I wrote about our unique set of high security features for the Librem 14 such as anti-interdiction, Qubes, hardware kill switches, and PureBoot. What other security features would you like to see us add to this in the future? puri.sm/posts/my-recommendatio


- first boot setup: offer user to change the like masterkey for disk encryption
- offer boot medium that allows to evaluate all packages installed on a librem against repositories
- offer option to include as much as possible of /boot into the checksums evaluated by pureboot/heads

@chrichri First, thanks for the recommendations. I have a couple clarifying questions:

For point 2: evaluate packages in which way?

For 3: currently we include all but files that begin with kexec* because they are used *by* PureBoot and some like HOTP counter change each boot, and others like the checksum file itself, have to be excluded.



2: check whether any files have been altered compared to repositories containing the packages containing the files. List files that do not belong to packages.

3: last time I looked into it new files have been ignored. Changes to directory content/structure in general should be monitoried.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml