components based on criteria for choosing it not aligned with privacy/security. I really think you're better off with the Pinephone which while using lower end, more outdated hardware has compatible goals (just different ones) and doesn't have active sabotage in these areas.
Conversation
I don't really see how something designed to be locked down in a way that even a Pixel is not (i.e. going out of the way to sabotage firmware updates to remove that option from users and operating systems) is more flexible, or what advantage there is to sketchy component choices.
2
Can you elaborate on sabotaging firmware updates? This point has remained unclear.
2
They have a policy of blocking firmware upgrades and designing around making it impossible, including for peripheral components. Read up on it. It's one of the goals of the device to prevent updating firmware unless it's not signed so anything can be installed as an update.
2
I mean the schematics are public, I can swap in my own modules... I don't see how they could stop me unless it is enforced at the CPU level. Will research this.
1
SoCs themselves have a lot of firmware and they went out of the way to stop updating it via the OS for any other components too. It's not supposed to be possible to update the firmware on the baseband, Wi-Fi, etc. on it and particularly not for the SoC or other components.
1
They even went as far as doing some bits like RAM training via a secondary CPU (dedicating it to that purpose, so AFAIK it's not usable for other things) to avoid having it under the control of the OS or part of the boot chain that runs on the main CPU. It's supposed to block
1
updating it to 'protect your freedom' however that works by not having the ability to update firmware. It may be possible to use JTAG, etc. in some cases to bypass it. They deliberately chose components where they could block firmware updates in some way. That's the main concern.
1
So, in some cases, maybe they just didn't wire up all the data lines, in others they've configured it to prevent doing it, etc. So, sometimes they'll not configure security features (same case on their laptops), but they're also fine with just setting it up to block updates.
1
So, regardless of whatever is wrong with the Pinephone, they want to make something good and aren't sabotaging it, and they can improve it in future generations.
1
They don't have a weird ideology driving them to use loopholes to make a device where firmware can be considered 'hardware' by preventing updates to it. That's the only reason they can claim they avoid it: by preventing updates to it. It's still all there, including for the SoC.
And they don't consider it enough to simply not ship firmware / microcode updates. They consider it a problem for it to be possible for operating systems to do it, including the user going out of the way to do it via the OS. I think it's probably also considered an issue for it..
1
... to be possible with some out-of-band debug cable, etc. but just not nearly as much of one and I doubt they care about going out of the way to prevent that as they do with stopping updates via the OS. This is not the only issue with it. It is one of them, and representative
1
Show replies