.png){kind=small}
Fobnail Token - platform provisioning
Published at March 21, 2022 · 7 min read
The Fobnail Token is an open-source hardware USB device that helps to determine the integrity of the system. The purpose of this blog post is to present the development progress of this project. This phase was focused on platform provisioning....
Current status of coreboot and Heads ports for Talos II
Published at February 16, 2022 · 8 min read
This post summarizes our current progress on making first coreboot port for POWER platform, including Heads as a payload. It will also show how You can test it without having to flash firmware to PNOR....
Categories: firmware
coreboot port for OpenPOWER - why bother?
Published at December 31, 2020 · 9 min read
You may have heard by now that we are working on coreboot port for Talos II. OpenPOWER already has, nomen omen, open source firmware, so one may ask why bother? We will try to answer that question....
Categories: firmware
TrenchBoot: Open Source DRTM. Multiboot2 support.
Published at September 7, 2020 · 11 min read
This month we will show that not only Linux kernel can be started by TrenchBoot. We also did some drastic changes to the bootloader data format, so if you try to redo some older posts in the future and they do not seem to work, this is probably the place to look for hints....
TrenchBoot: Open Source DRTM. TPM event log all the way.
Published at August 13, 2020 · 12 min read
We extended the TPM event log support to the Linux kernel. It is now possible to print all of the PCR extend operations performed and compare the hashes with files to see if anything is wrong....
DEV and IOMMU: a story of two DMA protection mechanisms
Published at July 3, 2020 · 12 min read
Both DEV and IOMMU can help with protection against malicious DMA. This post roughly describes the difference between those two, as well as the impact they have on each other in the context of TrenchBoot...
Starting TrenchBoot's Landing Zone from iPXE
Published at June 1, 2020 · 10 min read
In this article we present support for starting Landing Zone from another bootloader: iPXE. It may not be as featureful as GRUB2, but it has enough juice to start DRTM using images obtained from a remote server...
Trying to fix ESXi 6.7.0 boot issue, part one
Published at March 4, 2020 · 14 min read
First mentions that updated versions of VMware's ESXi 6.7.0 installer doesn't start on PC Engines platforms come from the beginning of 2019. Older versions of ESXi worked fine. 'Shutting down firmware services...' is the last line printed before hang or reboot....
Published at January 23, 2020 · 14 min read
After long break, this is the third post in the hypervisor series. We will see how VMX helps with virtualization of restricted instructions and how Bareflank allows for implementation of handlers for them. At the end we will show how to write and add our own handler....
Categories: firmware
How L4 Genode hypervisor stands against proprietary RTOS solution
Published at January 10, 2020 · 5 min read
A microkernel is a minimal computer operating system kernel which provides no operating system services at all, only the mechanisms needed to implement such services. A concept is tolerated inside the μ-kernel only if moving it outside the kernel would prevent the implementation of the system’s required functionality. In this article we will show our considerations on using L4 microkernels on VM....
Categories: os-dev