PureBoot

The big news for Purism and security in 2019 was PureBoot, the name we gave to the many different technologies we use to secure the boot process including a neutralized and disabled Intel Management Engine, our coreboot firmware, our TPM chip integration, Heads our tamper-evident boot software, our Librem Key USB security token we use to detect tampering along with Heads, and multi-factor disk unlocking using the Librem Key.

We first announced PureBoot in February of 2019 and in April provided a new coreboot script that allowed customers to download pre-built binaries of PureBoot for the first time (before that customers needed to build it from source). Between then and September we continued to make UI improvements to PureBoot and in September announced the PureBoot Bundle so that customers could choose to have PureBoot installed and configured for them with a Librem Key right at the factory.

Librem 5

The Librem 5 also saw a number of security announcements during the year including “Lockdown Mode” an advanced feature that disables all sensors on the Librem 5 when all kill switches are activated.

Secure Supply Chain

This year also saw a number of improvements in supply chain security. On the physical supply chain front we announced the Made in USA Librem Key and more recently the Librem 5 USA. In both cases we are bringing the manufacturing of our electronics next to our fulfillment center where we can more directly oversee it.

Finally we publicized our anti-interdiction services, a service that adds a number of sophisticated security measures to our fulfillment process to make it difficult to tamper with laptop shipments without detection. Up until now we haven’t publicized the service even though we offered it to customers who asked. Now it appears as an upgrade option on our laptops along with the PureBoot Bundle. We’ve already seen a dramatic interest in the service since we announced it publicly.