
Librem 5 Smartphone Final Specs - thepete2
https://puri.sm/posts/librem-5-smartphone-final-specs-announced/
======
sgeisler
As someone who backed them in 2017 I'm so happy to finally see the specs. It's
amazing to follow their progress, I love what they are doing with Gnome/Phosh,
that gives me hope that there will be many native apps for the most important
tasks and not just some web-app mess.

For the people complaining about the price/specs ratio: this phone is no
standard off-the-shelve system, it had to be designed with user privacy and
openness in mind while having a ridiculously small market. I'm amazed they did
it so _cheaply_.

Personally I hope that they will be able to sell enough to continue
development. Maybe this will lead to a second generation with multiple models
for different market segments. I'd love a librem phone with a good old
blackberry keyboard in the <1500$ price range with a little more RAM/CPU power
and screws holding the back plate.

~~~
ThreeFx
I'd go even a step further: Since they open-sourced all their work, maybe
other vendors can pick up / fork where they left off and we may actually have
more than one Linux phone in the future!

Two years ago that seemed like wishful thinking to me, but I am very excited
about how far Purism got in an even shorter timespan.

~~~
dastx
> fork

It'll probably be a closed source fork. Defeating the whole purpose of Librem.

~~~
ptx
GNOME and Linux are under the GPL. So are phosh (Purism's shell), Chatty
(their messaging app) and probably a lot of other components. So you can't
make a closed fork.

~~~
pjmlp
Linux kernel is GPL.

Now try to get the right version sold with an Android phone.

~~~
justinclift
Semi-related, but apparently Win10 WSL now includes the Linux kernel.

Being as that's GPL, it seems strange the GPL license isn't somehow "virally"
infecting windows, making other things OSS.

~~~
mises
They have released the source for their fork:
[https://github.com/microsoft/WSL2-Linux-
Kernel](https://github.com/microsoft/WSL2-Linux-Kernel).

Linux specifically does _not_ use the GPLv3 for exactly this reason. rms et
al. complained about "tivoization", which came from tivo shipping boxes that
contained the code but were locked down. Linus didn't really care as much, or
at least not enough to re-license. He didn't like the restriction, and new
that such a provision would prevent exactly what MS is now doing: allowing
more freedom for the users.

~~~
bubblethink
That's orthogonal though. WSL would be fine even with GPLv3. It runs on a
hypervisor. WSL poses no restrictions on modifying the source of the kernel.
You can fork, rebuild and run. You can't on a tivo device.

~~~
mises
Not exactly. Microsoft is trying to expand functionality in certain places to
allow things like CUDA acceleration, AF_PACKET support, and other important
hardware-y things that WSL can't handle. You're right that you can run a
different kernel, but Microsoft has modified theirs for WSL. For that reason,
they have to release modifications.

------
canadaduane
I love that there are 3 hardware kill switches, and that turning all 3 off
"additionally disable[s] IMU+compass & GNSS, ambient light and proximity
sensors." There are so many ways in which clever hackers have teased out
information from thin streams of always-on sensor data.

It would also be kind of cool if they added physical LED lights reflecting
hardware activity, normally covered by some physical blinder that you could
remove if you're curious--for example, a light indicating WIFI traffic, one
for each sensor, etc.

~~~
cal5k
Exactly. I absolutely detest the fact that my carrier can remotely activate my
phone's baseband processor to conduct surveillance. Without a hardware kill
switch there's basically no way to prevent this other than, perhaps, using a
faraday bag.

~~~
RandomBacon
And if they really wanted to, your phone could record the audio, GPS, etc and
then transmit once it's out of the faraday bag.

~~~
ISL
To be pedantic, a sufficient Faraday cage will block GPS (but not audio,
acceleration, etc...)

~~~
RandomBacon
Perfectly acceptable; my mistake. Thanks!

~~~
t4rewg
@RandomBacon, what mistake? It's clear you were saying, a spy app can record
all the audio, gps location etc in a file, and then when the phone regains
cell signal, the spy app can send out the recorded audio, gps location etc.

~~~
taylorfinley
Not the stochastic swine, but their mistake was saying GPS signals would be
logged while inside a Faraday bag. GPS signals are RF, thus blocked by any
proper Faraday cage.

~~~
jandrese
Faraday bags don't block a full spectrum. In fact they tend to be rated only
for specific frequencies. GPS and GSM/CMDA/LTE are different enough that you
should never assume a bag that is designed to block one will also get the
other. Same with WiFi, AM/FM, Shortwave, WWVB, etc...

------
mpnordland
So for me, this is roughly what I want in a phone. But the thing is, I bought
a phone over two years ago, with better specs for $100 less. That same phone
today is priced at $200-$300.

The way I see it the real value add for this phone is the software, and this
whole mainline Linux, FOSS, run whatever you want approach is very attractive
to me.

But is it worth $700? Is it worth $700 when my current phone is in great
condition and most likely will be usable for several more years?

I feel bad, because I do want to support this kind of thing, I'm just not sure
that buying __this__ phone is the right decision for me.

~~~
flattone
im an in debt, highschool dropout, unemployed, and ill biy this on credit just
to take a stand. i cant wait to set my google phone on fire. will be like
finally ridding myself of a disease.

get it together man. priorities. the value of an old phone stands up to
forcing cash in meaningful directions? forget my wallet/welfare/bills, badd
things have to stop at any cost.

~~~
Tepix
What's wrong with installing Lineage OS on your google phone? If you stick to
F-Droid you're pretty good in terms of open source. There are still a few
binary blobs that you can't avoid of course. Those may contain some backdoors
or bugs that will make you vulnerable, however you will no longer send your
data to Google etc. all the time. Which is a huge difference.

~~~
pizzazzaro
Lineage dropped support for a LOT of phones in the last 6 months.

When you show up, looking to do the legwork for a specific model, the
community directs you to the donate button instead...

If Librem can keep their repos current? Im down to switch from a Lineage-
deprecated phone.

Besides, a phone running a kernel that isn't 3 years old and terribly out of
date? Vulnerable to Spectre, Rowhammer, and a host of other script-kiddie-
hackable holes? So what if its "mine" for $200 less when it isnt _mine_ and
patched?

Apple did one thing well with iPhone that Android didnt - they kept themselves
as a single point of accountability for how the phone runs, how it updates,
how security patches get distributed.

A FLOSS phone needs to mimick that success.

------
vbezhenar
5.7" screen is HUGE. I wish someone would build phone with 3.5-4" screen. It's
so handy to operate phone with a single hand.

~~~
RandomBacon
It's on par with most other phones, which I agree is huge. Smaller would take
a lot more work, so I'm okay with a larger first version.

~~~
rtkwe
Yeah larger screens gives them some more leeway internally but does kind of
restrain them a bit too because the larger screen wants more battery which
requires a certain amount of space.

If you've ever seen a tear down of the iPhone X for example the boards are
actually stacked to maximize the space available for battery in the thin form.

[https://www.ifixit.com/Teardown/iPhone+X+Teardown/98975#s182...](https://www.ifixit.com/Teardown/iPhone+X+Teardown/98975#s182892)

~~~
RandomBacon
I think the larger screen is also beneficial for the interface since it is
based on Gnome and not some touch-only gui.

------
leetbulb
Would be nice if it had a hardware kill switch for other sensors (especially
MEMS-based) such as accelerometer:

Edit: It does. Nice.

[https://crypto.stanford.edu/gyrophone/files/gyromic.pdf](https://crypto.stanford.edu/gyrophone/files/gyromic.pdf)

[https://www.analog.com/en/analog-dialogue/articles/mems-
acce...](https://www.analog.com/en/analog-dialogue/articles/mems-
accelerometers-as-acoustic-pickups.html)

[https://dl.packetstormsecurity.net/papers/general/traynor-
cc...](https://dl.packetstormsecurity.net/papers/general/traynor-ccs11.pdf)

~~~
zecken
It says in this post that the IMU is killed when all 3 other skill switches
are off

~~~
leetbulb
Wow, I totally skipped over that. Wasn't familiar enough with the acronym.
Very nice.

------
Tepix
Low budget alternative: The Pinephone by Pine64, also with 4 ARM Cortex-A53
cores.

[https://www.pine64.org/pinephone/](https://www.pine64.org/pinephone/)

~~~
RandomBacon
Cool, I want to get one of those also, but they're not selling it and I don't
see any links about when we can buy it, for how much, and when it will ship.

~~~
redwards510
I can't find the info for the price, but I remember seeing it before and it
was very low, like $200, which would make this a very exciting entry into the
notAndroidOrIOS market. The Librem 5 was cool at first, until they started
delaying it indefinitely and the price is too high for mass adoption. By
having a very low price on the Pinephone they are courting a lot more
tinkerers to get one and help develop the OS versus the Librem which people
would kind of (rightly) expect to be fully-formed at launch.

    
    
        As things stand today, we expect a fully functional prototype in August
    

[https://www.pine64.org/2019/06/06/june-2019-news-
pinephone-p...](https://www.pine64.org/2019/06/06/june-2019-news-pinephone-
pinebook-pro-and-pinetab/)

[https://wiki.pine64.org/index.php/Project_Don't_be_evil](https://wiki.pine64.org/index.php/Project_Don't_be_evil)

~~~
allana
The Allwinner A64 platform has numerous developers working on it compared to
the iMX8, which has really fleshed out fully featured hardware support over
the last few years. Running most Linux distros should be a breeze on the
Pinephone!

~~~
megous
That's a bit of an overstatement. It has some interested and active
developers, but support is far from fleshed out, especially for the poratble
device use.

There are lots of patches floating around, that you can apply to the mainline
linux tree, to get CPU DVFS, thermal management, to improve I2S support, etc.
Suspend to RAM is nowhere to be seen, leaving you with always ON SoC, which
will drain the battery in half a day doing nothing.

It's all fixable, but let's not pretend A64 has fully fleshed out HW support
in the mainline Linux kernel.

OTOH, there's a great potential, because Quectel EC25 broadband module also
runs Linux and has some potential for being hackable:

[https://projects.osmocom.org/projects/quectel-
modems/wiki](https://projects.osmocom.org/projects/quectel-modems/wiki)

So there's definitely a lot of fun to be had with the future PinePhone. You'll
be able to log in to your broadband module and perhaps modify it:

[https://projects.osmocom.org/projects/quectel-
modems/wiki/EC...](https://projects.osmocom.org/projects/quectel-
modems/wiki/EC25_Linux)

------
kapnobatairza
I've been looking for a "FOSS" phone that is based purely on AOSP. I don't
want a custom ROM, Play Store, cloud, or to have to create any accounts or
sign into anything. I just want a simple Android phone with decent specs that
I can install APKs on. Does this exist at all? Or do I have to buy/pay for a
"full" Android phone and reflash it?

~~~
eptcyka
You could buy a Pixel and put GrapheneOS on it.
[https://grapheneos.org/#device-support](https://grapheneos.org/#device-
support)

~~~
kop316
I looked at the page, it is interesting, but I have never heard anything about
this. They page didn't also say anything about who they were/what they do?

Do you have anywhere with more information about this/the folks behind it?

~~~
Tepix
It's the successor of the Copperhead OS project. Some details at
[https://liliputing.com/2019/04/grapheneos-is-an-android-
base...](https://liliputing.com/2019/04/grapheneos-is-an-android-based-
security-hardened-open-source-operating-system.html)

~~~
Brakenshire
Fantastic that it’s open source now.

------
MrMember
I don't understand how they're still committing to shipping in Q3. From the
last monthly update it doesn't look like they're all that close to a final
release.

~~~
jstanley
I agree. There's no evidence that they have even a single prototype phone in
the final form factor, let alone any tooling to make the cases etc.

I've preordered one, and I hope I eventually get it, but I think shipping in
Q3 is just not going to happen.

~~~
Rooster61
What are the application demo videos running on? Is that just a dev board
below the screen?

~~~
jstanley
Yes (or, where it's a screen capture, it's from a dev board or emulator).

------
zeveb
Ever since I saw the project come out, I've been thinking about what would be
required for me to switch from Android. Right now I think that my hard
requirements are:

    
    
      - Firefox (pretty sure they have it)
    
      - Signal (I use it all the time)
    

I don't know if some kind of TOTP store (think Google Authenticator or andOTP)
is a hard requirement or a soft one, but it would surely be useful. I can live
without my banking app (there's always the website); I can live without Uber
or the Google apps; I can live without Kindle and all my streaming (could
always keep a SIMless phone around to use as a media device).

As long as it has a browser and Signal, I really think it could be
competitive.

~~~
redwards510
Without a browser, it kind of ceases to be a smartphone. It's just a
flipphone. So I don't see how that is really something you need to note.

For me it's Google Maps. There is just no comparison. I don't want to imagine
trying to drive around finding places without it. It's not just the navigation
and traffic, it's the business hours lookup feature and all that.

I hadn't thought about TOTP stores (Authy), but that's certainly way up there.
Unless they can read a NFC yubikey.

~~~
ocdtrekkie
See, the problem is, as long as Google is allowed to own services like Maps
and YouTube, as well as Android, you've ensured you can't ever switch to a new
platform: Google is extremely active in not only refusing to support competing
mobile platforms, but actively blocking them from accessing their services, as
they've done with Microsoft and Amazon's competing platforms over the years.

I've found for most map queries, Google, Bing, MapQuest, and HERE are all
pretty much comparable/a wash.

------
xorcist
While I really appreciate an enthusiast product (and is a proud owner of
similar devices), I think Purism bit off a bit more than was necessary.
Something a little bit closer to mainstream hardware would have gotten a
device out earlier, and in the hands of more potential developers faster, with
more time to implement whatever bits and pieces were unsatisfying.

The Pinephone has a fraction of the cost and have the potential to bigger
developer mindshare. The specs are worse but that's not why you buy any of
these things anyway.

Phones hardware have peaked and that makes it all the more interesting for
someone interested in software and what it can do. Next year will be
interesting.

~~~
swiley
I’m not convinced. None of the mainstream hardware I’ve seen could run wayland
or X acceptably due to screwy graphics drivers and documentation hidden behind
NDAs (yay Qualcomm.) If you’re going to bother putting work into something at
least pick something that

1) isn’t actively fighting you

2) actually does what you want.

(Unless you meant SBC hardware, there’s plenty of IMX stuff out there not the
least of which were the kindles.)

------
dustfinger
Will Librem 5 provide a way to turn off SMT?

 _EDIT_ It looks like Librem5 has a serial port [1] so you can build PureOS
and flash your phone with a custom build. In that case you can configure the
kernel and turn off SMT if desired. Nice :-)

[1]
[https://developer.puri.sm/Librem5/Hardware_Reference.html#us...](https://developer.puri.sm/Librem5/Hardware_Reference.html#usb)

~~~
dan1234
I assuming SMT mean Surface Mount Technology, in this context?

It would be nice if people expanded their TLAs once in a while!

~~~
dustfinger
I was referring to Symmetric Multi-Processing kernel support. Since the Librem
5 has a serial port via usb, the kernel can be easily customized to suit an
individual's needs. If you mess up you can just flash the last known good. It
is hacker friendly :-)

~~~
dan1234
Ok, wouldn’t that be SMP, rather than SMT?

~~~
aquabeagle
[https://en.m.wikipedia.org/wiki/Simultaneous_multithreading](https://en.m.wikipedia.org/wiki/Simultaneous_multithreading)

~~~
dustfinger
That's it! Thanks for correcting me :-)

------
jnbiche
These specs are really impressive. I'm actually in the market for a phone
upgrade, and the $700 price is not an objection, given what I'd be supporting.

What does concern me is the apparent lack of a verified boot option for the
phone. I'm not sure, but it appears there's no trusted boot option to use
signed firmware and OS. Android and iPhone have had verified boot for years
now. Given Librem's focus on privacy and security, and assuming my
understanding of the phone's current capabilities is correct, I'm surprised
that Librem wasn't able to come up with some solution, particularly given
their innovative approaches to firmware security in laptops.

And I jumping to the wrong conclusion? Did they end up implementing a verified
boot feature? Last I checked, it wasn't looking very likely. They had pretty
much ruled out TPM.

Regardless, a big congratulation to librem. They've accomplished a very
difficult goal. I'm guessing that if they don't have a verified boot
currently, they're working on it for future versions of the phone.

~~~
dewyatt
Hmm maybe they'll add something later. It does have smartcard support, so that
may be one approach.

------
JoshTriplett
> 5.7″ IPS TFT screen @ 720×1440

Sad that this didn't end up using a low-power OLED screen. I can live with
720p resolution, but I'm surprised that for the cost an OLED screen wasn't
possible.

I was hoping that such a screen on an open device would help drive the
adoption of dark themes in applications for power-saving reasons.

Still looking forward to trying the device, though.

~~~
mrob
I prefer LCD. AFAIK, all OLED screens on the market use PWM brightness control
in the 100s of Hz range, which for many people causes phantom array effect
during eye movement. LCDs can have DC backlights, avoiding this annoyance.

~~~
JoshTriplett
First I've heard of that; interesting. From what I can tell, that's something
software can potentially mitigate and smooth out on some displays?

~~~
mrob
100% duty cycle PWM is the same as DC, so you can mitigate it by setting the
hardware brightness to maximum and scaling image brightness down in software
to compensate. This isn't a good solution because it sacrifices color bit
depth, causing banding.

------
IloveHN84
My comment might be controversial, but for 649$, the hardware specs are felt
like a smartphone of 2-3 years ago (or even more). They could have invested in
a octa-core phone and more RAM or a better rear camera. 13Mpixels cameras are
there since the Samsung Galaxy S4, for instance. When the phone will come out,
I will be already old.

Sure, the final user isn't the typical iOS/Android one, but the lack of
fundamental applications and a real app ecosystem should led them thinking of
reducing their tag price.

------
drngdds
I love the idea of a phone that isn't built by Apple or a spyware company, but
I'd be worried about software stability and support. GNU/Linux on the desktop
has always been flaky for me, and flakiness is not an acceptable
characteristic for a phone.

------
gradschool
It's great to see this project coming to fruition. My main reservation about
owning a smartphone has always been the idea of a device that knows everything
about me under the control of God knows who. This phone partially addresses
that issue, but can anyone here who's knowledgeable about encryption comment
on that aspect? Without some form of encrypted storage it would seem like
game-over when a well resourced adversary gains physical possession.

~~~
ThreeFx
That is correct, in that case you need to encrypt either the files you want to
be safe, or use full-disk encryption. I have no idea whether Purism will
support selective file encryption or FDE out of the box, but it'd be pretty
cool if they did.

That said, under the hood your phone is basically a Linux device, so doing
this yourself might need some basic know-how of Linux administration, but
shouldn't be too hard (regarding file encryption, FDE may be trickier).

~~~
yjftsjthsd-h
Yeah, FDE is hard, but encfs or ext4-native encryption it easy enough.

------
WhooisWhoo
Not everyone agrees with the privacy marketing of the Librem 5

> The Librem 5 is a phone that is falsely marketed as a secure and private
> device. This is not true.

> The Librem 5 does nothing for privacy. Installing a Linux distro is no more
> private than just using an ungooglified ROM. The mic kill switch is useless
> as they don't block access to the sensors so audio can still be gotten. The
> camera kill switch is also useless as you could just cover the camera with
> tape.

> They also weaken security. They use old hardware which doesn't have many
> hardware security features such as a hardware backed keystore.

> They aren't shipping firmware updates. Now your firmware will be outdated
> and insecure.

> Instead of using Android, they use PureOS which is a massive security
> decrease as you won't have kernel hardening, SELinux, seccomp filters,
> verified boot etc. like Android already has. PureOS doesn't even have a
> proper app sandbox.

>
> [https://old.reddit.com/r/privacy/comments/cje7vg/dont_use_pu...](https://old.reddit.com/r/privacy/comments/cje7vg/dont_use_pureos_or_the_librem_5/?limit=500)

------
Rooster61
One thing that isn't clear to me. The phone clearly supports GPS in terms of
hardware, but does it actually do anything with it? It won't have access to
Google or Apple navigation, and that is certainly something I use my current
phone's GPS for.

~~~
seba_dos1
PureMaps, Navit, GNOME Maps, Marble, TangoGPS, various OSM web UIs...

There's plenty of GNU/Linux apps, some of them providing online and offline
turn-by-turn navigation, and some of them even already working well on mobile
form factors.

The software will surely need some time in order to get polished enough to be
used by a total newbie out-of-the-box, but it's not like there's no software
for that at all.

~~~
Rooster61
Excellent to hear. Thanks. I was unaware of these applications. GPS navigation
is a sticking point for me.

------
hajile
Can someone tell me why they opted for the imx8m with 4 A53 cores rather than
the imx8 which adds 2 A72 cores (3-6x faster) and 2x the GPU performance?

A $35 raspberry pi 4 has way more computing power than this phone while being
20x cheaper.

~~~
ryukafalz
Battery life, probably. Faster isn't always better on a device that has to
worry about its power budget.

Heat was probably a consideration too. It's all well and good to compare this
thing to a Pi 4, but I'm not sure you'd want to hold that Pi under load.

------
Endy
I'm sorry, this device profile doesn't really sell me on why I need to upgrade
from my Android TracFone; it doesn't even give me confidence that it will work
with the networks I need it to. This is part of the problem I've found over
the years with consumer Unix-derivatives - too many "figure it out yourself"
answers, not enough "just works, or we'll show you how to figure out whether
it works or not first". That's the big reason why Microsoft & Apple still are
the default desktop OSes, I think.

~~~
moftz
[https://puri.sm/faq/supported-networks/](https://puri.sm/faq/supported-
networks/)

They already have a list of LTE bands that will work depending on if you buy
the Europe or US variant. That list is only for the Gemalto PLS8-US and
PLS8-E. There is another Broadmobi BM818 module as well.

For the US, AT&T, Verizon, and T-Mobile support the 2, 4, 5, and 17 LTE bands
that work with the PLS8-US.

All of Europe should be supported on the PLS8-E.

The BM818 mention doesn't specify which version. On the FCC's website, there
is a manual that lists bands 2, 4, 5, and 17 so at least it will work in the
US.

When buying any sort of unlocked phone, you usually have to check all of the
bands with your carrier just in case. When you buying a phone from a carrier,
they have already done all of the work for you in terms of checking
compatibility.

~~~
ecmascript
That doesn't help me since I don't know jack shit about bands. I went to their
page and to the page they link to, but I still cannot figure out if the phone
will even work where I live?

And if just some bands are supported, may that affect network speeds? I don't
think this phone is going to very successful because at the very least they
should have made some interactive guide where you simply can select where you
live and it will simply display if it will work for you.

~~~
moftz
If it is that confusing for you, just go buy a Samsung or iPhone from your
carrier.

~~~
Endy
Unfortunately, as long as the standard response is dismissive like yours,
that's what the majority will do. When someone expresses confusion, the goal
shouldn't be to send them to the mainstream product, it should be to go back
and explain your product more clearly. Stop being an elitist and start
recognizing that helping people is a basic requirement of supporting a product
or service.

~~~
grumpy-cowboy
Why? What is wrong about having a product dedicated to elitists? Not
everything have to be accessible to everyone and it's a good thing. :)

~~~
Endy
When you have a piece of consumer-focused hardware which could help bridge the
gap for mainstream users into a world of Free & Private, what you should be
doing is actively seeking ways to bring them in. Besides that, it's an
expensive commercial product. It needs to sell very well, or else it will make
no impact where it needs to - in the mind of the average user.

Focus on the high-level person if you want. But have a simple version so you
extract as much money as you can.

------
dewyatt
The product page does not completely agree with all of these tech specs:

[https://shop.puri.sm/shop/librem-5/](https://shop.puri.sm/shop/librem-5/)

~~~
dewyatt
I just went ahead and placed my order anyways. :)

------
curioussavage
I have wanted this phone for months but right now I kind of wish somebody
would do a crowdfunding campaign to get one of the postmarketOS phones to
great support.

Pick a newer phone and a desktop , either plasma or phosh and do a
crowdfunding campaign and just spend all the money on getting things working
as perfectly as possible. Buy a bunch of refurbished phones of that model and
sell them with the software pre installed.

Like purism you could bundle it with a subscription or partner with a company
and take a cut.

------
Arbalest
Looks like the best option is the EU radio if you're in Australia. However,
that won't support Telstra's 3G, which might cut you out of voice calls. If
you have the option of provider, go Optus, that will give you most of the 3G
and 4G bands they have on the EU Radio. US radio only supports Telstra 3G and
Vodafone 4G, and nothing else.

~~~
vinay427
It's rather unfortunate for those who travel as well. Most mid-tier or high-
end smartphones on the market today seem to work fine for LTE and voice calls
on nearly every major carrier worldwide.

------
novaRom
I like they use main processing unit from a Dutch company; is its ROM open
source or/and can be accessed?

All ARM-based Sytem-on-Chips do have a proprietary ROM, which is used mainly
for boot-up and multicore management. But there's no access to check if it may
do something else.

>> The mobile baseband will most likely use ROM loaded firmware

this is another vulnerability

~~~
floatboth
The immutable ROM that finds firmware and jumps to it is indeed usually
proprietary, but since it's tiny and immutable, it's considered "part of
hardware" and is okay even for the FSF "Respects your Freedom" certification.

The one mutable/loadable blob the i.MX8 requires is firmware for the DDR4 PHY
(not training code you run on the CPU, but something that runs _on the PHY_
apparently??) and they're using an embedded tiny cortex-M4 core to just load
it: [https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-
hurd...](https://puri.sm/posts/librem5-solving-the-first-fsf-ryf-hurdle/)

(IMO, that's a silly requirement from the FSF, I think keeping the main CPU
free of blobs that it _doesn 't run_ i.e. blobs _for other things_ does not
have any meaningful benefits)

~~~
als0
> (IMO, that's a silly requirement from the FSF, I think keeping the main CPU
> free of blobs that it doesn't run i.e. blobs for other things does not have
> any meaningful benefits)

Depends on how privileged the peripheral or subsystem is. And what data it is
trusted with.

If it can't harm the main CPU and is properly confined then it's fine in my
book.

------
jdofaz
I wouldn't pre-order something like this because I don't yet know if it will
be reliable. I see the value in what they are offering but it isn't battle
tested yet.

I don't want to relive the early smartphone days where the phone crashes when
I'm trying to answer a phone call.

~~~
sgeisler
I think this first model is for enthusiasts who can afford it and want to fund
the development. It won't be perfect yet. If you think about it as a donation
it makes a lot more sense.

------
ocdtrekkie
So we knew about the Gemalto PLS8, and I noted as someone on Verizon that the
PLS8 wasn't approved for Verizon but other variants/similar Gemalto chips
were. Still no word on an option for those, but the Broadmobi BM818 is new,
and I haven't found much about it yet.

Most results on search link back to Purism, so it may not be a widely used
chip. It got FCC approval last December, and the documents there say it
supports LTE on bands 2, 4, and 13, which would technically make it capable of
supporting Verizon? But it isn't on Verizon's approved modules list, so it's
likely it couldn't be activated at this time.

I'd be curious what Purism's thoughts were on the chipset choices and what
networks they're supposed to work with.

------
exabrial
This is incredible!

I can live workout wireless charging for the moment.

An ip rating would be important to me though (lightly resistant to rain/dust).
I imagine that's incredibly hard to design with replaceable batteries.

I'll let the reviewers take a gander at the camera and quality and I might
give this a go.

------
wpdev_63
It will be curious to see if these will be vulnerable to electronic device
interceptions with the NSA TAO[0]. I'd imagine they are already working on
building a replacement PCB to drop in and image.

There's alot people including journalists, whistleblowers, high level execs,
people being targeted(T.I.'s) etc. would easily pay triple MSRP for a secure
phone from government entities. It would be interesting to see if they can do
it on a software level anyways.

[0]:[https://arstechnica.com/tech-policy/2014/05/photos-of-an-
nsa...](https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa-upgrade-
factory-show-cisco-router-getting-implant/)

------
XorNot
Not thrilled about that horizontal screen resolution. 720 is a bit too few
pixels.

------
leeoniya
5.7" is huge. and 720px on a screen that size is going to look seriously
underwhelming :(

my 2015 sony z5 compact is 4.6" and has a 720px display.

hopefully they can get the size down in gen 2 to something i can comfortably
EDC/use.

------
8881
The key question here is : can the phone be booted from the removable storage
card ? Without such final control of your data, you can be pressed to decrypt
your internal disk by any repressive acting party - and those are rising
steadily. Hence the only save way to give users REAL control of their data,
privacy - and safety from torture, repression etc, is a removable storage
which holds the OS and user data. Anything less looks like cosmetic pseudo
privacy and security.Can Librem boot the OS from the sd card, then ?

------
brendyn
I saw a demo of the test board on video and the touch interface latency was
very high. is it the hardware or the software? has it improved? It was quite
frustratingly slow by the looks of it.

~~~
thepete2
That was a driver issue IIRC and has since been solved. At least here [1] it
looks okay to me. Not great, but okay.

[1]
[https://www.youtube.com/watch?v=u9X53UGdvX8](https://www.youtube.com/watch?v=u9X53UGdvX8)

------
pgcj_poster
This phone has a higher screen resolution than my laptop. It also has almost
as much memory, but I guess that's a prerequisite for running Gnome. Why
didn't they go for Xmonad?

~~~
ptx
They replaced GNOME's shell/window manager/compositor with their own
(phosh/phoc).

------
bufferoverflow
You lost me at the resolution. 720p is ridiculous in 2019.

Also 32GB of internal storage is extremely restricting (even with the SD card,
apps like to install on the main storage).

~~~
messo
I have put my root folder on a 32GB M.2 in my X220 and that has been more than
enough storage for all of the different distros I have run the last 5 years.

I expect to replace my current laptop with the Librem 5 as my daily driver.
Having a real linux-distro on my phone is a dream come true, especially when I
can dock it with my monitor at home and use it as a regular laptop.

~~~
seba_dos1
Same here. I've been occasionally hitting 32GB with my / when I let my system
grow really messy, but a quick look at big and unused packages was enough to
clean it up. For a GNU/Linux system, 32GB is a lot.

It would still be nice to have more for added comfort, but it's not like it's
a big deal.

------
prolepunk
Hmmm, almost exactly half the specs of OnePlus 3, way more expensive than
OnePlus 3 when it came out 3 years ago.

How this is better than installing lineage Os on oneplus 3? --
[https://download.lineageos.org/oneplus3](https://download.lineageos.org/oneplus3)

I understand anyone who wants privacy need to pay extra, but is it really
justifiable to pay this much for that?

~~~
ThreeFx
As someone "upgrading" from the OnePlus 3:

It isn't about the hardware, and it also isn't about PureOS itself. It's about
people caring enough to build an entirely new mobile operating system which
actually respects your privacy and gives you tools to ensure it.

I'm really amazed at what they got running in the few years this project
existed. Of course the phone won't be some spectacular mobile gaming machine,
but that's not what I paid for. I paid for a privacy-respecting, secure phone.
I paid for getting Linux to run on mobile OSes. That's what is important to me
and many others.

~~~
GenghisSean
Same here. I'll gladly downgrade some specs if it means I can run all free
software on my phone. Trying to get google off of an unlocked android phone is
still an uphill battle. Root access out of the box means I can install the
software I want and remove software I don't (a novel idea).

The Purism team has accomplished an impressive feat with the Librem 5. Porting
GNU/Linux onto a smart phone is a huge win for free software. I hope the
transparency and upstream patches continue long in the future.

------
fataliss
While I like underdogs and developing a 3 player in the smartphone OS market.
That $700 seems like high cost to contribute to R&D.

~~~
chupasaurus
It's a small (2.5k to 3k) batch and unusual tech specs (i.e. last time
completely detached from SoC cellular/wi-fi modems were made in 2012 according
to Purism). If there was a demand for 100k batch, it would be cost closer to
$350 I believe.

~~~
fataliss
That makes sense. I guess there is always a community of Early adopters with
disposable income willing to pay high dollar to play with the phone and
contribute to it's development. Guess my idealistic mind wants to shortcut to
the part where the phone is in an iPhone hardware/UI polish level with a linux
OS solution, at which point I'd be happy to pay top dollar for it!

------
brakmic
Excellent intentions, but technological garbage.

------
collyw
Whats the software selection going to be like for this phone?

I bought an Ubuntu phone, and while the phone was nice enough, the lack of
apps made it a bit crap. No Whatsapp (I was happy enough using telegram, but
my friends were not). The maps application was web based, so didn't launch
unless you had internet connection.

------
andrewflnr
The only real obstacle for me is that a large fraction of what I do with my
phone is listen to Spotify. It's not clear to me whether or how well it will
be supported. (More research: looks like I would have to install Ubuntu Touch
and a third party app?)

That said, I'm tempted to go for it anyway.

~~~
RandomBacon
I don't use that service, but it looks like they have a player for the web
browser, so I don't see why it wouldn't work.

~~~
lvl4x
You probably won't have the option to store your playlists locally though, and
streaming music with mobile net could get expensive. The other big apps
without good mobile web versions are Whatsapp, Signal, and Telegram. Those
could be show-stoppers for some people.

~~~
chupasaurus
Telegram Desktop would run fine on Librem 5 on Plasma Mobile (magic of QT) and
clunky on Gnome (but I might be wrong), as well as APKs on Android emulator
like Anbox.

------
Havoc
Nice effort, but seems limited to the super privacy conscious. I don't see
anyone else making those price/hardware trade-offs.

------
remlov
> OpenGL/ES 3.1, Vulkan, OpenCL 1.2

How would they address these with Etnaviv? Is that a WIP?

------
codedokode
But it is pretty expensive. There are Chinese phones with 4 cores, similar
amount of memory and same screen size that are 4 times cheaper. Would not it
be better to take any of them and replace the firmware instead of making their
own platform?

~~~
nsajko
Hardware kill switches were designed into the phones.

------
foobar_
Has anyone used rasberry pi as a phone ?

------
lousken
why no ac wifi? even my 6year old s4 has one

~~~
ThreeFx
Because this isn't a top-of-the-line phone. It's an experiment by Purism
bringing Linux and the smartphone world closer together.

~~~
lousken
I mean sure? But on the other hand it still costs 650$ so if they'd charge me
double for the privacy, it should be comparable to at least 300$ which is not

------
shmerl
So little RAM?

------
amfsn
$700 for this? It's gonna flop really hard.

~~~
RandomBacon
I doubt it, considering people said the same thing about their laptops, and
yet they appear to be successful enough.

------
azinman2
Why no LTE?

~~~
thepete2
It does have 4G, which I think is the same

------
Animats
_early bird discounted price of $649_

And people used to say iPhones were overpriced.

~~~
rchaud
The response to that has always been, people will pay the Apple premium
because to them it's worth it, for the camera, for iMessage, for ease of use,
etc.

Why can't the same principle apply here, but with respect to user-toggle-able
hardware switches and replaceable batteries?

------
gpjanik
In the "about" (our story) section there's some bs and a picture of a girl
with blurred city background, file titled:

[https://puri.sm/wp-content/uploads/2019/01/beautiful-
beauty-...](https://puri.sm/wp-content/uploads/2019/01/beautiful-beauty-
blurred-background-1239291-1.jpg)

I mean... How can people still do this in 2019

~~~
CogitoCogito
> In the "about" (our story) section there's some bs and a picture of a girl
> with blurred city background, file titled:

> [https://puri.sm/wp-content/uploads/2019/01/beautiful-
> beauty-...](https://puri.sm/wp-content/uploads/2019/01/beautiful-beauty-..).

> I mean... How can people still do this in 2019

What is the main thing you take issue with? The filename? The fact that the
picture is not directly related to the project? The fact that the woman in the
picture is attractive?

------
INTPenis
I just found out they didn't use AOSP. Ok so it's based on Linux but isn't
anyone worried that they're re-inventing some wheels by not using AOSP? Or is
there a licensing issue I'm not aware of?

Edit: Sorry but my cynicism stems from backing a lot of open source attempts,
including N900 with Maemo, ZTE Blade and Jolla. I ended up giving away two of
those and the last is rotting in storage.

~~~
RandomBacon
My understanding is open-sourcs vs closed-source (the binary driver blobs that
other phones require).

~~~
chupasaurus
Exactly this. Also no one could block adding the hardware support into AOSP's
HAL, so that option is possible.

