I wrote an article about best practices (including travel tips) for PureBoot, @purism 's tamper-evident boot firmware that allows the user to control all of the keys and secrets used for the signing process. Check it out here: puri.sm/posts/pureboot-best-pr

I've gotten some questions about Packagekit and why we don't provide interactive signing during package updates. I talk at length about some of the challenges with that approach here: github.com/osresearch/heads/is

Show thread

@kyle @purism firstly I saw Purism, then PureOS, then now PureBoot. Nice, Puri.sm people, and thanks @kyle for this article.

Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml