contador web Saltar al contenido

Purism wants to protect Linux computers with PureBoot

Purism has announced the new set of boot technologies that promises to improve security on your system.

Purism announced on its website a new Linux graduate dealing with system booting through a technology called PureBoot. The announcement was made by Kyle Rankin, Purism's Security Director, on Monday (25).

  Purism wants to protect Linux computers with PureBoot

According to the note released by Kyle, current methods for the safety of boot (or system boot) are only approaches that are convenient only for hardware vendors, taking control of users' hands. It further adds that currently the two existing alternatives are either using signature keys that allow the boot software to run, or simply disabling the Boot Security.

O Pureboot It is not a new tool but the set of 6 (six) security technologies and practices, and according to Purism, this technology reconciles security with user control and convenience. The practices are:

1- Intel Management Engine Neutralized and Disabled;

2- The replacement of the BIOS by coreboot free software;

3- A Trusted Platform Module (TPM) chip;

4- Heads, Purism's inviolable boot software that is loaded from coreboot;

5- Librem Key, Purism USB Security Token;

6- Multiple factor authentication that unlocks disk encryption using the Librem key;

With this, Purism believes that by giving users more control at boot time, they will be able to audit and see if there is any change in it, as as Kyle himself comments, if attackers can gain access to the boot process, they will be able to inject malicious software there that will not be detected by the system.

If you would like more technical details and how each of the 6 PureBoot practices will work, just go to this Kyle post link or his full documentation.

Hope to see you next post, big hug.

_____________________________________________________________________________ See any errors or would you like to add any suggestions to this article? Collaborate, click here.