Purism Librem 15
I've been a fan of Free Software for quite some time, but for the most part I've found my opinions lean in the more pragmatic Bruce Perens Open Source camp. I value free software ideals but also accept other Open Source licenses that may not meet the strict definition of Free Software. I also don't refer to it as GNU/Linux. In the past, I didn't care all that much if I had to use a binary blob to get a wireless card or video card working as long as it worked, and I definitely never cared that my BIOS was proprietary software.
Then the Snowden leaks happened. The sheer depth and breadth of the loss of privacy motivated me to step up my game in terms of overall security and focus on privacy. In the past it would seem rather paranoid to think that there might be some sort of NSA-sanctioned spyware in a binary blob, firmware, or the BIOS. After the Snowden leaks and the subsequent disclosures about the ANT catalog, these things stopped seeming so far-fetched. I found myself leaning more toward the Stallman camp. One of the only ways to be truly sure that you don't have a backdoor on your system is to be able to see the source code for all of it from the browser plugins to the kernel drivers all the way to the BIOS.
It turns out it's rather difficult to have a fully Free Software laptop. Even if you can pick hardware that can use Free Software drivers, there's still that pesky BIOS. While coreboot and libreboot are great Free Software BIOS implementations, to get it on many laptops requires hardware BIOS chip flashing with pomona clips--the kind of thing I wasn't ready to brick a laptop to try. Like other privacy advocates, I turned to the old Thinkpad X60 laptop series. While it's old, underpowered, and has a low-res screen by today's standards; the keyboard is great and more importantly, you could flash its BIOS with coreboot or libreboot from within Linux itself--no hardware hacking required. So that's what I did.
The Purism Project
What I kept wishing for, was a laptop with more modern specs but with the same fully free software stack. The Novena project took this a step further with open hardware as well, but I just couldn't justify the price for their laptop option considering it didn't come with a keyboard and didn't look like it would actually be that usable on a lap. Then a few weeks ago I found out about the Purism Librem 15 laptop crowdsourcing campaign. Here was a laptop that aimed to be fully Free Software from the BIOS on down that looked and functioned like a normal laptop. I contacted the CEO Todd Weaver and it turned out he lived in my neck of the woods so I was able to sit down with him and chat about the project. Weaver is a Linux and hardware geek and has been using Linux and Debian in particular for quite a long time. In chatting with him it became clear that he really does believe in Free Software (one goal for the Librem 15 is full approval from the Free Software Foundation) and he also is very open to feedback for the design both from a Free Software and a privacy and security perspective and clearly wants to make a high quality laptop.
His crowdfunding campaign ends on January 31st, 2015 and as of yet there hasn't been a full review of the Librem 15 hardware so I was excited when he offered to let me take a prototype home with me to try it out. I've used it off and on for over a week now and below are my thoughts.
Before I talk too much about the hardware, I'd like to start with a few caveats. First, the hardware I'm reviewing is a very early prototype so my expectations are much different than if this were a finished product. This laptop case had been unscrewed and opened many times to examine the overall layout and take pictures (and Weaver gave me permission to open it up if I wanted to--it just requires removing some screws along the bottom). The BIOS on this particular prototype hasn't even been flashed to Coreboot quite yet.
Second--and this is one of the more interesting parts about the Librem 15--since I received the laptop quite a few of the hardware specs have changed in response to feedback from supporters of the project. For instance, the model I have uses an Intel i7-4712MQ CPU with an NVIDIA GT840M for 3D graphics but in response to backers who were interested in running Qubes (a security-focused Linux distribution that isolates individual software tasks into their own VMs) the CPU has changed to an Intel i7-4770HQ that supports virtualization extensions but that also means that it will need to use the onboard Intel Iris Pro Graphics 5200 card. That said, he will still have some laptops with the older specs for those who prefer it. In addition, the original design supported up to 8GB RAM. While that is more than enough for someone like me, to run something like Qubes or other heavy virtualization use the motherboard has been changed to accommodate up to 32GB RAM in case you need it. Finally, when the first prototypes were created, it wasn't clear yet whether high resolution displays would be available so my prototype has the original 15.6" 1080p 1920x1080 display. In the week since I got the prototype 15.6" 4k 3840x2160 displays are now an option. Here are the current hardware specs:
- 15.6" display in either 1920x1080 or 3840x2160
- 4 Core (8 Threads) 3.4GHz Intel i7-4770HQ
- Intel Iris Pro Graphics 5200
- 375mm x 244mm x 22mm 2.0Kg
- 4GB Mem (up to 32GB)
- 500GB HD (up to 1TB HD or 1TB SSD)
- CD/DVD ROM Drive (or extra drive bay)
- 48 Wh lithium polymer battery
- 65W power adapter
- Three USB 3.0 ports
- One HDMI port
- One Pop-Down RJ45 Network port (r8169)
- 802.11n WiFi (ath9k)
- 720p camera
- HD Audio
- Mini-TOSLINK optical fiber connector
- Full-size backlit keyboard
- SDXC card slot
"Is that a Mac?"
One of the first things you will notice when looking at the Librem 15 is just how many design cues seem to be taken from Macbooks. There is the metal-tone case and the black backlit island keyboard and a number of times when I had the laptop out in public I was asked whether it was a Mac. While I have my own personal biases that I'll get into in a minute, I can understand the decision given the popularity of Macbooks (in particular in the San Francisco Bay Area where both Weaver and myself live). Even the Lenovo Thinkpad laptop line over the last couple of iterations has taken to copying the Macbook with island keyboards and buttonless trackpad mice.
So let's get some of my personal biases out of the way. I have long preferred small laptops. My first laptop was a tiny Toshiba Libretto 50CT (about the size of a VHS tape for those of you who remember what those are) and I moved on to the 10.6" screen of the Fujitsu P series for a number of years. It wasn't until I got my N900 to serve as my truly portable Linux computer that I was willing to get something as gigantic to me as a X series Thinkpad with a 12" screen. I also prefer trackpoint mice and dislike and have always disabled the touchpad on any of my work-assigned laptops that had one. Finally, I'm a keyboard snob. At home I use a vintage IBM Model M keyboard and at work I use a modern buckling spring Unicomp. Oh and I don't like Macs. I'm acknowledging all of my biases up front because I realize my tastes are pretty specific and so I tried to review the hardware while putting all of that aside.
So how did the hardware fare? The laptop is definitely larger than most I'm used to and while at least for me it was a little big to comfortably use on my lap, I did find myself getting used to that big screen pretty quickly (and that was even the lower-res 1920x1080 screen). It was nice to have a full browser window, a large text editor and a terminal visible at the same time. While I understand the choice of a buttonless touchpad mouse (Weaver picked it to allow multi-touch capabilities) I'm just not used to them and found my wrists sometimes hitting the mouse and moving it (although that's something that will apparently not happen in the final laptop). I ended up using one of the Fn keys to disable the mouse when I didn't need it (which if you've read my Dr. Hjkl articles you realize was most of the time). Speaking of the function keys, one nice hardware feature that will appeal to privacy advocates is the fact that the Librem 15 will have separate function keys to remove power to both the webcam and the microphone.
The keyboard was actually OK for a laptop keyboard, which surprised me. First, such a large laptop provides you with plenty of room to have a full-size keyboard including number pad. More importantly, while this has the modern island keyboard style that I don't really care for, the tactile feedback on this particular one was a lot better than other island keyboards I've tried. You get a much more solid feel when you've pressed a key than with say, a modern Thinkpad X240 island keyboard. That said, I sat this laptop side-by-side with an X60, X200, and X240 for comparison (comparing any of these against a Model M just isn't fair) and I think my personal preference would go X60, X200, Librem 15, and last the X240. While the tactile feedback for the Librem 15 is nice, I realized when comparing all of these keyboards that what I liked the most about the X60 in particular is that the older style keyboard allowed for quite a bit more key travel in addition to the solid tactile feedback. For me at least, that translates into faster and more accurate typing.
Given that the graphics card is going to be different in the bulk of the production Librem 15 models, I didn't do a lot of graphics card testing on this prototype. That said, the machine felt snappy enough for me and given that you can swap out the CD-ROM drive for a hard drive, you could easily rely on a fast SSD for your primary drive and use a secondary large-capacity platter drive for bulk storage (although while the laptop touts up to 8 hours battery life, being able to swap the CD-ROM for a battery would have been even better). Because all of the hardware was selected because of the ability to use completely free software drivers, as you might expect I had no issues with Linux support. That said, for this particular model I did have to boot Tails into failsafe mode to get it to properly initialize the graphical login but I imagine that won't be an issue with the final laptop with Intel graphics.
The Librem 15 uses the Trisquel distribution which wasn't a distribution I had heard of before now. Basically it's a Debian-based distribution that not only removes the non-free repository by default, but it has no repositories at all that provide non-free software. It was picked for the Librem 15 because it is on the list of official FSF-approved GNU/Linux distributions and since that laptop is aiming to get the FSF stamp of approval, that decision makes sense. Since it's a Debian-based distribution, the desktop environment and most of the available software shouldn't seem too different for anyone who has used a Debian-based distribution before. Of course, if you do want to use any proprietary software (like certain multimedia codecs or official Flash plugins) you will have to hunt for those on your own. Then again, the whole point of this laptop is to avoid any software like that.
As I mentioned before, Free Software doesn't just exist on the OS itself--all of the hardware was chosen so that it didn't require proprietary binary blobs including the video, wireless and Ethernet cards. The BIOS is also slated to be replaced by Coreboot--an Open Source BIOS replacement--although even in that case there is still one piece of proprietary software still required to boot the laptop: the Intel Management Engine. This piece of code helps initialize the hardware at boot time and up to this point has been loaded as a binary blob even in Coreboot. Some believe the Management Engine has the potential to contain a backdoor into the system which is another reason for the popularity of the X60 for the privacy-conscious (no Management Engine). That said, Weaver is committed to working with Intel to open up the Management Engine code and allow Purism to compile its own Management Engine code although as of the date of this writing that has not yet happened. One important step toward that goal has been achieved however. Purism announced on December 18 that the Librem 15 will be unlocked to allow the execution of unsigned firmware. From their announcement:
Purism’s Librem 15 will ship with an Intel CPU fused to run unsigned BIOS code, allowing a future where free software can replace the proprietary, digitally signed, BIOS binaries.
Commenting on this boon to consumer freedom, Dr. Richard M. Stallman, president of the Free Software Foundation (FSF), states, "Getting rid of the signature checking is an important step. While it doesn’t give us free code for the firmware, it means that users will really have control of the firmware once we get free code for it."
There isn't too much more as of yet to report on the software front apart from a few privacy-enhancing tweaks that Purism has set up on the Trisquel desktop. The default browser comes with Tor integration by default and when you enter Incognito mode, all browser traffic automatically routes through Tor. That in addition to hardware keys to disable the webcam and microphone are nice touches and show that Purism wants to reach out not just to Free Software supporters but also the privacy conscious as well. It will also be interesting to see what sort of tools they put in place to allow BIOS updates down the line, as that's something that traditionally can be tricky with proprietary BIOSes under Linux but should be simpler with something like Coreboot.
While the Librem 15 doesn't necessarily match my personal tastes for laptop hardware due to the overall size and the mouse in particular, the mission of the company definitely does. Up until this point there were few options for laptops that ran purely Free Software, much less any that had modern hardware and a modern look and feel. I believe Purism genuinely wants to create a quality laptop that will appeal both to the Free Software community as well as privacy advocates and the Librem 15 is a nice start. In this era of pervasive surveillance, rootkits bundled with corporate software, threats of hardware backdoors by nation states, and the overall increasing sophistication of attacks, I think Purism is on to something here. As more people value transparency as a means toward security, a computer that can provide the source code for every driver, application, and firmware it uses becomes more valuable.
One sticking point for some people interested in the Librem 15 might be the price. The initial crowdfunding campaign level offered an initial price of $1449 but at the time of this writing the next available level starts at $1649. That said and economies of scale aside, I think it's more fair to compare this laptop to some of the offerings from other companies that sell and support laptops with Linux pre-installed or possibly the desktop or laptop offerings from the Novena project. In those comparisons while the Librem 15 isn't cheap, it's competitive. Given the limited options in this area it's not unreasonable that modern laptops with custom penguin "Super" keys that come with Linux pre-installed and supported might cost more than a mass-market laptop from a local electronics store.
The good news if you are interested in the project is that as the hardware gets finalized there is an opportunity to provide your own feedback and to help shape the features in the final laptop. The crowdfunding campaign runs until January 31st, 2015 so there's still time to order hardware and support the project.
Kyle Rankin is VP of engineering operations at Final, Inc., the author of many books including Linux Hardening in Hostile Networks, DevOps Troubleshooting and The Official Ubuntu Server Book, and a columnist for Linux Journal. Follow him @kylerankin
- FinTech and SAP HANA
- Preseeding Full Disk Encryption
- William Rothwell and Nick Garner's Certified Ethical Hacker Complete Video Course (Pearson IT Certification)
- Two Factors Are Better Than One
- GRUB Boot from ISO
- Hodge Podge
- HOSTING Monitoring Insights
- Three EU Industries That Need HPC Now
- Two Ways GDPR Will Change Your Data Storage Solution
- Minifree Ltd.'s GNU+Linux Computers