Introduction
Firstly, thank everyone who contributed to this release, including the Dasharo community and the Dasharo Team. Your continuous efforts and collaboration have led to this exciting update. Most improvements coming from Michał Żygowski, Krystian Hebel, Michał Kopeć, Maciej Pijanowski and Sergii Dmytruk.
After the last release of v1.1.1 in February 2023, we are back with another update, v1.1.2 (release notes), bringing several improvements and fixes to enhance the user experience and system performance. Let’s delve into what’s new in this release.
A Couple words about the versioning strategy
Dasharo Entry Subscription Releases (DES)
v1.1.2 release is a part of our Dasharo Entry Subscription Releases, a series we have lovingly created to enhance privacy, security, performance, and compatibility. Being a subscriber grants you early access to the latest updates and allows you to actively participate in shaping Dasharo’s journey. It’s a small way to say thank you for your trust and support in us. If you are interested, you can become a subscriber here.
We are already channeling our energies toward the next release, v1.1.3, nurturing it with more improvements and refinements.
Dasharo Community Releases (DCR)
But worry not if a subscription is not for you! We are equally committed to our broader community. We have the Dasharo Community Releases lined up, built, and published annually, offering a compilation of the features and fixes introduced in the Dasharo Entry Subscription Releases. The next in line is the v1.2.0 release, a milestone we are eagerly working towards. To stay updated with the latest community releases, subscribe to our free mailing list.
We are here because of your support and faith in us. Each release, including v1.1.2, is a step towards a more secure, user-friendly, and trustworthy firmware solution, a journey we are proud to have you be a part of. Thank you for being with us on this adventure!
Key Changes in the New Release
Over the past few months, we have been diligently working to address issues reported by the community and introduce new features to enhance the firmware’s functionality. Here are the critical updates:
Added
MSI FlashBIOS Recovery Support
For coreboot hackers and enthusiasts who are apprehensive about bricking their hardware while flashing open-source firmware, the MSI FlashBIOS Recovery Support comes as a reassuring feature. As detailed in our documentation, it eliminates the risk of a permanent brick, offering a straightforward recovery pathway in case of BIOS corruption. This feature, demonstrated in the following video, ensures you can experiment and optimize without the looming fear of losing your hardware functionality. It’s a safety net that encourages exploration while maintaining system integrity, a boon for the open-source firmware community.
Of course, that means some microcontroller sitting on the mainboard can read the filesystem and flash BIOS SPI under certain circumstances and have access to a specific USB port. That microcontroller does not run open-source firmware yet and could be leveraged by attackers with the ability to update it or have physical access. The only reasonable protection for Intel platforms is Intel Boot Guard with owner keys fused into the chipset, which we deliver as part of our Dasharo Enterprise offering. If you are interested in Dasharo Enterprise please contact us.
Raptor Lake-S CPU Support
We’ve added support for the Raptor Lake-S CPUs in Dasharo. This update, highlighted in our GitHub issue #130, is a straightforward response to the tech community’s growing interest in the latest CPUs. It’s a simple step to help Dasharo users upgrade smoothly when they decide so. Thanks to this feature, we stay at the bleeding edge of devices supported by coreboot.
MSI ACPI Device and Automatic Driver and Utility Installation Manager
The integration of the MSI ACPI device in Dasharo triggers the automatic driver and utility installation manager, a feature that promises to simplify the setup process for users. As demonstrated in the following video, this tool guides users step-by-step to effortlessly install and set up the necessary drivers and utilities, removing the hassle of manual installations. It’s a practical addition to Dasharo, aimed at making the initial setup process smoother and more user-friendly, especially for those taking their first steps in the open-source firmware environment. It also proves that Dasharo and open-source firmware is not only for Linux users but can also be leveraged by Windows users quickly and smoothly without compatibility issues.
Support for Logo Customization
Dasharo now offers a feature that many users will find delightful - the ability to customize the logo displayed during the boot process. As outlined in our guide, users can now replace the existing logo with a design of their choice, adding a personal touch to their system. Whether it’s a fun image, a brand logo, or a personal design, this feature allows users to infuse their personality into their firmware, making the boot process a bit more enjoyable and unique to each individual.
UEFI 2.8 Errata C Compliance in EDKII Fork
In the v1.1.2 update, we’ve taken steps to align Dasharo with the UEFI 2.8 Errata C specification from January 2021. This is a set of rules that helps the firmware talk to the operating system more smoothly. It’s important to mention that most of this work is based on the broader community efforts in the official EDKII code, with a small portion of contributions from our side.
We’ve included several updates related to capsules, but to be honest, you won’t see the full benefits just yet. We’re working on fully supporting UEFI Capsule Updates in future releases. You can keep an eye on our progress with this here.
One of the good things about moving to a newer specification is that it helps us tackle some security issues, including problems with variables that haven’t been initialized properly, a concern noted in CWE-457. This move makes Dasharo more secure against certain threats.
But we want to be clear: not all the new features are ready to use straight away; some of them will need special setup. However, this update lays a solid groundwork for future enhancements. For instance, it facilitates a smoother transition to the most recent 2.10 specification, as working with a smaller diff will make updates easier. It also improves UEFI variables handling, which can simplify the management and optimization of system settings. Moreover, users can expect better handling of state changes in the UEFI setup menu, providing a more intuitive and user-friendly setup environment. Lastly, the update promises better memory map handling, paving the way for a more stable system operation by efficiently managing the system’s memory resources. This is all about setting the stage for a safer and more efficient system down the line.
We’ve also made some improvements to OPAL password improving error handling in OpalDriver, what should eliminate some corner case issues.
Firmware Update Mode Feature
We’ve been listening to your feedback, and we understand that the firmware update process can sometimes be too complex, requiring changes to protection settings in the BIOS setup, including disabling them before performing an update. As mentioned above we aspire to support the UEFI Capsule Update in the future, as discussed in this GitHub issue, we acknowledge that it is a complex and time-consuming feature to implement.
We introduce the Firmware Update Mode in the v1.1.2 release to make your life easier. When this mode is selected, the platform resets and temporarily disables all firmware protections, including UEFI Secure Boot, for the duration of one boot. This initiative aims to streamline the update process for you, removing the need to unset and reset multiple security options, which can be tiresome. It’s a step towards a simpler, more user-friendly Dasharo experience, focusing on reducing the hassle involved in the firmware update process.
Changed
ME and Microcode Updates: Balancing Stability and Security
At Dasharo, we maintain a cautious approach toward ME updates; while we are not ardent proponents of frequent ME updates, we acknowledge that they can sometimes be synonymous with improved stability. Following the silicon vendor recommendations is a standard practice for us unless there are substantial and proven concerns that deter us from doing so. For users who perceive ME as a potential threat, we offer the flexibility to disable it through the setup menu options, leveraging either the soft method or the HAP bit, thus putting control back in your hands - here are details.
The recent microcode updates bring a host of benefits, with a significant focus on rectifying the vulnerabilities related to Intel® Software Guard Extensions (SGX) as well as issues in Xeon Scalable and Atom Processors. Despite those problems do not affect Alder Lake and Raptor Lake S, which we support in Dasharo, we decided to include the most recent microcode because of the enhanced CPU compatibility, promising smoother performance and broader support for various processors, thereby fostering a more stable and secure operating environment.
Fixed
NVIDIA RTX 3060 HD Audio Device Issue
In the previous Dasharo version, people using Dasharo with Windows 11 and a specific NVIDIA graphics card faced a hiccup - they couldn’t get sound to play through their monitor’s speakers. It was a bit of a head-scratcher and undoubtedly frustrating for those looking forward to enjoying videos, music, or games with good sound right from their monitor.
With the v1.1.2 release, you can seamlessly use NVIDIA audio functionalities on Windows 11.
Reset to Defaults with F9
In a previous release, we encountered a problem where using the F9 key to reset settings to their defaults in the Dasharo setup menu restored incorrect settings, disabling several features that should have remained enabled. We fixed that bug in v1.1.2.
Popup Information about Recovery Mode
In previous versions of Dasharo, we received a couple reports regarding an unexpected popup displaying information about recovery mode appearing after flashing with a valid binary.
This was due to a discrepancy in how recovery reasons were handled during the boot process, sometimes triggering a recovery mode even with the proper firmware flash. Addressing this in the v1.1.2 release, Dasharo has enhanced the firmware’s reliability, ensuring that users will not encounter unexpected recovery popups under normal circumstances, thereby streamlining the boot process and improving user experience.
Watchdog Timeout Value
Users reported a problem where changing the chipset watchdog timeout value in the setup menu did not alter the actual timeout setting; it only updated the displayed value. This was particularly crucial for systems with a lot of RAM (e.g., 128GB of DDR5), as the memory training during boot exceeded the default 120-second timeout, leading to a boot loop. Addressing this in the v1.1.2 Dasharo has ensured that users can set a timeout value that reflects the system behavior, preventing unnecessary boot loops and facilitating a smoother startup process, especially for systems with substantial RAM. This fix enhances user control over system settings, promoting a more reliable and user-friendly environment.
Setup Password Option
The addition of the Setup Password option in the Dasharo firmware brings an extra layer of security to your system. It allows users to set a password that restricts unauthorized access to the firmware setup, ensuring that only individuals with the correct password can modify the system settings, thereby safeguarding the system’s configuration and enhancing its security.
Please be cautious when updating the Qubes OS workstation
It was noticed that after the update, there is a need for mechanical power off (aka ACPI G3). After disconnecting the power, please wait until the Ethernet LED stops and then connect again and power. Without that, just reset or power off/on cycle users may experience peculiar behavior in Qubes OS like:
- VMs not starting,
- VMs claiming to start (green light in Qubes manager) but nothing on screen,
- space lock (continues space pressed) in dom0 terminal,
- mouse not working,
- flood of NVMe QID timeout in system journal,
- hangs on every command in the dom0 terminal,
- and others.
Conclusion
Each feature in the v1.1.2 release compatible with MSI PRO Z690-A is crafted with the user’s experience at the forefront, aiming to bring value by enhancing the reliability, security, and user-friendliness of your system. We invite you to explore these features and experience the tangible benefits they offer in optimizing your system’s performance and safeguarding its operations.
We encourage users to explore these new features and share feedback through GitHub issues, or Dasharo HCL reports via DTS.
We look forward to hearing your experiences with this new release and remain committed to fostering a collaborative and innovative environment. Thank you for being a part of the Dasharo Community.