We sometimes get questions from customers who are trying to decide between the Librem 5 and Librem 5 USA , such as whether someone living in the USA must buy a Librem 5 USA (Answer: both Librem 5 and Librem 5 USA work in the US) or whether the Librem 5 is $1999 (Answer: the Librem 5 is $799, the Librem 5 USA is $1999). If you are trying to decide between the two phones and want to understand what makes the Librem 5 USA a premium product, in this post we’ll highlight the differences between the two.

What’s the Same

Librem 5 and Librem 5 USA have the same Purism authored schematics, Industrial Design (ID), and Mechanical Design (MD), they both run the same firmware, kernel (Linux), operating system (PureOS), and applications from the PureOS Store. Both products are from Purism, a US-based Social Purpose Company . Both phones work in all the regions of the world by using a removable region-specific modem module included and installed in the phone.

Trust & Verify

Both the Librem 5 and Librem 5 USA have public schematics (they’re the same schematics, since they’re our schematics) for public verification. They both have X-rays released after manufacturing of the PCBAs to verify hardware chips and placement. Both phones are fully Purism designs top-to-bottom. Both phones have all source code released for reproducible verification of no tampering and public verification.

What’s Different

The core differences between the products are based on the Librem 5 being contract manufactured in China while the Librem 5 USA is manufactured at our facility in Carlsbad, California.

Librem 5

The Librem 5 PCBAs (the two boards inside the chassis) are manufactured in China. The PCBAs are then assembled into the Librem 5 Chassis, and imported to our facility in the USA for final assembly, flashing, testing, and fulfillment.

Librem 5 USA

The Librem 5 USA PCBAs are manufactured in our facility in Carlsbad, California—therefore are Made in the USA Electronics—for a secure hardware supply chain in the USA. The PCBAs are then assembled into the Librem 5 Chassis (engraved with ‘USA’ on its side), and have final assembly, flashing, testing, and fulfillment all done at our Purism facility.

The immediate benefits of the Librem 5 USA are to support US labor laws, Made in USA Electronics, secure hardware supply chain, and US manufacturing.

Price

The Librem 5 is $799 while the Librem 5 USA is $1999

Both are Great

Regardless of which product you choose, you will end up with a phone that’s on your side, designed from the bottom up to respect your freedom and protect your privacy and security.

The post Librem 5 and Librem 5 USA: What are the Differences? appeared first on Purism .

With the next release of PureOS, code-named Byzantium, just around the corner, let’s give you a sneak peek of what you can look forward to.

Encryption

Disk encryption will allow for the root disk to be password protected. With this setup, you’ll be asked to decrypt your device before it continues to the phone shell.

Byzantium OS Intro

The default lineup of preinstalled apps is not finalized but is growing. For now, this is what it looks like.

Everything is newer; This release uses the more recent base of Debian Bullseye. On top of that, the codebase between phone, laptop, desktop, and the server will be shared. There was a special repository for the phone that contained additional adaptive applications in the previous release. From this release on, the desktop and phone will use the same adaptive apps and packages.

Files

Also new in this release is the adaptive file manager. Now you’ll be able to manage your home directory with ease.

Other New Apps and App Features

Video decoding using the onboard Video Processing Unit is planned to land in Gnome Web soon. Once added, the Librem 5 will play videos for longer and stay cooler while streaming from the browser.

GPS and Gnome Maps are planned to be supported.

In this release, you can uninstall even the default apps giving you full control of what software runs on your device.

Flipping the camera/microphone hardware killswitch will come with UI feedback.

KDE applications work much better out of the box. This gives users, and developers access to QT tools on top of the default GTK UI toolkit.

Settings

The device settings has many more options and we are working with the community to finish up making these additional settings adaptive.

For those familiar with other platforms, Applications should be very familiar. You can search through your installed apps and manage any Integration settings they might have.

Users with impaired eyesight can look forward to a high contrast mode. We are putting the finishing touches on support in Phosh, but most apps respond well to the high contrast mode. In this release, it’s also possible to test a Screen Reader, giving users audio feedback as they navigate the UI and applications.

Other desktop environments

Desktop-only software isn’t desktop-only anymore. With a few commands, you can install and startup a plasma session on its own screen.

#install 
sudo tasksel install desktop kde-desktop
sudo apt install plasma-wayland-protocols plasma-workspace-wayland kwin-wayland-backend-fbdev kde-standard

#run
sudo systemctl stop phosh
export WAYLAND_DISPLAY=wayland-0
startplasma-wayland --framebuffer --fb-device /dev/fb0 &#or fb1 to select the screen you want it on
plasmashell

Or start KDE like an app from within Phosh.

#login to posh and run
plasmashell

If you’re looking for a classic interface, you can start Mate on the onboard screen.

#mate on PureOS 10
sudo apt install xinit xorg xterm x2x mate

#run X11
sudo systemctl stop phosh
sudo xinit -- -masterfd 9 9<>/dev/dri/card1 &
export DISPLAY=:0
mate-session

While there are too many interfaces to go over here, you can spend hours exploring what each one feels like on the go.

#Other desktops that could be fun:
tasksel# Gnome Xfce Cinnamon Mate LXDE LXQT

This new release of PureOS is already used on the Librem Mini v2 and our Librem 14, and will be made available for your Librem 5 soon.

The post Sneak Peek of the Next PureOS Release on the Librem 5 appeared first on Purism .

The Librem 14 was designed based on a long wishlist we made to build our dream laptop. When we first announced the Librem 14 we stuck to the features we knew for sure would be part of the first revision. Over the next few months as we worked through prototypes we were able to announce new features such as dual RAM slots and a number of exciting security features. While these features are mentioned on the Librem 14 product page , I thought it would be useful to collect all of the security features of the Librem 14 into a single place.

Hardware

Our previous Librem laptop lines touted a number of unique hardware security features and we have learned many lessons over the years as we use the hardware ourselves and get feedback from security-minded customers. With the Librem 14 we have been able to improve hardware security across the board.

Hardware Kill Switches

Our most famous hardware security feature is our hardware kill switches (HKS), a set of physical switches that disables the webcam and microphone, or WiFi, in hardware. Placing a sticker over a webcam is a nice start, but with HKS you can be sure that your computer isn’t spying on you and can conveniently enable the camera and microphone only when you need it.

We got feedback from a number of customers that having HKS on the side meant you had to crane your neck to see the current state and find the right switch. We also heard that some customers were flipping HKS when inserting their laptops into a case. With the Librem 14 we have moved the HKS back above the keyboard and have added LEDs to make the current state of the hardware obvious at a glance. We have also extended the webcam/microphone hardware kill switch so that it also disables the microphone in the headphone jack .

Ethernet Port

A physical Ethernet port might not seem like a security feature to some people, but for people facing particular threats it’s a critical security feature. The ability to remove the WiFi card completely, or at least keep it disabled with a HKS, and access the network over a physical Ethernet port, means you can completely avoid entire classes of attacks on WiFi cards and protocols.

Firmware Write Protection Switches

Another security feature that’s completely new to the Librem 14 is a set of switches on the motherboard that will allow you to write protect the BIOS and EC firmware . Currently the physical switches are implemented, but we still need to complete some software and configuration work so that they actually trigger write protection.

Librem 14 Firmware Write Protect Switches in the Off Position

Firmware

After the hardware, the next area to focus on for security is the firmware–code that runs on discrete chips on your hardware that straddles the fence between hardware and software. Supply-chain attacks on firmware continue to be a growing concern in the security community so we take a number of additional steps on the Librem 14 to help secure its firmware.

Intel Management Engine

Perhaps one of the most famous bits of firmware on a modern Intel computer is the firmware for the Intel Management Engine (ME)–a chip that initializes Intel hardware and that is required for it to boot. Because the ME has core access to your hardware, because the code is proprietary so it can’t be audited, and because some versions of the ME include Active Management Technology (AMT) that enable IT administrators to control machines remotely over the network, there have been some concerns that the ME might contain secret backdoors. Also, as the features of the ME expand, there have also been concerns that the increased attack surface might allow attackers to exploit flaws in ME firmware and take remote control over a computer.

Like in past Librem laptops we select the simplest version of ME firmware available, without AMT, so that we begin with the smallest possible attack surface. Next we disable the ME by setting what is known as the HAP bit so that after the hardware is initialized the ME is disabled. In the past we have also performed an additional step of “neutralizing” the ME (overwriting most of the ME firmware with zeros, leaving only the bits critical to booting). As the Librem 14 is newer hardware running a newer version of the Intel ME, we haven’t yet been able to neutralize it, but hope to be able to add that in a future firmware release.

PureBoot

PureBoot is the name we give for a suite of technologies we use to secure the boot process. It starts with our boot firmware based on free software projects coreboot and Heads that help you detect firmware tampering when paired with a Librem Key . When you order a Librem 14 with the PureBoot Bundle , we pair the laptop with a Librem Key at our facility so that when you boot the laptop with the Librem Key inserted, the key will blink green if the system is safe, and blink red indefinitely if it detects firmware tampering.

PureBoot also extends into the operating system itself and will detect any tampering in the kernel or boot configuration files and alert you to them before it boots. Finally, PureBoot can even be configured to use your Librem Key to unlock disk encryption.

Embedded Controller

In addition to the Intel ME, another area of concern for firmware security is the embedded controller (EC). This chip manages the keyboard in addition to many other things :

With more tasks assigned to the EC, the software and its capabilities grew which makes it a pretty essential piece these days, especially for laptops. So the first thing the EC needs to do is to control the power up and power down of the machine, which means to enable or disable certain voltage domains, doing that in a controlled fashion honoring dependencies (often some power rails are derived from others), and also taking into account the power supply constraints of the main CPU in certain power modes. This is especially important for low power states like suspend to RAM where you just want to power what is needed. There are also other very interesting peripherals attached to the EC. Of course the EC controls the keyboard matrix, i.e. it assigns keypresses in that matrix to key scan codes sent to the main CPU.

Normally the EC runs proprietary firmware, and like with the ME, due to the level of access the EC has (such as the fact that it controls the keyboard), there is concern over what an attacker could do with backdoored or hacked EC firmware.

Starting with the Librem 14 we are freeing the EC firmware which will not only allow you to audit the firmware for backdoors and security flaws, but also give a Librem 14 owner much more control over their hardware. The blog post I linked above goes into much detail about the EC overall as well as our plans for it.

Software

By default the Librem 14 will ship with PureOS Byzantium–our latest and greatest release of PureOS featuring many security and feature updates while being accessible and convenient for the average user to use. For users who want even more security, perhaps at the expense of some convenience, we also offer Qubes as an operating system option on the Librem 14.

We have a long history of Qubes support on our hardware and treat Qubes as a first class operating system at Purism. Because Qubes makes heavy use of hardware virtualization, the average Qubes users finds themselves running ten or more virtual machines simultaneously, with some users running many more than that. With the 6 core, 12 thread tenth generation Intel i7 CPU, fast NVMe storage, and dual SO-DIMM slots allowing a maximum of 64GB RAM, we believe the Librem 14 is the best laptop for Qubes .

Anti-Interdiction

Finally, some customers face security threats such that having their laptop tampered with during shipment is a real concern. Other customers simply want the peace of mind that their laptop hasn’t been tampered with. Regardless of the reasons, Purism offers a premium anti-interdiction service where we work with a customer over encrypted email to model their particular threats and custom-tailor our anti-interdiction measures both on the hardware itself with glitter nail polish and tamper-evident seals, and on the software with an integrated PureBoot Bundle using customer-supplied secrets.

A close-up of the unique pattern of blue glitter nail polish on the center screw.

Conclusion

We are very proud of the Librem 14 and believe that its combination of hardware, firmware, software, and anti-interdiction features make it one of the most secure laptops you can buy.

The post Librem 14 Security Features appeared first on Purism .

Recently I was given two LED desk lamps to improve lighting for video meetings, these are just lamps with three controls, on/off, temperature, and brightness. In the misguided vein of “make it an IOT device with an app to monetize human data” mentality the temperature and brightness control aren’t just knobs on the lamp, no, they are controlled by a proprietary app that you are forced (well… unless you hack it (as I explain below)) to download to your phone or computer. You also have to agree to the terms of service to install and use the application. After installing the app you must “activate” the lamp in the app by connecting it to your WiFi and the Internet.

Full Lamp Stack

This is no longer just a lamp… it is a full computer and WiFi access point. Secondarily it requires a proprietary app to be installed on a phone or computer that cannot be audited for security. Ownership is the ultimate measurement of privacy, security, and freedom; if you don’t own the device fully, you are owned by the developer (and manufacturer) of the device. The only way to own my lamp was to pwn my lamp.

Knowing (from experience) that a device that can access the Internet can create a reverse tunnel into the local network ( autossh ... -R ... ) and my refusal to connect these lamps to my local WiFi and the Internet, I decided I would either a) recycle them; b) only use them in ‘lamp’ offline mode with the default values; or c) see if I can control their access point APIs without ever using (or agreeing to the terms of service of) the proprietary app.

Remember, there is just on/off, temperature, and brightness.

On/off works from both a physical switch on the lamp (right next to the reset button, since you know, it’s now a computer) as well as the app (that I only saw from the screenshots since I never installed it). Temperature controls the blue to yellow colors of the light (and the default is full blue unless you change it). Brightness is about 90% bright by default, and I would like to adjust depending on the time of day.

I thought if I can hack the lamp I could also put together an app that I own that can manage the lamp for my personal purposes. Since I have been following the incredible progress of app development for PureOS and the Librem 5 by using GNOME-Builder, writing a simple app would be a great project-based experiment to fully own/pwn my lamp.

Pwning the Lamp

Seeing that these two lamps are WiFi access points and seeing from the screen shots of the proprietary app that their general flow is to “add” the lamp from the app (which means connect to it as your WiFi Access Point) then connect the lamp to the local WiFi (which then of course gives it unfettered Internet access unless you do a lot of firewall rule guessing/setup at your router) I decided to connect to the Lamp AP and see what I could glean. The (unnamed) manufacturer did setup the APs with unique hex codes appended to their ESSIDs (“Manufacturer 4CDC”), and after connecting to the first lamp (it will take me a long while to not laugh that a lamp is an IOT device) I got the local ip 192.168.1.24 with the access point at 192.168.1.1 . A browser at that address 404’d so I probed the ports and came up with a port open at 8193. A browser hitting that returned a page to connect the lamp to local WiFi. That is a no-go, so maybe there is a web API…

The Web API

A brief search returned the web API URL path that returns a JSON structure {"numberOfLights":1,"lights":[{"on":0,"brightness":28,"temperature":309}]} , so you can read the three values the lamp uses in the one-line data object. A method GET returns the values and a method PUT sets the value. I was now able to connect to the access point and PUT a JSON string to the address:port/path and control the lamps three values. Score: Lamp 0, Me 1.

A quick bash script allowed me to at least power on the lamps and set them to a predetermined temperature and brightness.

Having the ability to pwn the lamps via the web API means I do not have to give up any of my digital rights and can have complete ownership of these lamps, never giving any control the the manufacturer or app developers. Score: Lamp App 0, Me 2.

The App

Liberating the freedom crushing proprietary app and regaining control was fun. It’s not just that it’s a bad idea to connect a lamp to the Internet, it’s also that it’s a bad idea to install a random application you can’t audit on your phone.

GNOME-Builder is amazing (hi Christian). I decided to start a new project, select Python and it immediately started me into a fully-functioning (and buildable) Hello World example project.

I whipped up a quick layout in GNOME-Builder’s View Design tab and began translating bash’s nmcli and wget into Python libraries. After a bit of work learning how Flatpak manifests work to include the necessary libraries (hint: manifests are required learning to solve dependencies within a flatpak), I had a proof of concept app that allows me to connect to a lamp and adjust temperature and brightness.

Securing my Lamp

Now I am able to control the lamps without their ever accessing the Internet from my Librem 5 phone as well as Librem Mini desktop, adding the much needed security to this IOT device. Fortunately because I have a Librem 5 running PureOS, it was relatively simple to replace the proprietary, insecure app with my own simple application that works both on my phone and (through convergent app development) on my desktop so I can keep the lamps in their own private compartment, disconnected from the Internet, and control it with my own trusted app.

The more Internet of Things (or as some call them Internet of Stings ) makes it onto more networks and into more homes, the greater exploitation you and your digital life will suffer. This exploitation is highlighted regularly, today’s example as published by Washington Post, Massive camera hack exposes the growing reach and intimacy of American surveillance , showcases the creepiness of insecure IOT.

Securing IOT

It’s commonplace now for companies to ship devices that take control away from you. In this case I was able to take control back.

Security must be at the foundation of IOT products, if a lamp needs to be an IOT device it can at the very least be developed in a way that the user has complete control over it, doesn’t require signing a terms of service, doesn’t phone home, and doesn’t send a single bit over the network without user request. I made my lamp IOT device do just that.

The post The S in IOT is for Security appeared first on Purism .

There’s an old snarky saying among privacy advocates: “If you aren’t paying for something, you are the product!” This updated version of “There’s no such thing as a free lunch” arose in the Internet age among the ever-growing list of free services and apps on the Internet funded by collecting and selling your data to advertisers. If large companies like Google and Facebook are any indication, a lot of money can be made with user data and the more data you collect, the more money you can make.

The more data = more money formula has meant that privacy on the Internet is hard to come by. There’s just too much money to be made and too little regulation and in some cases too little public will to prevent it. Many people justify the invasion of their privacy with the fact that they are at least getting something for free in return. Indeed many free phone apps or services that show ads to users also offer a paid version that removes ads (although that doesn’t necessarily mean the data collection stops).

You Are Always The Product

As bad as trading your privacy in exchange for an app or service might be, there’s at least some logic and precedent to it. Yet there’s a growing trend among businesses who have realized the gold mine of data they have from their paying customers . They see all the money they are leaving on the table and few so far have been able to resist the urge to copy the business model of Big Data companies. Now that everyone is data mining, we can shorten that snarky saying to just: “You are always the product.”

Most recently T-Mobile made the news by announcing a new program that will, by default, collect and sell customer data to advertisers:

“[S]tarting April 26, 2021, T‑Mobile will begin a new program that uses some data we have about you, including information we learn from your web and device usage data (like the apps installed on your device) and interactions with our products and services for our own and 3rd party advertising, unless you tell us not to,” T-Mobile said in a privacy notice. “When we share this information with third parties, it is not tied to your name or information that directly identifies you.”

Of course T-Mobile isn’t the only cellular carrier doing this. As we mentioned when we announced our AweSIM service , all the major US carriers are working together on a unified customer identifier that according to the AT&T CEO, “would allow marketers to identify users across multiple devices and serve them relevant advertising.”

Naturally, the default these carriers pick is to collect and sell your data and the responsibility is on you to opt out. T-Mobile, like Big Tech firms, realizes that if users had to opt in to having their privacy invaded, they wouldn’t, but making users research how to opt out and go through a convoluted and sometimes confusing workflow to do so, means few people will bother.

This, by the way, is why Big Tech firms fought so hard against the provision of early drafts of the California Consumer Privacy Act (CCPA) that would require users to opt in before they could collect and sell their data. Despite the fact that we at Purism and others argued in favor of the opt in clause , ultimately Big Tech won their concession and the CCPA was weakened to opt out.

Cellular carriers aren’t the only companies double dipping. There is so much money to be made in capturing and selling user data that all companies are taking notice and if you are a publicly-traded company, you may even have a fiduciary responsibility to mine this resource. Not doing so leaves money on the table and puts a company at risk of a shareholder lawsuit for not maximizing shareholder value. Internet Service Providers, credit card companies, and even appliance manufacturers are getting in on the game to wring extra money from paying customers by harvesting their data.

The CTO of Vizio (a television manufacturer) even admitted in an interview that removing “smart TV” features would make their TVs more expensive . Why? They are making so much extra money on the side with user data they would have to make up that difference by charging more on a TV without “smart” features.

Privacy By Default

Some of the questions we get about the AweSIM service (“Q: Would you turn over customer data to law enforcement?” “A: Yes if it were a legal request.”) lead me to believe some people have assumed we created the service with law enforcement in the threat model. AweSIM doesn’t exist for people to commit crimes. Instead as we said in our product announcement we created the service for two main reasons: convenience (“just works on Librem 5 phones”) and privacy. In particular we were focused on protecting your privacy from the major cellular providers because we saw where the industry was headed.

Because we register each AweSIM number in Purism’s name, upstream cellular networks have no direct link between a phone number and one of our customers. We aren’t providing vendor-supplied Android phones loaded with spyware apps that you can’t remove. Instead are providing AweSIM for use in the US on either the Librem 5 or Librem 5 USA , running PureOS not Android, so you are in complete control of your own privacy by default .

With the Librem 5 and AweSIM, there are no pre-installed vendor apps to track what other apps are installed and there is nothing to opt out of. You even have the option of taking your privacy a step further by protecting your Internet traffic as it goes over the cellular provider’s network with a VPN service like Librem Tunnel or Tor. That way, if the cellular provider tries to associate web traffic with a particular SIM, all they will see are a steady stream of encrypted connections to a VPN or Tor node.

No Double Dipping

While companies should protect their customer’s privacy by default whether their product is free or not, it’s particularly discouraging to see that many companies out there are double dipping on their customers. First they get money from you for a product or service and then they mine your data for extra money for as long as you are a customer. In many cases customers have no idea this is even going on.

As a customer, you are empowered to do something about this. Your dollar is a vote, and when you cast your vote for a particular company, insist that they respect your privacy. There should be no double-dipping, and no data mining, especially not without your explicit, informed, consent. Vote for companies that respect your privacy.

The post Data Double Dipping: When Companies Mine Paying Customers appeared first on Purism .

Social media can be a great way to engage with friends and family. But most of the popular services and apps track their users. With Tootle and Librem Social , you can have a great social media experience without your data being exploited for profit.

We at Purism fight against vendor lock-in. We believe you should have full control of your hardware and services. This is the reason we are promoting Tootle with the ability to connect to any Mastodon instance. You are welcome and encouraged to try out Librem Social, but you can take your workflow and even your apps with you if you choose to switch providers.

Once logged in, Librem Social has all the basic features you’d expect from a popular platform. Have fun scrolling your feed or finding more interesting people to follow.

It’s time to take back control of your hardware, data, and social media presence.

The post App Showcase: Tootle appeared first on Purism .

Steady Progress

February was a month of strong and steady progress behind the scenes from operational improvements to a lot more code written and released. Each week we ship an increasing number of Librem 5s out to backers. We also continue to work to locate and expedite more i.MX 8M CPU supply for future Librem 5s—the industry has an overall shortage of components—and as we get firm dates for those secured CPU supplies we intend on sending out shipping estimates to Librem 5 backers.

We have also made progress on the Librem 5 hardware support side. Last month we announced we had finished support for the OpenPGP smart card reader and this month we released a blog post and video that describes how to enable it on existing Librem 5s. We have also made a lot of advancements on camera support and have successfully taken some initial pictures. There is still more work to do to complete the camera driver and get the most out of the camera hardware and we hope to have more announcements on that front soon.

Speaking of the kernel we also published a post that describes in detail the work we have done in the 5.11 kernel including progress on mainline support for the Librem 5 as well as improvements in power management and overall support for the Librem 5 hardware.

On the Librem 5 USA front, it has taken much longer than we have expected to locate and secure new supply chains for all of the components we will need to start production of the PCBA due to some of the unprecedented issues in the electronics supply chain over the last year. We are happy to announce that we have tracked down almost every component now and are optimistic we can track down the one or two remaining components soon so that we can start production on the PCBA in the coming month. The Librem 5 USA will be manufactured at our facility in the US with our secure supply chain and Made in USA Electronics.

What’s Next

March is proving already to be an exciting and busy month for the Librem 5 and we anticipate much of the steady progress from February is going to culminate in big announcements in March. Check out our blog for more frequent updates and to see what we’ve already been up to the first week of March.

The post Librem 5 News Summary: February 2021 appeared first on Purism .

The Librem 5 is designed for longevity with software updates for life, but part of longevity is also being able to repair a device outside of warranty. We plan to stock replacement parts in our shop in case you need to replace your modem, camera, or even the main PCB.

Disassembling your Librem 5 may risk damaging it. Any damage from disassembly is not covered in your warranty. If your Librem 5 is under warranty, please contact support first before you attempt this process.

As outlined in the above video, this blog will go over the steps to take apart the Librem 5. You’ll need a screwdriver; the included sim card tool and something like a pick or spudger.

Make sure to power down PureOS.

Pull off the back cover.

Remove the battery.

Remove 3 screws holding the modem cover. These are shorter than the rest of the screws, so keep them separate.

Remove the sim card tray.

If you have a smart card installed, remove it now.

Disconnect the antennas and remove the modems.

Remove 8 screws holding the back frame on.

There are friction clips around the outside; a guitar pick slid around the outside edge will free these.

Carefully pull the antenna cables from the plastic frame. Pulling too hard will disconnect them from the PCB.

Remove the 2 screws holding down the center frame.

Unplug the main camera and remove the screw hidden by FPC.

The Center frame can be pried out now. There are 2 friction clips at the top left and right of the frame. Use a spudger if you have one.

Remove PCB screws. The 3 at the top connect the antennas, so do not forget to put them back on reassembly.

Liftoff the microphone cover; otherwise, it will fall off, and you may lose it.

Gently pull the HKS alignment up and out.

Remove the 3 HKS switches.

Unplug the Power/Volume FPC.

When removing the PCB be careful of the spring clip against the frame. That is part of the GNSS antenna, so you will not have GPS if it breaks off.

Lift the PCB out until you can see the Display and USB-C FPC cables.

There is a cover over the proximity sensor that is easy to lose; put it in a safe place. If you re-assemble without this cover, the proximity sensor triggers automatically, and it will need to be disabled.

Carefully disconnect the USB C and Display FPC cables.

After unplugging the last two FPC cables, you can altogether remove the Librem 5 PCB.

Putting the Librem 5 back together is just a matter of doing the steps in reverse. If the thermal paste looks good, you can begin by reattaching the PCB to the FPC cables and adding back the proximity sensor cover.

While most people would never need to take their phone apart, and many phones make it almost impossible, if you (or a technician) ever do need to repair a Librem 5 down the road, the Librem 5 has you covered. It is a phone designed for longevity with a battery, modem and WiFi card that are easily user-replaceable and with the remaining components also replaceable with a bit more effort.

The post Disassemble Librem 5 appeared first on Purism .

I talked at length in my article Investing in Real Convergence about my decades-long wish to have a single computer I could carry with me that had all of my files, ran all of my favorite programs, and that I could use as a mobile computer, laptop, or desktop. This past week I have finally realized that dream.

I put away my personal Librem 13v1 and tested out whether I could replace it with a Librem 5, USB-C hub, and Nexdock 2 laptop dock. I also spent a couple hours most work days trying it out for work as well (including writing this article from the Librem 5). In this article I will talk about my setup, experiences and impressions from the past week.

The Setup

First let’s talk about the hardware involved.

Librem 5 docked to a Nexdock 2 using a Baseus USB-C hub, running Tootle, Lollypop, and Firefox

The first thing that is necessary for this setup besides the Librem 5 itself is a laptop dock. From the outside, a laptop dock looks just like a regular laptop, but it is really only a shell with a display, keyboard, mouse, internal battery, and a few ports on the side. A laptop dock has no CPU, RAM, storage or networking of its own and instead is designed to act like an all-in-one monitor, keyboard and mouse that you can connect to a phone. The phone then extends onto the display and you can run your phone’s applications on the larger screen and take advantage of the physical keyboard and mouse while the dock charges your phone.

Because the Librem 5 is designed to have Real Convergence , it runs the same PureOS applications as Librem laptops. All of its applications were simply adapted to work well on the smaller display. This means when you connect the Librem 5 to a laptop dock or monitor, you don’t just get phone apps blown up two times their size, you get the same desktop PureOS applications as on Librem laptops.

On laptop docks like the recent Nexdock Touch, you can connect the Librem 5 directly to the dock with a USB-C cable. In the case of the older Nexdock 2, the support isn’t completed yet so I used the foolproof method they provide for other computers like Raspberry Pis–a HDMI port and USB-C port–only in my case I connected them to a Baseus-branded USB-C hub that is well-supported by the Librem 5.

This hub provided the extra benefit that it kept the Librem 5 upright, which was particularly important to me since I actually use my laptop on my lap. To make this work with the dock I simply attached the underside of the hub to the underside of the laptop dock with a small metal bar and some removable 3M tape like you’d use to mount pictures to a wall.

Using Convergence Mode

To use the Librem 5 like a laptop, I just dock it into the USB hub and press the power button on the laptop dock. The Librem 5 detects the keyboard, mouse and display and automatically enters “convergence mode” which extends the desktop to the new display and changes the windows so that they have close buttons on them and aren’t automatically maximized, so they can be more easily moved between desktops.

Once in convergence mode you can drag applications over to the larger screen with a mouse, however there are also already a number of useful key bindings using the “Super” key (the key between the left Fn and Alt keys) that make convergence mode very keyboard friendly:

• Super + (Left|Right): Tile the focused window to the left or right side of the active screen
• Super + Shift + (Left|Right): Move the focused window to the left or right display
• Super + (Up|Down): Maximize or unmaximize the focused window
• Super + a: Open the App Launcher, where you can type in the name of the application to launch, or select it with arrow keys
• Super + s: Open the App Switcher (similar to hitting the bottom section of the touchscreen on the phone). This allows you to switch between running applications using the arrow keys

While in convergence mode, the dock is keeping the phone charged. I found the Nexdock 2 could run for about two to three hours of steady use unplugged while powering its own display, the hub, and charging the Librem 5. It lasted longer if I closed the display when I wasn’t using it. Since the laptop dock is powered via its own USB-C port you could extend this time with a large battery bank if you didn’t have access to an outlet. Since I normally use my laptop from the same place every day, I tend to leave it plugged in anyway.

When I’m done using the Librem 5 like a laptop, I just remove it from the hub and it automatically leaves convergence mode. All of the running applications move back to the phone screen and resize and maximize to fit. The laptop dock automatically powers itself down.

My Experience

I don’t do video editing or other heavy tasks on my laptop and for the most part my needs are pretty simple: web browsing, chatting, email, writing, listening to audio and watching video. In many ways even before this experiment my Librem 5 had already replaced my personal laptop. It had already become the primary computer I used for podcasts and videos (using gPodder and VLC), as well as for social media and light web browsing. That said, I still found myself opening my laptop in the past whenever I needed to type more than a few sentences in chat, an email, or a document. I also found it a bit more convenient to do heavier web browsing (like when researching something across multiple tabs) on a larger display.

Given my relatively simple use case for my personal laptop, I had high hopes that the Librem 5 could replace it and the Librem 5 didn’t disappoint . In fact, what I found was that the addition of a laptop dock made the functions I had already moved over to the Librem 5 even more useful. With a large screen, I could more easily multitask, such as chat in one window while a video was playing in VLC tiled to the side of the large screen. The addition of a physical keyboard also made chat, email, and overall writing much more convenient.

I found that I preferred the multi-monitor setup that convergence mode defaults to and use both screens at the same time. I leave certain applications like my social media applications or gPodder on the phone screen. Then terminals, email, web browsers, chat applications, and video playback would be on the laptop screen with windows tiled either to the left or right-hand side.

Since the phone is close to my left hand, I found I use the phone touch screen to interact with applications there instead of the mouse. It’s convenient to reach over and scroll through new social media posts on the phone screen instead of moving the mouse over. The fact that the Nexdock touchpad defaults to multi-finger scroll that moves in the opposite direction of the Librem 13 touchpad took a lot of getting used to.

I tend to be keyboard-centric on my regular laptop and this is no different on this setup. I made heavy use of the existing keybindings along with alt-tab to switch between and manage windows. After a short amount of time I got used to hitting Super-a, typing the name of an application, and hitting Enter, then hitting Super-Shift-Right or Left depending on which screen I wanted it on. I find the keyboard to have good tactile feedback and while it’s no Model M keyboard (but sigh , what is?) it’s pleasant to type on and better than some island keyboards I’ve tried.

My Impressions

The Librem 5 can definitely replace my personal laptop and I’ve already transferred any remaining files from my laptop over to it, powered down my laptop, and put it away. My laptop has a faster CPU and more RAM, so I expected when I used the Librem 5 like a laptop I might more readily see any performance differences it might have compared to using it like a phone.

I have to say, though, that this Librem 5 surprised me in how well in performs, in particular how well it works when multi-tasking between applications. Web browsing works surprisingly well, and although I do typically keep Firefox in “mobile mode” so I get lighter weight websites designed for a mobile browser, I actually prefer that mode on the larger screen as it often results in cleaner, simpler web pages.

While it’s still early days for phosh acting as a full desktop shell, it already works quite well in that mode. While it’s not as full featured as the default GNOME shell on the desktop, many of the basic important features are already there (since they are already there when in phone mode) and work as you might expect on the larger screen. As more of us use the Librem 5 in convergence mode now, we are seeing rapid advances for the desktop use case.

My hacky USB hub mount works surprisingly well and is strong enough to hold up the weight of the phone while the laptop dock is on my lap, but I also make a point not to put too much extra pressure on it, just in case. While I’ve seen other mounting options that attach a phone to the screen, I find I like having the phone’s touchscreen within a closer reach.

One area that’s a bit less convenient is the extra step of having to dock the Librem 5, open the laptop dock lid, and power it on to switch to “laptop mode” compared to just opening the lid of a suspended laptop. It’s a minor inconvenience though, since I just use the Librem 5 in “phone mode” for quick tasks anyway–if I’m breaking out the laptop it’s for a longer session. For people who would use the phone in “desktop mode” connected to a monitor and keyboard/mouse, it wouldn’t be any less convenient than docking their laptop into a docking station.

Using the Librem 5 for Work

Something that surprised me even more was how well the Librem 5 performed to replace my work laptop. My work use case is a bit more complicated than my personal one, mostly due to the security requirements. Otherwise for the most part my primary work tasks involve email, chat, and web-based tools, along with some writing and light development work from time to time.

I should note that my work laptop is a Librem 13v4 with twice the RAM of my personal laptop because I make heavy use of Qubes and its compartmentation features on my work laptop to provide me extra security. I separate chat, web browsing, email, and other functions into separate VMs that can’t directly talk to each other. I also make heavy use of disposable VMs whenever I have to open a potentially risky document or website. Because of those extra compartmentation features Qubes provides, I don’t know that the Librem 5 could replace my work laptop, yet, but wow is it close .

Now that the OpenPGP smart card reader is supported , I copied my Purism GPG subkeys over to a new smart card and migrated my email settings over to the Librem 5 along with my password manager database for work. I also set up a new compartmentalized web browser with its own profile and settings that I used only for work.

Email works just like it did on my work laptop. Web browsing and web tools also work reasonably well. Chat is probably the main area that, today at least, still needs a bit of work to replace my work laptop, due to the fact that Matrix with e2ee support is still under heavy development. I’m actually trying out an experimental branch of Chatty that contains support for encrypted Matrix chat, but it’s not quite ready to replace a traditional client.

My conclusion for work is that the Librem 5 as it is today would at least be able to replace the need to take my work laptop with me when traveling. Fully replacing my work laptop would probably need to wait until we make further advancements in flatpak sandboxing using bubblewrap, so I have some of the protections I’ve gotten used to in Qubes that give me extra peace of mind.

Welcome to the Future

Using a phone that has real convergence like the Librem 5 is a complete game changer. It feels like I’m getting a sneak preview into the future of personal computing. In many ways it’s hard to explain what it’s like, you kind of have to see it yourself to understand why this is so groundbreaking. Having all of the same desktop applications and all of my files with me in my pocket, and having those same running applications morph to a larger screen automatically, changes how you think about phones and their potential.

Calling the Librem 5 a phone doesn’t do it service. It’s really a mobile computer, a desktop in your pocket. Using it like a laptop or desktop computer really opens your eyes to all of the possibilities, and underscores to me all of the things I’ve been missing with other phones.

The post My First Week of Librem 5 Convergence appeared first on Purism .