Hi Robert!
-
Currently a lot of the focus on PureBoot has been redirected to supporting new hardware like the Librem 14 and Librem Mini v2 instead of usability.
-
This is better described in detail in our PureBoot Getting Started Guide: https://docs.puri.sm/PureBoot/GettingStarted.html
-
Yes, we treat Qubes as a first-class citizen and test any new PureBoot or coreboot releases against it, as well as test any new hardware against it to ensure it runs. For instance, currently the “stable” Qubes release is a bit too old to support the newer CPU in the Librem 14 or Mini v2 but we have successfully gotten it working with their latest RC release.
-
Yes, this is because we use Debian’s cryptsetup (specifically it’s openpgp-sc module) which integrates with generic OpenPGP smart cards. Fedora and Qubes use a different method to unlock LUKS volumes so someone would need to port/mimic the work the Debian team did in cryptsetup smart card support to Fedora (which would eventually make its way to Qubes dom0).
-
If you mean require both the Librem Key + PIN and the traditional passphrase, no that is not currently an option. However if you pick a strong PIN for the Librem Key I would think that would be sufficient.
-
It’s something we keep in mind and if you track our progression (Librem Key, Librem 5 devkit, Librem 5 USA) we are slowly increasing the complexity of the projects we are bringing to the US.
-
We definitely would like a freed EC and that’s something we are looking into for the Librem 14.