Purism Librem 13 Funded, But Will Likely Fail To Provide Freedom & Privacy

Written by Michael Larabel in Coreboot on 16 September 2015 at 12:00 AM EDT. 26 Comments
COREBOOT
While not quite as much as the funding achieved for the Librem 15, the smaller Librem 13 crowd-funding campaign is set to close soon and has just passed its $250k USD funding goal for "a laptop that respects your rights", but there's still a lot of yet to be fulfilled hopes riding on this x86 laptop.

Purism's Librem 13 laptop funding campaign is set to end at the end of day Thursday (17 September) while as of writing this article they're at $251,191 of their $250k goal. Meeting this goal came after they extended the timeline for their original campaign and their founder invested a lot of money to bump it towards its goal with days remaining.

Following up on that previous article as well as Purism Librem Laptops Remain Blobbed Up, Less Than Interesting, I was sent an anonymous email with more thoughts on the Purism/Librem free software work from this individual who had decided regardless to back the funding campaign and hope for the best. Embedded below is his email, but first, as a quick reminder, at Phoronix I generally welcome guest/freelance posts to lighten up my workload as long as the content is interesting and about Linux/FLOSS/hardware.

Subject: Purism Librem 13 Funded, But Will Likely Fail To Provide Freedom & Privacy

Purism is in the headlines lately, with their librem 13 campaign. For those who don't know, this is a company that claims to provide open-source laptops that "respect privacy, security and freedom". An open-source BIOS forms part of this, though the librems currently run a closed source, proprietary binary-only BIOS, supplied by the motherboard vendor without source code.

Purism has been widely criticized, mostly by the free and open source software community itself, which is highly skeptical that the company can even deliver on its promises. But Purism won't fail because of inability to keep its promises. It will fail because its users are normal people. Bear with me, it'll make sense real soon.

Firstly, I would like to congratulate Purism on their recent crowd funding success with the librem 13 campaign. But that doesn't mean there aren't still problems with the librem itself, and this isn't over yet. Those who are currently in a celebratory mood might want to consider the rest of this article.

Of course, let's ignore the fact that they won by extending the campaign to almost 3x its original length (a violation of the agreement with their original backers, by the way), and by pledging a large amount of their own cash to the campaign 2 weeks before the end of the campaign, to inflate the numbers when it appeared that they were going to lose. Crowd Supply was corrupt enough to allow all of this, and is quite happy to take commission from it. In reality, Purism lost badly (at around $160,000 in funding out of the $250,000 goal, when not including the amount that Purism itself pledged to the campaign).

Those who backed the librem 13 should all repeatedly put pressure on Purism, repeatedly and over a long period (several years) to make sure that they now meet their promise. Their promise is this: release a fully open-source BIOS, with no binary blobs. Basically, that means porting the librem to Libreboot.

Let's ignore for a moment the fact that the librem actually doesn't respect your privacy, since it contains a backdoor from Intel. The libreboot guys covered this ruthlessly well (they're pretty thorough in general) over here.

This known backdoor, the Intel Management Engine, is signed by Intel. This means that you can't run your own version without Intel's permission. Purism claims to be working on unlocking it (presumably to remove these nasty features), but customers who previously bought a librem (hundreds of librem 15 customers, myself included, and the hundreds of people that bought the librem 13) will be stuck with a locked Management Engine. If Purism is successful in unlocking the ME to run unsigned modified versions, that will only affect newer laptops shipped by the company, not older ones that were sold previously.

Purism goes on to say, on their website and in blog posts that they are working on adding coreboot support to their librem laptops. Coreboot is an open-source BIOS project.

Let's ignore the fact that that coreboot itself would still be executing the blobs provided by Intel, and would merely provide extra features which may make the laptop more convenient (e.g. faster boot speeds, customization, various "payload" options). Basically, this is equivalent "freedom" wise to running Linux with all closed-source drivers. The core is open-source, but the rest isn't.

In fact, let's assume that Purism solves all of the problems above. Under this fantasy, the BIOS would be 100% open-source, with no binary-only blobs from Intel, and no Intel Management Engine. Thus, Purism would have succeeded in one of its apparent goals.

What then? Now Purism would have even perhaps become fully endorsed by the Free Software Foundation, and Richard Stallman might then be able to use the laptop.

The catch? Users won't budge. Really. It's that simple. Bear with me, we're almost done.

The problem is, that users who previously received their librem laptops will have to re-flash the proprietary BIOS over to coreboot. This might sound simple, with one fatal flaw: the Management Engine (linked above) interferes with writes to the flash chip, making it necessary to disassemble the laptop, remove the motherboard, physically locate the flash chip, and use specialized equipment (costs hundreds of dollars, average user will take at least a few days up to a week on average getting it all to work); this equipment mostly consists of what's called a "SPI programmer". Along with that, you need a "clip" (or soldering equipment) and some wires for connecting the programmer to the flash chip. You then need a separate power supply, to power the flash chip. You also need to set up a serial and/or SSH connection to the programmer, likely running some embedded Linux OS.

Here's an example what that looks like.

The above guide uses the popular Raspberry Pi, which is commonly used for flashing SPI chips. Most people will be unwilling to do any of that. The ones that do, may find that it's unreliable, because it is. SPI programmers are usually unreliable in most setups, causing many headaches. Most people won't even attempt it, and most of the ones that do will give up. Purism is seriously over estimating its customers if it thinks that more than a tiny minority of them are technically minded enough to flash new firmware.

For those who do decide to rough it out, and actually install coreboot, there is a good chance that they will physically break the laptop. Laptops are very delicate things to take apart. Not only that, but if they make a mistake when flashing coreboot, the laptop could be "bricked", which means that it will no longer boot. And what about the warranty? Will Purism cover you if you break it?

Basically, the users of the librem will mostly not want to do any of this, because of the extra cost, effort and risk. They can't be issued a software utility to update the BIOS to coreboot, because it won't overwrite the whole chip.

That's the problem. Really. What Purism ought to do, is accept returns so that they can install coreboot, then ship it back to their customers. The problem is that this also won't work, since most people won't want to ship their laptops half way across the world (Purism sells globally).

If Purism is serious, it should seriously re-think.


Interesting points are raised how existing/early Librem users will be able to transition to Coreboot (or if they're super lucky, Libreboot) in an easy and reliable way. I haven't seen Purism communicate any of those plans, or if they'll fund RMAs/exchanges to obtain the Rev2 hardware, but Like anyone else, they are welcome to write a guest post here on Phoronix to share any other thoughts or plans.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week