> The entire point of Replicant was replacing all mutable closed software, firmware, and blobs with open alternatives and they did to a large degree succeed at that isolated goal.

They did not replace firmware with open alternatives. Not updating firmware is not replacing it.

> Sadly this was, to your usual points, at the major expense of security making those devices purely research projects at best and not something anyone should ever actually use.

They steer people to devices with severe unpatched firmware vulnerabilities and an enormous number of severe unpatched software vulnerabilities in the case of Replicant. This is covered up and people are misled about it. These projects claiming to be focused on avoiding backdoors are in fact deliberately backdoored through not patching known vulnerabilities for ideological reasons.

> When you are stuck on a platform that requires closed firmware you are kind of stuck blindly accepting updates from the vendor to patch security bugs, stuck hoping they are not actually introducing new backdoors.

You still trust the developers of open source software and firmware. Open source doesn't result in all vulnerabilities being found, including intentional ones. It's not even close to providing it.

> This is why I reject platforms that require closed firmware in the first place to the fullest extent I can.

The platforms you're describing as having fully open firmware still have closed source firmware.

No, someone took an out-of-context screenshot of information conveyed by the GrapheneOS account and misrepresented it. We were describing what a source we described as unreliable told us based on what they said was a leak from Google. You can see we didn't say what was claimed but rather were describing information from a source ("they said", "according to the source"). It was fully clear in the context the screenshot was taken that this was someone's speculation to us based on a leak and that we didn't consider it reliable information. Part of it turned out to be correct so we shared the information to discuss it.

Following this, we posted multiple threads correcting inaccurate claims about what we had said about this and made it clear GrapheneOS was continuing. GrapheneOS was fully ported to Android 16 before the end of June, which took longer than usual due to the changes but was still completed.

> creating a separation between hardware trust and OS trust

Typical Android devices have fully open source kernel drivers. There are usually dozens of closed source libraries in userspace such as the well known Mali GPU driver library. Closed source libraries can still be reviewed. Open source doesn't make something secure and trustworthy. It also isn't a hard requirement to review a library. Auditing a low-level C library doesn't imply finding all the vulnerabilities, particularly something hidden. Widely used open source code still has many vulnerabilities lasting for long periods of time after many people have reviewed it. It does not solve security or trust.

> That said, to your point, both are misrepresented as fully open frequently which is just not true, and obscures efforts by teams that are working on fully open hardware solutions the hard way.

A closed source SoC with open source hardware built around it and other closed source components including radios is not a fully open source computer either.

This doesn't mean it's open hardware or that it has open firmware. It has a closed source SoC and many other closed source components. Those components are closed source hardware with closed source firmware.

Snapdragon uses a fork of the open source EDK2 as their bootloader prior to the OS and publishes the source code. It doesn't mean Snapdragon is open source.

Most of the firmware has nothing to do with the boot chain leading up to the OS on the SoC.