Turns out to run an operating system that completely avoids Big Tech and offers complete user control, there are no good current hardware designs, so Purism had to manufacture various computing devices to be able to completely decouple from the cryptographic control some of these companies have on chipsets, firmware, or hardware signing keys.
Once upon a time computers consisted of hardware and software. The division line was clear and all was good. All that you could physically touch was hardware and everything else was software. But this line quickly became more and more blurred as hardware became more and more complex and integrated. And as this line became blurred Apple, Google, Microsoft, and hardware firmware vendors were quick to cryptographically inject themselves as the controlling master of all code that runs on hardware.
When people ask what Purism does, the explanation some staffers give to the average person is along the lines of: “we make privacy and security respecting hardware, like the Liberty Phone that runs PureOS not Android nor iOS.” Immediately after that, it becomes easy to point to our hardware kill switches to demonstrate how we take a different approach from most other hardware out there. It’s a great example of a simple, easy-to-understand security measure that provides a tangible benefit to everyone.
On the Librem 5 and Liberty Phone we even added what we call Lockdown Mode which extends our normal kill switches to provide even more security and privacy.
We favor open standards and build solutions that put the user in control. While that’s often meant we’ve had to avoid proprietary off-the-shelf solutions and do things ourselves, in other cases it’s meant using existing tried-and-true open technologies like OpenPGP smart card readers in a new way–as a secure enclave fully in the user’s control. A full article about Your Own Personal Enclave goes into greater detail.
Having the control of the hardware supply chain lets Purism source each individual hardware components in a quest for the best “ingredients” for the best “recipe” as explained in our “Fab to Table” blog post. The “food production” metaphor is helpful because it is a sector that is already seeing so many great initiatives toward favoring people’s health and environmental care through small producers all around the world, who favor local productions and toxin-free agriculture. In reality, they are defining what food production’s best practices should be, and here, at Purism, we believe that the Tech Industry should get inspired and follow that same direction.
Why we haven’t been vulnerable to past ME exploits like a recent AMT vulnerability is a deep dive into the benefits of disabling low level exploit points, Librem Intel-based computers are not affected by CVE-2019-0090, due to how we use (and don’t use) the ME. Beyond that, PureBoot users will have extra protection including the ability to detect someone attempting to exploit this vulnerability.
PureBoot tamper-evident boot firmware for our Librem 14 and Librem Mini puts you in cryptographic control of your device from the first bit loaded. PureBoot uses a TPM, it doesn’t use it with Microsoft’s keys, or our keys, but instead with keys that are fully under your control. The Librem 5 and Liberty Phone runs the same 100% free software operating system, PureOS, as our laptops and desktops. Just like the copyleft principle uses copyright law to protect against copyright abuses, we use the traditional tools of DRM (code signing, TPMs, hardware-backed encryption) to help you manage your digital rights.
As we have stated numerous times, security is a game of depth. To exploit any given layer, you go to a lower layer and you have access to everything higher in the stack. Purism offers the deepest level of control for the user, allowing your encryption keys to control your device, so no master key exploit exists.
The Librem 5 and Liberty Phones are a complete custom design, not based on any reference design, specifically designed with all the goals we all want to achieve – open, safe, secure, respecting your privacy and digital rights. This rules out existing mobile phone reference designs, like from MTK, Qualcomm and the others. A full Breaking Ground article by Nicole Faerber is a deep dive as to the complexities of doing this.
Hardware is hard, hardware is capital intensive, and doing hardware that puts the user in control from chipsets through firmware to OS and applications is what makes Purism a different type of technology company, one that cares deeply about your personal freedoms to design hardware as the foundation to put you in complete control of your digital life.
Model | Status | Lead Time | ||
---|---|---|---|---|
Librem Key (Made in USA) | In Stock ($59+) | 10 business days | ||
Librem 5 | In Stock ($699+) 3GB/32GB | 10 business days | ||
Librem 5 COMSEC Bundle | In Stock ($1299+) Qty 2; 3GB/32GB | 10 business days | ||
Liberty Phone (Made in USA Electronics) | Backorder ($1,999+) 4GB/128GB | Estimated fulfillment early November | ||
Librem 5 + SIMple (3 GB Data) | In Stock ($99/mo) | 10 business days | ||
Librem 5 + SIMple Plus (5 GB Data) | In Stock ($129/mo) | 10 business days | ||
Librem 5 + AweSIM (Unlimited Data) | In Stock ($169/mo) | 10 business days | ||
Librem 11 | In Stock ($999+) 8GB/1TB | 10 business days | ||
Librem 14 | Backorder ($1,370+) | Estimated fulfillment date pending | ||
Librem Mini | Backorder ($799+) | Estimated fulfillment November | ||
Librem Server | In Stock ($2,999+) | 45 business days |