PureBoot¶
PureBoot is Purism’s cutting edge, complete secured boot process and combines a number of technologies, including:
Neutralized and Disabled Intel Management Engine (see Intel ME disablement), where the Management Engine is disabled with the HAP bit in firmware.
coreboot the free software BIOS replacement.
A Trusted Platform Module (TPM) chip
Heads, our tamper-evident boot software that loads from within coreboot and uses the TPM and the user’s own GPG keys to detect tampering within the BIOS, kernel, and GRUB config.
Librem Key, our USB security token that integrates with Heads to alert the user to tampering (see The Librem Key Makes Tamper Detection Easy) with an easy “green light good, red light bad” process.
Integration between the Librem Key and LUKS disk encryption so you can unlock your disk with your Librem Key.