• Baut [she/her] auf.@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      1
      ·
      11 months ago

      I think Heads (osresearch.net) uses security keys as a kind of substitute TPM, however that only works if you replace your - supported - PCs firmware with it.
      I don’t know too much about how this works in particular, so I can’t really compare it. safeboot.dev recommends Heads where possible, which I understand is partly due to safeboot relying on proprietary firmware implementations, while Heads uses libre software for the most part. Sadly the Heads firmware only supports older models/CPUs, which afaik don’t receive (all) microcode updates, including one which weakens the IOMMU.