Purism is a new OEM trying to build hardware for consumers that care about personal privacy and security, and are concerned about any closed-source code that controls their systems, including OS-level and firmware-level “blobs”. They’ve chosen an Intel-based platform for their laptop, so they’re busy fighting to disable all of the silicon-level security protections that Intel has been adding to their products. This is more ambitious than other Intel-based “Linux OEMs”, which use stock BIOS, 100% firmware blobs. If Purism is able to accomplish what they want, I then wonder how insecure their new systems will be, from the pragmatic POV of an attacker (who cares less about if a system was built with closed-source blobs or not).
Read the update here:
http://blogs.coreboot.org/blog/2015/08/24/2015-08-21-librem-13-weekly-progress-update/
Excerpting from the summary of their blog post:
BIOS development is hard. One of the major challenges facing BIOS developers is a lack of accurate, comprehensive documentation for all the hardware coreboot interacts with. The “elephant in the room,” for an Intel-based laptop, is the Management Engine.
I’m wiling to bet a buck that Purism’s their 3rd model will not be based on Intel, but ARM or AMD systems. where they can more easily have zero firmware blobs, and have to fight fewer pink elephants, and can use U-Boot or Libreboot. Recent libreboot efforts with some Chromebook models is also very encouraging. I would almost rather focus on COTS Intel/ARM dev boards for the next few years, until RISC-V boards (like Raven3) are available for Purism to use. A thick laptop with room to fit a Beagle or Panda or Minnow or RPI — or two — would be nice to see.
It is nice to see Purism, like Bunnie’s Novena, trying to build a system that people want, not just a system that the industry trade groups want for enterprises. I hope they’re able to manage to deal with the various silicon and firmware issues that they face.
Firmware Security 