Both the Pixel and Librem 5 have firmware baked into the SoC that is executed.
On GrapheneOS, the firmware is signed and updated along with the OS.
On the Librem 5, the firmware for Wifi/Bluetooth is stored on a NOR chip, which is read from and mounted into the OS by the initramfs into /lib/firmware.
Not-withstanding the above, Librem 5 components such as the USB controller, touch screen controller, radios, battery, etc simply have closed-source firmware baked in (stored on some flash chip on these components), but it doesn't mean that they are not there or in use.
In both cases, components either do not get proper firmware updates from the OS, or they are too old/low quality to get any firmware updates from the vendors to begin with. Storing firmware on the component is also a less secure approach than having signed firmware loaded by the OS, as it now means that these components have persistent storage which can be attacked.
Aside from all of the above, they also use a dedicated CPU core to run firmware blobs for things like memory training.
In essence, what the Librem 5 has achieved is shuffling proprietary firmware storage around instead of eliminating their existence or execution. It is not any more "free" or "open" than anyone else while also being less secure.
Also, Librem 5 has "proper" firmware updates (whatever that means). Please do not spread false information.
https://news.ycombinator.com/item?id=47953726
It is exactly how it works. Read the actual code for yourself: https://source.puri.sm/Librem5/librem5-fw-jail/-/blob/pureos...
If you can't read code, here is the marketing material: https://puri.sm/posts/shipping-new-sparklan-wifi-cards-with-...
If you don't know that the firmware for components/peripherals can either be uploaded to them by Linux or just stored on some flash chip on the component, read: https://www.chromium.org/chromium-os/developer-library/refer...
https://source.puri.sm/Librem5/fw
https://source.puri.sm/Librem5/fw/firmware-librem5-nonfree
https://source.puri.sm/Librem5/librem5-fw-jail/-/tree/pureos...
> Which blobs are running on GrapheneOS CPU?
Depends on the phone. Arguably though, GrapheneOS has the legacy of years of thousands of security researchers working to secure Android from third-party network and GNSS modules.
---
Just so you know, I'm not using Librem or GrapheneOS. I'm looking at this objectively and have no skin in the game.
> There is not a single non-free blob in the OS that runs there once the bootloader is up (unless you put some there by yourself, which you're of course free to do).
"unless you put some there by yourself, which you're of course free to do" also means unless someone else puts one there.
---
I think the "firmware jail" loader also uses Smart Direct Memory Access (SDMA)?
---
You can run blobs on the main CPU with strong isolation with TEE and other hardware security features.
And the firmware for Bluetooth/Wifi is loaded in by having the initramfs read it from the NOR flash, mount it in /lib/firmware, then it is business as usual like a desktop Linux distribution.
It's not something special. It's just a hackjob. They shuffle the files around and made it much harder to update.
https://source.puri.sm/Librem5/librem5-fw-jail/-/blob/pureos...
https://puri.sm/posts/shipping-new-sparklan-wifi-cards-with-...
Read the code posted above.