Ok, maybe I've been doing too much hardware development and more tinkering than the average guy, but this part here, to me, sounds way overblown:
> As you can see, it is not a trivial matter to
> manufacture these HKSes. A lot of research and
> hard work went into the effort.
I mean, compared to all the other things one has to get right to design a laptop computer, switching these few signals is indeed very, very trivial.
And while the webcam/microphone switches will prevent the particular devices from working, I'm not so sure about the WiFi card and Bluetooth. The microphone surely is dead by cutting the single signal line and the webcam by cutting its power.
But there's no guarantee that the W_DISABLE# pins are honored with every firmware of every possible wifi module that could be inserted into that slot. What if W_DISABLE#, on the card, is only a gpio that is checked by the WiFi chip's firmware? It would have been safer to also cut the power there, too. Or at least to verify that W_DISABLE# cuts off power to the RF PAs (transmitter power amplifier) of WiFi and Bluetooth in a way that can't be circumvented.
This article does leave me slightly confused. Both these additions seem to be completely done after the fact. Why would you solder wires to 1 side of the pads for the pulldown resistors (suggesting that when the motherboard was designed it was intended to always have enabled WiFi) rather than designing a proper switch (not very many components!) into the board to start with? It all sort of suggests that they didn't actually design their motherboard at all, or that these switches were an afterthought. Neither of those is particularly good given their claims.
It probably costs a lot more than $250,000 to develop a laptop from scratch, so I wouldn't blame them for taking a higher level systems approach and buying in a pre-existing motherboard design. However, doing that inevitably gives up control of the design (which puts into doubt their claims of being completely open). If that's the approach they've taken, they're not particularly open about it.
> It probably costs a lot more than $250,000 to develop a laptop from scratch (...)
Novena[1] had a total budget of ~750k$. It was done from scratch, with some nonstandard (and somewhat expensive) components (e.g. an fpga; it had a software defined radio included too, though it was a mostly-off-the-shelf-one).
Novena's a pretty amazing project, but it's not nearly as polished as this purism laptop appears to be. It's (intentionally) a hacker friendly box with lots of space and less integration than a normal laptop. It even uses a RC hobbyist style battery. Novena is a labour of love driven by a particularly skilled person.
To design and mass produce a laptop as slim and well integrated as the Purism laptop is significantly more work. To do so having never produced a laptop before would cost even more so. $250,000 really is a small amount of money when you're trying to mass produce cutting edge consumer electronics.
Of course they may (almost certainly do) have other sources of investment.
Agreed, they're way overstating the difficulty here. I think they just wanted to advertise that they do this, which is fair, and it's a feature I wish more laptops had.
The transparency is good for a feature that affects security, enabling early discussions like this one, rather than waiting for post-shipment teardowns and reverse engineering. Like the Lenovo Retro surveys, this form of content marketing has the potential to improve product engineering/design.
Much has been written about the fact that Apple controls both hardware and software design. What kind of integrations become possible by combining open-design hardware with OSS software like Linux and Qubes?
It's even a bit worse when looking at it from a fail-safe point of view. To turn the bluetooth and wifi off, 3.3 Volt has to be put on the pins. Giving no power on the pins turns both devices on.
No, that's probably just by convention. If it's strictly an input then both directions are just the same in terms of safety. It's just sometimes more convenient to only pull things down or up and have a resistor provide the opposite pullup/pulldown current.
Maybe it was chosen because the "high" voltage isn't specified and the standard might say: "Pull down to GND to activate, leave open to keep card off." Then you don't have to think about the internal logic voltage of the circuit, you might fry the card if you pull up to 3v3 if the logic input is only 1.8V tolerant.
This would work better if the switch worked as you described - close a circuit to GND to turn the card on, leave the circuit open to turn the card off.
If the wires to the switch fail then the card fails on.
Not necessarily. An open wire doesn't mean 0 volts -- it is whatever the input of the gate floats to. There is no standard -- it depends if the manufacturer put a weak pull-up or pull-down into the chip, or if they have an active termination that will pull to either end. Or if the gate isn't designed any particular way, it could be subject to how well doped the transistors of that particular chip turned out. Being open also means it is subject to noise from adjacent signals, so it could be random that way, too.
These are signal pins, not power pins. The device is still receiving power when the switch is "off", all the switch does is provide a signal to the pins that tell it to disable itself.
To me it sounds like a practical decision. Go buy a USB wifi adaptor and plug and unplug it 100 times. Then tell me if the adaptor works correctly after that; the kernel driver is probably in some undefined state now.
The reality is that the chip/firmware/driver combination is tested by turning the power on once and then making it pass a few benchmarks that reviewers like. Doing something new and exciting may or may not work.
Certainly, some drivers are way better than others (ath9k is pretty good), but I imagine they tested the power up/power down method, noted that the kernel panics 1 time in 10, and decided nobody would buy their product if they implemented it that way.
With Bluetooth, it's precisely what all notebooks I can remember do. With WiFi, especially connected via PCIe, I wouldn't rule out problems. But please keep in mind that at least in the early days WiFi cards most often came as PCMCIA/PCcard/CardBus, so I'd guess the infrastructure started out PnP compatible from the start...
Especially since all of these peripherals are COMPLETELY modular for desktop form factors, since you could theoretically buy motherboards without these optional hardware features, and purchase them as completely separate devices, implying that they are assuredly unpluggable, and therefore, without question "switch-off-able" in very real terms.
So, yeah, why all the solder and "chip" modifications?
There are some reasons why you might not want to do that, or why that might be inconvenient. You could end up with weird voltages floating around and interfering with other parts of the circuit, or you could end up with an unexpected ground connection going through a chip somewhere. Basically, circuits (and ICs) are often designed with the assumption that ground is always ground. Sometimes you can power a chip just by supplying a voltage to the signal pins. This usually ends badly.
Grounds are often redundant and built into the chassis (of both the component and the laptop), routing back to the power supply. This is to create a sort of "faraday cage" that protects it against harmful electromagnetic interference and discharge (e.g. static electricity). It would be almost impossible to separate it from ground completely.
And while the webcam/microphone switches will prevent the particular devices from working, I'm not so sure about the WiFi card and Bluetooth. The microphone surely is dead by cutting the single signal line and the webcam by cutting its power.
But there's no guarantee that the W_DISABLE# pins are honored with every firmware of every possible wifi module that could be inserted into that slot. What if W_DISABLE#, on the card, is only a gpio that is checked by the WiFi chip's firmware? It would have been safer to also cut the power there, too. Or at least to verify that W_DISABLE# cuts off power to the RF PAs (transmitter power amplifier) of WiFi and Bluetooth in a way that can't be circumvented.