It's been so difficult to keep quiet about Librem 5 USA! It's a Librem 5 phone with electronics fabricated in the US like our Librem Key and devkit. As I mention in the post, our goal is to shrink our #supplychain and directly oversee as much of the process as possible. #Librem5USA
It was particularly difficult to keep quiet about #Librem5USA after seeing this article earlier in the week: #supplychain
https://arstechnica.com/gadgets/2019/12/huawei-is-now-shipping-smartphones-with-zero-us-components/
@kyle You mean the overpriced smartphone that really isn't better off being made in the USA because of the NSA supply/shipping chain compromises?
@briana The point is to bring the supply chain closer to *our* oversight and we are in the US. I talk about some of your concerns in https://puri.sm/posts/protecting-the-digital-supply-chain/ and this is also why we offer anti-interdiction services for those w/ that threat: https://puri.sm/posts/anti-interdiction-services/
@kyle Even disregarding that, what about the fact that RYF certification actually makes the hardware less secure over time as you are not allowed to update isolated firmware?
@briana That argument has more relevance on Intel platforms w/ Meltdown and Spectre and CPU microcode. Beyond that the goal is to limit and remove any binary blob firmware, especially w/ security impact altogether and use FOSS alternatives.
My understanding on the phone is that there are fewer proprietary blobs remaining that would likely need a security update or impact the security of the device in a reasonable way.
