PureBoot

PureBoot is Purism’s cutting edge, complete secured boot process and combines a number of technologies, including:

• Neutralized and Disabled Intel Management Engine (see Intel ME disablement) where only the code absolutely essential for the system to boot is left in the ME.

• coreboot the free software BIOS replacement.

• A Trusted Platform Module (TPM) chip

• Heads our tamper-evident boot software that loads from within coreboot and uses the TPM and the user’s own GPG keys to detect tampering within the BIOS, kernel, and GRUB config.

• Librem Key our USB security token that integrates with Heads to alert the user to tampering (see The Librem Key Makes Tamper Detection Easy) with an easy “green light good, red light bad” process.

• Integration between the Librem Key and LUKS disk encryption so you can unlock your disk with your Librem Key.

• Getting Started
• coreboot
• Heads
• Intel ME
• PureBoot Restricted Boot
• PureBoot Basic
• Upgrade or convert to PureBoot