|
|
Log in / Subscribe / Register

PureOS: freedom, privacy, and security

By Jake Edge
December 23, 2020

A recent blog post from Purism—the company that developed PureOS to run on its security-focused hardware—celebrates three years of FSF endorsement of the Linux distribution. While this endorsement is an achievement that is not as highly valued by our communities as one might think, the work done to obtain and maintain that endorsement is useful even to those who disdain the FSF or disagree with its definition of what makes a distribution "free". While Purism and PureOS have been on our radar for a few years now, it seems worth a look at where things have gone with the distribution—and the company behind it.

The blog post notes that PureOS and Purism "sit on a three-legged stool of Freedom, Privacy and Security". The three are intertwined, of course, since PureOS consisting of only free software allows users to ensure there are no antifeatures being slipped into the OS or applications that would impact their privacy or security. Beyond that, free software is an excellent defense against various software supply-chain attacks; in addition the scrutiny of the code afforded to free software, it can also be built in a manner that provides more security:

Finally, free software has a gigantic advantage over proprietary software in supply chain security due to Reproducible Builds. With Reproducible Builds you can download the source code used to build your software, build it yourself, and compare your output with the output you get from a vendor. If the output matches, you can be assured that no malicious code was injected somewhere in the software supply chain and it 100% matches the public code that can be audited for back doors. Because proprietary software can’t be reproducibly built by third parties (because they don’t share the code), you are left relying on the package signature for all your supply chain security.

PureOS is a Debian derivative that consists of a stable "Amber" release, as well as a rolling "Byzantium" release. Amber is based on Debian 10 ("Buster"), while Byzantium pulls packages from Debian testing. Because PureOS only includes free software, it only pulls from the "main" archive, not "contrib" or "non-free" because they contain packages that do not comply with the Debian Free Software Guidelines (DFSG).

The system is customized to make various tweaks, including adding kernel patches for security, enabling AppArmor, and defaulting to a Wayland-based GNOME desktop. It also installs a browser that is configured for better privacy and security; originally it was Firefox-based, but that has changed to GNOME Web (formerly known as Epiphany) more recently. It also comes with DuckDuckGo as the default search engine, rather than alternatives that hoover up vast amounts of information about searches and clicks to enable "better" advertising.

PureOS will run on most desktops and laptops that will run Linux, which is not really a surprise. Some hardware may not work (e.g. laptop WiFi) because it needs a proprietary binary blob, but users can install those pieces from elsewhere if desired. But the mobile version of PureOS is not likely to run on existing phone hardware, which, as the PureOS FAQ notes, generally requires binary blobs. Those blobs typically only work with specific older kernels that are not supported by Mobile PureOS, which uses recent mainline kernels.

For PureOS on phones, Purism now offers its Librem 5 phone. It was originally crowdfunded, and has taken a somewhat circuitous route to mass production (leaving some rather unhappy with Purism), but it is designed with the three legs of the stool in mind. For example, it has hardware kill switches to disconnect various peripherals, such as the cellular modem, microphone, camera, and WiFi. Naturally, it does not need any binary blobs for its functionality either.

Other hardware, such as laptops (Librem 14 and 15), mini-PC, and servers, have also been designed with privacy and security in mind. The laptops feature hardware kill switches for the camera and microphone, for example. Any of the hardware can be ordered with the company's anti-interdiction service that provides customized mechanisms to enable recipients to detect hardware tampering during shipping. These include tamper-evident tape on the system and its box, glitter nail polish on screws, and pictures of all of that sent separately, encrypted with GPG.

Beyond that, users can also order the PureBoot Bundle that couples the PureBoot security-oriented firmware with a pre-installed Librem Key, which is a tamper-resistant USB OpenPGP smart card. The Key will come with a GPG key that will be installed as the secure boot key for the system; it will be shipped separately, perhaps to a different address, to the new owner before the system is shipped. The Librem Key is configured such that it will blink its LED to indicate if the firmware has been tampered with en route.

PureBoot is based on coreboot and has neutralized and disabled the Intel Management Engine (IME), which is an intrusive part of the firmware that has had a number of security flaws identified in it over the years. Users wanting to fully control their systems will want to get rid of as much of IME as possible. The Heads boot software is used to detect tampering with the firmware as well.

It all adds up to a pretty impressive story for those who are concerned about their security and privacy. That story, painted via the huge number of blog posts and other documentation available from Purism, may be somewhat off the mark, however. There have been other complaints about the company, its products, and its behavior, beyond those that were mentioned here as well. There are clearly some problems to be addressed, but the ideas and concepts behind the hardware and software seem sound.

As might be guessed, security and privacy features do not come for free—or even inexpensively. The Purism hardware products are generally quite a bit more expensive than their less secure competitors, but the availability of the systems and services is a boon for those who need that level of assurance.

To a large extent, we humans have sacrificed our freedom, privacy, and security on the altar of convenience—and low cost. Over the years, LWN has looked at various aspects of these problems, including the recent efforts by Mozilla to "take back" the internet from the forces of surveillance capitalism (inspired, in part, by The Social Dilemma movie). In early December, we also looked at the movement away from allowing general-purpose computing on our devices; hardware like that provided by Purism is a way around that problem—at least for now.

But the bottom line is that these options will only exist if at least some consumers are interested in buying them. Purism looks to have a lot of the right answers, but, with any luck, the market will be large enough to support multiple options for hardware and software of this sort. PureOS and PureBoot are all free software that can be adopted and improved by others as needed. In order for that to go anywhere, though, people are going to have to start changing their thinking and prioritize freedom, privacy, and security over convenience and price. In truth, that all seems rather unlikely, sadly.


Index entries for this article
SecurityDistributions
SecurityPrivacy

The LWN site is currently under high scraper load, so comment display has been suppressed for anonymous users. If you are a human, you may read the comments by clicking the button below:

Note: you can avoid this step in the future by logging into your LWN account.


Copyright © 2020, Eklektix, Inc.
This article may be redistributed under the terms of the Creative Commons CC BY-SA 4.0 license
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds