https://blog.3mdeb.com/post/ Recent content in Posts on Thoughts dereferenced from the scratchpad noise. Hugo -- gohugo.io en-us Fri, 15 May 2026 00:00:00 +0000 https://blog.3mdeb.com/2026/2026-05-15-gigabyte-mz33-ar1-v0.9.0-release/ Fri, 15 May 2026 00:00:00 +0000 https://blog.3mdeb.com/2026/2026-05-15-gigabyte-mz33-ar1-v0.9.0-release/ Introduction Dasharo v0.9.0 for the Gigabyte MZ33-AR1 server board was released on May 14, 2026. This marks the culmination of many months of porting work that started with the very first coreboot bring-up in Part 1 and progressed through hardware topology discovery, I/O bus configuration, ACPI porting, upstream contributions, and extensive testing. If you have not been following the series, all previous posts are tagged mz33-ar1. The build is based on coreboot 25. https://blog.3mdeb.com/2026/2026-04-27-msi_pro_b850p_part4/ Mon, 27 Apr 2026 00:00:00 +0000 https://blog.3mdeb.com/2026/2026-04-27-msi_pro_b850p_part4/ Introduction This blog post continues the MSI PRO B850-P coreboot porting series. In Part 1 we brought up the bootblock and romstage and mapped all USB, SATA, and PCIe ports. In Part 2 we added the USB and PCIe devicetree descriptors and integrated Phoenix openSIL as a submodule. In Part 3 we ported the MPIO, SMU, NBIO, FCH SD, FCH ACPI, and RcMgr IP blocks, reaching a state where the platform almost booted into Linux. https://blog.3mdeb.com/2026/2026-04-27-stop-rewriting-your-pipelines/ Mon, 27 Apr 2026 00:00:00 +0000 https://blog.3mdeb.com/2026/2026-04-27-stop-rewriting-your-pipelines/ Introduction We’ve been working with CI systems for years now, and frankly, we’re exhausted from rewriting pipelines. It all started with Jenkinsfiles a couple of years ago. Jenkins served us well for a while, but maintaining Jenkins infrastructure became a burden of its own. Then we moved to Travis CI back when it was free for open-source projects - it seemed like a great deal, and we invested time learning the syntax and getting our builds working smoothly. https://blog.3mdeb.com/2026/2026-04-24-apple-t2-pre-os-security-lessons/ Fri, 24 Apr 2026 00:00:00 +0000 https://blog.3mdeb.com/2026/2026-04-24-apple-t2-pre-os-security-lessons/ Introduction Apple published the most comprehensive platform security documentation in the industry. The Apple Platform Security Guide (December 2024 edition, covering iOS 18.1) is the version we studied for this article. Instead of dismissing it because it’s closed-source, what if we read it as a blueprint? From my perspective, the Apple Platform Security Guide represents state-of-the-art documentation of platform security. It is really great from the perspective of explaining to the community what the security features are and how those are used. https://blog.3mdeb.com/2026/2026-04-03-msi_pro_b850p_part3/ Fri, 03 Apr 2026 00:00:00 +0000 https://blog.3mdeb.com/2026/2026-04-03-msi_pro_b850p_part3/ Introduction This blog post continues the MSI PRO B850-P coreboot porting series. In Part 1 we brought up the bootblock and romstage, mapped all USB, SATA, and PCIe ports. In Part 2 we added the USB and PCIe devicetree descriptors and integrated Phoenix openSIL as a submodule, reaching CCX initialization successfully - but the platform stalled during PCIe initialization because the Phoenix PoC openSIL was written for mobile CPUs, not the desktop AM5 variant used on the B850-P. https://blog.3mdeb.com/2026/2026-03-06-msi_pro_b850p_part2/ Fri, 06 Mar 2026 00:00:00 +0000 https://blog.3mdeb.com/2026/2026-03-06-msi_pro_b850p_part2/ Introduction This blog post continues where Part 1 left off. As a quick recap: we successfully brought up bootblock and romstage on the MSI PRO B850-P using coreboot, but ramstage halted waiting for CPU core initialization that depends on OpenSIL. We also mapped all USB, SATA, and PCIe ports during the hardware-topology discovery phase. Before diving into the new content, there is one important development to mention: all Dasharo code has been rebased from coreboot 24. https://blog.3mdeb.com/2026/2026-02-09-msi_pro_b850p_part1/ Mon, 09 Feb 2026 00:00:00 +0000 https://blog.3mdeb.com/2026/2026-02-09-msi_pro_b850p_part1/ Introduction This new blog post describes the progress of the first phases of enabling AMD AM5 Phoenix support in coreboot and porting MSI PRO B850-P. The effort is a continuation of the Gigabyte MZ33-AR1 porting project, and is also funded by NLnet Foundation. The project was inspired by AMD’s efforts to bring open-source firmware for their most recent CPUs. Initially, the target was set for Phoenix CPUs and desktops, however, AMD published their CPU initialization code for AMD Turin server processor family on GitHub much earlier than for Phoenix processors. https://blog.3mdeb.com/2025/2025-12-18-eom-key-issue/ Mon, 22 Dec 2025 00:00:00 +0000 https://blog.3mdeb.com/2025/2025-12-18-eom-key-issue/ Introduction Note: For affected users seeking immediate guidance, please refer to Dasharo Security Bulletin DSB-001. This blog post provides additional technical context and details. This report serves as a disclosure and post-mortem analysis of a critical incident identified on 5th December 2025 affecting Dasharo firmware for NovaCustom V540TU and V560TU platforms. A release engineering error resulted in firmware binaries signed with an ephemeral testing key being published for the Dasharo TrustRoot fusing operation instead of binaries signed with the production key. https://blog.3mdeb.com/2025/2025-12-11-windows-hlk/ Thu, 11 Dec 2025 00:00:00 +0000 https://blog.3mdeb.com/2025/2025-12-11-windows-hlk/ Table of contents Introduction and Background Why Are We Interested in Windows HLK Windows HLK Overview Setup and Environment Configuration Integration with Open Source Firmware Validation Test Results Summary and Future Outlook Introduction and Background The Windows Hardware Lab Kit is the latest iteration of a test automation framework developed at Microsoft, used to certify devices. The certification tools suite has existed since the times of Windows 2000 and its name has been changing multiple times since then: https://blog.3mdeb.com/2025/2025-12-05-upstream-and-bmc-ipmi-gigabyte-mz33-ar1/ Fri, 05 Dec 2025 00:00:00 +0000 https://blog.3mdeb.com/2025/2025-12-05-upstream-and-bmc-ipmi-gigabyte-mz33-ar1/ Introduction The coreboot porting efforts of the Gigabyte MZ33-AR1 are coming to an end. We have completed the AMD Turin SOC silicon porting already. All that is left to do: Task 5. Platform-feature enablement: Milestone d. Board-specific IPMI commands Task 7. Community tooling contributions Milestone d. Extend amdtool for Phoenix & future SoCs Task 8. Upstreaming & community merge Milestone a. https://blog.3mdeb.com/2025/2025-12-02-asrock-rack-porting/ Tue, 02 Dec 2025 00:00:00 +0000 https://blog.3mdeb.com/2025/2025-12-02-asrock-rack-porting/ Introduction ASRock Rack SPC741D8 is a server motherboard supporting Intel Sapphire Rapids series of processors. In this blog post we will be discussing the process of porting Dasharo to the platform and talk about the challenges we faced in the process. We will also be talking about the Dasharo Hardware Certification process and how to ensure a board passes it. We gratefully acknowledge the Operating Systems Group at Karlsruhe Institute of Technology (Fabian Meyer, Felix Zimmer, Yussuf Khalil) for their contribution in initiating the coreboot port for this platform and supporting open-source firmware development. https://blog.3mdeb.com/2025/2025-11-28-nis2-digital-sovereignty-with-zarhus/ Fri, 28 Nov 2025 00:00:00 +0000 https://blog.3mdeb.com/2025/2025-11-28-nis2-digital-sovereignty-with-zarhus/ The European Union’s NIS2 Directive ushers in a powerful new era of cyber risk management, holding every link in the supply chain accountable to protect your business and the digital future. Complex regulations often feel like an endless maze of bureaucracy, adding to the mountain of regulations that organizations already struggle to navigate. In practice, they don’t have to feel this way! When it comes to securing your supply chain and mastering cryptography, there’s a clear path that cuts through the red tape and puts you back in control. https://blog.3mdeb.com/2025/2025-11-27-path-to-hsi3/ Thu, 27 Nov 2025 00:00:00 +0000 https://blog.3mdeb.com/2025/2025-11-27-path-to-hsi3/ An important milestone has been achieved by Dasharo firmware on September 18 with the publication of NovaCustom releases that pass level 3 checks of Host Security ID. This post provides background information on what it means and explains what went into making this happen. At the moment of publication, this information is relevant only to V540TU and V560TU models (no dGPU, only integrated graphics). Models with dGPU (V540TNx and V560TNx) had their firmware release postponed due to a suspend issue, but everything said here will apply to them in the near future. https://blog.3mdeb.com/2025/2025-10-29-maintaining-and-testing-dts/ Mon, 24 Nov 2025 00:00:00 +0000 https://blog.3mdeb.com/2025/2025-10-29-maintaining-and-testing-dts/ What is Dasharo Tools Suite? DTS is a Linux distribution built upon Yocto Project technologies with Dasharo/meta-dts as a core layer, and Dasharo/dts-scripts as a core code and logic repository. Apart from this, DTS uses other layers and a separate repository for metadata. The DTS documentation can be found in docs.dasharo.com. Dasharo Tools Suite and Dasharo Universe Dasharo Tools Suite (i.e., DTS) was initially designed for two purposes: Support end-users while deploying Dasharo firmware (the DTS Prod on the image above). https://blog.3mdeb.com/2025/2025-11-05-gigabyte-mz33-ar1-acpi-and-bugfixes/ Wed, 05 Nov 2025 00:00:00 +0000 https://blog.3mdeb.com/2025/2025-11-05-gigabyte-mz33-ar1-acpi-and-bugfixes/ Introduction We are slowly approaching the end of AMD Turin porting to coreboot. In the blog post, we will show how many other patches and bugfixes were required to properly run standard operating systems, such as Linux-based distros and Windows, on Gigabyte MZ33-AR1. If you haven’t read the previous blog posts, I encourage you to do so, to catch up with the overall progress of porting. ACPI porting Advanced Configuration and Power Interface (ACPI) is a standard that defines an interface between the ACPI-compliant operating system and the platform firmware.