|
| 1 | +--- |
| 2 | +layout: default |
| 3 | +title: Heads Vendors and Resellers |
| 4 | +permalink: /Vendors/ |
| 5 | +nav_order: 1 |
| 6 | +parent: About |
| 7 | +--- |
| 8 | + |
| 9 | +# Heads Vendors and Resellers |
| 10 | + |
| 11 | +For those who prefer not to manually flash Heads firmware on their devices, |
| 12 | +several vendors and resellers offer laptops, workstations, and servers with |
| 13 | +Heads preinstalled. These vendors provide a range of secure and privacy-focused |
| 14 | +devices, making it easier for potential users to get started with Heads without |
| 15 | +the hassle of searching for options online. By choosing one of these vendors or |
| 16 | +resellers, users who don't want to open their devices and flash manually can |
| 17 | +easily get a device with Heads preinstalled. This provides a straightforward |
| 18 | +solution for those who would benefit from Heads' secure firmware but need a more |
| 19 | +accessible option. Additionally, many of these vendors offer customization |
| 20 | +options, preinstallation of various operating systems, and anti-interdiction |
| 21 | +mechanisms to ensure the security and integrity of the devices. |
| 22 | + |
| 23 | +The vendors are listed alphabetically. |
| 24 | + |
| 25 | +## Vendors and Resellers |
| 26 | + |
| 27 | +### HardenedVault (VaultBoot) |
| 28 | +HardenedVault provides VaultBoot (a variant of Heads) preinstalled on their |
| 29 | +devices. |
| 30 | + |
| 31 | +- **Website:** [HardenedVault](https://hardenedvault.net) |
| 32 | +- **Products:** Servers |
| 33 | + |
| 34 | +### Nitrokey (Heads) |
| 35 | +Nitrokey offers Heads preinstalled on some of their devices. They also sell |
| 36 | +older refurbished laptop models with Intel ME neutralized and Nitrokey USB |
| 37 | +security dongles. Additionally, Nitrokey resells some of NovaCustom's laptops. |
| 38 | + |
| 39 | +- **Website:** [Nitrokey](https://www.nitrokey.com) |
| 40 | +- **Products:** Laptops, phones, servers, workstations, mini-PCs, USB security |
| 41 | + dongles, and older refurbished laptop models with ME neutralized |
| 42 | + |
| 43 | +### NovaCustom (Heads) |
| 44 | +NovaCustom offers devices with Heads preinstalled. They focus on providing |
| 45 | +customizable and secure devices for their customers. NovaCustom buys Clevo |
| 46 | +laptops in bulk, ensuring BootGuard keys are not fused at the last manufacturing |
| 47 | +steps. They also resell Nitrokey 3 USB security dongles bundled with their |
| 48 | +Heads-based firmware devices. |
| 49 | + |
| 50 | +- **Website:** [NovaCustom](https://novacustom.com) |
| 51 | +- **Products:** Laptops and USB security dongles |
| 52 | + |
| 53 | +### Purism (PureBoot Heads distribution) |
| 54 | +Purism offers laptops, tablets, mini PCs, and servers with PureBoot (a |
| 55 | +distribution of Heads) preinstalled. BootGuard is unfused to ensure firmware |
| 56 | +remains user-controlled. Purism makes and sells the Librem Key, which is a clone |
| 57 | +of the Nitrokey Pro 2. The Librem Key is made in the USA. |
| 58 | + |
| 59 | +- **Website:** [Purism](https://puri.sm) |
| 60 | +- **Products:** Laptops, phones, tablets, mini PCs, servers, and USB security |
| 61 | + dongles |
| 62 | + |
| 63 | +## General Information |
| 64 | + |
| 65 | +Many of these vendors offer additional services and features, including: |
| 66 | + |
| 67 | +- **OS Preinstallation Options:** Vendors may offer preinstallation of various |
| 68 | + operating systems, including QubesOS, PureOS, and others. |
| 69 | +- **Anti-Interdiction Mechanisms:** Vendors provide anti-interdiction services |
| 70 | + to ensure the security and integrity of the devices during shipping. |
| 71 | +- **QubesOS Certification:** Some devices may be QubesOS certified, ensuring |
| 72 | + compatibility and security. |
| 73 | +- **CSME/ME Status:** Some vendors offer options to neutralize or disable Intel |
| 74 | + CSME/ME. "Neutralized" means most parts of the ME are removed, while |
| 75 | + "disabled" means the ME is deactivated. Users should verify these options on |
| 76 | + the respective vendor websites. For more information, refer to Purism's blog |
| 77 | + post on this topic: [Deep Dive into Intel ME Disablement](https://puri.sm/posts/deep-dive-into-intel-me-disablement/). |
| 78 | +- **Blob Status:** The newer the platform, the more it relies on proprietary |
| 79 | + blobs. Users should consider their threat model when choosing a device. For |
| 80 | + more information, refer to the [threat modeling page](/Heads-threat-model/). |
| 81 | +- **HOTP Security Dongles:** Purism and Nitrokey are makers of HOTP-compatible |
| 82 | + security dongles. USB security dongles are used for both remote attestation |
| 83 | + and to authenticate and sign boot content. Heads relies on HOTP for tamper |
| 84 | + evidence. Users should verify the specific offerings on the respective vendor |
| 85 | + websites. |
| 86 | + |
| 87 | +Please verify the specific offerings and services on the respective vendor |
| 88 | +websites. |
0 commit comments