Hardware

Hardware maintenance recommendations

  • Clean the hardware: Regularly clean the keyboard, screen, and exterior of your device to prevent dust accumulation. Use gentle electronics-friendly cleaning agents and clean microfiber cloths to avoid damage. Avoid getting cleaning agents near exposed power and data ports.

  • Check for hardware issues: Periodically check the health of your hardware components, such as the battery and storage drive. Native tools in PureOS can help monitor the health of your storage devices.

  • Manage storage: Keep an eye on your storage usage. Remove unnecessary files and applications to maintain optimal performance.

  • Optimize performance: Regularly review and optimize startup applications and services to improve boot times and overall system responsiveness.

  • Battery care: If you frequently use your laptop on battery power, avoid letting the battery drain completely. Try to keep it between 20% and 80% charged for optimal lifespan.

  • Use a cooling pad: If you use your laptop for resource-intensive tasks, consider using a cooling pad to help manage temperatures and prevent overheating.

  • Check for PureBoot updates: Occasionally check for PureBoot firmware updates, as these can improve performance and security.

  • Review privacy settings: Regularly review and adjust privacy settings in your operating system and applications to ensure your data is protected.

FAQ

What is a Librem?

The Librem name originated with the desire to make a truly freedom respecting laptop and phone. Libre is an adjective meaning “free, at liberty” and is used to distinguish it from gratis which means “free of charge”. Libre is used extensively in the GNU/Linux community to show that software is free in the sense that its source code is available as opposed to non-free software where the source code can not be viewed. Libre also translates easily to a variety of languages. The “m” was added to help it roll of the tongue.

What are the benefits of using a Librem?

The Librem runs PureOS as its operating system. This operating system is based upon the Linux kernel and is viewed by privacy and security experts as being incredibly secure. This is due to it being free software where the source code is available, meaning that people with proper technical skill can easily read, view and understand the language of the operating system. Operating systems that you are used to such as Windows and OS X are non-free and the source code is held by Microsoft and Apple. This non-free software, where the source code is not available in proprietary OSes makes it impossible to fully read and understand the computer language thereby making it impossible to fully know what your Microsoft or Apple based computer is doing or if it is secure.

Why do Librem devices cost so much? What are the benefits of paying more?

We are working hard to lower the price of the Librems. In fact, we were able to reduce the price of the Librem 13 in April 2016 by over $200! In the simplest terms, it is the sheer economics of supply and demand. As there is more demand for privacy respecting and secure computing, the price will come down because as we will be able to order more parts for our wonderful computers.

The truth is that we need capital in order to grow as a business. We are already working with thin margins. The benefits to supporting a privacy and security focused computer manufacturer are vast but the decision to help us is yours.

How do the Hardware Kill Switches (HKS) work? Why do they matter?

Hardware killswitches physically sever the power connection to the microphone/webcam and the WiFi/Bluetooth radios in the device. There have been several cases where either big government agencies or nearby hackers have remotely accessed these devices to turn on computers or otherwise view or listen in through the microphone or web camera. Software solutions of turning the camera on and off can be easily bypassed. The HKS physically cut the electronic circuit to the accessory. Without power, they do not work. When the switches are thrown the accessory is, quite simply, off, and can not be remotely turned back on.

This matters as a security feature and for your own piece of mind. No longer do you have to worry about private communications being recorded or someone looking back at you through the webcam. Parents can especially enjoy this feature to help protect their children.

The switch for the WiFi can be thrown and along with pulling out the Ethernet cord will ensure you the convenience of true offline computing. Then when you want to use either the microphone/web camera or the WiFi/Bluetooth, simply return power to the accessory by turning the switch.

What are Librem cases made of?

The outer shell is solid aluminum with a black anodized finish.

Are the cases made by Purism, or are they from a third party?

They are custom fabricated for us.

Will the Librem have replacement and upgrade parts?

Yes, it is possible to order replacements for the wireless card, RAM, 2.5” SATA drive and M.2 SSD, power adapter. Batteries are available within the USA, international shipment for batteries is on a case-by-case basis (due to carrier restrictions such as this: Shipping lithium batteries).

What CPU/RAM/storage options are available?

Please refer to our products for more information.

Do Librem laptops with coreboot support booting from USB key or SD/MMC slot?

Yes, just press ESC when the Purism logo appears, then select your device to boot.

Would I be able to install (myself) my own choice of WiFi card, RAM, second HDD/SSD and M.2 SSD?

Yes, you can unscrew the back and add your own upgrades, like storage, RAM or WiFi card. Aluminium 2.5” SSD mounting frame required for mounting 2.5” disk is not included if you do not order 2.5” disk, but you can purchase it from our Shop.

Are you looking to offer a AMD-Radeon/Ryzen-Vega or nVidia GPU option for laptops in the near future?

No. This hardware requires proprietary firmware to function, therefore not aligned with our philosophy. However, we are monitoring the development and will consider them if something changes in the future.

Can I install a different OS on my Librem laptop?

While we are preloading PureOS which, alongside Parabola, Trisquel and few others, is the strictest of GNU/Linux distributions (we strip all binary blobs from the Linux kernel) you can easily install any less strict up-to-date GNU/Linux distribution, such as Fedora, Debian and Ubuntu. You can even install them alongside PureOS, and simply choose what OS to run from the boot screen.

We have not tried installing a non-GNU/Linux-based operating system, but the Librem is your computer, so you can do with it whatever you wish, even if that includes installing non-free Windows or other operating systems. We obviously don’t recommend this, but it is your computer to do what you wish with it.

Do I need special proprietary hardware, software or cables to use a Librem device?

No! We hate those proprietary things! Your Librem will work with industry standards such as HDMI, USB, hardware after market parts and all software is free and libre. RAM, hard drives or solid state drives, batteries and power supplies are all “off the shelf” and available for purchase from online and big box stores.

Can I buy a Librem laptop with a proprietary BIOS/UEFI?

No. We ship all devices with PureBoot. We do not ship any devices with proprietary BIOS/UEFI.

Do Librem devices use non-ECC RAM or ECC RAM?

Non-ECC. ECC RAM requires motherboard modifications in addition to selecting a CPU that supports ECC, such as the Intel Xeon family of processors.

What is an OpenPGP card?

An OpenPGP card is a “smart card” that is integrated with many OpenPGP functions.

This card contains your GPG cryptographic keys, where they cannot be extracted (meaning no one can steal them), yet you can use them to sign/encrypt emails, text files, etc.

Our Librem Key contains an integrated and open PGP smart card.

What is the Librem Vault USB drive?

The Librem Vault is a plain USB flash drive, gold colored, with a “Librem Vault” label. It is used to store your Librem Key’s public GPG key (a text file with .asc extension). The Librem Vault drive is required for certain operations with PureBoot, such as an OEM factory reset of the PureBoot.

What is the difference between various storage options you offer?

Librem laptops support two types of storage form factor: standard 2.5” size and newer m.2.

Standard 2.5” supports the SATA interface; disks are mostly cheap and available in larger capacities. For Librem laptops, they require an aluminum frame to hold them in place. The maximum disk height that will fit in Librem devices is 10mm.

m.2 supports SATA and PCIe interfaces. Both SATA and PCIe M.2 are very similar from the outside: they are smaller, compact and easier to install, compared to 2.5” disks. To install one in a Librem laptop, you only need a single screw. Librem laptops support B+M and M keyed 2280 sized disks (the sockets themselves are M keyed).

What is the difference between various USB flash drive options you offer?

You have the option to select a USB flash drive to your order when ordering a Librem laptop or Mini. They are 16 GB (5 Gbit/s max speed) and offer 3-in-1 USB port support: USB-C, USB-A and mini-USB. You can also order a USB flash drive separately.

However we do not ship them empty; they come with a bootable system, meaning you can boot a system from them. You can select from following options:

  • PureOS OEM → OEM installer: it will boot into a working system where you can run an installer and pre-configure your computer for PureOS. After you boot into the installed system for the first time, you should follow the PureOS installation guide.

  • PureOS live → a “live” system: it will boot into a working system. You can use it just like a usual PureOS system, but it runs entirely from the USB flash drive and does not write to your internal hard disks. From the “live” session you can start system installer if you like and install (or re-install) PureOS to your internal hard disk drives. (See PureOS live system installation)

  • Qubes OS → Qubes OS installer: it will start Qubes OS system install procedure so that you can install Qubes OS on your computer. Qubes OS is not developed by Purism, so refer to Qubes OS documentation if you need help with this operating system.

Note

In any case you can simply format the USB flash drive and use it as a portable USB storage device (Purism branded).

Security

Why should I be concerned about security and privacy issues on my computer?

The same reasons you are concerned over unwanted people entering your property, peeping through your windows, or installing cameras in your house. These same physical rights apply directly to digital rights. You should not want unwanted people having access to your digital files, your photos, emails, website history, or your camera or microphone. Your home is your private life, your digital life should have the same rights and protections.

Will Librem devices help me avoid data breaches?

Properly used, Librem devices will make it by magnitudes harder to have data breaches compared to Windows and Mac OS X. It has integrated full disk encryption, all of the best GNU/Linux security practices, sandboxed applications, and hardened security features.

What kind of cyber threats can be prevented with a Librem device?

All threats are bonded a lot to user interaction with their device. Librem’s underlying software by default do not track or log your key presses, location, software usage. Default operating system (PureOS) has app isolation (with Wayland) and SELinux enabled.

Do you install ads or steal and sell my data?

No. We will not show you advertisements nor do we care about mining your data. Your data, your pictures, your browsing history – that’s for you and you alone. We exist as a company because we personally wanted to have better control of our own data. And we think you do, too.

What mystery code, or binary blobs remain with Purism laptops? Is there any concern with them?

Security is a game of depth, and Purism goes deeper than any manufacturer by avoiding blobs or mystery code in the top 4 layers of a computer:

  • applications

  • operating system

  • kernel

  • bootloader

At the firmware level, we utilize PureBoot instead of a proprietary BIOS/UEFI. A few binary blobs still remain, however.

We are “as close to free software foundations respects your freedom as possible with current Intel CPUs” but are investing heavily to advance that toward complete binary freedom.

Do Librem laptops come with disk encryption software by default?

Yes. Full disk encryption is provided by our OEM system setup (PureOS). The first time you start your Librem laptop, you will have to setup the disk encryption passphrase. Here is the PureOS installation guide.

Are current Librem products vulnerable to Meltdown or Spectre?

No, these vulnerabilities are patched in our coreboot/PureBoot firmware. We actively apply patches there as future Intel vulnerabilities are discovered. Librem laptops, Librem Server, and Librem Mini are protected at the firmware level, no matter which OS you are using. Just make sure you are always on latest coreboot/PureBoot version.

Does a Librem have Flash, Silverlight, Java and other plug-ins preinstalled?

No, due to major security concerns. Most websites are switching to HTML5 due to these security issues. However, you can install an OS which supports this proprietary software, but have in mind that this is a bad security practice.

What is Intel Management Engine and what are concerns with it regarding Librem laptops?

The Intel Management Engine (ME) is a separate independent processor core that is actually embedded inside the Multichip Package (MCP) on Intel CPUs. It operates all-by-itself and separate from the main processor, the BIOS, and the Operating system (OS), but it does interact with the BIOS and OS kernel. It is a black box of mystery code at the lowest level, in ring -2, with complete control over every part of the system, and therefore presents a serious threat to your security and privacy, as it could be possibly exploited by a remote attacker to gain full access to your system. It is present on every post-2008 Intel CPU system.

Purism actively avoids this technology (see Avoiding Intel AMT) and even both disables and neutralizes it on a firmware level (see Intel ME), thus minimizing or removing the threat entirely.

Are current Librem products vulnerable to Intel CSME?

No, Librem laptops, Librem server and Librem Mini are not vulnerable. (See Librem hardware and the Intel CSME vulnerability.)

What is a TPM and do I need one?

A Trusted Platform Module (TPM) is a security chip on a Librem laptop motherboard which provides some interesting security features. To best understand what it can do please read the following news articles from our blog, sorted by date:

TPM is required for the PureBoot secure boot feature. All current models of Librem laptops are equipped with the TPM chip and are capable of utilizing PureBoot.

Who is in control of the master key stored in the TPM chip?

The user completely controls any keys that are stored in the TPM on our hardware. Traditional understanding that manufacturer is in control of the master key stored in TPM is not true for our hardware. We don’t use it that way.

Why are there no hardware killswitches for speakers?

There is a concern that a malicious hacker, if they gain access to your device, could re-purpose speakers to act as a crude microphone, thus circumvent microphone hardware killswitches found on Librem Laptops and Librem Phone.

This is not a concern with Librem devices.

  1. In Librem laptops, the speakers are connected to an amplifier since the codec itself can not drive a speaker. The amp will not work backwards as an input amplifier.

  2. In Librem phones, the codec in the phone uses DACs to drive the speakers and they can not be re-tasked as audio inputs.

Hardware/software encryption standards

  1. Librem 14, Librem Mini and Librem servers: LUKS disk encryption (cipher: aes-xts-plain64; size: 256); allows users to set up their own disk encryption password. The boot partition is not encrypted but it can be verified with a Librem Key (see PureBoot).

  2. Librem 5: LUKS disk encryption (cipher: aes-xts-plain64; size: 256); unencrypted /boot partition

  3. PureBoot: secure boot

  4. Librem Chat: Matrix protocol. For FAQ, specification and reference implementation details, refer to the Matrix website.

  5. Librem Tunnel: OpenVPN.