Securing embedded Linux: Secure Boot, encryption and A/B updates with Yocto
Published at July 25, 2025 · Michał Iwanicki · 28 min read
Generating UKI files, encrypting and decrypting rootfs in initramfs, A/B OTA updates with meta-otab and swupdate....
Published at July 17, 2025 · Michał Kopeć · 8 min read
EDK II is quickly becoming a big player in the ARM firmware space. In this blog post I will be exploring the process of porting EDK II to a new platform and the current state of this UEFI implementation on ARM based platforms....
Categories: firmware
TrenchBoot AEM gains support for UEFI installations
Published at June 10, 2025 · Krystian Hebel · 13 min read
A feature craved by many is finally here. AEM can now be used with Qubes OS installed under UEFI. Oh, and some automated testing. But mostly UEFI....
Categories: bootloader firmware hypervisor os-dev security
Automating Firmware Security: CI for DBX and Microcode Updates in Dasharo
Published at May 29, 2025 · Michał Kopeć · 10 min read
Microcode and DBX are critical components in establishing the security of your platform. This blog post will discuss how Dasharo automates their updates, making our firmware more transparent and your platform more secure....
Published at May 20, 2025 · Daniil Klimuk · 30 min read
This post will introduce some of the very popular attacks that target electronic devices - the RAM attacks, but the main topic will be the verification of ram-wipe software solution protection from the attacks....
Categories: security
ZarhusBMC: The Beginning - Porting OpenBMC to the X11SSH Platform
Published at April 28, 2025 · Mateusz Kusiak · 12 min read
Reclaim your server! Can you trust a machine that runs unauditable code on a BMC? OpenBMC can solve this. This blog post is a summary of what it takes to build OpenBMC for an unsupported platform...
Enabling Secure Boot on ODROID M1 (RK3568B)
Published at April 22, 2025 · Michał Iwanicki · 14 min read
This blog post describes how to enable Secure Boot on ODROID-M1(RK3568B). Read how to write hash of public key to OTP memory, how to sign loader and how to build signed U-Boot with enabled signature verification....
Cache timing attacks: testing whether your system is susceptible
Published at April 18, 2025 · Michał Iwanicki · 13 min read
Post will explain basic workings of cache and cache timing attacks. We will also explore possible ways how to test whether system we are using is susceptible to more common cache timing attacks....
Categories: security
CROSSCON, its Hypervisor, and Zarhus
Published at April 10, 2025 · Wiktor Grzywacz · 19 min read
Learn about CROSSCON, how it's hypervisor works, and why running Zarhus on top of it streamlines development and testing on the RPi4....
Categories: firmware security virtualization
Conclusions from RAM data remanence tests
Published at February 20, 2025 · Maciej Pijanowski · Krystian Hebel · 3 min read
A practical summary from the two previous blog posts presenting results of RAM data remanence tests....
Categories: firmware miscellaneous
.png){kind=small}
