Heads is a very interesting new distro by Trammel Hudson. If you like Qubes or Subgraph or Tails, read about this new distro.
The threat model that Heads proposes to address is very different from that of Tails. Tails’s goal is to allow users to to do computation on a machine in a way that doesn’t leave in trace on that system. This requires that the hardware in the system is trusted, which unfortunately is not the case for many users. Additionally many users need a way to keep state in a permanent way and don’t want to expose this state to random machines. Their machines might be subject to physical attacks that might install untrusted firmware or other devices into the system. For these reasons, Tails is not sufficient for many users who want a laptop that they can travel with and want to have some assurances that most adversaries won’t be able to modify the hardware underneath them. Complicating this goal is that modern x86 hardware is full of modifiable state and it is full of dusty corners that can hide malware or unauthorized code. Additionally there is unverifable code running in the Intel Management Engine, which has access to memory, to the network and various other peripherals. As a result we must trust certain entities more than others and this does affect our threat model. This document discusses some of the threats that make building slightly more secure mobile systems very difficult. There is a separate guide on installing Heads on the Thinkpad x230, which covers the practical issues of hardening a laptop against some of the threats described here. […]”