Has physical switches to turn off wifi, bluetooth, camera, and microphone. Uses FOSS boot code. And more… Even shuts off the Intel Management Engine. It’s pricey though.
March 23, 2018
Purism Librem 13: A Security-Focused Powerhouse of a Linux Laptop
Purism is now shipping a line of laptops: the Librem 11, 13, and 15. The hardware can be configured all the way up to an i7 CPU, 16GB of RAM, and 2TB SSD internal storage. So Purism isn’t skimping on power.
There’s more. The Librem 13 and 15 laptops now ship with the addition of the Trusted Platform Module (TPM). This module is a specialized computer chip dedicated to enabling hardware-based security. With this addition, users can secure the operating system and boot process at the hardware level. And that, my friends, is the driving force behind the Librem laptops … security. In fact, you’ll find features in the Librem line that you won’t with many other laptops. But, are those features enough to make what many might consider a steep price point worth it (Librem 11 starts at $1,199, the Librem 13 at $1,399, and the Librem 15 starts at $1,599)?
Let’s take a look and see.
NOTE: The laptop shipped to me for review (Librem 13 with 16GB RAM and 250GB SSD) retails for $1,707.00.
Not a price I’m likely to pay, but for folks with a fatter wallet wanting a quick answer, this looks decent.
The switch on the left is a killswitch for wireless and Bluetooth. The killswitch on the right is for the camera and microphone. A killswitch for wireless is actually fairly common on laptops. Traditionally, it was thought these switches made it easier for laptops to conserve battery. If your battery was dangerously low, you could switch off the wireless to make those last dregs of power last. On the Purism Librem laptops, these switches are all about privacy. If you’re working remotely, and you suspect the slightest bit of impropriety, quickly move both switches to the off position and your wireless, Bluetooth, camera, and mic will no longer function. But, unlike some other laptops you’ve installed Linux on, when you move those switches back to the on position, the hardware actually functions as expected.
That’s yet another bonus of the Librem laptops—the hardware works out of the box. You close the lid, and Linux suspends. The backlit keyboard works perfectly. Shut off wireless and (when you turn it back on), the laptop doesn’t require a reboot to get wireless working. Although that should be a given, with many laptops, it’s not the case.
Their was only a small complaint about the trackpad being less than perfect. I’d expect that to improve over time. Trackpads are becoming much more common these days.
During the installation, you will be prompted to configure a password for disk encryption. You are not offered the option for disk encryption … you have no choice. This means, every time the laptop boots, you will be required to type your encryption password; otherwise, the boot process will not continue.
Purism has also done some work on the kernel level. They’ve done the following:
Included a patch for Meltdown and Spectre
Neutralized Intel’s Management Engine
AppArmor activated by default
Even before the kernel boots, Purism has opted to use Coreboot, for a fast and secure booting process.
Out of the box, the Librem laptop makes use of Purism repositories. Although I don’t mind this one bit, I have found that updating and upgrading software is significantly slower than it is on other machines on the same network. Also note: those out of the box repositories don’t include the likes of Firefox. Why is that significant?
The only other (obvious) user-facing change to be found is within the web browser space. The Librem ships with a fork of the Firefox browser (developed by the Trisquel development team), called Pure Browser. This take on Firefox does the following:
Blocks third party trackers and advertisers by default.
Uses HTTPS where ever possible by default.
Is Free/Libre Open Software (F/LOSS).
Never “phones home” any personally identifying information surreptitiously.
Sounds t me like they’ve done their homework…
I have to say, I came out of my Librem 13 experience really impressed. Not only is the laptop top notch, the PureOS distribution does an outstanding job of adding to the security features baked into the hardware. If you’re seriously concerned with mobile security, the Purism Librem 13 or 15 would serve you well.
Their web site: https://puri.sm/
They also make a security oriented phone:
Librem 5 – A Security and Privacy Focused Phone
Raised Percent :
Librem 5, the phone that focuses on security by design and privacy protection by default. Running Free/Libre and Open Source software and a GNU+Linux Operating System designed to create an open development utopia, rather than the walled gardens from all other phone providers.
A fully standards-based freedom-oriented system, based on Debian and many other upstream projects, has never been done before–we will be the first to seriously attempt this.
The Librem 5 phone will be the world’s first ever IP-native mobile handset, using end-to-end encrypted decentralized communication over the Internet.
Note: This was an “all-or-nothing” campaign, but we crossed well over the $1.5m goal, and will be delivering on the Librem 5 phone. If you would like a Librem 5 you can simply pre-order one of the appropriate rewards now, and we will add you to the shipping queue!
Librem 5 – A Security and Privacy Focused Phone
Golly!! If I’d known you could get a couple of $Million for a devo effort, I’d have started one! No idea what the price might be or when it is expected to become available. Looks like basically just a Linux with an IP Phone app on it. One presumes it has some kind of Telco based “hot spot” for the wireless connectivity built in.
I actually made a “proof of concept” kluge like that in concept about 3 years back. That Walmart $10 IP phone gizmo, a $10 regular phone handset plugged into it, and a hotspot. Instant luggable IP phone ;-) Even if a very dumb one…
I still have the parts. In theory I could do it again. But making a secure smarter and smaller phone would be better.