Category: Hardware

Introducing the Librem Key

A few months ago we announced that we were partnering with Nitrokey to produce a new security token: the Librem Key and I’m pleased to announce that today the Librem Key is available for purchase on our site for $59.

What is a USB Security Token?

In case you haven’t heard of USB security tokens before, they are devices typically about the size of a USB thumb drive that can act as “something you have” for multi-factor authentication. With so many attacks on password logins, most security experts these days recommend adding a second form of authentication (often referred to as “2FA” or “multi-factor authentication”) in addition to your password so that if your password gets compromised the attacker still has to compromise your second factor. USB security tokens work well as this second factor because they are “something you have” instead of “something you know” like a password is, and because they are portable enough you can just keep them in your pocket, purse, or keychain and use them only when you need to login to a secure site.

In addition to multi-factor authentication, security tokens can also often store your private GPG keys in a tamper-proof way so you can protect them from attackers who may compromise your laptop. With your private keys on the security token, you can just insert the key when you need to encrypt, decrypt, sign, or authenticate and then type in your PIN to unlock the key. Since your private keys stay on the security token, even if an attacker compromises your computer, they can’t copy your keys (and even if you leave the key plugged in, they need to know your PIN to use it).

Why Make a Librem Key?

There are many other vendors out there who offer their own security tokens, so why make our own? The first reason is that few security tokens out on the market align with our values here at Purism, in particular with respect to freedom. I’ve explained in a previous post why freedom is essential to security and privacy and this is especially true for a device that is holding some of your most sensitive secrets. We wanted a security token that used open hardware, free software firmware, and free software user applications and that is why we partnered with Nitrokey to produce a security token that respected your freedom from the beginning.

We also wanted to make the Librem Key because of all of the integration possibilities with our existing products that would make customers more secure in a way that’s also more convenient. When you can bundle a security token with your own laptop and operating system, there are so many interesting possibilities, especially when the firmware and user applications are free software so we can easily modify them to add even more features.

In addition to the standard features of a security token (GPG key storage and multi-factor authentication) that the Librem Key can perform on any computer, here are some of the interesting integration options with our Librem laptops we are already looking into with the Librem Key that will make security much more convenient for users who are facing average threats:

  • Insert the Librem Key at boot and automatically decrypt your hard drive
  • Automatically lock your laptop whenever you remove the Librem Key
  • Use your Librem Key to log in

Provable Security, Made Easy

One of the most exciting opportunities the Librem Key opens up to us is in integrating with our tamper-evident Heads BIOS to provide cutting-edge tamper-evident security but in a convenient package that doesn’t exist anywhere else.

Currently with Heads, when you want to prove that the BIOS hasn’t been tampered with, you need to set up a TOTP application on your phone and scan a QR code from within Heads. Then at each boot you compare the 6-digit code Heads displays on the screen with the code in your phone. If the codes match, the BIOS is safe. This method works but is a bit cumbersome and with the Librem Key we can do better.

We have worked with Nitrokey to add a custom feature to our Librem Key firmware specifically for Heads. This custom firmware along with a userspace application allows us to store the shared secret from the TPM on the Librem Key instead of on a phone app. Then when Heads boots, if the BIOS hasn’t been tampered with the TPM will unlock its copy of the shared secret, and Heads will send the 6-digit code over to the Librem Key. If the code matches what the Librem Key itself generated, it flashes a green light. If the codes don’t match, it flashes a red light.

So if you are concerned about someone tampering with your computer when you aren’t around, just boot with the Librem Key inserted. If it blinks green you are safe, if it blinks red you’ve been tampered with. There is no other product on the market today that offers this kind of simple but strong tamper-evident protection, much less one that respects your freedom where the keys are fully in your control.

Even Stronger Anti-Interdiction Protection

The Librem Key opens up possibilities for even stronger anti-interdiction protection for customers who need it. We will be able to link a Librem Key with a laptop running Heads at our facility and then ship them separately. Then when each package arrives you can immediately test for tampering with an easy “green is good, red is bad” test.

Convenient Security for the Enterprise

Many companies have already incorporated 3rd party security tokens into their engineering teams as a way for software engineers to sign their code pushes securely or as convenient multi-factor token. The Librem Key offers enterprises a way to combine all of the other features they are used to with other security tokens along with our cutting-edge tamper-evident boot process on our Librem laptops in an easy and convenient package where all of the keys are fully under their control.

Since the firmware and userspace tools are free software, that means enterprises can also easily customize these tools to suit their own internal policies whether with their own software teams or by working with Purism. That could mean anything from providing a customized error page to employees when Heads detects tampering to actively preventing employees from booting a tampered-with machine.

Only the Beginning

Knowing that our customers have a secure and freedom-respecting security token opens up all sorts of other possibilities and today we are only scratching the surface on what we will be able to do with Librem Key both for new customers and those that have been with us from the beginning. Stay tuned for future posts where I will dive deeper into some of the Librem Key’s features and explain how to get the most out of it. In the mean time you can order your own Librem Key from the Librem Key product page.

Progress update from the Librem 5 hardware department

As you might have noted when we announced closing the development kit “last call” sale, new specifications have been made public. I want to explain what led to these specifications and why we made the choices we made and what the current timeline is for the devkits and Librem 5 phones. Read more

Last Call for Librem 5 Dev Kit: order yours before June 1st 2018

Purism has finalized the specifications for the Librem 5 development kit and will be placing all the component parts order and fabrication run the first week of June 2018. If you want to have early access to the hardware that will serve as the platform for the Librem 5 phone, you must place your dev kit order before June 1st, 2018. The price for the development kit is now $399, up from the early-bird pricing that was in effect during the campaign and until today. The dev kit is a small batch, “limited edition” product. After this batch, we are not planning for a second run (as the production of the phone itself will replace the dev kit in 2019).

Improved specifications

We decided to wait to get the latest i.MX 8M System On Module (SOM), rather than utilizing the older i.MX 6 SOM, therefore having the dev kit align nicely with the ending phone hardware specifications. This means the dev kits will begin delivery in the latter part of August for the earliest orders while fulfilling other dev kits in September. Choosing to wait for the i.MX 8M SOM also means our hardware design for the Librem 5 phone is still on target for January 2019 because we are pooling efforts rather than separating them as two distinct projects. Our dev kit choices and advancements benefit the Librem 5 phone investment and timeline.

The current dev kit specification is (subject to minor changes during purchasing):

  • i.MX 8M system on module (SOM) including at least 2GB LPDDR4 RAM and 16GB eMMC (NOTE: The Librem 5 phone will have greater RAM and storage)
  • M.2 low power WiFi+Bluetooth card
  • M.2 cellular baseband card for 3G and 4G networks
  • 5.7″ LCD touchscreen with a 18:9 (2:1) 720×1440 resolution
  • 1 camera module
  • 1 USB-C cable
  • Librem 5 dev kit PCB
    • Inertial 9-axis IMU sensor (accel, gyro, magnetometer)
    • GNSS (aka “GPS”)
    • Ethernet (for debugging and data transfer)
    • Mini-HDMI connector (for second screen)
    • Integrated mini speaker and microphone
    • 3.5mm audio jack with stereo output and microphone input
    • Vibration motor
    • Ambient light sensor
    • Proximity sensor
    • Slot for microSD
    • Slot for SIM card
    • Slot for smartcard
    • USB-C connector for USB data (host and client) and power supply
    • Radio and camera/mic hardware killswitches
    • Holder for optional 18650 Li-poly rechargeable battery with charging from mainboard (battery not required and not included!)

The dev kit will be the raw PCB without any outer case (in other words, don’t expect to use it as a phone to carry in your pocket!), but the physical setup will be stable enough so that it can be used by developers. As we finalize the designs and renders we will publish images.

Demonstrating Tamper Detection with Heads

We are excited about the future of Heads on Librem laptops and the extra level of protection it can give customers. As a result we’ve both been writing about it a lot publicly and working on it a lot privately. What I’ve realized when I’ve talked to people about Heads and given demos, is that many people have never seen a tamper-evident boot process before. All of the concepts around tamper-evident boot are pretty abstract and it can be difficult to fully grasp how it protects you if you’ve never seen it work.

We have created a short demo that walks through a normal Heads boot process and demonstrates tamper detection. In the interest of keeping the demo short I only briefly described what was happening. In this post I will elaborate on what you are seeing in the video.

Step One: Normal Boot

The normal boot process for a computer that uses Heads is much like with any other computer, at least from a user experience standpoint. Like with other computers, you can bring up a full menu of different items to boot, but you can also pick one to set as your default. Once you set a boot option as a default, at boot time you can just press Enter and it will boot into your operating system just like with any other system.

Default Heads Boot Menu
Default Heads Boot Menu

Unlike with other systems, Heads is providing extra levels of security during the boot process. At that default boot screen, you will see a 6-digit number above the menu options. That is a TOTP (Time-based One Time Password) code that Heads uses to prove to you that it hasn’t been tampered with and can be trusted. If you’ve ever used a TOTP code in the past, normally it’s so you can authenticate yourself to a website using Two-Factor Authentication. In this case it’s the reverse: the computer (specifically Heads) is authenticating itself to you! If that code matches the code on your phone, you know it’s safe to proceed.

Once you hit Enter during a normal boot, Heads then verifies the signatures of all of its configuration files stored in /boot based on the copy of your public GPG key it has within it. These configuration files include a file that contains sha256 checksums for the rest of the files in /boot. Once it verifies your signature for that file, Heads can trust it hasn’t been modified so it uses it to make sure the rest of the files in /boot haven’t changed. Since all of them match, they weren’t tampered with so Heads proceeds with the boot process.

Step Two: Hack The Computer

Hacking grub.cfg
Hacking grub.cfg

Once the computer boots, I put my black hat on and “hack” my computer by defacing my /boot/grub/grub.cfg file with a comment. This is a benign hack for demonstration purposes, but the attacker could have just as easily modified grub.cfg to boot from an older kernel on your system that has a known security vulnerability, added a single user mode, or otherwise altered the boot process to make it easier to launch another attack.

An attack that changes a plain text configuration file leaves a trail that might be easier for a user to detect if they happened to edit the file themselves. A more sophisticated hacker would put a back door into your default initrd file (the initial file system your kernel uses when it boots) or even replace your kernel with a compromised version. Both of these kinds of attacks are almost impossible to detect without a system like Heads. Because all of these files are stored in /boot, and Heads checks all of them, it is able to detect all of these types of tampering.

Step Three: Detect Tampering

When the system reboots, it returns back to the main Heads boot screen. First I hit Enter to select the default boot option but this time when Heads scans all of the files in /boot, it detects that grub.cfg has been changed! Along with the warning, I also get the option to re-sign all of the files in /boot. This option exists because there are a number of perfectly legitimate reasons why your grub.cfg, initrd, kernel, or other /boot files might change either because you edited them yourself or you updated software that changed them. Otherwise if you don’t want to re-sign files you can return to the main menu.

Tampering detected!
Tampering detected!

If you choose to re-sign all of the files, you will get an additional warning screen that explains what Heads is about to do and another chance to exit out to the main menu. If you did choose to re-sign all of the files you would then insert a USB GPG smart card that held your private keys so you could re-sign the Heads configuration files in /boot.

Since I knew that I didn’t want to keep that “hacked” grub.cfg file, instead of signing the files I returned to the main menu. By default Heads used to error out to a recovery shell if it detected a file was tampered with. The assumption is that the expert user could then investigate and remedy the problem from within that shell. If you aren’t an expert user in this situation you might not know how to recover and would end up being locked out of your computer!

We understand that there are a number of situations where a user might legitimately or accidentally change files in /boot and while it’s not advisable to boot into a system that is actually tampered with by an attacker (because among other reasons, an attacker might be able to get your disk encryption or login passwords), we also don’t want to lock you out. We’ve added an “insecure boot mode” to Heads for these circumstances. When you select that option, Heads will ignore any tamper warnings and present you with a GRUB-style menu of boot options. You can then select a boot option and Heads will boot into your system. To make sure you know that this is an unsafe option, in addition to the warnings in the user interface, we also disable the splash screen and change the console to have a red background.

Insecure boot mode
Insecure boot mode

Step Four: (Optionally) Investigate Tampering

So what should you do if Heads alerts you to tampering? Exactly how you respond to a potentially legitimate tampering alert depends on a number of factors including what kind of user you are. I’ll step through three of the most common categories of Heads user and describe how they might respond to a legitimate tampering alert.

Category 1: Enterprise User

In the event of tampering, enterprise users would just hand the laptop over to their IT team and pick up a replacement while the IT team investigates. Some organizations might want to go a step further and work with us to customize their Heads image with branded and customized warning messages with their custom policies or direct the employee to an internal wiki or other resources. Some enterprises may even want to go even further and remove the ability to boot a machine that sets off tampering alerts. This would also be useful for employees who take their machine overseas to ensure the machine is in a safe state before they reconnect it to the corporate network.

Once the IT team receives the laptop, they can then inspect the laptop for tampering using their in-house tools and procedures, and then reflash the system back to their secure, internal image. For smaller organizations who may not have those capabilities, Purism also provides support services to bring the laptop back to a clean factory state.

Category 2: Expert-level End User

The expert level user will likely want to inspect the system themselves in the event of a legitimate tamper alert. While I demonstrate the insecure forced boot mode in the demo, the expert user would likely use the Heads recovery shell or boot into a USB recovery disk instead (like the PureOS live install disk) to investigate from there. Otherwise, when they boot their compromised system, they will be prompted for their disk decryption passphrase and login password and risk turning those secrets over to the attacker.

While the Heads recovery shell is limited to a small subset of Linux command-line tools, it has enough tools for the expert user to inspect files in /boot including a text editor to inspect grub.cfg and tools to mount the encrypted root file system from a trusted environment. Provided you trust Heads itself hasn’t been tampered with, you could inspect quite a bit just from this recovery shell alone.

If the Heads recovery shell didn’t provide enough tools, the expert user could also boot from a USB disk, mount the /boot partition and inspect the changed files. In the case of a modified grub.cfg they would just use a text editor for this. In the case of a modified initrd they would need to extract the file and inspect the extracted file system. From there they could also decide to mount the root file system and inspect it for rootkits as well. For users who may suspect Heads itself was tampered with, they would be able to use flashrom to pull down a copy of the version of Heads on the system and inspect it directly.

Category 3: Everyone Else

The average user is unlikely to put on their forensics hat and inspect a compromised system. While for the most part any alerts an average user will see will likely be a direct result of package updates or other changes they know they made, there’s a possibility that sometimes they might get an alert they weren’t expecting. For instance, if you took your laptop overseas on a trip and didn’t update it or otherwise change it during the trip, a tampering alert when you got home would be much more suspicious.

So what’s the average user to do? No matter what, you can always fall back to the insecure boot mode so you won’t lose access to their system or files. In that case even if you couldn’t inspect or fix the errors yourself, you could at least backup your personal files and reinstall the OS to get back to a safe state. Alternatively like with enterprise users you could also take advantage of Purism support services to reflash your system to a factory state.

Conclusion

Hopefully watching Heads in action has helped make it a bit more clear just how it will protect you from tampering. In future posts I will walk through other Heads features and workflows including registering a new TOTP code and completely resetting the TPM.

Trusted Platform Module now available as an add-on for Librem laptops

Over the past few months, we have been busy with a plethora of great projects being set afoot. We have been incrementally building a laptop inventory to ship from, we have been continuing the coreboot enablement work on our laptops, neutralizing—and then disabling—the Intel Management Engine, and launching our much awaited Librem phone campaign, which ended in a very motivating success—involving many great organizations part of the Free Software community, such as Matrix, KDE e.v., the GNOME Foundation, Nextcloud, and Monero.

It really has been a whirlwind of events, and this has been happening in parallel to us continuing our existing R&D and operations work, such as preparing a new batch of laptops—namely the much anticipated Librem 13 with i7 processor.

One particular security R&D project dear to our hearts has been the beginning of our collaboration with “Heads” developer Trammell Hudson, a project that has been quietly going on behind the scenes for the past few months. We are very pleased to announce today that we are making a positive step to make this effort within reach of early adopters, with the availability of a Trusted Platform Module (TPM) as an optional component for currently pending and near-future laptop orders. Read more

The Librem 5 Development Roadmap and Progress Towards i.MX 8

The Librem 5 crowdfunding campaign is still cranking along nicely, while it is going on we wanted to provide a progress report on the hardware selection as well as the advancements with our existing development boards.

TL;DR:

  • The base hardware with i.MX 6 is demonstrably working.
  • i.MX 8M, Etnaviv, full HD, are the likely hardware combination candidates for the Librem 5 phone.

Development Hardware Proving Positive

Showing photos of low-level progress is always a challenge, however showing Wayland and applications running on development hardware by definition means that the lower level parts are working! Booting from microSD into a Debian GNU/Linux unstable with most of the UI installed…

Purism Librem 5 phone (early development boards) for testing CPU/GPU and GNU/Linux
Purism Librem 5 (early development boards) booting the Linux kernel, Wayland, and a terminal in early August 2017.
Purism Librem 5 (early development boards) booting Debian GNU/Linux unstable, Wayland, and GNOME Settings in September 2017
Purism Librem 5 (early development boards) screenshot of a photo rendered

What led us to choose i.MX 6/i.MX 8

We have tested nearly every combination of CPU (and GPU, see further below), Purism’s goals of creating hardware that is ethical, runs free software, can separate baseband from main CPU, and the ability to run GNU/Linux (not Android), quickly narrowed our scope to i.MX 6 as one of the only viable options.

We have been testing and working with i.MX 6 and are pleased to report healthy progress with that hardware, as you can see from the photos, we have the Linux kernel booting, Wayland running, and in these photos GNOME/GTK and even Gnome Settings showing.

Purism Librem 5 (early development boards) running Debian GNU/Linux unstable, wayland, and GNOME Settings screenshot

Heading towards i.MX 8

We have been making some progress that makes us confident to say we will likely be able to use i.MX 8 for the Librem 5 phone hardware, primarily because:

  1. We will be able to evaluate a i.MX 8M pre-production board November 2017
  2. Our extended community can evaluate a handful of i.MX 8M sample chips in November 2017
  3. More evaluation boards should be available before year-end 2017
  4. In Q1 of 2018 we can get i.MX 8M into production. This is well ahead of our required hardware selection date of April 2018, so we will very likely be using the i.MX 8M in the Librem 5.
i.MX 8M (early evaluation boards)

State of the GPUs… or “Why we chose i.MX 6/8 + Vivante”

GPU drivers have been a big issue for a long time in the free software world. Manufacturers would typically not release any specification or documentation but only binary-only drivers. For PC hardware this problem has somewhat been resolved, which is why Purism uses Intel GPUs on our Librem products, since Intel has free drivers merged in mainline Linux kernel. But for ARM SOCs, the situation is not ideal.

  • MALI: One of the biggest players in the ARM field is MALI. The MALI core was originally developed by Falanx Microsystems until ARM bought their patents and copyrights and is now licensing the MALI core for ARM designs. ARM is not releasing any specs about the MALI GPU cores and does not provide any free software drivers for them. (The MALI400 is e.g. also used in the Allwinner A64 chip which again is used on Pine64 and in the Pinebook). There is an effort to develop a free driver by reverse engineering existing code, which is called LIMA, but its functionality and support is still limited.
  • Adreno: another big one is the Adreno GPU core, found in many Qualcomm Snapdragon SOCs. For this one also, no documentation exists although a reverse engineering project produced a pretty well working driver, called freedreno, which is also supported by current Mesa versions.
  • PowerVR: the PowerVR GPU cores are found mostly in embedded PowerPCs and Texas Instruments “OMAP” CPUs. As of today, we are not aware of any free development for these, only some binary-only drivers are available. There is an effort started by the Free Software Foundation but it seems that the project has stalled for some time now.
  • Tegra: the first generation nVIDIA “Tegra” SOCs has Linux kernel mainline support since 2012. The latest Tegra SOCs use the same GPU building blocks as the desktop PC graphics cards and can be used with the Nouveau GPU driver.
  • i.MX 6 Vivante: since Linux kernel 4.8, a new set of DRM/GPU drivers has been incorporated into the mainline Linux kernel, the so-called Etnaviv. Etnaviv support is also included in Mesa, starting with Mesa 17. We have successfully been operating a prototype for our phone using a mainline Linux kernel 4.12.4 with Etnaviv support. From microSD we booted into a Debian GNU/Linux unstable with most of the UI stuff installed. It works! We can safely say that upstream OpenGL hardware GPU support for i.MX 6 has landed in major Linux distributions, which is great news since hardware GUI acceleration is badly needed for any type of modern mobile GUI.

With the Librem 5, we are very excited to be advancing the mobile phone space to be ethical, respect digital rights, run GNU/Linux, be secure, and create a future that we are proud to be part of. We will be posting regular development updates as we progress with the hardware, software, and partners.

Inventory shipping in June 2017: case designs and final assembly

For the past few weeks, the new Librem 13 and 15 have been undergoing stage 1 production with our case modifications and silkscreening. We had some back and forth between us and the printer to finally have clearly identified killswitches:

…and our certification marks and model identification on the underside:

At first the screenprinters had trouble with the font we’re using (as you can see above, if you have a keen eye), but we got that corrected as you can see further below. We were not so lucky with the keyboard’s “Purism logo” key as the aspect ratio was squashed a little bit by the backlit keyboard supplier and we found out too late, but at this stage the #1 priority is getting these machines delivered to you as fast as possible, so we’re hoping you don’t mind the Purism rectangle logo being in “ultra-wide” cinema format just this once 😉

As the laptops are now at stage 2 production, we have some teaser photos of the completed case work. These were shot a bit hurriedly, the lighting and compression is not flattering, but this at least provides a rough idea. We’ll take the time to shoot proper studio photos when the first new wave of shipments is mailed out in June.

Here is what the underside of the Librem 13 looks like:

Here are the silkscreened killswitch labels:

Note: the IPS display panels we source for the Librems are matte (as they should be!) The reason why the screen in the picture above seems reflective is that a glossy protective film is applied to protect the laptops during shipping.

For the curious among you, here is a bare view of the case’s interior, with only the multitouch trackpad and backlit keyboard (underneath the black electrical isolating layer) installed:

With this, we are confident that we will be able to begin shipping out finalized units to customers in roughly two weeks. Afterwards, we will have stock on hand allowing new orders to be fulfilled within a week. If you were reluctant to preorder and were were waiting for the presence of rapidly-shipping stock to purchase a Librem, this will be a deal changer for you.

Spring 2017 product design update and operations report

Let’s recap recent progress with a summary of where we stand and where we’re going next on the “operations” front.

We have begun production of the two new revisions of Librem laptops. As we narrowed down on component choices and successfully raised additional funds, we have now made great steps towards our “zero outstanding orders” milestone and our goal of creating our first inventory to ship future orders from.

  • Last month, we ordered a batch of supplies to begin production of the new Librem 13 “v2” units. We have also tested and evaluated three prototype units, the latest of which we will use to extend our coreboot work.
  • Two weeks ago, we also ordered parts for the new Librem 15 “v3” units. So far we have evaluated one prototype unit for this new batch (which will also be used for our coreboot work), and will evaluate a second one soon.
  • We are currently working to leverage investment to make the Librem 11 batch order happen sooner and create an inventory directly; we will let you know of any progress on that front. In the meantime, we thank you for your patience. And please spread the word about the Librem 11 to those around you looking for a nice security-oriented and freedom-respecting convertible tablet with stylus support (especially interesting for visual artists who want to use the plethora of free creative tools such as MyPaint, Krita, Inkscape, GIMP, etc.)! The more people know about it, the sooner we should be able to put it into production.

Revised products specifications

For the upcoming Librem 13 v2 and the Librem 15 v3, we evaluated various prototypes, including different cases and keyboard models, alongside various possible CPU, GPU, RAM and storage combinations. With the newer motherboards, we aimed to keep the same flexibility in terms of storage: one M.2 slot and one standard SATA slot. As usual, the RAM and SSDs are all user-replaceable, not soldered.

The Librem 13 gets a whole slew of improvements for version 2:

  • A newer i5 processor, using the 14 nanometers lithography of the Skylake generation, bringing additional performance and power savings over previous generations
  • A backlit keyboard (the most often requested feature)
  • Newer Intel graphics as part of the Skylake chipset
  • DDR4 memory
  • One USB 3.0 “type C” connector
  • A much better trackpad (sourced from Elantech instead of BYD), which works better out of the box. It supports vertical and horizontal two-finger scrolling, allows changing workspaces with a simple four-finger swipe gesture, has smoother scrolling, and various multitouch gestures (dependent on applications support).

Those who have ordered the Librem 15 also get the free update to Skylake, newer graphics, DDR4, and improved trackpad. The Librem 15 already had a backlit keyboard and USB-C.

As you can see, when you pre-order a Purism device, you don’t need to worry about the specs becoming outdated by the time of production & delivery. For all our products, we strike a balance as per our manufacturing & sourcing approach, yet strive to stay close to the latest technology out there. We aim to please our supporters by bundling these updates at no additional cost whenever possible.

Upgrading from the Broadwell microarchitecture for this round, we chose to go with Skylake (rather than Kabylake) in order to service orders more quickly without bringing on delays in supplies or testing. To provide the best user experience, we prefer to test more thoroughly before moving on to a new chipset (for instance, we’ll be able to provide coreboot support more quickly with Skylake as part of our current roadmap). We expect to upgrade the chipsets/microachitecture again for the next production run (planned for the second half of 2017 once we complete this batch), which will involve a revised motherboard design, as we will also be adding new hardware features in prevision of full support for Heads.

The power of the Dark Side comes as a duo

We chose to keep the same overall chassis, although the location of Librem 15’s killswitches will be different this time (all on the hinge cover, like the Librem 13).

A notable aesthetic improvement for the Librem 15 v3 is that it will be anodized black just like the Librem 13. The temptation of the Dark Side was strong! Here you can see an anodized aluminium extrusion sample of the Librem 15 v3, next to an existing Librem 13 v1:

As we are beginning to have quite a bit of hardware revisions and models to keep track of, the laptops will now also feature some subtle branding underneath the backplate for model identification and to show the appropriate certification marks (we are FCC and CE certified). The publicly visible parts such as the screen bezel, palmrests, or the back of the screen lid, all remain unbranded.

Better power connectors

We are now sourcing power supplies with L-shaped coaxial connectors, so they keep a low profile when plugged into the side of your Librem:

This is particularly useful if you like to sit cross-legged with your laptop on a sofa, for example! (or for those who like to meditate with a computer on their lap)

Wrapping up

We are well on our way to provide a great new set of laptops this summer. We should be receiving the final components around the end of May, at which point we will do the final assembly and shipping throughout June. We will then be able to celebrate having cleared all the existing Librem 13 and 15 orders (including the recent big spike in orders). After that point, we will be able to ship within days and weeks (not months), which will be a huge relief for everybody looking to buy a Librem “in a pinch”. We hope you’re as excited as we are about that!

As always, thank you for your support, and feel free to contact us with your thoughts and encouragements, or to spread the good news around you!


Edit: post updated to reflect the processor models available as of June 2017. For the time being, the Librem 13 will still feature an i5 processor instead of the i7, albeit with the newer Skylake chipset.

Bringing Librem 13 v2 and Librem 15 v3 prototypes back from LibrePlanet for further coreboot porting work

A few days ago we gave you a very quick sneak peek of the Librem 15 v3’s anodized black finish as we were doing final preparations for our LibrePlanet 2017 attendance. We were very happy to support the Free Software Foundation by sponsoring LibrePlanet! On Saturday morning, we started setting up our booth slowly, thinking there would not be much activity going on at the beginning of the day. We were proved wrong:

There was a crowd around our booth at pretty much all times (except lunchtime) throughout the day Saturday, during which it was revealed that Todd is possibly a cyborg, as he stood there answering questions for eight hours straight, without needing to eat, drink, or sit:

Great discussions were had. James was also present, attending talks and officially winning our photobomber of the year award, as you can see him in the lower-right corner of this photo:

New passions bloomed among attendees:

People who saw and touched the Librems found them to be quite impressive. For instance:

Some of the frequent comments we heard were “Wow. They’re even better than on the photos!”, “When can I buy one?” and “I was a Purism skeptic, but I see you are delivering on your promises and making the impossible possible.”

Really encouraging!

Upcoming coreboot work

While we were hard at work answering thousands of questions at LibrePlanet, our coreboot developer Youness was on vacation while waiting for some more testing hardware. This week he will be resuming his work on preparing/packaging coreboot for release, and with the two new prototype units I brought back from Boston he will also be able to begin the coreboot port for these devices. We hope to do that in time to factory-flash them for the next batch of deliveries in May-June, but we’ll see how the development work pans out. If it’s not ready within that short timespan, we will provide coreboot as an update that you can flash yourself.

Youness has also made some additional progress on the Intel ME, thanks to information and data that Igor Skochinsky was able to share with us. Stay tuned for Youness’ next report!

Getting ready for LibrePlanet and the new Librem 15 v3

This year, we’re attending and sponsoring LibrePlanet, which is being held this week-end in Boston. Todd and I arrived one day early, as we wanted to seize the opportunity to spend a full day coworking to align our plans (regarding communications, product design and supply chain management), confirm product specifications, and test some new prototypes we have on hand. Todd recently (yesterday!) received sample parts and prototype units from suppliers, so we spent some time checking the aesthetic and functional aspect of the next revision of the Librem 13 (v2) and Librem 15 (v3), including the chips, killswitches, and removable components.

I also brought with me some older units I had gathered from others, including the Librem 11 prototype (which we bricked during testing) and the previous revision of the Librem 15.

Oh, “But what is that mysterious black plate in the center of the table”, you ask? Well, that’s one of the sample parts our suppliers sent us: the upper aluminium plate of the upcoming Librem 15 v3, which will be anodized black like our lovely Librem 13.

Here you can see Todd’s Librem 13 on the left (which looks brand new even after 2 years of intensive use) and the Librem 15 v3’s anodized aluminium extrusion sample on the right (resting on top of the old Librem 15 production model for comparison).

We chose a matte finish to avoid fingerprints from showing up (disclaimer: if you’re worried about someone lifting your invisible fingerprints from your laptop, you probably want to type with gloves like this guy–except you’ll be way cooler, because you’ll be using a Librem instead of some old plastic junk 😉

We’re still finalizing details when it comes to the final specs, but from the looks of it, those with outstanding orders may benefit from a free upgrade to a newer generation of CPU and graphic chipsets, in addition to the black aluminium chassis.

Today we have placed a batch order through our supply chain for the Librem 15 v3, so we hope to provide you with an update on specifications and estimates soon. In the meantime, if any of you are attending LibrePlanet, we look forward to meeting you this week-end!