There doesn’t appear to be a standard BIOS editing capability on the Librem 11, nor does ‘T’ do anything with the ESC-prompted boot menu.
Is it possible to edit the BIOS settings on the L11? Is it possible to enable TPM on it?
Specific use case is a zero-trust client using Duo Security for 2FA.
Contact Purism.
Last time I sent a support request it went unanswered.
Okay, well I found a partial answer for you:
Thank you, that is helpful. However, my use case is having my tablet pass the “health check” by Duo security in order to use it for the 2nd factor authentication (with proton-authenticator) for a new MegaCorp account. At this point I’ve tried enough times that the link to begin the process appears to have been rescinded. :-/
I was asked to log in to Duo Mobile for something related to my job. As a way to solve this, I used my Cthulu. The machine that I call Cthulhu is a rented VPS which a portrait rather than landscape GUI running at all times, and in this portrait layout I run the sway window manager, which is rather lightweight and supports WayVNC. Then from WayVNC, I am able to log in remotely to the Linux based VPS which is itself running Wayland as a part of that stack (because sway is a Wayland compositor). Then, inside of that remote connection to a Wayland machine, I run the Waydroid with the GAPPS components.
This allows my devices to be free of the duopoly tech and stuff, but then when Duo Mobile wants to push me a push notification to log in to the system needed for my job, I can connect an SSH tunnel for security to the Cthulhu VPS, then through the encrypted tunnel connect the VNC visual client, then inside of that client I can use the Android apps and the Google Play store as needed. Then I am able to (1) log in to these systems, and (2) am not required to carry a Google whatsit on my physical person at all times.
But admittedly because my employer has taken to blocking SSH tunnels, last time I was asked to log in to a Duo Mobile push notification, it took me 40 minutes to perform the login. As a result of this, I do not have a high opinion of “Duo Mobile.”
Edit/Note:
I doubt that the Cthulhu machine has a TPM, but it was apparently sufficient for the Duo Mobile app. That is why I mentioned it. I hope this is not off-topic.
Wow, that is involved!! LOL. Thanks for the insight.
My biggest obstacle is always that I refuse to accept G**gle’s T&C. So the play store and Android apps are unavailable to me. (I’m no more fond of Apple) It looks like there may be a way to initially select a FIDO2 USB security key, but I may have to wait for the company laptop before I try anything again. Flying a little blind at the moment.
You can use the Aurora Store to bypass using the Play Store:
When prompted, use the “anonymous” token option to avoid creating and/or signing into a Google account.
Wow, that’s smart. A lot of my computer use in my spare time has revolved around creating custom games in an old game editor from 2002. I used it for many years and kept coming back; I’m sure many people would say that’s a personal problem, and it is, but it gives a feeling of being good at something which is in reality so stupid that nobody else would become good at it, which can provide a sense of accomplishment in an imaginary universe or universes.
Unfortunately, the game that I like to play eventually changed their T&C to state that everything ever created in their game’s editor is the express property of the company who owns the editor. The T&C also says that you have to agree to all future versions of the T&C forever.
Then, in recent years, that game was purchased by Microsoft. However, separately and further back in time, Microsoft also purchased Minecraft. More than a decade ago, I bought my license to Minecraft from a guy named Notch and the T&C clearly stated that my $20 purchase will grant access to all future versions of Minecraft ever created, and all future DLCs ever invented for that game, to infinity. However, Microsoft revoked my Minecraft account [on no valid basis, because I did not happen to log in for some period of time that they invented]. Ergo, I believe that this company “Microsoft” has defaulted on their T&C’s with me in general and I don’t care about their opinion. It highlights the problem that T&C are to do with the law, and the law in the United States has mostly collapsed into – as they state in The Art of the Deal: The Movie:
Whoever has the most money, and the most lawyers, wins.
Because of that situation, agreement to a T&C or not probably doesn’t actually matter. Even if you agree and then violate it, if you aren’t making a lot of money and don’t have their attention, then they do not care. Even if you do not agree to it, if you are making a lot of money and do have their attention, then they probably will care and will invent a reason to attack you.
I am not a lawyer. This is not legal advice, and a lawyer would likely also tell you that it’s not good advice.