It's been so difficult to keep quiet about Librem 5 USA! It's a Librem 5 phone with electronics fabricated in the US like our Librem Key and devkit. As I mention in the post, our goal is to shrink our and directly oversee as much of the process as possible.

puri.sm/posts/librem-5-usa/

@kyle You mean the overpriced smartphone that really isn't better off being made in the USA because of the NSA supply/shipping chain compromises?

@briana The point is to bring the supply chain closer to *our* oversight and we are in the US. I talk about some of your concerns in puri.sm/posts/protecting-the-d and this is also why we offer anti-interdiction services for those w/ that threat: puri.sm/posts/anti-interdictio

@kyle Even disregarding that, what about the fact that RYF certification actually makes the hardware less secure over time as you are not allowed to update isolated firmware?

@briana That argument has more relevance on Intel platforms w/ Meltdown and Spectre and CPU microcode. Beyond that the goal is to limit and remove any binary blob firmware, especially w/ security impact altogether and use FOSS alternatives.

My understanding on the phone is that there are fewer proprietary blobs remaining that would likely need a security update or impact the security of the device in a reasonable way.

@kyle @briana In fact these blobs are stored on replaceable modules, so I guess they actually are user-updatable in a way... ;)

@dos @kyle That would be highly wasteful. Throwing away modules just because you don't want to update the firmware for certification reasons?

@dos @kyle And that's not to mention that the modems are not cheap

@kyle I fail to see how the modem and redpine chips are not impactful on security? Yes, you could replace those modules in theory to update the firmware, but that would be highly wasteful. Throwing away perfectly good hardware just because you don't want to update the firmware for certification purposes?

@kyle I'll be curious to hear what percentage of customers choose to pay nearly twice as much for it to be made in the US. I appreciate the effort (and understand higher costs involved), but worry that the volume will be so low that it keeps that price high. If all Librem 5s were made in the US, would the economies of scale be able to bring that price down?

@kyle Fantastic work! I'm not so concerned with the security aspect of this (although I'm happy about it for sure) as I am to see US jobs being created as a result. I'd switch to this just to support that fact alone. Great job as usual Purism!

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml