Road to FSF endorsement… and Beyond
Please note that FSF “RYF” certification is for hardware, and is different than FSF certification/endorsement for the operating system (PureOS), which we have already obtained.
The “RYF” certification is the most strict endorsement you can get in the industry. Since the question “Why doesn’t Purism already have the FSF’s RYF certification?” comes up regularly, we are providing below a visual roadmap and status updates on our progress, on the hardware front as well as software.
Please note: the graphic above is outdated (compared to the text on this page). We’re planning to redesign it.
Footnotes regarding items in red:
- We have completed the multi-year process to get FSF Distribution Endorsement for PureOS. You can see the official announcement from the FSF here. FSF “RYF” hardware endorsement is a different matter and will come later as we make progress on the hardware roadmap.
- Purism is replacing the proprietary BIOS by coreboot in its Librem laptops, and will continue to do so and dig deeper to free/reverse-engineer firmware blobs and other parts of hardware over the long term (see status updates below).
- Purism has tested and demonstrated the neutralizing of the Management Engine itself, will be enforcing this into its coreboot-enabled laptops, and is continuing towards neutralizing or freeing the remaining parts.
- Purism is considering shipping only NVRAM drives.
Modern hardware, meant to run Free Software
Purism offers the first high-end security and privacy-respecting laptops (with a heavy emphasis and best effort towards maximum software freedom) by manufacturing the motherboard and casing, and sourcing daughter cards, where all chips are selected and designed to run free software at the operating system level. Purism laptops are completely free from the bootloader through the kernel (with no mystery code, binary blobs, or firmware blobs), including the operating system and all software.
Additionally, Purism laptops are “99%” free at the BIOS level (see the history of our coreboot involvement), where we disable and remove/neutralize the Intel ME binary but we have yet to free the Intel FSP binary. We are working diligently to free the (minuscule) remaining bits at the BIOS level in order to move us toward FSF “RYF” endorsement, but our goal is to go further than that: Purism also intends to free the firmware within HDDs and SSDs.
Refer to the following posts to see our efforts, discoveries and progress toward freeing the components needed to free the BIOS completely. From newest to oldest (list last updated: 2018-04-04):
- Intel FSP reverse engineering: finding the real entry point
- February 2018 coreboot update now available
- The Free Software Foundation endorses Purism’s PureOS
- TPM now available as an add-on for Librem laptops
- Reverse engineering the Intel FSP: a primer guide
- Deep Dive into Intel ME Disablement (and related announcement: Purism completely disable the Intel ME on Librem laptops)
- Coreboot on the Librem 13 v2, part 2
- Coreboot on the Librem 13 v2, part 1
- Reverse-engineering the Intel Management Engine’s ROMP module
- Preventing AMI’s BIOS from interfering with coreboot flashing
- Trammell Hudson and Purism join forces to set a new standard for security-focused laptops
- Neutralizing the Intel Management Engine on Librem Laptops
- The Librem 13 v1 coreboot port is now complete
- Librem 13 coreboot report – February 3rd, 2017: It’s Alive!
- Librem 13 coreboot report – January 12, 2017
- Diving back into coreboot development
- Intel ME-less petition goal met early
- BIOS progress update: 2015-08-21
- BIOS progress update: 2015-08-14
- Roadmap to a Completely Free BIOS
- About Purism and Librems and Cake
- Freeing the BIOS: Memory Init
- Pioneering CPU Efforts to Liberate Laptop Hardware
- BIOS Freedom Status as of November 2014
If you are a talented hacker, driver developer or reverse engineer, and are interested in helping us free the remaining low-level hardware components, please send us an email about that.
Updated: April 4th, 2018