Thoughts dereferenced from the scratchpad noise.

Qubes OS Summit 2025 in Berlin: From R4.3 Features to Qubes Air Architecture

Published at October 20, 2025 · Piotr Król · 22 min read

Qubes OS Summit 2025 took place September 26-28 in Berlin, bringing together the community for talks on R4.3 updates, GUI improvements, infrastructure advances, and Qubes Air architecture. The event featured contributions from the Dasharo ecosystem including server firmware foundations, NovaCustom updates, UEFI Secure Boot progress, and TrenchBoot compatibility work. Day three hackathon focused on practical implementation including the Dasharo Patchqueue Initiative with XenServer expertise....

Categories: firmware os-dev security

Gigabyte MZ33-AR1 Porting Update: PCIe Init, BMC KVM Validation, and HCL Improvements

Published at October 10, 2025 · Michał Żygowski · Mateusz Kusiak · 22 min read

Another post about the Gigabyte MZ33-AR1 porting effort progress. This time, we add definitions for PCI Express initialization, and validate BMC KVM VGA and keyboard. Also, improvements to HCL reporting and data dumping on AMD systems have been made....

Categories: firmware

Deploying a Zephyr Wi-Fi DHCP client application on the CROSSCON Hypervisor

Published at October 2, 2025 · Mateusz Kusiak · Daniil Klimuk · Paweł Langowski · 18 min read

This blog post will show off CROSSCON Hypervisor virtualization on ARM MCU's by diving deep into the process of launching Zephyr application inside CROSSCON Hypervisor's virtual machine....

Categories: security virtualization

Mapping and initializing USB and SATA ports on Gigabyte MZ33-AR1

Published at September 12, 2025 · Michał Żygowski · 26 min read

As the Gigabyte MZ33-AR1 porting effort progresses, coreboot has to add definitions for I/O bus initialization, such as SATA, USB and PCI Express. If you are curious how it is done on an AMD Turin-based system, read till the end....

Categories: firmware

AMD PSP blob analysis on Gigabyte MZ33-AR1 Turin system

Published at September 12, 2025 · Michał Żygowski · 14 min read

The blog post describes the analysis of PSP blobs on Gigabyte. MZ33-AR1. The analysis covers various aspects of stitching AMD firmware BIOS images and how a support for stitching Turin blobs was developed in coreboot....

Categories: firmware

ram-wipe: Further analysis

Published at August 27, 2025 · Kamil Aronowski · 12 min read

The `init_on_free` Linux option ensures rigorous security by instantly zeroing out memory upon deallocation. In this follow-up, we build on our prior ram-wipe experiments to rigorously evaluate if `init_on_free` can serve as a robust safeguard, perhaps supplanting existing, less comprehensive memory wiping solutions....

Categories: firmware security

Porting Gigabyte MZ33-AR1 server board with AMD Turin CPU to coreboot

Published at August 7, 2025 · Michał Żygowski · 20 min read

The blog post describes effort made to port a modern AMD server board to coreboot. The target is Gigabyte MZ33-AR1 supporting newest AMD EPYC server processor family Turin and OpenSIL....

Categories: firmware

ZarhusBMC: The second encounter - Porting OpenBMC to X11SSH part II

Published at July 31, 2025 · Mateusz Kusiak · 14 min read

In this blog post we share current progress of ZarhusBMC and porting OpenBMC to the x11ssh platform. We also give some insides on the caveats that come with preparing configuration for proprietary platform....

Categories: firmware miscellaneous os-dev

Securing embedded Linux: Secure Boot, encryption and A/B updates with Yocto

Published at July 25, 2025 · Michał Iwanicki · 28 min read

Generating UKI files, encrypting and decrypting rootfs in initramfs, A/B OTA updates with meta-otab and swupdate....

Categories: os-dev security

Booting EDK2 on Odroid M2

Published at July 17, 2025 · Michał Kopeć · 8 min read

EDK II is quickly becoming a big player in the ARM firmware space. In this blog post I will be exploring the process of porting EDK II to a new platform and the current state of this UEFI implementation on ARM based platforms....

Categories: firmware

Latest posts

Donate

Search

Recent posts

New adventure: Porting MSI PRO B850-P to coreboot

Dasharo TrustRoot Ephemeral Key Incident

Windows HLK for Firmware Validation

Gigabyte MZ33-AR1 Porting Update: BMC IPMI commands and Upstream

Porting Dasharo to ASRock Rack SPC741D8/2L2T

Top authors

Archives

Popular tags