3mdeb Insights: A Look into 3mdeb's Open-Source Contributions

From 2021 to 2022, our team of developers thrived, contributing to firmware projects. Our primary focus revolved around coreboot, a firmware framework we have worked with since 2015. We also dedicated efforts to the advancement of fwupd and flashrom, contributed to overall improvements in firmware update ecosystems. Our dedication to platform security didn’t stop there — we actively developed Trenchboot, enabling dynamic integrity measurements for platform software components. And let’s not forget involvement in the intricate world of Yocto, where we left our mark on various Yocto layers.

In addition to contributing to these open-source projects, our team is also passionate about promoting the benefits of open-source software, like greater transparency, flexibility, and security. Those characteristics are critical to keeping closed-source software accountable. By contributing to these projects and advocating for open-source software, we aim to foster a culture of collaboration and innovation in the technology industry. We are committed to positively impacting the community through our work, and we look forward to continuing our open-source contributions in the future.

Our Valued Contributors

To begin with, we want to express our appreciation for the dedicated efforts of our contributors, who persistently endeavor to improve many open-source projects:

Significant Updates and Features

coreboot logo

coreboot is an open-source firmware that provides a lightweight, secure, and fast boot experience for PCs, laptops, servers, and embedded devices. In that time frame, we contributed over 150 patches adding 12k SLOC and removing over 38k SLOC. It would be tough to mention every possible contribution or even list those patches, so we choose to group those and highlight the most important one:

We described the most recent coreboot contributions in detail in the 4.20 release blog post. If you want to improve your devices' security while reducing your dependence on proprietary firmware, you could benefit from using coreboot. We can also help you reduce time-to-market by simplifying the firmware development process. As well, if you want user-friendly and well-documented firmware, then coreboot-based Dasharo firmware is a solution for you.


fwupd-logo

fwupd is an open-source daemon that manages the firmware updates of various devices. You will surely benefit from using fwupd if you are interested in automating the firmware update process on your devices and reducing the risk of security vulnerabilities by keeping your firmware up to date.

Changes to fwupd can be divided into several areas:

  • Support for Qubes OS - The biggest challenge when updating firmware in the case of Qubes OS is the hard separation of the hardware layer from the network layer. Hence, to update the firmware, it is necessary to download the update in a virtual machine that has access to the network and then verify and pass the files to the virtual machine administrating the system (DOM0), which for security reason has no network access. Initially fwupd had no support for such update model changes we developed address that problem and allow firmware updates from within reasonably secure operating systems. Norbert Kamiński was responsible for these changes.

  • Support for FreeBSD - These changes made it possible to open fwupd to the group of BSD operating systems. BSD operating systems are often used in networking applications (routers, firewalls etc.) These changes lay the groundwork for supporting fwupd in networking applications. Details were described in our earlier blog posts. These changes were worked on by Michał Kopeć, Sergii Dmytruk, and Norbert Kamiński.

  • flashrom support for TUXEDO laptops - These changes were tied to firmware and EC updates. Thanks to them, owners of TUXEDO laptops may enjoy a simple and intuitive firmware update on their hardware.

Our team can help you seamlessly integrate into the fwupd ecosystem across a variety of platforms and operating systems. Say goodbye to clunky update processes and hello to a streamlined, hassle-free experience with fwupd!

Contribution details - fwupd


yocto logo

If you’re looking for a tailored Linux-based operating system that perfectly meets your unique requirements and security needs, Yocto is an open-source project for you. As a comprehensive suite of tools and templates, Yocto provides the flexibility and customization, you need to create a bespoke solution for your device. What is very important that Yocto is a framework used to build OpenBMC de facto standard for server and workstation Board Management Controller software stack.

Our engineers have added fixes to some of Yocto’s most popular layers:

  • Support for the Dunfell version of meta-openwrt - Those changes allow building OpenWrt, a Linux-based router distribution, using Yocto. The solution was tested and run on the PC Engines apu2. More details description you can find in Tomasz’s presentation at Yocto Project Summit 2021.05. Changes contributed by Tomasz Żyjewski.

  • Support for python3-binwalk and python3-uefi-firmware in the meta-openembedded layer - Those are the tools needed to develop and debug firmware solutions in Python. Thanks to Tomasz Żyjewski for contributing those changes.

  • Support for the Nezha Allwinner D1 in the meta-riscv layer - You have all the details about porting this platform in Cezary’s presentation from Yocto Project Summit 2022.05. Changes made by Cezary Sobczak.

  • Minor fixes for the meta-sunxi layer - Changes made by Maciej Pijanowski.

By partnering with our team, we can help you leverage the power of Yocto and build a custom Linux distribution that fully aligns with your vision. From feature-rich IoT devices to mission-critical servers, we’ve got you covered. Let us create a personalized solution that meets your specifications and takes your device’s capabilities to the next level.

Contribution details - Yocto


Trenchboot logo

TrenchBoot is a framework that allows individuals and projects to build security engines to perform launch integrity actions for their systems. The framework builds upon Boot Integrity Technologies (BITs) that establish one or more Roots of Trust (RoT) from which a degree of confidence that the adversary did not subvert integrity actions is derived.

The most significant changes took place in the landing-zone component:

  • support for the Xen hypervisor - This change adds support for the Xen Hypervisor separates the hardware layer from the programs running on the platform. Thanks to these changes, the landing zone can measure all hypervisor components.
  • multiboot2 support for the GRUB2 bootloader - Support for multiboot in GRUB2 allows you to measure all the components used during system boot when using multiboot2.

The author of these changes is Krystian Hebel.

Trenchboot and dynamic measurements significantly reduce the possibility of compromising devices and therefore support our efforts to increase the trustworthiness of every computing device. If you’re looking for methods to enhance your devices' boot security, Trenchboot is the solution you’ve been searching for. Let us help you safeguard your computing device stack with advanced hardware security technologies.

Upcoming events

Don’t forget to mark your calendars for Dasharo User Group #2, which will take place on July 6th, 2023. DUG events are an excellent opportunity to learn more about open-source projects and 3mdeb’s open-source contributions and connect with Dasharo developers.

The Dasharo User Group (DUG) is a forum for users of Dasharo to come together, share their knowledge, and stay informed about the latest developments in the Dasharo ecosystem. The DUG is a platform for users to connect and learn about new features and updates coming to Dasharo. The first DUG event will take place in early March and will include a variety of discussions on different topics related to Dasharo. We will share the agenda for the event in the next month. The event will be an excellent opportunity for Dasharo users meet other users, learn new things, and share their knowledge and experience with others.

Dasharo vPub 0x7 is a follow-up event to DUG#2 and will provide a space to engage in more informal conversations and discussions that we may not cover during DUG#2. The vPub is a less structured, more relaxed environment where the community can discuss topics that interest them. During the event, you can experience discussions about open-source firmware, open-source hardware and open instruction set architecture, technical challenges they are facing, and ideas for new features or improvements.

The Dasharo User Group (DUG#1) and vPub 0x6 event achieved great success, offering insightful presentations and engaging discussions on topics related to open-source firmware, hardware, and security. Key highlights encompassed Dasharo’s roadmap, the groundbreaking potential of NovaCustom’s hardware and open-source firmware for enhancing the laptop experience, the Dasharo Tool Suite roadmap, notable Dasharo Community Support ports like Supermciro X11SSH support and RPL-S CPU, the summary of PC Engines' post-EOL firmware survey, and much more.

We express our appreciation to the speakers who shared their expertise and perspectives during both DUG#1 and vPub vol.6. These remarkable individuals include Wessel klein Snakenborg from NovaCustom, Dennis ten Hoove from Slimmer AI, Brian Delgado from Intel Corporation, Dawid Potocki, Marcin Cieślak, Marek Marczykowski-Górecki from Invisible Things Lab/Qubes OS, and Thierry Laurion from Insurgo Technologies Libres/Heads.

For those unable to attend the event or interested in revisiting the sessions, recorded videos are available on YouTube via the following link. Furthermore, you can access event slides at: vpub.dasharo.com.

Summary

These are just a selection of our contributions to open-source. Since its inception, 3mdeb has contributed changes to more than 100,000 lines of code in open-source projects. So if you’re looking for expert guidance on open-source projects such as coreboot, fwupd, Yocto, and Trenchboot, our team is here to help. We’d love to discuss the details we can work together to bring your project to the next level.

If you are passionate about these topics, we also welcome you to join our recruitment process and become a part of our team.


Norbert Kamiński
Junior Marketing Specialist at 3mdeb. With a passion for continuous learning, I'm always eager to acquire new skills and expand my knowledge in the field of marketing.


Piotr Król
Founder of 3mdeb, a passionate advocate for open-source firmware solutions, driven by a belief in transparency, innovation, and trustworthiness. Every day is a new opportunity to embody the company's vision, emphasizing user liberty, simplicity, and privacy. Beyond business, a casual chess and bridge player, finding peace in nature and nourishment in theology, philosophy, and psychology. A person striving to foster a healthy community, grounded in collaboration and shared growth, while nurturing a lifelong curiosity and a desire to deeply understand the world.