Phyzog,
The last Coreboot update was released in February with instructions on compiling it. Not by apt-get update.
As far as doing an update & upgrade. I wouldn’t recommend it. I had to update Chromium on Pure Os, which requires download from the debian source lists. After a full upgrade with Debian sources, it broke something with LUKS (Prompting twice for decryption passwords)
But to answer your question, Purism does have this keyring posted on the Github Repo. Not sure how far it will get you or whether it is up to date.