It's been so difficult to keep quiet about Librem 5 USA! It's a Librem 5 phone with electronics fabricated in the US like our Librem Key and devkit. As I mention in the post, our goal is to shrink our #supplychain and directly oversee as much of the process as possible. #Librem5USA
It was particularly difficult to keep quiet about #Librem5USA after seeing this article earlier in the week: #supplychain
https://arstechnica.com/gadgets/2019/12/huawei-is-now-shipping-smartphones-with-zero-us-components/
@kyle You mean the overpriced smartphone that really isn't better off being made in the USA because of the NSA supply/shipping chain compromises?
@briana The point is to bring the supply chain closer to *our* oversight and we are in the US. I talk about some of your concerns in https://puri.sm/posts/protecting-the-digital-supply-chain/ and this is also why we offer anti-interdiction services for those w/ that threat: https://puri.sm/posts/anti-interdiction-services/
@kyle Even disregarding that, what about the fact that RYF certification actually makes the hardware less secure over time as you are not allowed to update isolated firmware?
@briana That argument has more relevance on Intel platforms w/ Meltdown and Spectre and CPU microcode. Beyond that the goal is to limit and remove any binary blob firmware, especially w/ security impact altogether and use FOSS alternatives.
My understanding on the phone is that there are fewer proprietary blobs remaining that would likely need a security update or impact the security of the device in a reasonable way.
@kyle I fail to see how the modem and redpine chips are not impactful on security? Yes, you could replace those modules in theory to update the firmware, but that would be highly wasteful. Throwing away perfectly good hardware just because you don't want to update the firmware for certification purposes?
