I read that all ChomeOS devices are coreboot, does that improve security enough for the average user?
I want to have a secure laptop, but it looks like even if I format the hard drive and install a brand new Linux system, that may still not be good enough if there’s something in the firmware?
Would flashing a new bios and installing a new OS be a fairly complete way to ensure the computer is safe?
Purism sounds great, but I need a 15" screen…
Qubes-Community/Contents/blob/master/docs/security/security-guidelines.md
Security Guidelines
===================
Without some active and responsible participation of the user, no real security is possible. Running Firefox inside of an AppVM does not automagically make it (or any other app) more secure.
Programs themselves remain just as secure [(or insecure)](https://en.wikipedia.org/wiki/Computer_insecurity) on Qubes as on a normal Linux or Windows OS.
What drastically changes is the context in which your applications are used.
[This context](https://www.qubes-os.org/doc/qubes-architecture/) is a [responsibility of the user](https://www.qubes-os.org/security/goals/).
But managing security in this context well requires knowledge of some new concepts and procedures. So it is worth stressing some basic items:
Download Verification
---------------------
**Verify the authenticity and integrity of your downloads, [particularly the Qubes iso](https://www.qubes-os.org/security/verifying-signatures/).**
The internet is always a dangerous place.
While your connection to the Qubes website and download mirrors is encrypted, meaning that your downloads from here can't be modified by a third party en route, there is always the chance that these websites themselves have been compromised.
Signature verification allows us to validate for ourselves that these files were the ones authored and signed by their creators (in this case the Qubes development team).
Because it's so easy for a hacker who manages to tamper with the downloaded iso files this way to patch in malware, it is of the utmost importance that you **verify the signature of the Qubes iso** you use to install Qubes.
This file has been truncated. show original