fsflover

I am using a Librem Key, USB security token based entirely on free software, to ensure my coreboot is not tampered with.

jmholla

Can you talk a little more about your setup? How does it ensure your coreboot is not tampered with?

fsflover
It relies on Heads (https://github.com/osresearch/heads), tamper-evident boot software that loads from within coreboot and uses the TPM chip and the user’s own GPG keys to detect tampering within the BIOS. Here are some explanations: https://puri.sm/posts/pureboot-101-first-boot-first-update-a..., https://docs.puri.sm/Librem_Key/Getting_Started/User_Manual....