do you know that your cpu has "dma access" and can override the os? how can you sleep?

i think we should get even open hardware, but closed firmware does not make it closed source

of course it is. same thing could be burned in silicon without possibility to disable it
wrong. it's all for nothing while it runs on blackbox hardware

Devkit or not, you can do as me and preorder the WandPi 8M (shipping this spring, they say).

I just created a i.MX8M thread!

That's BS. I'm not talking about drivers or even deep level mer-changes or the dalvik VM. Those would be difficult. The stuff I'm talking about is all in-house Qt5/QML libs and apps they themselves wrote.

Just shows their ways I suppose. It's really disappointing coz I love their interface and the fact that's it's almost a vanilla linux in there but their lack of communication, missing their own trains and bad judgement have pretty much ruined them as a company.

Between your laptop and the server you're currently browsing pages from, there are tons of closed hardware.
(Beginning with the firmware running on the USB 3G/4G dongle if you have such a one plugged into your laptop).

You can't trust any of these intermediate point neither. But as long as you secure your communication (so SSL, using certificates that you trust), it shouldn't matter either.

You stuff remains entirely in your control on your laptop. The closed stuff is kept outside the reach of your private data and your software and only communicates over a standard protocol that you access with opensource drivers in your kernel.
(in the case of 3G/4G dongles, it's usually an USB bus, speaking a mix of USB-Serial (for connection setup, still using the good old "AT" codes of oldschool analog modem era ) and USB-Networking (for high-speed data transmission) )

The point of Purism is to design a phone which follows the same separation.
By law and frequency-licensing principle, you'll never ever are going to be allowed to run arbitrary code on a modem, so no none-tivoized opensrouce there.
The next best thing is to apply the same kind of separation as the laptop example.
Except thing being a pocket device :
- The entire system that corresponds to the laptop is inside a single chip (SoC).
- The separate modem is physically kept within the confine of your smartphone's case.
- Just like the laptop and the USB stick kept appart, the modem and SoC are kept appart like on old smartphone, not one serving as the northbridhe of the other as nearly all modern stuff (e.g.: qualcomm).
- Just like you can unplug the USB stick and completely disconnect it, there are hardware switch on the Librem5 to physically disconnect the modem too.

No matter how much evil stuff is hidden in the firmware on the modem, it'll never ever be able to access your stuff on the SoC, just like a 3G/4G dongle could be running advesary firmware it will never be able to touch stuff on your laptop.

(= Well in my metaphore. In practice, if I was Huawei and wanted to attack you, I'd probably send some OTA code to make the USB dongle masquerade as a HID device and/or USB storage. To gain smartphone-like protection, the USB port with the dongle should be limited to Serial/Network USB device only)l

As far as I know, youtube doesn't use DRM much. It won't be affected.

Netflix is probably the example you're looking for.

And then you can't have it both way. You can't have both a device that's entirely in you control (the point of openphones like Purism's project) AND a device that keeps you shut out of your own stuff like DRM's purpose.

If you want functional closed source firmware DRM for Netflix, you're not the target audience of this kind of devices.

You don't trust the modem, you don't trust the router : Yes, that's entirely correct. As you shouldn't trust any other point along the chain to the server you're accessing.
The correct behaviour is to trust no one and protect the traffic with trusted certificates.
The modem should not be able to see anything snoopable, just like any other relay on the path.

Use client-to-server encryption whenever you access stuff on the internet (HTTPS, etc. with *trusted* certificate).
Use end-to-end encryption whenever you message someone (OTR with messaging, GPG with mails, etc.)
Use TOR whenever you want observer not even be able to clearly see whom you are contacting.

i don't have laptop and even if i had, i can't control blackbox cpu. when cpu is closed, it is worse than closed modem, because it sees all data unencrypted

the "laptop" is just a high level metaphor to get to illustrate what I want to show.

If you prefer, then imagine specifically being in possession of these particular old Thinkpads laptops which require no BLOB and can be flashed with LibreBoot before installing a 100% RMS-compliant "vegan freesoftware" Linux distro :-P

Then using an Ethernet cable you connect to some evil Huawei device, like the E5885 which runs an unknown secret blob written by chinese engineer on which you have absolutely 0% control and could be filed to the bring with spywares and backdoors.


The Ethernet cable is relevant here (an absolutely standard mean to just send data packet accross, and nothing else. There's no RDMA involved - unlike, say a 10 GBit/s
link)

(And for the record, no hidden weird sensors have been found yet on that modem: it can't easily do side channels attacks based on microphones or whatever).

Is such a setup, everything on the laptop is secure from the modem. The blob running on the modem cannot peek inside the laptop, it only sees encrypted traffic going on its end of the ethernet cable.

That's the whole point of Purism selecting specifically Freescale (i.mx6 for now, i.mx8 in the future) : it happens to be a chipset that you can run entirely on free software. You don't need any piece of closed firmware to use it. Every single machine code instruction that it runs on it could be on that you can control.

Unlike IntelME which is pretty much inevitable on anything recent by Intel, and AMD which require FSP since Ryzen and some older APUs.

you are not listening. cpu is closed, not its firmware. its schematics are closed and it can show you and your firmware middle finger and send all your precious data to nsa

Then what's your security target ?

Wire-wrapping your own cpu yourself ?
So that you can trust that is has the actual schematics as laid out in the official block diagram ?


If you want to nit-pick about "closer/open" - you can still acid-digest the package, and sent the exposed silicon to an electron-microscope and try to infer it the actual circuitry reflects what it is supposed to look like.
But then you'll be arguing that the evil NSA-sold CPU-manufacturer gave you a false chip to calm your fear while you destructively analyse it, while the next chip they sell you once you decide to incorporate it in the device will be the real-spying-deal.


It's not possible to make a cpu that "sends all your precious data to the nsa" if that CPU lacks any hardware to send anything itself (i.e.: not a Qualcomm style CPU+modem in the same SoC package).

Either you're going to notice the unusual traffic on the standard protocol that the CPU talk to the actual networking hardware (hey, what are these packets ? I didn't ask my software to send them).
Or CPU has some nefarious function that will try to create a side channel, like subtly influence some timings (e.g.: delays in the sending of data packets to discrete modem, with each delay carrying information)
And both of the above require quite some advanced working. Could be done as software implemented in the blob firmware (but what when there's no blob firmware ?)
Or would require advanced circuitry and/or massive microcode which are beyond what are available on small RISC codes such as ARM.) (And could be busted by some electro-microscopy). (Wait, why are there giant ROMs and/or an entirely separate undocumented core on the silicon).


Either you decide to make your own CPU from scratch, or you choose to trust your CPU manufacturer and pick a CPU core that's small and simple enough to make hiding a whole untrusty evil machine within difficult, while also isolating it from external access.