After reading some articles on the puri.sm site and the heads wiki I understand the basic working of Pureboot/Heads (TPM checks firmware, if okay releases secret, heads uses secret to generate HOTP code, Librem key generates HOTP code, they are compared).
However, I could not quite figure out what does Heads/Pureboot use the public RSA key for?
So the libem key generates a keypair and the public key is incorparated into the Heads firmware, correct?
Furthermore, you are backing it up on a USB drive. For what exactly? So you can use the keypair also for other stuff?
Lastly, what files are actually signed with the public key? Is it /boot?
I am just a curious user. Thanks for an answer