a while, Viro's explanation (along with a few corrections) is well worth reading. For the rest of us, a lighter version follows.

Blacklisting insecure filesystems in openSUSE

The Linux kernel supports a wide variety of filesystem types, many of which have not seen significant use — or maintenance — in many years. Developers in the openSUSE project have concluded that many of these filesystem types are, at this point, more useful to attackers than to openSUSE users and are proposing to blacklist many of them by default. Such changes can be controversial, but it's probably still fair to say that few people expected the massive discussion that resulted, covering everything from the number of OS/2 users to how openSUSE fits into the distribution marketplace. On January 30, Martin Wilck started the discussion with a proposal to add a blacklist preventing the automatic loading of a set of kernel modules implementing (mostly) old filesystems. These include filesystems like JFS, Minix, cramfs, AFFS, and F2FS. For most of these, the logic is that the filesystems are essentially unused and the modules implementing them have seen little maintenance in recent decades. But those modules can still be automatically loaded if a user inserts a removable drive containing one of those filesystem types. There are a number of fuzz-testing efforts underway in the kernel community, but it seems relatively unlikely that any of them are targeting, say, FreeVxFS filesystem images. So it is not unreasonable to suspect that there just might be exploitable bugs in those modules. Preventing modules for ancient, unmaintained filesystems from automatically loading may thus protect some users against flash-drive attacks. If there were to be a fight over a proposal like this, one would ordinarily expect it to be concerned with the specific list of unwelcome modules. But there was relatively little of that. One possible exception is F2FS, the presence of which raised some eyebrows since it is under active development, having received 44 changes in the 5.0 development cycle, for example. Interestingly, it turns out that openSUSE stopped shipping F2FS in September. While the filesystem is being actively developed, it seems that, with rare exceptions, nobody is actively backporting fixes, and the filesystem also lacks a mechanism to prevent an old F2FS implementation from being confused by a filesystem created by a newer version. Rather than deal with these issues, openSUSE decided to just drop the filesystem altogether. As it happens, the blacklist proposal looks likely to allow F2FS to return to the distribution since it can be blacklisted by default. Read more

gitgeist: a git-based social network proof of concept

Are you tired of not owning the data or the platform you use for social postings? I know I am. It's hard to say when I "first" used a social network. I've been on email for about 30 years and one of the early ad-hoc forms of social networks were chain emails. Over the years I was asked to join all sorts of "social" things such as IRC, ICQ, Skype, MSN Messenger, etc. and eventually things like Orkut, MySpace, Facebook, etc. I'll readily admit that I'm not the type of person that happily jumps onto every new social bandwagon that appears on the Internet. I often prefer preserving the quietness of my own thoughts. That, though, hasn't stopped me from finding some meaningfulness participating in Twitter, Facebook, LinkedIn and more recently Google+. Twitter was in fact the first social network that I truly embraced. And it would've remained my primary social network had they not killed their own community by culling the swell of independently-developed Twitter clients that existed. That and their increased control of their API effectively made me look for something else. Right around that time Google+ was being introduced and many in the open source community started participating in that, in some ways to find a fresh place where techies can aggregate away from the noise and sometimes over-the-top nature of Facebook. Eventually I took to that too and started using G+ as my primary social network. That is, until Google recently decided to pull the plug on G+. While Google+ might not have represented a success for Google, it had become a good place for sharing information among the technically-inclined. As such, I found it quite useful for learning and hearing about new things in my field. Soon-to-be-former users of G+ have gone in all sorts of directions. Some have adopted a "c'mon guys, get over it, Facebook is the spot" attitude, others have adopted things like Mastodon, others have fallen back to their existing IDs on Twitter, and yet others, like me, are still looking. Read more