Librem V4, Qubes, Heads and Librem Key


Greetings all!

I have done a bit of research and as best that I can see the Librem Key currently does not work with Qubes. Is that correct? I recently received my Purism 13 inch (v4) and installed Qubes immediately (with LUKS encrypted hard drive).

I have the Librem key, but outside of the GPG Key storage it does not seem to have a huge use for my preferred set up at the moment . Is that correct, or (hopefully) am I wrong and I can upgrade the BIOS to use Heads (away from the default version it ships with) and then maximise the use of the Librem Key with the device’s inbuilt security settings and Qubes OS?

I have researched it, and it seems that this may not work.

Thanks in advance, anyone and everyone :slight_smile:


As an update, I have managed to upgrade the BIOS and it is running Heads, with PureOS. However, I am confused as it seems I can probably simply install a new OS (eg Qubes) and it will not change the BIOS and therefore get the security of the Librem Key to test the BIOS and then Qubes for other / additional security features.

Has anyone tested out this set up at all; or have any input?


As for the steup with the Librem key, Qubes and Heads, I doubht it will work. At least a few weeks ago I was in contact with Mladen about it and at that point, they were still working on an adapted version of Heads to work with the Librem keys.
But I don’t see what would stop you from using HEADS with Qubes.


I’m confused by what you are asking. Changing the OS has no effect on the system firmware

Our Pureboot firmware has worked with the Librem keys since around the beginning of the year, I’m not sure what you or Mladen was referring to. Pureboot + LK + Qubes (or any other distro) works perfectly well


I’m talking about HEADS with LK instead of a smartphone as second factor (which requires an adapted version of HEADS). I had the impression, they were not quite done adapting HEADS to it and I couldn’t find any documentation how it would be set up if it was possible. Maybe I just misinterpreted it and he was only talking about some Pure OS integration (say for updates).

If I get you correctly and it is already possible to set up HEADS with an LK as second factor (for whatever OS), would you please provide a pointer to some documentation (if existent) how this can be done?


and I’m saying we’ve had this available for 6+ months now

easiest way to install is via the coreboot update/utility script: