zlg's notepad

User Tools

Site Tools

You are here: index » hardware » purism-librem14
hardware:purism-librem14:index

Purism Librem 14

The Librem 14 is a 14" ultra thin laptop designed by Purism to use as many free-as-in-freedom licensed components as is practical, and enabling the user to protect their security and privacy. The Librem 14 achieves this through state of the art tamper-evident booting, full disk encryption using LUKS, physical killswitches (one for webcam + mic, the other for WiFi and Bluetooth), and support for OpenPGP smartcards out of the box.

Despite this design goal, the device still runs non-free software in the form of SeaBIOS and the non-free Atheros firmware needed for Bluetooth. Additionally, the Intel Management Engine is only neutralized instead of completely disabled, due to how deeply embedded the ME is in the operation of the modern Intel processor.

This page used to be aimed at issues and tips to run a Librem 14 with the default PureOS that comes with the machine. However, Purism generates their own encryption key per-laptop and during the initial setup of a unit, you're actually only updating a keyfile that can decrypt the master key used to encrypt, NOT encrypting it with your own key!

This decision was explained by TODO:

FIXME Include direct link to Purism employee explaining why. FIXME

For that reason, this section will favor Purism's repositories only for hardware-specific tools or kernel-related configuration, and it is highly suggested to at least re-generate an encryption master key and re-encrypt your Librem 14's storage.

  • update coreboot to v18.1 to cover boot vulnerability (one flag is flipped since L14 supports it)
  • Enable Debian's non-free repository to acquire atheros-firmware package, which supports the Atheros AR3012 that the Librem 14 uses for Bluetooth capability.
  • Set battery charging thresholds via systemd oneshot unit on boot (Purism is aware and supposedly has a fix…?) (won't apply to Gentoo since they use OpenRC, maybe fixable with EC flash?)
  • Create your own master key so you can re-image the drive and re-encrypt, or re-encrypt with a live environment and cryptsetup
  • Gentoo on Librem 14 – Unlock the potential of this machine, with LUKS, LVM, and Librem Key
hardware/purism-librem14/index.txt · Last modified: 2024-04-02 09:08 by zlg