Boot and BIOS – Purism

Hidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison

Rex M. Lee — Tue, 10 Jun 2025 15:18:36 +0000

The Threat Beneath: The Invisible Operating Systems Inside Your Devices Beneath the surface of nearly every modern computer lies a hidden threat—one most users never see or control. Today’s Intel and AMD processors ship with embedded subsystems like the Intel Management Engine (ME) and AMD’s Platform Security Processor (PSP)—proprietary, low-level firmware environments that operate outside and below your main operating system.

The post Hidden Operating Systems in Chips vs. Secure, Auditable OSes: A Cybersecurity Comparison appeared first on Purism.

PureBoot Not Vulnerable to UEFI Exploits (Again)

Jonathon Hall — Mon, 11 Dec 2023 16:16:48 +0000

LogoFAIL: Subverting UEFI Secure Boot The Binarly Research Team recently presented LogoFAIL, a new exploit defeating UEFI Secure Boot. In short, an attacker with access to the hard disk of a UEFI system could gain firmware-level control over the computer, even on a device using UEFI Secure Boot. LogoFAIL appears to affect most UEFI implementations. […]

The post PureBoot Not Vulnerable to UEFI Exploits (Again) appeared first on Purism.

Librem 11 Memory Adventures

Jonathon Hall — Wed, 27 Sep 2023 13:04:42 +0000

A Recent Memory When I started porting coreboot to the Librem 11, one of the first few tasks was to get memory working. Like the Librem 5, the Librem 11 has soldered memory (“memory down”). This has implications on the firmware. Socketed memory carries a small SPD EEPROM with information about the memory module. Memory […]

The post Librem 11 Memory Adventures appeared first on Purism.

PureBoot Framebuffer Boot Support

Jonathon Hall — Wed, 05 Jul 2023 13:00:46 +0000

The latest release of PureBoot, Release 27, now boots memtest86+, Debian netinst, and other OSes that rely on framebuffer output! We worked with the Heads team to implement this change upstream, and it is now in our latest release. Update your firmware with our update instructions! If you’ve ever tried to boot from PureBoot, and […]

The post PureBoot Framebuffer Boot Support appeared first on Purism.

Protect Infrastructure with Librem L1UM v2 (Press Release)

Jonathon Hall — Thu, 27 Apr 2023 18:58:34 +0000

FOR IMMEDIATE RELEASE- Purism has added a new model to the Librem L1UM product line with new hardware designed to protect infrastructure, including critical infrastructure. There are numerous threats posed by nation-state hackers, criminal organizations, and bad actors who are constantly exploiting vulnerabilities within networks that operate critical infrastructure posing numerous security, privacy, and safety […]

The post Protect Infrastructure with Librem L1UM v2 (Press Release) appeared first on Purism.

New Automatic Power-On firmware for Librem Mini

Jonathon Hall — Wed, 29 Mar 2023 15:27:43 +0000

Our latest coreboot/SeaBIOS and PureBoot releases bring new firmware configurations for the Librem Mini v1 and v2! Many users use the Librem Mini as a headless server and have asked for firmware that would boot up automatically when powered, like an appliance. Once enabled, the setting persists as long as the RTC battery is plugged […]

The post New Automatic Power-On firmware for Librem Mini appeared first on Purism.

Introducing PureBoot Restricted Boot

Purism — Thu, 03 Nov 2022 22:54:10 +0000

We have been busy on the PureBoot front! Recently we announced “PureBoot Basic Mode” which is a low-security option for PureBoot that disables tamper detection, but leaves you with the robust PureBoot recovery console for debugging boot issues. To balance our last “low security” feature, our most recent PureBoot release, version 23, offers a new […]

The post Introducing PureBoot Restricted Boot appeared first on Purism.

Introducing PureBoot Basic

Purism — Thu, 01 Sep 2022 18:02:12 +0000

PureBoot is our high-security, tamper-detecting boot firmware that we offer as an alternative to our default coreboot firmware on hardware like our Librem 14 and Librem Mini. The combination of PureBoot, our anti-interdiction services, and the option of Qubes as the pre-installed OS makes hardware like the Librem 14 among the most secure computers you […]

The post Introducing PureBoot Basic appeared first on Purism.

Privacy in Depth

Purism — Thu, 14 Jul 2022 15:52:51 +0000

In the security world there is a concept called “Defense in Depth” that refers to setting up layers of defense so that if an attacker bypasses one layer there are other layers they must contend with. In physical security this might take the form of a lock on the outside door of an office building, […]

The post Privacy in Depth appeared first on Purism.

PureBoot’s Powerful Recovery Console

Purism — Thu, 09 Jun 2022 18:39:05 +0000

Normally when we talk about our high-security boot firmware PureBoot, it’s in the context of the advanced tamper detection it adds to a system. For instance, recently we added the ability to detect tampering even in the root file system. While that’s a critical benefit PureBoot provides over our default coreboot firmware, it also provides […]

The post PureBoot’s Powerful Recovery Console appeared first on Purism.

PureBoot 101 | First Boot, First Update, and Detecting Software Tampering

Purism — Wed, 09 Mar 2022 16:20:21 +0000

Whether you face serious threats or just want peace of mind, PureBoot lets you detect tampering starting from your boot firmware down into the OS itself. The PureBoot bundle is comprised of the BIOS, Librem Key, and USB vault. This video dives into what each part does. This next video shows you what to expect […]

The post PureBoot 101 | First Boot, First Update, and Detecting Software Tampering appeared first on Purism.

The Beat of a Different DRM

Purism — Sat, 15 Jan 2022 02:40:10 +0000

Canon made big news this past week when it started telling customers how to defeat the Digital Rights Management (DRM) in its toner cartridges because of supply chain issues with the chips they normally use to enforce it. That Canon explained how to bypass the DRM when it suited them, and that it didn’t negatively […]

The post The Beat of a Different DRM appeared first on Purism.

Librem 14: Adding Librem EC, Freed Embedded Controller Firmware

Purism — Mon, 22 Feb 2021 12:35:16 +0000

Starting with the Librem 14 laptop we are including fully liberated Embedded Controller (EC) firmware with all the source code available. This is something we set as a goal a long time ago, and now we are finally here. Let’s first start by explaining what the EC is and does. A PC these days is […]

The post Librem 14: Adding Librem EC, Freed Embedded Controller Firmware appeared first on Purism.

Librem 14 Status Update: Shipping Starts in December

Purism — Mon, 09 Nov 2020 08:00:15 +0000

Librem 14 will begin shipping in December with all backorders shipped in January and reaching shipping parity in February.

The post Librem 14 Status Update: Shipping Starts in December appeared first on Purism.

Why the GRUB2 Secure Boot Flaw Doesn’t Affect Purism Computers

Purism — Thu, 30 Jul 2020 18:03:11 +0000

Whenever a new security issue gets announced one of the first questions we all ask ourselves is: am I vulnerable? We have started to get questions from our customers after the announcement of a series of major security bugs in GRUB2 so I felt that it was appropriate to write up a quick post to […]

The post Why the GRUB2 Secure Boot Flaw Doesn’t Affect Purism Computers appeared first on Purism.

Librem Mini Shipping with Active Cooling

Purism — Fri, 03 Jul 2020 17:44:07 +0000

There’s nothing like making a public announcement to ensure that a situation will change. That’s certainly been true in the case of our Librem Mini. Just over a week ago we announced the Librem Mini was ready to ship and highlighted one issue we intended to solve with a future software update: If you ordered […]

The post Librem Mini Shipping with Active Cooling appeared first on Purism.

Librem Mini Update: Hardware is Here, Finishing Coreboot

Purism — Mon, 08 Jun 2020 18:50:11 +0000

In our last Librem Mini Update we mentioned that the hardware should be arriving around the end of May and we’re happy to announce that our estimates were mostly on track: we received the first Librem Mini batch a bit over a week ago! In parallel we have been working hard to port coreboot to […]

The post Librem Mini Update: Hardware is Here, Finishing Coreboot appeared first on Purism.

Librem Hardware and the Intel CSME Vulnerability

Purism — Fri, 20 Mar 2020 09:06:59 +0000

Whenever a security vulnerability comes out one of the first questions that come to many peoples’ minds is: am I affected? The last couple of years in particular have seen a lot of hardware-based vulnerabilities in Intel processors and in those cases generally it’s a matter of looking at the affected list of hardware and […]

The post Librem Hardware and the Intel CSME Vulnerability appeared first on Purism.

2019 Year in Review: Security

Purism — Mon, 30 Dec 2019 15:24:43 +0000

PureBoot The big news for Purism and security in 2019 was PureBoot, the name we gave to the many different technologies we use to secure the boot process including a neutralized and disabled Intel Management Engine, our coreboot firmware, our TPM chip integration, Heads our tamper-evident boot software, our Librem Key USB security token we […]

The post 2019 Year in Review: Security appeared first on Purism.

Librem 5 November 2019 Software Update

Purism — Tue, 24 Dec 2019 13:32:33 +0000

General In November, we shipped the Birch batch of Librem 5, fixed audio routing, made changes to various apps and shared Librem 5 at various meetups and talks. A couple of other articles appeared about software development: Oxidizing Squeekboard described the use of the Rust programming language in the Librem 5’s virtual keyboard, and the […]

The post Librem 5 November 2019 Software Update appeared first on Purism.

PureBoot Best Practices

Purism — Tue, 22 Oct 2019 01:57:42 +0000

PureBoot is our cutting-edge secured boot process that combines a number of technologies including: Neutralized and Disabled Intel Management Engine where only the code absolutely essential for the system to boot is left in the ME. Coreboot the free software BIOS replacement. A Trusted Platform Module (TPM) chip. Heads, our tamper-evident boot software that loads […]

The post PureBoot Best Practices appeared first on Purism.

Announcing the PureBoot Bundle: Tamper-evident Firmware from the Factory

Purism — Tue, 03 Sep 2019 18:39:16 +0000

We have been promoting the benefits of our PureBoot tamper-evident firmware with a Librem Key for some time, but until now our laptops have shipped with standard coreboot firmware, that didn’t include tamper-evident features. To get tamper-evident features, you had to reflash your Librem laptop with PureBoot firmware after the fact, using our standard firmware […]

The post Announcing the PureBoot Bundle: Tamper-evident Firmware from the Factory appeared first on Purism.

Security Advisory: Kernel and Firmware Updates for Intel MDS Vulnerability

Purism — Mon, 20 May 2019 22:31:05 +0000

Last week Intel announced a new group of speculative execution vulnerabilities in its processors related to the well-known Spectre and Meltdown vulnerabilities from over a year ago. These new attacks have been labeled as the MDS (Microarchitectural Data Sampling) vulnerabilities by Intel, but in the age of branded vulnerabilities they also have been given more […]

The post Security Advisory: Kernel and Firmware Updates for Intel MDS Vulnerability appeared first on Purism.

Complete PureBoot Demo and More Progress

Purism — Mon, 29 Apr 2019 16:10:43 +0000

Hi again! Things have been busy on the PureBoot front since our last blog post on overall coreboot progress. – and we can prove it: we now have a video that walks us through the complete PureBoot demo we showed for the first time at SCALE a few weeks ago. The video, as you can […]

The post Complete PureBoot Demo and More Progress appeared first on Purism.

Purism’s Librem 5 Progress in Videos

Todd Weaver — Wed, 17 Apr 2019 15:10:05 +0000

The Purism team is making a remarkable progress to deliver the Librem 5 phone. Nothing shows the progress we have been making quite as clearly as a demonstration of the Librem 5 status from the devkit itself – so let us take you through a handful of (short) videos showcasing the current possibilities and development […]

The post Purism’s Librem 5 Progress in Videos appeared first on Purism.

Coreboot News: New Script, Pre-built Binaries and PureBoot on Non-TPM Laptops

Purism — Thu, 11 Apr 2019 14:05:17 +0000

Things have been busy in the coreboot department, lately, and we are excited to announce a number of new improvements: Pre-built binaries of our default coreboot BIOS firmware Pre-built binaries of our tamper-evident PureBoot firmware Improved script to automate coreboot builds and flashing from pre-built binaries PureBoot tamper-evident support for non-TPM Librem 13 version 2 and […]

The post Coreboot News: New Script, Pre-built Binaries and PureBoot on Non-TPM Laptops appeared first on Purism.

Protecting the Digital Supply Chain

Purism — Tue, 13 Nov 2018 20:21:44 +0000

You first learn about the importance of the supply chain as a child. You discover a shiny object on the ground and as you reach down to pick it up your parent says “Don’t touch that! You don’t know where it’s been!” But why does it matter whether you know where it’s been? When your […]

The post Protecting the Digital Supply Chain appeared first on Purism.

Adventures with coreboot and NVM Express storage

Purism — Thu, 11 Oct 2018 23:11:21 +0000

Let me tell you how I made NVMe SSD support work on the first generation Librem laptops. This story is pretty old, from before the Librem 13 version 2 was even released, so it has been simplified and brought back to the current state of things as much as possible. The solutions presented here have […]

The post Adventures with coreboot and NVM Express storage appeared first on Purism.

The Librem Key Makes Tamper Detection Easy

Purism — Mon, 24 Sep 2018 14:38:35 +0000

From the beginning we have had big plans for the Librem Key. When we first announced our partnership with Nitrokey to produce the Librem Key all we could talk about publicly was the standard USB security token features it would have and some of the integration possibilities between the Librem laptop and Librem Key that […]

The post The Librem Key Makes Tamper Detection Easy appeared first on Purism.

Introducing the Librem Key

Purism — Thu, 20 Sep 2018 15:03:39 +0000

A few months ago we announced that we were partnering with Nitrokey to produce a new security token: the Librem Key and I’m pleased to announce that today the Librem Key is available for purchase on our site for $59. What is a USB Security Token? In case you haven’t heard of USB security tokens […]

The post Introducing the Librem Key appeared first on Purism.