Published at August 27, 2025 · Kamil Aronowski · 12 min read
The `init_on_free` Linux option ensures rigorous security by instantly zeroing out memory upon deallocation. In this follow-up, we build on our prior ram-wipe experiments to rigorously evaluate if `init_on_free` can serve as a robust safeguard, perhaps supplanting existing, less comprehensive memory wiping solutions....
Porting Gigabyte MZ33-AR1 server board with AMD Turin CPU to coreboot
Published at August 7, 2025 · Michał Żygowski · 20 min read
The blog post describes effort made to port a modern AMD server board to coreboot. The target is Gigabyte MZ33-AR1 supporting newest AMD EPYC server processor family Turin and OpenSIL....
Categories:
firmware
ZarhusBMC: The second encounter - Porting OpenBMC to X11SSH part II
Published at July 31, 2025 · Mateusz Kusiak · 14 min read
In this blog post we share current progress of ZarhusBMC and porting OpenBMC to the x11ssh platform. We also give some insides on the caveats that come with preparing configuration for proprietary platform....
Categories:
firmware
miscellaneous
os-dev
Securing embedded Linux: Secure Boot, encryption and A/B updates with Yocto
Published at July 25, 2025 · Michał Iwanicki · 28 min read
Generating UKI files, encrypting and decrypting rootfs in initramfs, A/B OTA updates with meta-otab and swupdate....
Published at July 17, 2025 · Michał Kopeć · 8 min read
EDK II is quickly becoming a big player in the ARM firmware space. In this blog post I will be exploring the process of porting EDK II to a new platform and the current state of this UEFI implementation on ARM based platforms....
Categories:
firmware
TrenchBoot AEM gains support for UEFI installations
Published at June 10, 2025 · Krystian Hebel · 13 min read
A feature craved by many is finally here. AEM can now be used with Qubes OS installed under UEFI. Oh, and some automated testing. But mostly UEFI....
Categories:
bootloader
firmware
hypervisor
os-dev
security
Automating Firmware Security: CI for DBX and Microcode Updates in Dasharo
Published at May 29, 2025 · Michał Kopeć · 10 min read
Microcode and DBX are critical components in establishing the security of your platform. This blog post will discuss how Dasharo automates their updates, making our firmware more transparent and your platform more secure....
Published at May 20, 2025 · Daniil Klimuk · 30 min read
This post will introduce some of the very popular attacks that target electronic devices - the RAM attacks, but the main topic will be the verification of ram-wipe software solution protection from the attacks....
Categories:
security
ZarhusBMC: The Beginning - Porting OpenBMC to the X11SSH Platform
Published at April 28, 2025 · Mateusz Kusiak · 12 min read
Reclaim your server! Can you trust a machine that runs unauditable code on a BMC? OpenBMC can solve this. This blog post is a summary of what it takes to build OpenBMC for an unsupported platform...
Enabling Secure Boot on ODROID M1 (RK3568B)
Published at April 22, 2025 · Michał Iwanicki · 14 min read
This blog post describes how to enable Secure Boot on ODROID-M1(RK3568B). Read how to write hash of public key to OTP memory, how to sign loader and how to build signed U-Boot with enabled signature verification....
Cache timing attacks: testing whether your system is susceptible
Published at April 18, 2025 · Michał Iwanicki · 13 min read
Post will explain basic workings of cache and cache timing attacks. We will also explore possible ways how to test whether system we are using is susceptible to more common cache timing attacks....
Categories:
security
CROSSCON, its Hypervisor, and Zarhus
Published at April 10, 2025 · Wiktor Grzywacz · 19 min read
Learn about CROSSCON, how it's hypervisor works, and why running Zarhus on top of it streamlines development and testing on the RPi4....
Categories:
firmware
security
virtualization
Conclusions from RAM data remanence tests
Published at February 20, 2025 · Maciej Pijanowski · Krystian Hebel · 3 min read
A practical summary from the two previous blog posts presenting results of RAM data remanence tests....
Categories:
firmware
miscellaneous
Research of RAM data remanence times, part 2
Published at January 24, 2025 · Krystian Hebel · 16 min read
Continuing from where we left off, we've run the same tests on different hardware, both platforms and memory modules. This blog post skips all the theory and description of how the measurements were obtained, please read the previous one if you're interested in these details....
Categories:
miscellaneous
.png){kind=small}
