If they punch babies that is not ideal, but that is separate from specific concerns with the hardware and firmware they produce.
Conversation
And there are serious issues with the hardware / firmware including them going out of the way to sabotage security. They are against being able to ship firmware updates in the first place, unless the firmware has no signature verification, otherwise they see it as mandatory to
1
at least block updating it from the OS and it's probably really required to block updating it at all to fit the requirements they have chosen. Couple that with deliberately not setting up the SoC / CPU in a secure way including on their laptops and other issues like badly chosen
1
components based on criteria for choosing it not aligned with privacy/security. I really think you're better off with the Pinephone which while using lower end, more outdated hardware has compatible goals (just different ones) and doesn't have active sabotage in these areas.
1
1
I don't really see how something designed to be locked down in a way that even a Pixel is not (i.e. going out of the way to sabotage firmware updates to remove that option from users and operating systems) is more flexible, or what advantage there is to sketchy component choices.
2
Can you elaborate on sabotaging firmware updates? This point has remained unclear.
2
They have a policy of blocking firmware upgrades and designing around making it impossible, including for peripheral components. Read up on it. It's one of the goals of the device to prevent updating firmware unless it's not signed so anything can be installed as an update.
2
I mean the schematics are public, I can swap in my own modules... I don't see how they could stop me unless it is enforced at the CPU level. Will research this.
1
SoCs themselves have a lot of firmware and they went out of the way to stop updating it via the OS for any other components too. It's not supposed to be possible to update the firmware on the baseband, Wi-Fi, etc. on it and particularly not for the SoC or other components.
1
They even went as far as doing some bits like RAM training via a secondary CPU (dedicating it to that purpose, so AFAIK it's not usable for other things) to avoid having it under the control of the OS or part of the boot chain that runs on the main CPU. It's supposed to block
1
updating it to 'protect your freedom' however that works by not having the ability to update firmware. It may be possible to use JTAG, etc. in some cases to bypass it. They deliberately chose components where they could block firmware updates in some way. That's the main concern.
So, in some cases, maybe they just didn't wire up all the data lines, in others they've configured it to prevent doing it, etc. So, sometimes they'll not configure security features (same case on their laptops), but they're also fine with just setting it up to block updates.
1
So, regardless of whatever is wrong with the Pinephone, they want to make something good and aren't sabotaging it, and they can improve it in future generations.
1
Show replies