In pursuit of Purism


For GNU/Linux users wanting a laptop, it’s almost always easier to find the hardware you want and then install the distro of your choice – perhaps with some muttering about the ‘Windows tax’, or even making a stand and getting the Microsoft licence portion of the price refunded.

However, as Purism puts it: “The model of ‘buy hardware, install free software’ is ageing, due primarily to the fact that there is a growing cryptographic bond between proprietary non-free signed binaries and the hardware that they run on.”

There are one or two laptops available from manufacturers with Ubuntu pre-installed, although Dell doesn’t always make it easy to find them, and a few resellers who’ll do the install for you, such as System76 – but the sad truth is that most laptop manufacturers do not care about software freedom, at least not enough to take a risk in standing out from the herd.

If they don’t care, that’s probably because the public don’t exercise themselves much over the issue – although awareness of free and open source software is slowly growing, and the Raspberry Pi has put GNU/Linux into the hands of a new generation.

But privacy and security is an area where public perception has radically changed in the last few years, against a backdrop of ransomware, leaks about surveillance and concerns over the pervasiveness of corporate data gathering. More recently, the extent of malicious code in numerous apps has been exposed. ZDNet reported that “over 500 Android apps with a combined 100 million downloads [were] found to secretly contain spyware,” and Ars Technica observed that researchers had discovered more than 4,000 apps that secretly record audio and steal logs – including a few that made it into Google’s official Play Store.

Anyone offering a quality product with a credible approach to privacy and data security will – if they combine it with real usability – find a ready and growing market. Enter Purism, maker of the Librem laptops: computers that tackle privacy concerns head on with hardware kill switches (HKS) on the camera and microphone, eschewing kernel blobs and binary firmware to offer an entirely free software stack.

Librem laptops run PureOS, a GNOME 3 desktop on a Debian-based distro, with security enhancements and a Firefox-based Pure Browser with all of the privacy and security plug-ins installed and enabled by default. GNOME 3’s move towards effective containerisation with Flatpak also adds to security, isolating any buggy app from being exploited to escalate privileges and to compromise the system.

PureOS is not just a nice-to-use version of Debian and GNOME; it is endorsed by the Free Software Foundation (FSF). Further down the stack, the Linux kernel is free of proprietary binary drivers – using GNU’s Linux-libre project – and the bootloader is free. Then, in the hardware itself, the CPU and motherboard has the Field Programmable Fuses (FPFs) set to allow unsigned binaries, and running coreboot.

The Librem 15 is billed as the first 15.6-inch laptop designed to protect your digital life

Full stack freedom

Purism has put a lot of developer time into being able to replace proprietary BIOS with coreboot, as featured in the Librem 13 v2 and Librem 15 v3 laptops. They are close to having it ready for download to those who have older Purism hardware – it’s undergoing QA testing at the time of writing.

  • Check out our review of the Purism Librem 15 laptop

Given successful proof that you can use a USB flash drive’s firmware to take control of a laptop – by Berlin-based hacking research collective and consulting think tank Security Research Labs – Purism has been looking at freeing SSD firmware, as well as moving towards the superior NVMe specification.

Perhaps the firm’s most important work – given that Open ISC is not yet ready for this sort of laptop – is in neutralising Intel’s Management Engine (ME). In the words of Purism’s Intel ME-less petition: “ME is a threat to users’ digital rights. It is an unreadable binary file that is cryptographically signed by Intel, requiring users to compromise their security, privacy and freedom because users must execute unknown and unverifiable code on the CPU.”

So far Purism has removed the kernel, network stack and about 92% of the Intel ME binary – and is committed to neutralising or replacing all of it. Security is a game of depth, and there’s a large section of the Vault 7 leaks regarding attacks against EFI/ UEFI (modern BIOS replacement) firmware.

The launch of Purism’s crowdfunding campaign for the Librem 5 dubbed the “world’s first encrypted, open smartphone ecosystem giving users complete device control” – is a big step for the small hardware startup and social enterprise (Purism is incorporated as a Social Purpose Corporation).

View more  Netgear Launches Nighthawk X4S AC3200 DOCSIS 3.1 Cable Modem Router

The Librem laptops, and their single-minded journey to free up the entire stack, show that Purism has the potential to succeed where other phone offerings have failed to materialise.

Intrigued by the laptops, and what lies behind them, we spoke to Purism founder and CEO Todd Weaver at this year’s GUADEC (GNOME Conference), and started by asking him: Why does it matter?

“Digital rights should mirror physical rights,” Weaver told us. “The trend is to more data gathering and more corporate surveillance, especially on mobile devices. It’s trending in the wrong direction. We needed a product which protects the digital rights of the consumer – and hardware crafted to work with the software.”

He emphasised the depth of credibility from giving the user control and leveraging the Free Software Foundation principles into hardware, but believes in taking it one stage further, with ease of use. “Convenience, control,” says Weaver, are “two words that matter.”

So why use GNOME 3? Weaver sees it generally as a great free software product that bundles together great apps and looks great – but particularly singled out its “great security story with app isolation giving privacy for individuals, security by default, and respecting digital rights (as it’s free software).”

Purism’s GNOME 3 PureOS will also make it onto the phone with the Librem 5, so while many end users will buy it for “end-to-end encrypted decentralised communication”, or even to escape the existing duopoly’s walled gardens, many users will be anticipating a convergence device to be docked at home with a large screen and keyboard – and just such a package is one of the most popular options on the crowdfunding page.

Parent’s choice

With increasing sales of two laptops marketed on a premise designed to appeal beyond traditional GNU/Linux users, we asked Weaver who he thought his customers were.

“Free software supporters and GNU/Linux users, of course – a no-brainer,” he responded, but, “beyond these primary users – security-concerned CTOs, CIOs and business executives. And parents, buying for children to use a device whose privacy and security they’re comfortable with.”

From user feedback, it seems the recent highly publicised ransomware attacks and Vault 7 leaks have raised customer concerns – Weaver gave us one direct customer quote: “I provided one to my daughter and now I have peace of mind that they are protected, especially with the threats coming out.”

In addition to business users for security, and CTOs and CIOs, giving them to their developers, Weaver says there's interest from “high net worth individuals,” who want some protection. However, software developers are “the largest group so far,” and we found the Librem holds up well against the Free Software developers’ favourite – the ThinkPad, even though the form factor means no mechanical keyboard. Weaver claims the Librem has his “favourite keyboard” with “near ThinkPad quality.”

The Librem laptop’s keyboard is pleasantly tactile and good for touch-typing

Weaver cites hardware quality as a selling point for developers: “Hinges that last, a barrel connector for PSU not mounted on motherboard, 16GB of RAM by default”. Returning to the non-traditional Linux buyers, we asked him how do these parents hear about Purism?

Weaver mentioned reviews in TechCrunch and other more consumer-oriented gadget websites, but also simple word-of-mouth. CTOs and CIOs tend to be asked at social occasions ‘what laptop should I get for me or my child?' And this is how the company has reached “the next ring of audience,” as they can be recommended for 'security bundled with convenience.'

This is seen most obviously in the Pure Browser – Firefox with Mozilla’s security enhancements, and plug-ins like Privacy Badger and uBlock origin to prevent tracking. Although GNOME’s own browser – GNOME Web (previously known as Epiphany) – is “making great progress.”

Trojan freedom

We asked Weaver whether this security focus was a way to carry software freedom into people’s devices? “It’s not by accident,” Weaver admitted. “Security is very much what the market wants, and to solve that with any credibility you need free software.” For example, “launching a ‘privacy phone’ based upon Android, [with its proprietary components] has no depth of credibility. We’ve gone as deep in the stack as possible – we go deeper down than anyone else. The only way [to go] with any credibility is free software.”

We asked about the pain points of trying to free up the entire stack; what the next challenge is and what’s hardest to fix? “We do: apps, operating system, the kernel and the bootloader,” says Weaver. The next layer is coreboot replacing the BIOS, then “we have neutralised Intel Management Engine, one of the worst [challenges]. It has a number of partitions; we have removed the network partition, amongst others – taking chunks out, making some sig checking work.”

View more  Amid distraction fears, Android Auto gets “Ok Google” voice trigger

With the next layer it’s firmware and wireless cards: “We’re pushing NVMe drives, not SSD – they’re already available as an option. In the future as default.” Discussing what counted as software, Weaver mentioned the FSF definition: “If software is updatable, source must be available.” With that part of the stack, Librem is the freest Intel-based laptop available.

Of course, there are OpenRISC projects, such as the rather wonderful Olimex Teres-1 DIY laptop that some readers may have seen at FOSDEM. “We’re following OpenRISC efforts and RISC V,” Weaver told us, but he feels that the level of performance is not yet ready.

The hardware kill switches on present and planned Librem devices are a simple yet thoroughly convincing demonstration of Purism's commitment to privacy; “a differentiator for us – it will be on the phone, too.” We discussed phone cameras and Weaver mentioned prototyping a cover over the lens combined with an HKS, which gave the additional feature of switching on the camera – allowing for the possibility of jumping straight to the camera app in the manner of the old Sony K750i of pre-smartphone days, when OS sluggishness would not cause you to miss a photo opportunity.

The Librem 5 phone will offer greater privacy and security

IP-native phone

The phone, running PureOS – Debian/GNOME, was revealed as not just a logical next step, but always the aim for a project designed to bring digital rights (and software freedom) to a mass audience. The laptops – as well as being successful pieces of kit in their own right – have given Purism, says Weaver, “three years of hardware supply chain,” and made PureOS ready for this next stage.

Initially, the phone will be all about “communication and encrypted communication,” with “phone, messages, video call, browser,” and all else later – although PureOS will allow users to add what they want to the “complete free software stack,” and with USB Type-C says Weaver “a convergence device.”

Another part of the GNOME 3 family playing a key role in the phone’s secure communication abilities is, which is slowly bringing together the many siloed means of communication we have. This and the phone’s IP-native nature mark out a far better path for the development of consumer communication devices.

Weaver reiterated that “digital rights are trending down the wrong path with iOS and Android; we’re respecting rights.” Asked about the Ubuntu Edge’s failed $32 million (£24 million) campaign target, he said it was “30 more than needed,” and now the Librem 5 campaign has launched the target to build the phone is a relatively modest $1.5 million (£1.1 million). We note that Ubuntu Edge managed $12 million (£9 million) worth of pre-orders.

Weaver says that the Edge was “not focused on security and privacy” and sees software freedom as the “third leg of that stool, a broader market.” We talked about the milestones on Purism’s journey so far. Weaver checked off the list. The company has proven people are interested by crowdfunding the Librem laptops, then there's the established hardware chain and building to order for the last two years. This year, orders are shipped directly from inventory as they continue to grow.

“Hardware is quite hard to do, especially as a startup,” says Weaver. The challenge is in cash locked in stock, and Purism is funded solely by revenue and small investors. “We’re a Social Purpose Corporation in articles of incorporation,” something available in Washington state only in the last four years, but very similar to the decade-old Community Interest Company structure in the UK.

Purism’s ‘Freedom Roadmap’ shows it to be a couple of steps away from being the first manufacturer of brand new laptops to ever receive the Free Software Foundation’s Respects Your Freedoms (RYF) certification. And with ambitions to go beyond that and free all drive firmware, even schematics, truly free hardware now looks a realistic prospect.

This feature was first published in issue 183 of Linux User & Developer

  • Subscribe today! Try 5 issues of Linux User & Developer for £5 by heading here