I just published an article that describes the history of Secure Boot, Heads, and PureBoot.
I was a bit disappointed by the official Purism documentation on PureBoot. It did a lot of hand-waving without actually explaining how it “measures” the firmware with Heads (to verify the integrity of the system before you type your disk decryption password). So I spent some time reading about Trusted Computing, Heads, Secure Boot, TPMs, etc and I just published the above article to help explain how all of this works together in PureBoot.
Hope you find this helpful if you want to understand how PureBoot actually works under the hood <3