The Wiki says that the Librem Key is mandatory.
Wouldn’t it be possible to use a phone TOTP such as Authy/Google Authenticator for the anti-tampering verification and save the GPG keys somewhere else (such as existing Yubikey) as a backup, for the Librem 15v4?
IIRC the Heads project supports TOTP token generation via the TPM, so I wonder if it will be possible
to test PureBoot without the Librem Key and if such setup was tested or documented anywhere.
I need to know before I proceed with the order.
Our PureBoot builds are configured specifically to use the Librem Key instead of another device for TOTP. There’s no fallback to other methods if a Librem Key is unavailable. You’d need to recompile the firmware with the Librem Key config option removed.
I don’t want to hack around it since it means I will have to re-do this process upon every upstream
update, while also ensuring it doesn’t break anything else on the way…
Doesn’t sound like a fun task, it’s unfortunate since I already have Yubikey implemented in my ecosystem
so switching to Nitrokey will require some changes as well.
Do you plan to implement alternative TOTP methods in the future?
Hm. I thought in the old blog posts it displayed a code that one could verify with a phone app?
Actually, if you are ok with “bypass all check” option, you can use pureboot without a librem key.
(But why not just get a librem key )
you’re right, I forgot about the QR code / phone app option
The option to remove the Librem Key in Pureboot is this?
I don’t have the Librem Key and currently I have coreboot + seaBIOS, but want to try PureBoot.
correct, you can either remove that line or set to