I am not that good at explaining, so I apologize for not being clear and using charged language like "cripple" and "headache." I would like to be clear in that I haven't directly tested this recently and only know what I do from regular usage over about three years and some trouble I had at one point regarding a possible compromise.
moneroXMRIsTheBest So, I must have access to the secure USB device at least after each dom0 update? Apart from that. during day to day usage, I can ignore the HOTP/TOTP verification (and assume the responsibility for system security on myself)
Yes, you can ignore the HOTP/TOTP verification as long as you understand that you are risking using a compromised client. Also note that repeated turning on of the client will desynchronize the HOTP, which means when you do use it it will not verify. I don't know how many times, and this may have changed since it happened to me. However, you don't have to have the USB each time you update. It is optional, but it will cause annoyance if you don't. (I will explain this in a moment.)
moneroXMRIsTheBest Here, do you mean that I need the secure USB device at least once per dom0 upgrade (in order to "reseal" stuff)?
No, you don't have to have the GPG key every time you update, but it will "complain" if you don't. By "complain" I mean that you won't be able to boot normally (you will have to go into the menu, to boot options, and to something like "Ignore Tampering and force boot (unsafe)"), when you boot using the aforementioned option your TTYs will have a red background instead of black, it will (depending on what files were updated) warn you on each boot, and you won't be able to use the shorter Disk Unlock Key to unencrypt the drive. This is all good and expected behavior in context of the purpose of Heads. It is making it painstakingly obvious that something is wrong and is not meant to be operated in this state. It is, however, possible. If you want to reseal/resign to avoid this, you will need a GPG card (which is something the Nitrokey is capable of doing).
The only place(s) you absolutely need a GPG card (there is an exception to this that I will explain later) is on the first boot and the reownership process. When the computer is first booted after flashing Heads, it is in an unverified, but clean (assuming you took proper precautions when building and flashing), state. Heads requires an OS to be installed and an unencrypted /boot partition, and it must be factory reset before using. Factory reset comprises resetting the GPG dongle, creating a new GPG keypair, inserting the public key into the ROM and reflashing, setting a TPM Owner Passphrase, a GPG Admin PIN, a GPG User PIN, a Disk Recovery Key, and a Disk Unlock Key. You then havve to seal an HOTP/TOTP with the dongle. This process does require a Nitrokey or equivalent, unless you use cbfstool to modify the ROM before flashing which is advanced on top of the alreday advanced nature of Heads, and I would not recommend this unless you know what you are doing. The OEM should do all of this for you. The reownership process occurs after the OEM does these things and you receive the laptop. There is a slightly different process for the factory reset that allows this OEM reownership. I am unfamiliar, so if you want more information you should contact @tlaurion on GitHub or go to insurgo.ca. The reownership process involves taking the laptop in an OEM verified state and changing everything you set in the factory reset to your keys/passphrases using the OEMs. Think of it as a special password reset that changes the password from the OEM's to yours. As a personal note, I have no clue why the Nitrokey is optional, and this is why. NovaCustom, could you help me understand?
moneroXMRIsTheBest In your post, you didn't talk about these "crippling" and "headaches" part. Can you expand on these? How did using Heads give you headaches and cripple your QubesOS use day-to-day?
By "cripple" (I shouldn't have used a charged word) I mean that if you don't follow the recommended usage, like resealing/resigning the updates to dom0 and checking the HOTP/TOTP each time you boot, you are essentially negating any advantage Heads provides over UEFI. Heads will check the GPG signatures if all the files it requires to be signed are signed, but if you don't check the HOTP/TOTP you don't know whether or not it has been tampered because you can flash a new firmware via the Heads recovery console without any verification.
Heads in no way tampers with or modifies the installation of your OS and will in no way impact it's performance in a way special to Heads (so something like a bug preventing maximum CPU clock speed wouldn't be special to Heads because it's not intentional), with the exceptions that Heads does place a handful of files in your /boot partition (this doesn't modify or tamper with your OS itself, it just uses some space on your hard drive in the /boot partition) and that you can only kexec into your OS, which means you cannot boot directly to Windows (this doesn't modify or tamper with your OS, it just means Heads lacks the ability to boot directly to some OSes).
The "headaches" I was referring to are all the aforementioned quirks that Heads would manifest should you ignore the security measures Heads is designed to provide.
moneroXMRIsTheBest, this addresses your last post:
If you don't require very advanced security, I would recommend you not use Heads. If you're interested in learning about it, think it is cool, or just want this security for comfort, them I would suggest you buy a Nitropad from Nitrokey (about 699 Euros + shipping and tax) to learn. It would be even cheaper and more informative to buy a used Lenovo ThinkPad X230 or T430 off eBay and install Heads with a ch341a programmer if you are comfortable disassembling the client and flashing it. Using the ch341a to flash many times can result in damage. I have used it a few times on a couple motherboards with no issue, but you are responsible for learning and taking proper precautions as well as your tolerance for risk. The ch341a is beginner-friendly, and I have had no issues and personally believe it to be harmless, but if you use it based on my advice, you understand that there are people who say it will cause damage, and that I am not liable for any damage it causes.
If you happen to temporarily lose your Nitrokey, there is nothing stopping you from booting normally as long as you don't apply updates. Likewise if you lose it. However, if you lose it, you will have to either recover the contents (Nitrokey provides a backup system) or generate new GPG keys and TOTP/HOTP secrets. Also remember that if you boot too many times without the HOTP, it will desynchronize and be unable to verify the system's integrity.
I have had my current Nitrokey for over a year, and I have only lost the cap on the USB-A part (a protective cover; when I recently ordered a 3A mini from Nitrokey, this wasn't included anyways). Any serious security policy requires backups. You cannot only protect from unauthorized access, but also loss of data. This isn't forced by the system, but is part of any good security plan. Keep more than one backup of your Nitrokey and any important data from your OS, such as a signed ISO, on an encrypted medium. The general rule is two onsite backups and one offsite. I keep a 32GB Aegis SecureKey on my person as one of my backups.
As far as losing it, I would recommend you ask yourself if you lose your keys, wallet, phone, etc.? If not, then consider why and apply the same policy. I have my Nitrokeys on my keychain, and whenever I leave a place I always check "keys and wallet"; something similar may work for you. If not, I would consider how important security is for you. If it isn't that important, leave the key at home and check the TOTP on your phone instead. They serve the same purpose and are interchangeable. If security is very important, I am confident in your ability to find a way to manage.
What is your threat model? From what I understand (please correct me if I'm wrong), security in't all that important to you. If not, I would definitely recommend going with UEFI (EDK).