Purism Working On PureBoot To Secure Your Data & Fully Verify The Linux Boot Process
Purism's PureBoot consists of having the Intel Management Engine permanently disabled, Coreboot as a replacement to the system BIOS, a TPM chip, Heads as their boot software, the USB Librem Key as the security token, and multi-factor authentication to handle disk encryption via the Librem Key.
Basically it's their full stack offering for protecting the data on your Librem system(s) from theft, fending off BIOS malware or kernel rootkits, and mitigating any Management Engine risks. The concept isn't new but they are making the offering easy-to-deploy and utilize for their customers. This is one of the most interesting value adds yet by the different Linux laptop vendors.
Purism intends to be shipping PureBoot by default on their new hardware soon but for existing Librem laptop customers they intend to offer an upgrade process. General availability on PureBoot is expected next quarter.
More details via the Purism documentation.