Published at November 27, 2025 · Sergii Dmytruk · 20 min read
Dasharo on MeteorLake NovaCustom laptops has reached HSI-3. This took extending support for Intel BootGuard in coreboot and combining TPM event logs of coreboot and EDK II....
Dasharo Tools Suite: the story about scalability and stability, roadmap
Published at November 24, 2025 · Daniil Klimuk · 33 min read
Check out latest DTS upatest and roadmap. I will start from intro to DTS and the feature that are coming to it: hardware attestation, Chain of Trust and Root of Trust provisioning and verification, new hardware support. Then the brand new DTS E2E testing methodology, that help us maintain and further develop DTS, will be introduced and explained in details....
Categories: app-dev firmware miscellaneous os-dev
Gigabyte MZ33-AR1 Porting Update: ACPI and bugfixes
Published at November 5, 2025 · Michał Żygowski · 29 min read
In this blog post we will explain the effort of porting platform-specific ACPI code and show the extent of bugfixes required to run operating systems without issues on AMD Turin server platform, the Gigabyte MZ33-AR1....
Categories: firmware
Context-Based Auth.: Identify host by environment
Published at October 24, 2025 · Mateusz Kusiak · 13 min read
Geofencing - a mechanism that allows limiting various types of access to a specific area. To do so, often GPS or cellular information utilized. The issue is, stationary computers and laptops often lack needed hardware. …but what if we could use just the wifi-chips embedded in those devices to achieve even more secure result?...
Categories: iot miscellaneous security
Qubes OS Summit 2025 in Berlin: From R4.3 Features to Qubes Air Architecture
Published at October 20, 2025 · Piotr Król · 22 min read
Qubes OS Summit 2025 took place September 26-28 in Berlin, bringing together the community for talks on R4.3 updates, GUI improvements, infrastructure advances, and Qubes Air architecture. The event featured contributions from the Dasharo ecosystem including server firmware foundations, NovaCustom updates, UEFI Secure Boot progress, and TrenchBoot compatibility work. Day three hackathon focused on practical implementation including the Dasharo Patchqueue Initiative with XenServer expertise....
Gigabyte MZ33-AR1 Porting Update: PCIe Init, BMC KVM Validation, and HCL Improvements
Published at October 10, 2025 · Michał Żygowski · Mateusz Kusiak · 22 min read
Another post about the Gigabyte MZ33-AR1 porting effort progress. This time, we add definitions for PCI Express initialization, and validate BMC KVM VGA and keyboard. Also, improvements to HCL reporting and data dumping on AMD systems have been made....
Categories: firmware
Deploying a Zephyr Wi-Fi DHCP client application on the CROSSCON Hypervisor
Published at October 2, 2025 · Mateusz Kusiak · Daniil Klimuk · Paweł Langowski · 18 min read
This blog post will show off CROSSCON Hypervisor virtualization on ARM MCU's by diving deep into the process of launching Zephyr application inside CROSSCON Hypervisor's virtual machine....
Categories: security virtualization
Mapping and initializing USB and SATA ports on Gigabyte MZ33-AR1
Published at September 12, 2025 · Michał Żygowski · 26 min read
As the Gigabyte MZ33-AR1 porting effort progresses, coreboot has to add definitions for I/O bus initialization, such as SATA, USB and PCI Express. If you are curious how it is done on an AMD Turin-based system, read till the end....
Categories: firmware
AMD PSP blob analysis on Gigabyte MZ33-AR1 Turin system
Published at September 12, 2025 · Michał Żygowski · 14 min read
The blog post describes the analysis of PSP blobs on Gigabyte. MZ33-AR1. The analysis covers various aspects of stitching AMD firmware BIOS images and how a support for stitching Turin blobs was developed in coreboot....
Categories: firmware
Published at August 27, 2025 · Kamil Aronowski · 12 min read
The `init_on_free` Linux option ensures rigorous security by instantly zeroing out memory upon deallocation. In this follow-up, we build on our prior ram-wipe experiments to rigorously evaluate if `init_on_free` can serve as a robust safeguard, perhaps supplanting existing, less comprehensive memory wiping solutions....
.png){kind=small}
