1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-12-22 12:51:34 -05:00

Add periods

Signed-off-by: Tommy <contact@tommytran.io>
This commit is contained in:
Tommy 2024-06-10 11:37:34 -07:00
parent e24e10742c
commit 319e6714c7
Signed by: Tomster
GPG Key ID: 555C902A34EC968F

View File

@ -144,19 +144,19 @@ The problem with this design is that everything hinges on the boot block doing i
Purism sells their laptops with PureBoot, a fork of Heads. It works in pretty much the same way, with a few extra features. Purism sells their laptops with PureBoot, a fork of Heads. It works in pretty much the same way, with a few extra features.
They claim that: They claim that:
- It can protect against firmware tampering - It can protect against firmware tampering.
- PureBoot is somehow better than other laptops - PureBoot is somehow better than other laptops.
- They [disable the ME (setting the HAP field to 1), then wiping most of it with `me_cleaner`]() - They [disable the ME (setting the HAP field to 1), then wiping most of it with `me_cleaner`](https://puri.sm/learn/intel-me/).
- They ship the CPU unfused - They ship the CPU unfused.
- They are not vulnerable to UEFI firmware vulnerabilities which lead to Boot Guard bypasses - They are not vulnerable to UEFI firmware vulnerabilities which lead to Boot Guard bypasses.
- They have developed a special "blob jail" for their Wifi card - They have developed a special "blob jail" for their Wifi card.
This is a far cry from reality, however: This is a far cry from reality, however:
- It cannot protect against firmware tampering as discussed in the Heads(/#heads) section - It cannot protect against firmware tampering as discussed in the Heads(/#heads) section
- Other laptops can protect against firmware tampering with Boot Guard - Other laptops can protect against firmware tampering with Boot Guard
- They only set the HAP field now, but you have to find that out through a [forum post](https://forums.puri.sm/t/librem-14s-me-disabled-but-not-neutralized/12238) - They only set the HAP field now, but you have to find that out through a [forum post](https://forums.puri.sm/t/librem-14s-me-disabled-but-not-neutralized/12238).
- The "blob jail" is not special. It is an imitation of how the `linux-firmware` package works, and its sole existence is only because they are refusing to ship `linux-firmware` through the distribution because of ideology. The blobs inside of the "blob jail" are not any more isolated than the blobs provided by `linux-firmware`. - The "blob jail" is not special. It is an imitation of how the `linux-firmware` package works, and its sole existence is only because they are refusing to ship `linux-firmware` through the distribution because of ideology. The blobs inside of the "blob jail" are not any more isolated than the blobs provided by `linux-firmware`.
- Because of how much they have crippled hardware security, [Librem laptops are at HSI level 0](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=Purism&host_family=Librem+14&host_product=Librem+14) - Because of how much they have crippled hardware security, [Librem laptops are at HSI level 0](https://www.fwupd.org/lvfs/hsireports/device?host_vendor=Purism&host_family=Librem+14&host_product=Librem+14).
### RYF and the Illusion of Freedom ### RYF and the Illusion of Freedom