Hi @regi, let me try:
AEM: uses the Intel ME and your TPM chip to verify that the files your computer used to boot haven’t changed. This is done by printing a specific message on screen you have to look for every time you boot.
Coreboot: is an Open-Source implementation of a BIOS that works for many computers. This is attractive because it’s code can be audited and it greatly reduces the amount of so-called “blobs” (proprietary binaries that cannot be audited).
Heads: is a so-called payload for Coreboot. It is booting into a tiny Linux kernel and is using your TPM chip to verify that the files your computer uses to boot have not been modified in addition to checking itself too. This is done by having you personally sign each and every change with private key that only you posses and that is secured in an external USB device (like Nitrokey, YubiKey or any other GPG compatible HSM). As a result you can be sure no tempering with your boot files goes unnoticed.
The core differences:
- AEM depends on Intel ME and will work on almost all modern Intel-based computers
- Coreboot supports a smallish subset of modern computers. In addition to the FOSS advantage this also allows you in most cases to disable the Intel ME and in some rare cases to even remove most of it.
- Heads supports an ever smaller subset of modern computers but could be considered the gold standard in temper detection without relying on Intel ME
Intel ME is a proprietary solution that runs “below” your CPU and is invisible to it. Therefore no instruction detection system or virus scanner can see what it is doing. This combined with the fact that it’s proprietary complex code makes it a possible attack surface. Most people don’t need to worry about it, because such an exploit would be much too valuable to use on a random person. However targeted persons should consider this issue and make an informed decision which residual risk is acceptable to them.
I kept this intentionally high-level and left out some interesting but secondary facts. The aim was not to provide a complete or 100% correct summary but a conversational overview that gives the basic idea to an uninitiated person. Now, fire away and dismantle this post 