Purism introduces PureBoot high security boot process
Purism, makers of the Librem notebooks and smartphone, have introduced a secure boot mechanism that covers the whole chain of booting a device into the operating system. PureBoot comprises the following measures:
- Neutralized and disabled Intel Management Engine where only the code essential for the system to boot is left in the ME.
- Coreboot the free software BIOS replacement.
- A Trusted Platform Module (TPM) chip
- A tamper-evident boot software called Heads that loads from within coreboot and uses the TPM and the user’s own GPG keys to detect tampering within the BIOS, kernel, and GRUB config.
- Librem Key, a USB security token that integrates with Heads to alert the user to tampering with a "green light good, red light bad" notification.
- Integration between the Librem Key and LUKS disk encryption that makes it possible to unlock the disk with the Librem Key.