Status of Pureboot (Heads)

purism121 · October 19, 2019, 12:41am

I was reading about the status of Heads and other Pureboot issues (coreboot, Librem key) and checked this link:
https://docs.puri.sm/PureBoot/Heads/User_Manual.html#current-status
which says that Heads is still in beta.
Is this information current? If not, is there any new documentation on how to install Heads with a Librem key on a Librem 13v3 with TPM?
Is there a simple command to verify presence of TPM?

mladen · October 19, 2019, 7:43am

The docs are current, so use that please.

Run this in terminal: ls /dev/tpm0

nut53invs · October 20, 2019, 5:12am

Doesn’t seem current for 13v3 with TPM.

I followed it on a new 15v3 with TPM the past 48 hours or so, with Librem Key.

Was able to install a pre-built Heads image, but too many errors to list and dialogs that don’t make any sense regarding what to do.

Could boot POS with it, but latest Qubes couldn’t even boot.

Now trying to build Heads from source in that doc.
Got as far as the “Add binary blobs” section.

There, the ./get_blobs.sh script fails out with “Downloaded Intel Flash Descriptor has the wrong SHA256 hash”

Seems to be because it’s not really downloaded, maybe because the source location gives a 404 error, if I try to go there manually via browser.

MrChromebox · October 21, 2019, 9:50pm

I’m not able to reproduce this issue here - the get_blobs scripts work correctly for both Skylake and Kabylake devices. Please post the URL you’re manually using to test so I can check against the script / sources

chill · October 23, 2019, 2:12pm

Just to add some encouragement. I finally got up the courage to update my Librem 15v3 w/TPM to Coreboot/Heads (PureBoot) from the Coreboot/SeaBIOS it came with from the factory. I say “courage” because it is my primary machine and I feared a bricked laptop.

Following the instructions in the docs, it worked without any major hiccups. I do not use PureOS but rather run KDE Neon and did not have any problems. Upgrading and flashing the firmware isn’t a novice-friendly procedure, but they tell you that right up front. Just follow the directions carefully and you should be fine. I just used the provided scripts and didn’t compile anything from scratch.

One of the big factors in my decision to purchase the Librem laptop was the Librem Key and the ability to verify BIOS and /boot partition tampering. I finally got that to work and it is impressive.

MrChromebox · October 24, 2019, 7:03am

thanks for the kind words. we’ve done a lot of work to improve the usability of PureBoot over the last several months, but realize it still has a ways to go before it reaches ‘production level’ quality/ease of use, etc.