Find answers to Frequently Asked Questions:
Purism is a Social Purpose Corporation!
Short answer: South San Francisco, CA USA
Longer answer: Worldwide. Purism sources component parts from China, Taiwan, Japan, and the United States. Purism builds, assembles, quality control tests, and delivers all our hardware from our South San Francisco facility, USA. Purism has employees, contractors, and volunteers from around the world.
Through business negotiations we license reference designs and prepay for all the tooling, so that we can do small quantity fabrication, albeit at a higher per-unit price. It is not inexpensive, but it is possible! Purism’s founder, Todd Weaver, has built up these relationships for over a decade.
You can help by purchasing a Librem device and benefit from a more secure computing experience. You could also help us out with projects that we are currently working on as we are sometimes stretched thin. Finally, the easiest way would be to help answer questions in our community forums, engage with others that are considering Purism products, spreading the word about Purism, be willing to write in with bug reports or user experiences or donating time and/or money for our project. Another item would be to write a blog post about your experiences in switching to a Librem or to GNU/Linux in general. Send an email to info(at)puri.sm for questions, additional information or your willingness to be involved.
Short answer: Yes. See https://puri.sm/jobs/
Longer answer: Purism is hiring for a great number of positions, even more than are listed in our jobs section. If you are interested in any of the listed positions, or have an idea of a position you’d like to create within our organization, please send an email to hr(at)puri.sm with the following:
We offer various forms of compensation and roles, from volunteer, part-time, paid, or margin share. Please list what forms of compensation you require and are amenable to.
Yes, please reach out to ir(at)puri.sm (Investor Relations), and you will get a reply within 24 hours to discuss the opportunity.
See the policies page for our warranty, returns & refunds policy.
In the future we plan to expand our offer, so far Librem tablets, Librem servers, Librem desktops, and Librem routers are on our roadmap.
FLOSS stands for Free/Libre Open Source Software and is software with its source code available to the public and allowed to be modified, improved or whatever else users feel like doing do it. It grants you freedom.
A “Linux” operating system, properly described as GNU/Linux, is an operating system based upon the Linux kernel. The Linux kernel was created by Linus Torvalds initially for his own use during his years in college. It was used with the GNU operating system. GNU, created by Richard Stallman, is the entire operating system, minus the kernel. So, when people say “Linux operating system” they should be saying “GNU/Linux operating system”, or even a “GNU operating system”.
Both Torvalds and Stallman released their software to the world for free.
English language more often uses word “free” to describe something that is gratis – while it is true that all the software in FLOSS is gratis, it is not mandatory to be like that. The important part of FLOSS is that is has the liberty to be examined, learn about it, modify it to your needs without any restriction of copyright license which forbids you to use it as you want.
Often said it is “free as in freedom”.
No, not at all. There are many people that do in fact use GNU/Linux to program and develop applications for various operating systems (not just for Linux) but GNU/Linux is easily used by many people of all levels of computing skill.
PureOS is designed to be user friendly by utilizing one of the most popular desktop environments available called Gnome 3. Gnome 3 works well with both touch and traditional mouse and keyboard user inputs to allow for easy use. The Librem has well known traditional ports and utilizes off the shelf parts for easy replacement if something needs replaced.
Yes and no. No Windows applications will run natively on PureOS. However, some Windows applications can be run with an application called Wine. Please go to www.winehq.org to check on the availability of your program. Applications designed for Apple products can not run on a GNU/Linux based machine such as a Librem.
Additionally, you can also run Windows or Apple operating systems within our virtual box application, Boxes, which would allow you to run the applications that you need.
Please also note that Windows based programs run as non-free source/proprietary code and Purism can not offer a guarantee that your Librem will continue to be secure if you choose to install. We do not recommend doing this for your own privacy and security but you are welcome to as the Librem is your machine.
You don’t have to. There is also a “terminal” in Windows, Apple and Google machines as well but like those operating systems, complicated command lines are going away in favor of graphic user interface (GUI) focus. PureOS does have a terminal just like all Linux distributions but it is not needed in many situations for newer users.
All operating systems have their differences when comparing, for instance, a mobile operating system like Android to a computer focused one like Windows. Apple has differences from Windows as well. However, each operating system allows you to do the same or similar things – it may just be a different button to push or icon to click.
Web browsers, applications and file managers will all work in PureOS/Librem in ways that you are used to on other devices. They may look a little different than what you’re used to, but they will get you to the same place.
Yes! Our operating system, PureOS, has an app store called “Software” where many different applications are available giving you many additional gaming, productivity, video, graphics, and office choices.
Netflix, Hulu, and Amazon Prime distribute content with restrictive DRM technologies that Purism does not support natively through PureBrowser. However, there are other browsers that you are free to install if you choose to.
YouTube supports HTML5 and will play without additional input.
No, it does not, as these are major security issues. Most websites are switching to HTML5 due to these security issues. However, you can install an OS which supports this proprietary software, but have in mind that this is a bad security practice.
Often times when we think of an operating system we think of how it looks and feels. This is called the user interface or user experience. PureOS 3 uses a Graphical User Interface (GUI, also sometimes called “Desktop Environment”) called Gnome 3. Information on this user interface can be found here:
The same reasons you are concerned over unwanted people entering your property, peeping through your windows, or installing cameras in your house. These same physical rights apply directly to digital rights. You should not want unwanted people having access to your digital files, your photos, emails, website history, or your camera or microphone. Your home is your private life, your digital life should have the same rights and protections.
Properly used, Librem will make it by magnitudes harder to have data breaches compared to Windows and Mac OS X. It has integrated full disk encryption, all of the best GNU/Linux security practices, sand boxed applications, and hardened security features.
All threats are bonded a lot to user interaction with their device. Librem’s underlying software by default do not track or log your keypresses, location, software usage. Default operating system (PureOS) has app isolation (with Wayland) and SELinux enabled.
No. Quite simply, we will not show you advertisements nor do we care about mining your data. Your data, your pictures, your browsing history – that’s for you and you alone. We exist as a company because we personally wanted to have better control of our own data. And we think you do, too.
No! We hate those proprietary things! Your Librem will work with industry standards such as HDMI, USB, hardware after market parts and all software is free and libre. RAM, hard drives or solid state drives, batteries and power supplies are all “off the shelf” and available for purchase from online and big box stores.
Librem Key is a USB security token to make encryption, key management, and tamper detection convenient and secure. See here to learn more about what it does, its specs and to see purchase options.
The tamper-evident boot only works with our Heads firmware that runs on top of coreboot. We have not yet released a Heads ROM for our systems but we are working to beta test that right now before we release it to a wider audience.
We intentionally still allow users to boot even if Heads detects tampering. We do not want to lock people out of their own systems. That said, Heads is free software so you could modify it to have that behavior if you wanted to.
At the moment you could only register a Librem Key with one Heads ROM.
Yes, you can backup the GPG keys that you put on a Librem Key to a USB thumb drive or other backup. As far as the shared secret for tamper-evident boot, if you were to lose your Librem Key you could either skip tamper-evident checks until you got a replacement, or fall back to the 6-digit TOTP code + your phone.
The Librem Key does not currently support U2F, but we are looking into adding that feature into a future revision.
The Librem Key and Nitrokey Pro v2 have the same hardware and similar firmware, so yes, you can use Heads with Nitrokey Pro v2.
Nitrokey Pro v1 has older firmware and will not integrate with Heads.
But please understand we can provide support only for Librem Key and its integration with other Librem hardware.
The Librem name originated with the desire to make a truly freedom respecting laptop and phone. Libre is an adjective meaning “free, at liberty” and is used to distinguish it from gratis which means “free of charge”. Libre is used extensively in the GNU/Linux community to show that software is free in the sense that its source code is available as opposed to non-free software where the source code can not be viewed. Libre also translates easily to a variety of languages. The “m” was added to help it roll of the tongue.
The Librem runs PureOS as it’s operating system. This operating system is based upon the Linux kernel and is viewed by privacy and security experts as being incredibly secure. This is due to it being free software where the source code is available, meaning that people with proper technical skill can easily read, view and understand the language of the operating system. Operating systems that you are used to such as Windows and OS X are non-free and the source code is held by Microsoft and Apple. This non-free software, where the source code is not available in proprietary OSes makes it impossible to fully read and understand the computer language thereby making it impossible to fully know what your Microsoft or Apple based computer is doing or if it is secure.
We are working hard to bring down the price of the Librems. In fact, we were able to reduce the price of the Librem 13 in April 2016 by over $200! In the simplest terms, it is the sheer economics of supply and demand. As there is more demand for privacy respecting and secure computing, the price will come down because as we will be able to order more parts for our wonderful computers.
The truth is that we need capital in order to grow as a business. We are already working with thin margins. The benefits to supporting a privacy and security focused computer manufacturer are vast but the decision to help us is yours.
The HKS physically cut the power going to the microphone/webcam and the wifi/bluetooth radios in the device. There have been several cases where either big government agencies or nearby hackers have remotely accessed these devices to turn on computers or otherwise view or listen in through the microphone or web camera. Software solutions of turning the camera on and off can be easily bypassed. The HKS physically cut the electronic circuit to the accessory. No power, no work. When the switches are thrown the accessory is, quite simply, off, and can not be remotely turned back on.
This matters as a security feature and for your own piece of mind. No longer do you have to worry about private communications being recorded or someone looking back at you through the webcam. Parents can especially enjoy this feature to help protect their children.
The switch for the WiFi can be thrown and along with pulling out the ethernet cord will ensure you the convenience of true off line computing. Then when you want to use either the microphone/web camera or the WiFi/Bluetooth, simply return power to the accessory by turning the switch.
The outer shell is solid aluminum with a black anodized finish.
They were custom fabricated for us.
Yes, it is possible to order replacements for the wireless card, RAM, 2.5″ SATA drive and M.2 SSD, power adapter. Batteries are available within the USA, international shipment for batteries is on a case-by-case basis (due to carrier restrictions such as these).
Yes, just press ESC when Purism logo shows up and select your device to boot.
Yes, you can unscrew the back and add your own upgrades, like storage, RAM or wifi card.
But bear in mind you might need additional stuff like screws and aluminium frames for mounting the disk, which don’t come by default with our laptops.
While we are preloading PureOS which, alongside Parabola, Trisquel and few others, is the strictest of GNU/Linux distributions—we strip all binary blobs from the Linux kernel—you can easily install any less strict up-to-date GNU/Linux distribution, such as Fedora, Debian and Ubuntu. You can even install them alongside PureOS, and simply choose what OS to run from the boot screen.
We have not tried installing a non-GNU/Linux-based operating system, but the Librem is your computer, so you can do with it whatever you wish, even if that includes installing non-free Windows or other operating systems. We obviously don’t recommend this, but it is your computer to do what you wish with it.
Yes, with full disk encryption provided by our OEM system setup (PureOS). The first time you start your Librem laptop, you will have to setup the disk encryption passphrase. See here for the full setup procedure.
Not day 1. However there is a lot of interest in including a isolation layer that will be able to power Android applications natively, the community can pool together and either implement that functionality, or we would need to run a new campaign for this specific feature (as the stretch goal for it was not met in our initial campaign).
For phone calls, email, web browsing, there will be no issues with switching, if you rely upon native applications that are not yet supported, you may need to use HTML5 applications (Social Media, News, Banking), or consider alternatives (e.g. Riot.im vs. Signal).
Yes, you will be able to use the phone as a storage device, that can show up on your computer by just plugging in the USB cable and viewing the folders. This will allow you to import or export files, photos, documents, with ease. With the Librem 5 there is no proprietary software that locks your files into proprietary formats, allowing easy sharing of the content you want to share.
Yes, you will be able to make regular unencrypted phone calls to any phone number. You will also be able to communicate securely by using the phone dialing application and messaging application, that can run on the Librem 5 phone, Android based phones, and iOS based phones, and any computing device.
The Librem 5 will be the most secure when communicating with another Librem 5 phone, communicating via an encrypted app on a Librem 5 to an Android or iOS encrypted app is the second best option available.
The Librem 5 is an open network phone, not locked to any particular network.
The modem featured in Librem 5 is Gemalto’s PLS8. Two variants are used, PLS8-E and PLS8-US. Here’s the detailed list of bands supported:
Using frequencycheck.com, you can find your carrier under your country to see which bands are supported by them. However, keep in mind that not all of these bands may be available in your area.
To find out which LTE bands are available from cell towers in your area, you can look at cellmapper.net. Additionally, if you call your carrier they may tell you which LTE bands are available in your area but they also may not divulge this information.
If you require an LTE band that is not supported by either of the modems, then LTE will not be available to you.
Using the 3G/4G data+voice modem, the Librem 5 will work with most carriers; the carriers are the ones providing technological support for emergency services dialing.
Based on our testing: the CPU, GPU, Bootloader and all software will run free software, we are evaluating the WiFi and Bluetooth chips and their firmware, this is an area we have to evaluate, finalize, and test. The mobile baseband will most likely use ROM loaded firmware, but a free software kernel driver. We intend to invest time and money toward freeing any non-free firmware.
Quite likely, although we will not expend resources to test this.
Not likely, and we will not expend resources to test this.
Yes, all hardware Purism releases gets regular security and performance updates within PureOS.
Yes, any web based app will work through the browser. Over time these sites will either use progressive web applications, or could have a native app.
Our first version will be focusing on phone calling, encrypted online communication, and web browsing. However the free software community is encouraged to test, port, author, and get involved to take all the great free software applications that exist already and make it work on a 5-6″ screen.
You can check out developer pages’ FAQ to see software planned for the release date, as well as some other development related things: https://developer.puri.sm/Librem5/FAQ.html.
At delivery we do not plan to support the reader or renderer for these proprietary formats, but this is a top priority to solve after product delivery.
Yes, like all Purism products, the case itself will allow you to access the insides, and the battery will be modular and can be replaced with ease.
No, because CALEA applies to US based telecommunications providers, not to Purism. If the user of a Librem 5 phone uses a carrier in the US with a traditional “phone number”, that carrier must comply with CALEA for phone calls, as the phone call is sent over the carrier’s connection. Pure Matrix-to-Matrix calls are outside of CALEA requirements (Matrix nor Purism are telecommunications service providers). If the call touches the PSTN is becomes the carrier’s responsibility to adhere to CALEA. Matrix is an encrypted VoIP/messaging protocol not a telco.
The Librem 5 is not Intel-based, it is based on an i.MX 8M chipset, so we don’t need coreboot nor the Management Engine. The chipset will be completely free software without any binaries whatsoever!
Since Librem 5 is based on an i.MX 8M chipset, it is not vulnerable to either Meltdown nor Spectre.
Because we want to promote a pure and unified stack, not have a separate mobile OS with proprietary bits or a completely different middleware stack. We want to support the community efforts of GNOME, KDE and UBPorts, and allow for any GNU+Linux to work out-of-the-box providing mainline improvements that work not just on mobile but across the device spectrum. The Librem 5 is a new approach to use a regular Linux system and adopt it to mobile use-cases instead of creating a completely new system. We do not create a walled garden, instead we tear down these walls, creating an open utopia. A fully standards-based freedom-oriented system, based on Debian and many other upstream projects, has never been done before–we will be the first to seriously attempt this.
You can also learn more about our position on GNOME and KDE further below in this FAQ.
We will be working with GNOME/GTK, KDE/Plasma and Ubuntu Touch communities, and have partnered with the foundations behind them for the middleware layer. PureOS currently is GNOME-based and look forward to working with GNOME as an upstream as well as GNOME’s OS and design-centric development model; however we will also test, support, and develop with KDE and the KDE community, and of course we will support Qt for application development.
Learn more about the rationale behind this approach (part 1 and part 2).
We will test the capabilities of powering Anbox or Shashlik to allow users the ability to run Android applications within PureOS on the Librem 5, but our long-term goal is to utilize native applications that adhere to our strict philosophy. Enterprise clients or users who require Android applications may choose to to run a Android applications within an isolation container, so this is the reason for testing this type of configuration. We have a stretch goal to help with this developmental effort to have Android apps run in isolation.
Our intention is to have everything freed down to the schematic level, but have not cleared all design, patents, legal, and contractual details. We will continue to advance toward this goal as it aligns with our long-term beliefs.
No, we will not be shipping with any biometric hardware, the reasons for this is because single access via biometrics does not prevent access to your phone the same way a security code or lock does. The US Supreme Court has alluded to biometric access not protecting you the same way that a security code from memory (a security code) does (e.g. You can say “no” to a passphrase, or security code, but you cannot say “no” to biometric (physical) information). So even if in future models of the Librem 5 phone we do include biometric hardware, we will be double-locking it with a security code, to have the best security story we can for users.
To learn more about why biometric access is not good you can read this fine article here.
Not the first model, but there is some room for implementing this in one of the future models.
Most likely not. We want to have a metal case and that is already a challenge with the three other antenna systems that we have to support: Cellular, WiFi/BT and GNSS (GPS…). NFC Antennas, likewise wireless charging, are pretty large. Last but not least they add another radio emitter which can cause additional EMC issues.
The hardware will support this, the software to do so may require developer community effort or take some additional time to include.
We are providing the hardware to do it, and will increment the software as we progress.
Librem 5 will have M.2 slot for a baseband module, so it is a potenital for “upgrade”. But when we first start shipping Librem 5 this probably won’t happen, as 5G is relatively new and still in testing.
Development is still ongoing, so some of the specs are not finalized yet. What is certain at this moment is:
CPU: NXP® i.MX 8M Quad
GPU: Vivante GC7000Lite
Storage: 32 GB eMMC internal storage
RAM: 3 GB minimum (subject to change)
Screen: 720×1440 high-DPI 5.5″ – 5.7″ (glossy)
Baseband: Gemalto PLS8 3G/4G modem w/ single SIM on replaceable M.2 card
WLAN: 802.11 abgn 2.4 GHz/5GHz
Bluetooth: Bluetooth 4
GPS: TESEO LIF3 multiconstellation GNSS receiver
NFC: No (subject to change)
FM Radio: No
External Storage: microSD
Accelerometer: 9-axis IMU (gyro, accel, magnetometer)
Smartcard Reader 2FF format smart cards
Kill Switches 3 – WiFi, Cellular, Microphone/Cameras (all 3 will turn off GPS)
Audio DAC: Wolfson Media WM8962
3.5mm jack: Yes
Vibration Motor: Yes
Front Camera: TBD
Back Camera: TBD
Charging: USB C connector for charging, USB client function, USB host function, power delivery
Specs like exact dimensions, weight, maximum SD card capacity, camera specs, other screen specs, battery life, SAR values, etc, are still to be determined.
Unfortunately, no. If you are worried about privacy, you can pay with bitcoin or monero.
Credit card, cryptocurrencies (Bitcoin, Monero, Litecoin, Dogecoin, Bitcoin Cash, Decred, Ethereum) and direct bank transfer. We also offer interest free monthly payment plans. You can select payment option during order checkout:
If you need any assistance or alternative options for payment, email payments(at)puri.sm for assistance.
Please note that for cryptocurrency or direct bank transfer it could take some time before we validate the payment.
If you want to change your payment option, log-in to our webshop interface and go to your Account page orders section and click Pay next to your order. You’ll be taken to the checkout page, where you can choose another payment option.
Our products are available on our online store. Getting the product into big box stores is something that is on the Purism road map.
Short answer: Yes.
Longer answer: We can ship pretty much anywhere, and offer free international shipping, but the customer is responsible for customs clearing/duties, and local taxation. International shipments may be subject to customs processing and additional charges, customs policies vary from country to country, therefore you should contact your local customs office for more information. When customs clearance procedures are required, it can cause delays in arrival. If you can normally order product from the U.S. and have it shipped to you, then you can order from Purism in the same manner.
By FedEx in USA, and USPS Priority Mail International for international shipments. You can also pay for something faster, leave a note when ordering and contact ops(at)puri.sm.
DHL is not an option.
Non-ECC. Because ECC RAM takes modifying the motherboard in addition to selecting a CPU that supports ECC.
TPM (Trusted Platform Module) is a special chip on a Librem laptop motherboard which provides some interesting security features. To best understand what it can do please read the following news articles from our blog, sorted by date:
The last link should be able to help you decide whether or not do you need it.
Note that the software part for TPM is in early alpha-stage (still in the testing phase) and once ready, we will provide instructions to compile, install, enable and set it up on a TPM-enabled Librem laptop.
The user completely controls any keys that are stored in the TPM on our hardware. Traditional understanding that manufacturer is in control of the master key stored in TPM is not true for our hardware. We don’t use it that way.
Coreboot is a free software (and open-source) replacement for proprietary BIOS. Librem laptops come with coreboot pre-installed. For more info about coreboot please read this tech page.
Libreboot is a downstream distribution (or fork) of coreboot which doesn’t allow non-free binaries (“blobs”), and only supports a small number of devices, the vast majority of which are over 10 years old. Libreboot also doesn’t “keep track” with coreboot; its most recent release is from mid-2016, whereas coreboot’s is late 2018.
Our coreboot firmware still has some blobs, as all modern Intel-based systems require them, but our our goal is to ship devices with blob-free coreboot. Since our devices are already working with completely free software, blob-free coreboot firmware would allow us to achieve FSF’s RYF certification for Librem laptops.
Our coreboot currently contains the following blobs:
* video initialization blob (VBIOS) — we’ve already made some progress on this front, and our next coreboot version might be shipped without it.
* memory/silicon initialization blob (FSP) — there are some rumors Intel might release source code for this, so our work on this is currently on hold.
* CPU microcode updates — microcode updates are uploaded to the CPU at boot time, which patch the built-in microcode and disables buggy parts of the CPU to improve reliability. In the past, these updates were handled by the operating system kernel, but on all recent Intel systems the system firmware is required to perform this task (though it can still be updated by the kernel after the fact).
* Intel Management Engine (ME) firmware — we disable and effectively neutralize this blob by removing most of its code and setting flags to disable the ME coprocessor at boot time.
No. We ship with the free software firmware coreboot. We don’t ship Librem 13 or Librem 15 with any proprietary BIOS/UEFI.
Most of our changes have been upstreamed and merged, there is very little difference and it’s mostly just for the most recent patches that we haven’t yet pushed.
The Intel Management Engine (ME) is a separate independent processor core that is actually embedded inside the Multichip Package (MCP) on Intel CPUs. It operates all-by-itself and separate from the main processor, the BIOS, and the Operating system (OS), but it does interact with the BIOS and OS kernel. It is a black box of mystery code at the lowest level, in ring -2, with complete control over every part of the system, and therefore presents a serious threat to your security and privacy, as it could be possibly exploited by a remote attacker to gain full access to your system. It is present on every post-2008 Intel CPU system.
Security is a game of depth, and Purism goes deeper than any manufacturer by avoiding blobs or mystery code in the top 4 layers of a computer: applications, operating system, kernel, and bootloader.
At the firmware level, we utilize Coreboot instead of a proprietary BIOS/UEFI, a huge advancement for current high-end laptops. Within Coreboot there is still some binaries: video initialization binary and Video BIOS. Our goal is to have them replaced with free software alternatives and we are making a slow but steady progress in this direction.
We are “as close to free software foundations respects your freedom as possible with current Intel CPUs” but are spending real money to advance that toward Coreboot binary freedom.
If you would like to try Qubes OS, you may purchase the installer on a USB Flash Drive. This option is an installer only, not a LiveUSB, and is only recommended for advanced users with a strong technical knowledge. Most users should stick with our default operating system, PureOS.
We do not offer Qubes OS pre-installed on our Librem devices, though Qubes OS runs well on our Librem laptops. It will not run on Librem smartphones — Qubes OS requires virtualization on the CPU and there is no port for ARM architectures.
Please direct all support questions pertaining to Qubes OS to the Qubes community.
We cannot share the schematics nor design currently because it is copyright encumbered from Intel reference designs. In the future, on future versions we plan to be able to release those.
No, this hardware requires proprietary firmware to even function, therefore not aligned with our philosophy. However, we are monitoring the development and will consider them if something changes in the future.
We hope to have a version of PureBoot available for the Librem 5 for users who want to verify it with a Librem Key. We cannot commit to it being available at launch but it’s a goal.