I ordered my Librem 14 and am familiarizing myself with the documentation before I get it. I spoke to support at Purism and they advised me that in order to install Qubes properly I must do the following during Qubes initial setup.
During Qubes OS installation make sure to leave /boot partition unencrypted.
This is how PureBoot works, it verifies if boot files are intact/unchanged. If the boot partition would be also encrypted, then PureBoot would not be needed. Problem is that there is no easy way to setup complete disk encryption (including boot partition), we could not have pre-install system in that case.
I am confused and I thought I would talk to the Qubes community about this. Does this mean my disk contents on Qubes (files, notes, etc.) would be unencrypted or does this only apply to the boot files?