I already know two non-free bits without even having to search: DDR controller training FW on i.MX8M is a binary, LTE modem runs Android-like Linux blobs...
Conversation
SoC, baseband, Wi-Fi, Bluetooth, touchscreen and other components have proprietary firmware. Is there any component that's more open?
They've defined free as the user not having the option to update firmware. By choosing "open" components they mean ones with persistent firmware.
1
1
2
i.e. their choice of components is based on it having the firmware installed in persistent state on the component rather than uploaded by the OS. Somehow, that's supposed to meet the definition of being more free / open. Doesn't make sense. Just playing games with definitions.
1
3
3
It's better for components to have a little persistent state as possible. Shipping devices without the ability to patch serious issues like persistent remote code execution in the radios via software updates is quite problematic, especially when choosing poorly secured radios.
1
1
1
Can't understand how turning things into more of a black box makes them more open. Also, removing even the option to set things up securely for the SoC and elsewhere is hardly freedom. Bonus for pretending to have security features that they've actually gone of the way to break.
1
3
3
On the topic of free w/hw is there any description somewhere showing the overall benefits of grapheneos on proprietary hw like google pixel vs idealistic goals like replicant on samsung siii (which has blobs but understood to be not the worst)?
1
That hardware is just as proprietary. There's no such thing as an arm64 device without an entirely proprietary CPU. The rest of the SoC and the other components on those devices is also proprietary. Ignoring that there's proprietary hardware and firmware just makes you insecure.
1
Not shipping firmware updates is a serious security issue. Targeting hardware without proper ongoing support is a serious security issue. There's very little comparison to make between a hardened OS vs. an insecure one with very serious known remote and local vulnerabilities.
2
The whole point of GrapheneOS is providing substantial privacy and security improvements over a modern OS. It's hard to understand comparing what it offers (grapheneos.org/features) to a device with essentially no security or privacy at all due to such serious problems.
2
1
Open source doesn't inherently provide any privacy or security. It's a development model with more advantages than disadvantages. It doesn't prevent a backdoor, and there's no need for backdoors when the front door is left open due to insecure hardware, firmware and software.
1
1
If you use GrapheneOS on an open hardware / firmware device, you'll have open hardware and firmware. There is no such thing as an open hardware / firmware smartphone. Librem 5 is entirely proprietary. It has proprietary hardware and firmware but without crucial security updates.
GrapheneOS can work fine on any device with AOSP support as long as it doesn't have memory corruption bugs in the device-specific code that are triggered during regular usage and get uncovered by the hardening. It has per-device hardening but it's not tied to only those devices.
1