Differences

This shows you the differences between two versions of the page.

--- hardware:purism-librem14:index [2024-04-02 09:06] – removed - external edit (Unknown date) 127.0.0.1
+++ hardware:purism-librem14:index [2024-04-02 09:08] (current) – fix link to Gentoo page zlg
@@ Line 1: / Line 1: @@
+====== Purism Librem 14 ======
+The //Librem 14// is a 14" ultra thin laptop designed by [[https://puri.sm|Purism]] to use as many free-as-in-freedom licensed components as is practical, and enabling the user to protect their security and privacy. The Librem 14 achieves this through state of the art tamper-evident booting, full disk encryption using LUKS, physical killswitches (one for webcam + mic, the other for WiFi and Bluetooth), and support for OpenPGP smartcards out of the box.
+Despite this design goal, the device still runs non-free software in the form of SeaBIOS and the non-free Atheros firmware needed for Bluetooth. Additionally, the Intel Management Engine is only //neutralized// instead of completely disabled, due to how deeply embedded the ME is in the operation of the modern Intel processor.
+This page used to be aimed at issues and tips to run a Librem 14 with the default PureOS that comes with the machine. **However, Purism generates their own encryption key per-laptop and during the initial setup of a unit, you're actually only updating a //keyfile// that can decrypt the master key used to encrypt, NOT encrypting it with your own key!**
+This decision was explained by TODO:
+FIXME //Include direct link to Purism employee explaining why.// FIXME
+For that reason, this section will favor Purism's repositories only for hardware-specific tools or kernel-related configuration, and it is highly suggested to at least re-generate an encryption master key and re-encrypt your Librem 14's storage.
+  * update coreboot to v18.1 to cover boot vulnerability (one flag is flipped since L14 supports it)
+  * Enable Debian's ''non-free'' repository to acquire ''atheros-firmware'' package, which supports the Atheros AR3012 that the Librem 14 uses for Bluetooth capability.
+  * Set battery charging thresholds via systemd oneshot unit on boot (Purism is aware and supposedly has a fix...?) (won't apply to Gentoo since they use OpenRC, maybe fixable with EC flash?)
+  * Create your own master key so you can re-image the drive and re-encrypt, or re-encrypt with a live environment and ''cryptsetup''
+  * [[.:gentoo-luks-lvm-librem-key|Gentoo on Librem 14]] -- Unlock the potential of this machine, with LUKS, LVM, and Librem Key