Do you have Coreboot/SeaBIOS or PureBoot/Heads installed?
The Librem Mini does not have a TPM chip. Purism uses software to emulate the functionality of a TPM chip in PureBoot. If you have PureBoot, you might want to reflash your Mini to use standard Coreboot.
Thanks for your reply. Is there any reading material on this software function of a TPM? I am simply curious to learn more. I have the Pureboot/HEADS bios. Unless Pureboot/HEADS is somehow a compromise in security I probably won’t reflash to Coreboot. Unless there benefits and hardly any security compromises at least. I am open to learning more if you don’t mind sharing some info on the two or the differences, etc.
okay, thanks. I assume the above mentioned is accurate though? Purism uses software to emulate the function of a TPM? Can you disclose more info about this if possible?
well, I had Pureos installed by default when the Mini was shipped. I got it home and I played around with it. There were some things I didn’t care for, nothing major just customization, appearance biases, so I went and installed PopOs. Ever since then I have had to go into boot options to load PopOs in the Pureboot menu, which I think bypasses the anti tampering mechanism?
Could you help me get it so its running like yours? I do like PureOs, I haven’t changed the OS on the 14 I got. I use either VM’s or boot live with persistence for various needs. On the Mini though, that is basically my new home computer. I haven’t used the gaming machine I bought, I should sell it cause its a huge power hog. And I simply don’t game that much.
Not exactly - Since the Mini doesn’t have a TPM to measure each stage of the boot process, Pureboot “measures” the entire firmware flash by reading/hashing it at boot. It’s not as good as having a TPM, but it’s better than nothing.
only if you choose the ‘force unsafe boot’ option. Simply selecting an option from the boot menu is not bypassing any checks. Though, you should set it as the default option (which requires the LK to re-sign) so using the menu is not necessary
I’m running a custom build of coreboot+Tianocore on mine (working on getting UEFI Secure Boot working), so likely not what you’re looking for