New Dasharo v0.9.0 Meteor Lake releases
Published at August 7, 2024 · Filip Gołaś · 8 min read
Dasharo v0.9.0 for 14th gen Intel Meteor Lake has just been released bringing numerous new features and improvements. Check out what's new!...
Getting started with Hardkernel ODROID H4+
Published at August 1, 2024 · Michał Żygowski · 14 min read
First steps with new hardware and preparations for coreboot firmware porting. A quick cookbook where to start and what to do when you get your hands on a new platform and not get your hands or board burnt....
Categories: firmware
Dasharo Compatible with MSI PRO Z690-A Release v1.1.3
Published at February 13, 2024 · Michał Żygowski · 11 min read
Discover the latest Dasharo v1.1.3 release bringing new features, many bug fixes, and compatibility with 14th generation Intel Core processors. Dive in to find out more....
Optimizing Firmware Updates: Dasharo Firmware Update Mode for NovaCustom Laptops
Published at November 7, 2023 · Michał Kopeć · 5 min read
Updating your firmware is an important part of keeping your device secure and reliable. Making this process as easy and reliable as possible is, therefore, a big focus for Dasharo. In this article, we'll dive into the latest feature that makes the update process on NovaCustom laptops a bit easier, more user-friendly, and talk about where we want to go from here....
Categories: firmware
TrenchBoot Anti Evil Maid - Phase 2
Published at October 20, 2023 · Michał Żygowski · 10 min read
TrenchBoot Anti Evil Maid project for Qubes OS is progressing. With the addition of TPM 2.0 support, Anti Evil Maid gains much higher adoption and possibilities than ever before....
Categories: bootloader firmware hypervisor os-dev security
Dasharo Compatible with MSI PRO Z690-A Release v1.1.2
Published at September 8, 2023 · Piotr Król · 10 min read
Discover the latest Dasharo v1.1.2 release, designed with you in mind. Enjoy the freedom to personalize with the new logo customization feature, and flash open-source firmware safely with Flash BIOS recovery support. Its about making firmware both fun and secure. Dive in to find out more....
Our contribution to coreboot 4.20 release
Published at May 18, 2023 · Piotr Król · 4 min read
🎉 Celebrating coreboot 4.20 release! 🚀 Kudos to our contributors who have pushed the envelope in firmware security & optimization. Key updates: improved SoC support, TPM security, VT-d DMA protection & more. Check out the blog for all the details....
Categories: firmware
3mdeb Insights: A Look into 3mdeb's Open-Source Contributions
Published at April 27, 2023 · Norbert Kamiński · Piotr Król · 13 min read
We're thrilled to share our team's summary of open-source contributions from 2021 to the first half of 2023 with you. We've actively worked on enhancing various projects, including coreboot and fwupd. Our involvement has not only boosted the functionality and security of these projects but also equipped us with valuable expertise for our clients. Stay tuned for an insightful blog post diving into our open-source contributions!...
Categories: firmware manufacturing
Dasharo compatible with MSI PRO Z690-A release v1.1.1
Published at March 2, 2023 · Michał Żygowski · 11 min read
A short overview of changes introduced in v1.1.1 release of Dasharo compatible with MSI PRO Z690-A with a short demo of Qubes OS R4.1.2-rc1....
Categories: firmware
TrenchBoot Anti Evil Maid for Qubes OS
Published at January 31, 2023 · Michał Żygowski · 14 min read
Qubes OS Anti Evil Maid (AEM) software heavily depends on the availability of the DRTM technologies to prevent the Evil Maid attacks. However, the project has not evolved much since the beginning of 2018 and froze on the support of TPM 1.2 with Intel TXT in legacy boot mode (BIOS). In the post we show how existing solution can be replaced with TrenchBoot and how one can install it on the Qubes OS. Also the post will also briefly explain how TrenchBoot opens the door for future TPM 2.0 and UEFI support for AEM....
Categories: bootloader firmware hypervisor os-dev security
Infrastructure for Xen development and debugging
Published at July 4, 2022 · Piotr Król · Norbert Kamiński · 5 min read
Back in 2018 at OSFC, we've presented AMD IOMMU enabling for PC Engines apuX (GX-412TC) platforms. Our hypervisor of choice was Xen and we used it to verify the PCI pass-through feature. Unfortunately, the booting process was not exactly stable. In this article, you can check how to prepare infrastructure for Xen development and debugging...
Talos II - second CPU support and test automation
Published at April 15, 2022 · Krystian Hebel · 5 min read
Another post about our adventures with porting coreboot for Talos II. This phase focused on enabling second CPU and its internal devices. We also expanded our test suite....
Categories: firmware
Open Source Firmware on TigerLake platforms - part 1
Published at April 14, 2022 · Michał Żygowski · 9 min read
This post describes efforts of building open source firmware for Tiger Lake UP3 RVP platform and the problems faced in the process. Tiger Lake is one of the newest Intel processors for which the FSP and EDK2 MinPlatform has been recently released....
Categories: firmware
ASUS KGPE-D16 Dasharo testing update
Published at March 23, 2022 · Michał Żygowski · 3 min read
This blog post describes the updates in the validation process of Dasharo for ASUS KGPE-D16. You will read about new tests and newly detected issues....
Categories: firmware
A new source of trust for your platform - Dasharo with Intel TXT support
Published at March 17, 2022 · Michał Żygowski · 9 min read
Do you trust the firmware on your system? No? Then this post is a must-read for you. Get to know what Intel Trusted Execution Technology (TXT) is and how it may help you securely measure and attest your operating system and software running on your machine. You will also hear about open-source implementation of Intel TXT for Ivy Bridge/Sandy Bridge platforms including Dell OptiPlex 7010 / 9010....
Current status of coreboot and Heads ports for Talos II
Published at February 16, 2022 · Krystian Hebel · 8 min read
This post summarizes our current progress on making first coreboot port for POWER platform, including Heads as a payload. It will also show how You can test it without having to flash firmware to PNOR....
Categories: firmware
KGPE-D16 open-source firmware status
Published at February 3, 2022 · Michał Żygowski · 6 min read
This post covers the struggles and efforts behind the revival of KGPE-D16. Something that community was waiting for a long time. With Dasharo firmware the platform obtained a new life and sees a new daylight with more security features and improvements....
Dell OptiPlex and coreboot - a story about porting cursed hardware (part 2)
Published at June 1, 2021 · Michał Żygowski · 10 min read
This post is a second part of the series which tells a story about porting Dell OptiPlex 9010 workstation to open-source firmware - coreboot. What was simple is long past us in the first part of the series. This time we are taking a deeper dive into the technical aspects of Environmental Controller reverse engineering and locating the problem with machine not booting after AC loss....
Categories: firmware
coreboot port for OpenPOWER - why bother?
Published at December 31, 2020 · Krystian Hebel · 9 min read
You may have heard by now that we are working on coreboot port for Talos II. OpenPOWER already has, nomen omen, open source firmware, so one may ask why bother? We will try to answer that question....
Categories: firmware
Building coreboot for RISC-V and running it in Qemu
Published at November 18, 2020 · Wojciech Niewiadomski · 4 min read
In this article, I will briefly explain what is RISC-V and why it is so exciting, then I`ll show you step by step how to build coreboot for this architecture and run it in QEMU emulator...
Categories: firmware miscellaneous
Published at September 3, 2020 · Kamila Banecka · 4 min read
The second post on 3mdeb contribution summary! The second quarter of 2020 has brought new merged patches. Check the samples of code that we successfully contributed and feel free to use them in your own projects....
Categories: miscellaneous
Booting coreboot on Intel Comet Lake S RVP8
Published at August 31, 2020 · Michał Żygowski · 10 min read
This blog post shows the procedure of building coreboot for a Comet Lake S platform. Also it describes problems occurred when building and booting the image. As a bonus, few tips and tricks will be shown how to fix/workaround these kind of problems....
coreboot Fundamentals Training
Published at August 9, 2020 · Kamila Banecka · 4 min read
coreboot Fundamentals Training is the first step of 3mdeb Firmware Training path. It provides solid grounds for further development towards proficiency in coreboot firmware platform enginering. With this blogpost we are starting coreboot fundamentals mini-course....
Categories: firmware miscellaneous
Dell OptiPlex and coreboot - a story about porting cursed hardware (part 1)
Published at June 24, 2020 · Michał Żygowski · 7 min read
This post begins a new series telling a story of a stubborn firmware engineer who overcame never-ending amount of obstacles to create a Dell OptiPlex 9010 workstation as open as possible. In this series, you will not only read about the adventures which accompanied the work on the hardware but also you will have a chance to learn the way of BIOS developer....
Categories: firmware
Qubes OS & 3mdeb 'minisummit' 2020 summation
Published at June 17, 2020 · Kamila Banecka · 8 min read
The second Qubes OS & 3mdeb minisummit is ahead of us. We had gone through four evenings of topics devoted to Qubes OS, so it is time for broad summation of the event....
Categories: firmware miscellaneous security
Starting TrenchBoot's Landing Zone from iPXE
Published at June 1, 2020 · Krystian Hebel · 10 min read
In this article we present support for starting Landing Zone from another bootloader: iPXE. It may not be as featureful as GRUB2, but it has enough juice to start DRTM using images obtained from a remote server...
Qubes OS and 3mdeb 'minisummit' 2020
Published at May 15, 2020 · Kamila Banecka · 5 min read
Once again, we will meet on QubesOs & 3mdeb minisummit 2020 discussing #QubesOS, #firmware, #coreboot, #security and #TPM related topics. All the event details are presented in the following blog post....
Categories: firmware miscellaneous security
User friendly tutorial for enabling HTTPS support in iPXE
Published at May 6, 2020 · Michał Żygowski · 5 min read
This article will show you how to replace old HTTP with much safer HTTPS when booting platforms/computers over network. You will read how to quickly incorporate open-source network booting solution based on coreboot and iPXE projects to your daily life....
TrenchBoot: Open Source DRTM. CI/CD system.
Published at May 5, 2020 · Piotr Kleinschmidt · 6 min read
How to improve development and validation process in our project? Automation? Of course! Let us introduce our CI/CD system. Find out how it actually works and what advantages it has....
TrenchBoot: Open Source DRTM. DRTM update and meta-trenchboot implementation
Published at April 30, 2020 · Piotr Kleinschmidt · 11 min read
Another release brings new updates in our Open Source DRTM project. Except for code changes, we have prepared our custom Linux image with DRTM. Also we set up CI/CD system for automation build and test. Read this article if you want to find out more details....
TrenchBoot: Open Source DRTM. Landing Zone validation.
Published at April 3, 2020 · Piotr Kleinschmidt · 25 min read
When you already know what is TrenchBoot, what is DRTM and how we enable it on AMD processors, we can move on to practice. I will show you how to configure all components and verify first of project's requirements....
TrenchBoot - Open Source DRTM for AMD processors. Project's basics.
Published at March 31, 2020 · Piotr Kleinschmidt · 11 min read
This is the first blog post of TrenchBoot series. It will introduce you to the project, its structure and environment. Additionally the reader will find out more about each component, how to setup the environment and configure the build....
Open Source DRTM with TrenchBoot for AMD processors. Introduction.
Published at March 28, 2020 · Piotr Kleinschmidt · 4 min read
This article starts an entire series of articles related to title project. By reading this blog post, you will find out why we have started such project and who is supporting us. Also, we bring you closer to main concept and goals....
Boot Guard - pre-execution firmware verification on Protectli FW6
Published at February 21, 2020 · Michał Żygowski · 9 min read
This post will not describe how to guard your shoes. However, will definitely introduce you to Boot Guard feature present on Intel processors which allows firmware verification before the first instruction executes. One may call it pre-execution firmware verification. The post will also show you how Boot Guard can work well with coreboot based firmware on an example of Protectli FW6....
Published at August 19, 2019 · Artur Raglis · Łukasz Wcisło · 2 min read
Thrilled about what we are doing to change the world right now? Interested in the fancy stuff we make? Check out our plan for August 2019, find out more about our recent projects and stay tuned with the most sophisticated tech-team in the neighborhood....
Categories: miscellaneous
Meltdown and Spectre on PC Engines apu2
Published at May 29, 2019 · Michał Żygowski · 9 min read
As a continuation the Meltdown and Spectre blog post, this post present the vulnerability status and mitigation with microcode update on PC Engines apu2. Read the post and get to know the open source tools for vulnerability and mitigation checks, as well as exploiting proof of concepts....
Published at May 22, 2019 · Krystian Hebel · 3 min read
Recently we made sure that every build of PC Engines' firmware is built in a reproducible manner. This short post shows what exactly does it mean and why this should be important to firmware developers....
Categories: firmware
How to enable Core Performance Boost on AMD platforms?
Published at February 14, 2019 · Michał Żygowski · 13 min read
Pushing hardware to its limits In the epoch of efficient and fast processors, performance becomes one of the most crucial aspects when choosing and working with hardware. We want our computers to execute their tasks with possibly highest speeds. But what really influences the performance of our platforms? It’s the processor’s manufacturer design one may say. In this post, I will show You how firmware may boost Your silicon to higher performance level....
Categories: firmware
Xen HVM guests on PC Engines apu2
Published at August 16, 2018 · Piotr Król · 15 min read
Continuing blog post series around Xen and IOMMU enabling in coreboot we are reaching a point in which some features seem to work correctly on top of recent patch series in firmware. What we can do at this point is PCI passthrough to guest VMs. Previously trying that on Xen caused problems: random hangs firmware cause Linux kernel booting issues (hang during boot) IOMMU disabled - unable to use PCI passthrough Now we can see something like that in dom0:...
How to boot Xen over PXE and NFS on PC Engines apu2
Published at July 18, 2018 · Piotr Król · 9 min read
From time to time we face requests to correctly enable support for various Xen features on PC Engines apu2 platform. Doing that requires firmware modification, which 3mdeb is responsible for. Xen have very interesting requirements from firmware development perspective. Modern x86 have a bunch of features that support virtualization in hardware. Those features were described in Xen FAQ. It happens that most requesting were IOMMU and SR-IOV. First, give the ability to dedicate PCI device to given VM and second enables so-called Virtual Functions, what means on a physical device (e....
Flashing MinnowBoard Turbot with Raspberry Pi Zero W
Published at November 20, 2017 · Piotr Król · 10 min read
Recently we started preparation of coreboot training for one of our customers. Our platform of choice for that training is MinnowBoard Turbot. There are couple reasons for that: During training we can show recent firmware trends - despite we don’t like blobs (FSP, AGESA, PSP, ME etc.) and bloated designs (UEFI) we cannot escape reality and have to show customers how to deal with those components. MinnowBoard Turbot use couple of them, but also supports coreboot....
Categories: firmware
UEFI/EDK II CorebootPayloadPkg on PC Engines apu2
Published at November 3, 2017 · Piotr Król · 9 min read
Recently we were reached by person interested in running CoreOS on apu2. CoreOS is a very interesting system from security point of view. It was created to support containers and scalability out of the box. Unfortunately it requires firmware supporting GPT. At that point I was not sure if I can utilize GRUB GPT support on apu2, but this led to other questions: Is it possible to boot UEFI-aware OS on PC Engines apux boards?...
Categories: firmware
PC Engines apu2 python Robot Framework validation automation
Published at November 2, 2017 · Piotr Król · 8 min read
Recently we attended ECC2017 conference. One of topics that we considered was a system for development and validation automation. Unfortunately this talk was not accepted, but we present some research below and plan to provide more soon. As maintainers of PC Engines platforms in coreboot we debug and fix quite a lot of bugs, but to take full responsibility for our code everything should be validated each time we do release....
Categories: firmware
PC Engines APU2 netboot Debian installation
Published at March 26, 2016 · Piotr Król · 3 min read
In previous post I described how to setup PXE server and boot Debian installer using it. I mentioned that provided setup is limited and some extensive configuration is needed to make it useful for real world example. Since that time I learned that there is chain command in iPXE, which give ability to use arbitrary TFTP server as boot file source. Using RPi PXE server For example by changing my test network topology from previous post to something like that:...
Categories: os-dev
Coreboot for QEMU armv7 (vexpress-a9) emulated mainboard
Published at August 7, 2014 · Piotr Król · 8 min read
Recently I came back to look into coreboot. Mainly because low level is fun and skills related to firmware (even coreboot) starting get attention on freelance portals (first odesk job (link removed), second odesk job). I was surprised that under the wings of Google coreboot team start to support ARM (BTW ARM programming is IMHO next great skill to learn). So I cloned latest, code compiled QEMU armv7 mainboard model and tried to kick it in latest qemu-system-arm....
Categories: firmware
Debugging coreboot in qemu environment - part 2
Published at April 18, 2012 · Piotr Król · 2 min read
In previous post coreboot was configured and installed. Here we try to establish good debugging environment for it. To create a good emulated environment to debug, research and learn coreboot few tricks are required. First of all we need to know how to run our emulated environment (qemu). What I mean by that?...
Categories: firmware
Debugging coreboot in qemu environment - part 1
Published at March 12, 2012 · Piotr Król · 2 min read
First of all I use testing version of Debian - wheezy. Clone coreboot repository: 1 2 git clone http://review.coreboot.org/p/coreboot cd coreboot; make menuconfig Configure FILO as apayload and use its latest version: 1 Payload -> Add a payload -> FILO Payload -> FILO version -> HEAD Add verbose debugging messages: 1 2 3 Debugging -> Check PIRQ table consistency Debugging -> Output verbose malloc debug messages Debugging -> Output verbose ACPI debug messages Debugging -> Enable debug messages for option ROM execution Debugging -> Built-in low-level shell Debugging -> Trace function calls Try to build:...
Categories: firmware
Published at January 6, 2012 · Piotr Król · 2 min read
During Christmas break I found an old unused motherboard in my home, right away I thought that it maybe useful as learning environment for coreboot. First you need to do with this kind of board is to check if it is possible to flash its BIOS with user space tool called flashrom List of supported hardware can be found here. All you need to do is go through this HOWTO. Be aware that these operations can cause you will not be able to run your motherboard if something goes wrong....
Categories: firmware
Published at January 6, 2012 · Piotr Król · 1 min read
About a month ago I started my adventure with coreboot. As coreboot home page says “coreboot is a Free Software project aimed at replacing the proprietary BIOS (firmware) found in most computers”. Although I read the majority of materials from mentioned page I still suffered from a lack of basic information that would help me to arrange everything in my head. Therefore, I decided to write a series of posts described my actions associated with this interesting project....
Categories: firmware
.png){kind=small}
