The following discussion was moved from another thread as it was diverging too much Verified boot on Qubes -- a lofty dream? - #2 by fsflover from the original topic.
That’s super neat. I’m kind of reluctant to get Purism products because it feels like an obvious vector for targeting those who want to ‘go dark’ that badly. Hopefully something like Pureboot becomes a standard.
Oh, I meant that products might be compromised in a way that renders interdiction redundant. Just a hunch though–nothing substantial to base this on.
The same reasoning might apply to Qubes, but I think it’s much harder to compromise an open-source OS than it is to install a microscopic piece of hardware into a system (something the Bloomberg piece on China inserting hardware backdoors into servers showed).
P.S. Here’s a presentation on Chrome OS verified boot (dated 2020, which is much more updated than the 2013 slides linked earlier).
This is a pretty non-constructive view. First, if you want such things to be developed, you should vote with your feet and money.
Second, if you think secure booting would attract serious adversary, I don’t understand why the Google Chrome verified boot would not. Moreover, Google is a part of PRISM, so I actually expect them to collaborate at least in some way. I personally trust Google much less than Purism.
Also, Purism published x-ray pictures for their phone. If you care so much, you may ask them to publish such pictures for the laptop, too.
I don’t believe secure boot itself would attract serious adversary; what I was trying to say is: a company that specializes in selling hardware to defeat snooping would naturally attract the attention of snoops, everywhere, since the hardware will likely be involved in things worth knowing about.
My threat model is different from yours (or from the personas typically present in infosec/privacy discussions) since Google per se is not in my threat model.
A supply-chain attacker that’s inserting such a device would likely choose not to expose themselves to additional risk by inserting it in a sample/early batch, which is what the x-rays are usually of. Even if they did, the thing with hardware implants is that they can be microscopic and easily camoflauged (e.g. hidden between silicon layers), so it might not be visible even on a high-resolution x-ray.
Thank you for detailed replies. In case you are interested how Purism community (including employees) can reply to your concerns, you can check the corresponding thread there:
I disagree. Happy user of their laptop (with Qubes OS of course), following their every move. Time estimates never were their strong point, but all promises are eventually fulfilled. The only modern hardware company fighting for the change in the industry and recommended by the FSF. Also the only one developing verifiable cutting-edge secure booting process, Pureboot with Heads.
I’m glad you are happy with your laptop.
It’s not a question of “time estimates”, it’s the incredibly dishonest
way that the company started and effectively shilled people with false
Essential promises (not yet met, and unlikely to be) were the roadmap
to a completely free BIOS - to persuade Intel to open up their processes
and chip designs: combined with the incredibly misleading “free pyramid”
that they touted, it added up to great marketing. (Like Pureboot -
another great piece of marketing.)
Oh, and I should mention the rather strange handling of Qubes
certification, which added to my distrust.
I find the laptops OK, but overpriced, and to make it clear, its not
the laptops that are recommended by the FSF.
As I said, now they look like a reasonable company, but I cant
forget what went before.
I am also looking forward to verified boot on Qubes OS, though I do not have much to add on that topic other than well wishes.
Regarding Purism and its reliability as a company (relevant to Pureboot), I have some deep concerns about them as well, both those articulated here and also some others. I admit that I was initially very interested in Purism when it first showed up. I found its own “lofty goals” to be very admirable but I was hesitant to believe they would accomplish much.
Since then, I have been following them at a distance and although I have heard and seen some great work by them, I have also heard some rumors about severe, long-standing problems within the company (such as cheap Chinese parts that are being bought by the CEO unilaterally and not being checked by the company for supply-chain attacks). I never had much in the way of credible evidence for these claims, but since then former Purism CTO Zlatan Todoric confirmed many of these rumors and suspicions in an interview, which also corroborated with what supporter/critic (critical supporter?) Jay Little has been saying on reddit and elsewhere.
Needless to say, I am now more reluctant to entrust Purism than I have ever been. I would not even go as far as @unman has in speculating that they may have come out of that and into a new era of being a “reasonable company” (unless we assume, probably rightly, that most companies are like this). I still want to believe in Purism based on its stated mission and some of what it does very right, but even the most generous interpretation of their actions amounts to chronic mismanagement and dysfunction from the top, particularly the founder.
I am not saying to distrust Purism entirely, especially when a go-to alternative like Lenovo probably does not warrant any better treatment, but I would at least advise everyone to be aware of these problems and controversies in its history. While Pureboot may sound great, can we really trust Purism to get it right? Even if it does, and even if it does become finished and successful, to what extent will it even be compatible for Qubes OS?
I will keep Pureboot on my radar, but I won’t place much stock in it until I see it working on a non-Purism system.
I think we should simply agree to disagree.
I can see you’re a regular poster on that forum, so your positions and investments makes it hard for you to simply acknowledge the mere possibility of what I’m describing. Please don’t take this personally–it’s just that inconvenient truths are easily overlooked by those who are significantly invested in something. This applies to many in that forum, which is also why I’m not going to something as pointless as argue against them.
Since the others have brought this up: I like what Purism market themselves to be, and recognize that start-ups usually have teething issues that tend to require some sliminess to fix–but for a company that’s essentially selling trust, these moves tend to be unwise, as the discerning will take note, and you’re not going to find more discerning people than the ones who fear for their safety.
The type of people willing to invest heavily into cybersecurity and privacy also tend to be on the paranoid end of the spectrum, and the company has given their target market ample reason to be skeptical, as John’s post above demonstrates, on top of being a logical target for supply chain attacks.
It seems this is already an off-topic here, but I still believe that a discussion of a privacy- and security-focused company may be interesting for Qubes users in general. Perhaps moderators could extract this discussion of Purism the company to a separate thread in a newly created category.
As a strong supporter of free software I can’t help answering to the mentioned accusations and I hope that all the myths can be debunked while only actual concerns are left for us to think about.
Well, yes and no. Of course it is extremely unlikely that such a tiny company can convince Intel to change their mind, while even Google could not. But does it mean that Purism (and the free software community) must give up and obey everything Intel says? Trying is the only way to (eventually) reach your goal, however hard it is. Purism did not give up and are still keeping this goal in mind. At least they created more awareness by creating another petition to Intel, which is a good thing, isn’t it? By the way, Purism is the first company to sell laptops with “neutralized and disabled” Intel ME showing how important it is for the customers. And a few other companies followed afterwards. So you are right by saying that they did not achieve the goal, but you are wrong saying they achieved nothing. You should take into account how hard this problem is.
What is misleading about their pyramid? AFAIK it’s accurate and they don’t deny the proprietary bits, while most of the software is actually free. The neutralized Intel ME is hardly functional and it’s definitely much more secure than the alternative. (Note that this marketing is directed toward people not familiar with all those details. Most of the time security threats come from the other parts of the pyramid which are free here.)
Not sure what you don’t like about the Pureboot marketing, but it’s the only verifiable secure boot process in the world, where users are owning it and not corporations. Perhaps you don’t like that the name implies perfect purity and you are right; but it’s the nearest thing we have, so it is not totally unreasonable (and they intend to continue freeing it as I mentioned above).
A Purism laptop was officially certified for some time. Then indeed the certification was cancelled. While the official announcement does not explain much, I think the community found out the actual reason. Tl;dr: it’s just too expensive for this tiny company. To be extremely clear, certification is not necessary for flawlessly working Qubes OS; even the laptops of Qubes developers are not certified AFAIK.
You can also look at how much the currently certified laptops cost while having pretty low specs. This is what I would call “overpriced” by the way.
This is true. However, currently FSF-certified laptops are all from 2008 and are vulnerable to Spectre and Meltdown, so Purism laptops are the most secure and free practically usable laptops in the market. By the way, even Stallman was using proprietary BIOS while there was no other choice.
Most of the claims made by Zlatan Todoric are proven to be false by the actual news, including that the phone would never ship or would be full of proprietary blobs, or Purism the company would very soon disappear. The company has been doing fine. Perhaps it is true that working in a startup was hard and low-paid; sad but true. This does not influence the fact that the actual good hardware exists though and does not necessarily mean the company’s atmosphere is still the same. This is a pity people believe such suspicious claims; seems like FUD.
This is my main point. You don’t judge Purism in a vacuum, you judge it in comparison to other companies. Are you aware of any better alternative (modern) hardware company supporting free software and changing the industry?
No, you should not trust, you should verify. And AFAIK Pureboot is the only boot software working on modern hardware which is verifiable.
I already replied to that above: it should already work with Qubes OS, just needs testing.
Now, to be fair, I want to mention one real concern with Purism, and this is the lack of annual Social Purpose reports which any SPC should provide. I don’t think this problem is big enough to stop supporting them; this is not a problem with hardware, but I want to be honest.
To summarize, I want to say that Purism currently produce the best hardware (including laptops) in terms of freedom and security and nothing else comes close. The free software community should support such companies in order to fight for the freedom and there are too few choices too loose this one due to bad marketing decisions or FUD.
I wont let this go, since it doesn’t address the “myths” at all.
Purism was not the first company to sell neutralized and disabled ME.
They built a company on shilling customers and misdirection.
I don’t say they achieved nothing - I explicitly said that they now look
like a reasonable company.
I looked at the posts on certification for Qubes - amazing that a 6 page
piece should be prepared to explain why they decided not to continue
certification. That should be just a 1 paragraph statement.
I said at the time - I don’t know how much Purism actually paid, and
neither do you. Nor how much Qubes made from the deal.
The “actual reason” I saw was not what the purism fans stated.
As I recall Purism got certification for one laptop. Then produced
another laptop with different hardware, but called it by the same
name, and represented it as also certified…
I remember the mailing list being hit by people who had bought a
laptop that was described as Qubes certified, only for Qubes to make it
clear that that laptop was not certified.
There were other users who had bought the Qubes option, but received
laptops with no OS and no install media.
Was all this just a mistake? An unfortunate accident?
It’s not true that Zlatan’s claims “are proven false”. He was talking
some time after leaving the company, and speculating about how what he
had seen would pan out.
His experience of the way the company was run and operated fits in with
what other employees have reported, and chimes with the way that the
company has operated.
As to the success of the phone, when I read of people paying 700USD and
waiting over 3 years to get a brick with no battery life, I don’t see
that as a success.
I haven’t looked at the purism forums before - I was reminded of Apple -
the same sort of apologies, and justifications.
It’s obvious that we aren’t going to agree: you are invested in
Purism, and I have no interest in them. I don’t like their business
practice and it taints their products for me.
I have no problem working with 10 year old hardware - older sometimes,
and other boards more free than Purism will ever be - different strokes.
It doesn’t help that Purism can be compared to Pine64, which has had much more success with far less sliminess and drama (that I know of). But it should be noted that Pine64 isn’t attempting something as ambitious and challenging as Purism.
Hi, I’m not a Qubes user, so sorry to intrude on this forum. However, I noticed this thread (since it is linked to on the Purism forum). Given the amount of controversy that Purism seems to generate, I think it is important to be accurate about what the company has and hasn’t done.
According to Wikipedia, Purism was the first company to sell computers with a neutralized Intel Management Engine. The first code commit for the me_cleaner utility was on 2016-11-16. Purism first posted that it had used me_cleaner to neutralize the ME on 2017-03-09. Purism announced that it would start selling laptops with a neutralized ME on 2017-10-19. Purism’s example pressured System76 to announce on 2017-11-30 that it would also neutralize the ME. Dell started selling some laptops with a neutralized ME in Dec. 2017. Then ThinkPenguin and TUXEDO computers announced that they would neutralize the ME.
As far as I know, Purism is the only company that sells PCs with 90%-92% of the ME’s code replaced with zeros, whereas the other companies just change the HAP bit to disable the ME after booting.
Purism has a history of making announcements which will take years to fulfill, but Purism does work on fulfilling those promises.
In November 2014, when Purism started crowdfunding its first laptop, it claimed that the laptop would have a free BIOS. Purism did eventually port Coreboot to that laptop in summer 2017 and started selling new laptops with Coreboot preinstalled in late August 2017. Its example pushed System76 to work on Coreboot ports for their laptops, which they started shipping in January 2020. Now Slimbook and TUXEDO Computers have announced that they too are working on Coreboot ports. Without Purism pushing the Linux PC industry, the only option to get new hardware with Coreboot would be Google Chromebooks.
In addition, Purism has removed the proprietary VGA BIOS, so the only blobs that remain are the microcode, Firmware Support Package and 10%-12% of the ME. Purism has gotten very close to fulfilling its original promise.
More importantly, Purism has spent the last 3.5 years working on making i.MX 8M a viable platform for Respects Your Freedom devices.
On the question of Qubes, Purism’s Chief Technical Office runs Qubes on his Librem laptops and Purism’s Coreboot developer Matt DeVillier says that he makes sure that Qubes is compatible with every Librem PC. As far as I know, none of the other companies that sell new Linux laptops have the same level of commitment to Qubes, so basically you are telling people to not buy from the one company that attempts to support Qubes on new laptops and mini-PCs.
Zlatan was not truthful in this part of the interview:
the [Librem 5] campaign was going bad (as most of us predict) but then [Klumpp] and I talked about getting KDE community involved as they had Plasma Mobile which was pragmatic way to look at as phone OS base and Todd agreed that we contact them and make deal with them. There needs to be noted that Todd was for Plasma Mobile at that time, but then maybe and then seemingly not in the end. Anyway, this was a good decision and we gained traction, and on wings of that Todd went getting more PR momentum with GNOME, later also Matrix and Monero. THE MOAR THE BETTER! [emphasis mine]
Zlatan had a disagreement with Todd Weaver about whether the Librem 5 should use KDE Plasma Mobile or create a new interface based on GTK/GNOME. By the time that Purism started its crowdfunding campaign for the Librem 5 on 2017-08-24, the company had decided to make a new mobile interface based on GTK/GNOME, as is seen in its original crowdfunding web page. However, as a compromise, Purism decided that it would also support Plasma Mobile, because it received a lot of feedback from KDE users who wanted to use Plasma Mobile on the Librem 5, however Purism always made it clear from the first day of the crowdfunding that it was developing a new interface based on GTK/GNOME, which would be the default interface. On 2017-09-14, Purism and KDE announced an agreement to work on porting Plasma Mobile to the Librem 5.
The question is why did Zlatan say that Todd was for Plasma Mobile when the crowdfunding started, when Todd was clearly for a GTK/GNOME interface at the time? Maybe Zlatan misremembered or maybe he was lying, but he isn’t a very reliable witness and he wasn’t on the team working on the Librem 5.
The second questionable claim that Zlatan made in that interview was this part:
That said, the Librems are heavily overpriced but that is because Purism seemingly never tried to get better deal and the South San Francisco partner abused this so that is why Purism Librems are double the price they should be. [emphasis mine]
Claiming that Librem’s cost double because a middleman is ridiculous. Most of Purism’s higher prices is due to the higher cost of doing small-scale custom hardware manufacturing and paying for software developers.
PS: I had lots of links in my post but your forum software prohibits me from posting more than two links since I am a new user. This configuration option ought to be changed.
First, thank you @unman and others for the interesting discussion.
I didn’t invest in Purism much and I really want to know all its sides, not just good ones (which is why I posted about the lack of SPC reports above). (By the way, it’s easy to dismiss the arguments of the opponent in this way, but it’s a fallacy.) However I did invest in free software, including Qubes OS. My investment in Purism I consider as a part of my investments in free software. And I think it’s pretty important to support it, which is what Purism arguably does. Don’t you also value free software?
I guess @unman means laptops from 2008 based on Libreboot, where old versions of Intel ME were fully removed. Although unman is right, it is not relevant anymore since those laptops are extremely insecure (Spectre & Meltdown) and I expect no one on these forums would use them anymore.
This sounds like a real issue, but I never saw that despite following Purism closely since a long time. Any actual links?
I’m not sure why Purism would intentionally skip installing Qubes to its customers, while security is their main selling point. Especially given that Qubes install is a relatively simple task. By the way, I ordered my laptop with a Qubes usb stick, but I did not receive the stick. They sent it separately after I complained about it. Should I have lost all my trust in the company in your opinion?
This is true, but such waiting time was reasonable given the goal. Their time estimation was pretty much wrong though.
This is one of the Zlatan’s lies. Actual data is that the phone battery lives for 14+ hours even though suspend is not implemented yet.
I in principle agree, but you should consider the reasons. I have no idea why people become Apple fanatics, but Purism is the only company producing devices with kill switches, the only company strongly pushing towards freedom and having it as a selling point, the only company seeking FSF certification for the phone, one of very few companies testing Qubes on their laptops. I think that everyone in the free software community should become their fan and ignore their drawbacks as long as they do not lie or mislead the customers. If this company fails, we will not get a free phone in the near future. Pinephone never even mentions freedom, calls itself “open-source company”, and supports hardware producers breaking GPL license AFAIK.
Again, for some reason you ignored the problem with Spectre and Meltdown. Did you find a way to fix them for those laptops, or do you ignore the threat of every program reading your RAM? I have such laptops as well, but I have no idea what I should do with them now. They also don’t support Qubes 4.0+.
Pine64 develops no free software, while a large part of Librem 5 phone price is the software development. Purism developed phone shell Phosh, which is used by >50% of Pinephone users. So Pinephone is in fact using Purism developers (which is not bad, but when you are comparing, you should be fair). For more detailed comparison I suggest to check out this link. Especially look at “reasons to buy”. Tl;dr: this is not as ambitions and challenging at all, although definitely very useful and should be supported.
Leaving this discussion open as some sections are relevant for Qubes. But it’s at the edge of what’s off-topic and what’s not.
I disagree. Hardware running Qubes is essential for Qubes users. Trusting hardware comanies is essential for trusting your hardware. Otherwise why bother with security-oriented system?
As I mentioned earlier, this topic is an example of the new category which should definitely be useful for Qubes users. All around Qubes I would call it.
fslover - I didn’t invest in Purism much and I really want to know all its sides, not just good ones (which is why I posted about the lack of SPC reports above). (By the way, it’s easy to dismiss the arguments of the opponent in this way, but it’s a fallacy.) However I did invest in free software, including Qubes OS. My investment in Purism I consider as a part of my investments in free software. And I think it’s pretty important to support it, which is what Purism arguably does. Don’t you also value free software?
To be clear: I didn’t say you had invested in Purism - I said you were
invested in it.
This isn’t Bulverism - I was trying to withdraw from the
I value free software, in particular the ethical stance behind it. I do
not think that Purism or individuals like Leah live up to that stance.
I value security more - so where I see the FSF promoting software and
approaches that limit users knowledge and damage their security, I
As to the Purism/Qubes debacle, you can find mention of it in the
mailing list archives - around mid 2017. i think. Purism renamed the
(certified) 13 to 13v1, introduced a new 13v2 with different hardware,
and kept it linked from the Qubes certified page.
So for 6 months Purism were taking orders for a laptop that was
represented as certified by Qubes, but was not. Some buyers were
I don’t find it fruitful to comment further.
well i mean i can understand you’re point but since we’re talking about the sorts of company that advertises to the slightly more computer savvy
because basically everything’s open sourced/… verifiable the hardware is fairly hard to compromise u know -i guess goverments could but u get the point
u can also pay with crypto ship to a drop location immediately disable the hardware switch for the camera
and connct to a secure wifi network where everything’s router by tor… (just like whonix but in case you’re fearing dom0’s been compromised…) also make sure to deal with such pesky things as allways only having you’r laptop in range of you’r own wifi and so on
i mean think of the “outrage”/fears/lawsuits/… if it’ll turn out the company installed back doors
and the us gov’ can’t really without a warrent (not that it stopped them before… but again like tapping phones… it won’t fly)
(not that i’m saying you should try anything illegal but i mean…) if u need a secure system
also there’s always disk encryption
an attacker can try a cold boot attack or a evil maid attack or… but there are safegaurds in place an if you’re really paranoid then you can allways i guess when booting flash coreboot and everything again and obviously move you’re encrypted drive to a different location/…
also if you are “going dark” which i guess means illegal not off the grid then there are diffrent solutions such as simply using separate encypted storage…
booting life from tails… and so on
i won’t be giving you a guide but there are more effective ways to do such things becuse qubes is designed to be a secure system tails is designed to leave no trace -such as even on the ram for example
also you can alwys prefer trusting companies such as lenovo which literally target bushiness high end etc and is a chinease company…
they’re laptops come with spyware masked as a antivirus… just google it
now they are good laptops indeed but i mean… if it’s good enough for so many companies and…
(just to give an example…) not that it is easy to avoide chinease hardware but having a small stake in a compny being owned by china is very diffrent then fully chinese…)
anyway so far i’m happy with my new librem laptop
and trust if i were to want to do somthing illegal… well i guess it depends on the severity and cost
but i’d just use a cheap burner laptop or better yet a pc or a rasbery pie or…
if i were to try and hack the pentagon… -just to give an example
then i would definatly not be using a lirem laptop but a second hand laptop i guess buying anonymously with cash making sure to keep an eye on the person who sold it to me… -via facebook for example…
so that even if somhow it’s traced back (not to me becuse id take safegaurds using in a park public wifi etc destory later… u get the point i won’t dig deep to give anyone any ideas)
but lets say somhow… then the gov’d end up on a wild gooschase
(yeah don’t break the law)
but it’s nice to think about…