So I received my Librem5 devkit before the new year, but as I had it shipped to my office I had to wait until we reopened in the new year. As promised it's an IMX8 board with a screen, baseband, battery holder, hdmi port, ethernet port, USB C, and wifi setup. Plugging in my Linux dev box (running Neon) from USB 3 to USB C using the supplied cord worked and triggered the haptic response after a few seconds on the devkit. The device showed up in dev, so far so good. Somethings I noticed that were missing that I somehow expected: no wireless antenna's(strange, I expected these); no battery(not unusual given the hardware bug already known), the screen powers on but there is nothing in display. Ok so no hard stops, but still a little light on what I can work with here.

Out of the box the dev kit is only flashed for factory testing, so the first steps are to flash the eMMC to something up to date. The Puri.sm docs are ok, but of course there is a specific tool to use and the docs don't exactly fo into a lot of detail about how it works. I found some more information from an IMX developer here, Generic IMX# UUU usage. Also here's a handy video walkthrough specifically for the DevKit YouTube. Well, I'm not done reading all the source yet, but I should be ready to flash it soon.

Yes, I audit source code almost every time I can. And if you can read code you should too. Even a cursory review of the source code often reveals things you might think twice about installing. For instance, there is this chat application I use to communicate with a very specific community, but if I didn't need to communicate with this community there is no way I'd use it. Why you ask, well the server implementation for the chat network is open source and written in Python, so of course I scanned it with Bandit. Lo and behold there where strings with variable injection later being used in SQL statements. The statements themselves where fine, but the injection of variables before the composing the query at the cursor leaves those variable wide open to SQLi injection if you can manipulate the vars.

Anyway, back to review and then we'll get this Librem5 devkit going.