PureBoot/Heads doc outdated

#1

From the doc: https://docs.puri.sm/PureBoot/Heads/User_Manual.html#heads-beta-installation-instructions

A Librem Laptop with a TPM chip running PureOS (sorry Qubes users, the dom0 flashrom is too old)

Just want to report that I just did it and it is working fine, no issue on the current version of Qubes OS to flash it from dom0

Build the rom / tools / and everything needed in a AppVM, then copy the result to dom0, then flash
( but needed to modify a bit the coreboot_util.sh script )

#3

On the same page, in section Perform initial Heads configuration, the last paragraph reads:

Note that during the process of setting up the default boot option, Heads will ask you whether you want to store your LUKS password in the TPM. This is not currently a supported option so stick to the default answer, no, when prompted. You should then boot into your OS.

I successfully installed PureBoot today on my Librem15v4 with PureOS, and at this stage Heads did not ask me whether to store your LUKS password in the TPM. Is this outdated, or is it a peculiarity of my installation process or setup?

I built both Coreboot and Coreboot+Heads images from source using the instructions on the same page, and I already started a couple of months ago to use my Librem key at boot for main internal storage LUKS key unlocking.

#4

I have been trying to get Qubes installed using Pureboot/Heads but when I install Qubes it does not have the ability to recognise the network or USB’s and ultimately it will not launch an VM. I am curious if you installed Qubes first, then flashed the BIOS to Pureboot, or the other way around. I’d really like to get the Librem Key working with Pureboot and Heads - which it sounds like you both have!

#5

Yes I use Librem Key + Pureboot + Heads + Qubes

-> Installed Qubes
-> Flashed the BIOS to have HEADS
-> (reinstalled Qubes but another reason, so probably not necessary)

But be sure to use the latest kernel available https://www.qubes-os.org/doc/software-update-dom0/#kernel-upgrade

#6

That is awesome, thanks @neowutran! I have just flashed my BIOS back to SeaBIOS, and will try to get Qubes going, then reflash the BIOS to HEADS…will let you know :wink: