How does using Heads empower Qubes? Heads is cpreboot, isn’t it?
2 Likes
Heads is basically a BIOS replacement, it’s a stripped down Linux-Kernel with some elements of coreboot.
It’s a form of Anti-Evil-Maid. It signs the whole /boot partition and warns you when it detects tampering (It only warns, not prevents). There are TOTP and HOTP (the one with the USB) ROMs available. The LUKS-Key gets sealed into the TPM and can unlock the Qubes partition.
3 Likes
This article is worth reading if you want to know more about Heads.
5 Likes
Mostly because of false marketing of companies like Purism.
Heads cannot provide real protection against any sort of attacker with a programmer. You are better off buying a modern Dell Latitude/Precision or Lenovo Thinkpad, which actually have Intel Boot Guard or AMD Platform Secure Boot.
2 Likes