A minimal Linux that runs as a coreboot or LinuxBoot ROM payload to provide a secure, flexible boot environment for laptops, workstations, and servers. Heads is an open source custom firmware and OS configuration for laptops and servers that aims to provide slightly better physical security and protection for data on the system. Unlike Tails, which aims to be a stateless OS that leaves no trace on the computer of its presence, Heads is intended for the case where you need to store data and state on the computer. Heads is not just another Linux distribution – it combines the physical hardening of specific hardware platforms and flash security features with custom coreboot firmware and a Linux boot loader in ROM. This moves the root of trust into the write-protected region of the SPI flash and prevents further software modifications to the bootup code (and on platforms that support it, Bootguard can protect against many hardware attacks as well).
Features
- Hypervisor, kernel and initrd images are signed by keys controlled by the user
- Documentation available
- Open source custom firmware
- OS configuration for laptops and servers
- Provides slightly better physical security and protection for data on the system
- Examples available