#coreboot


Optimizing Firmware Updates: Dasharo Firmware Update Mode for NovaCustom Laptops

Published at November 7, 2023 · Michał Kopeć ·  5 min read

Updating your firmware is an important part of keeping your device secure and reliable. Making this process as easy and reliable as possible is, therefore, a big focus for Dasharo. In this article, we'll dive into the latest feature that makes the update process on NovaCustom laptops a bit easier, more user-friendly, and talk about where we want to go from here....

Categories: firmware



Dasharo Compatible with MSI PRO Z690-A Release v1.1.2

Published at September 8, 2023 · Piotr Król ·  10 min read

Discover the latest Dasharo v1.1.2 release, designed with you in mind. Enjoy the freedom to personalize with the new logo customization feature, and flash open-source firmware safely with Flash BIOS recovery support. Its about making firmware both fun and secure. Dive in to find out more....

Categories: firmware security


Our contribution to coreboot 4.20 release

Published at May 18, 2023 · Piotr Król ·  4 min read

🎉 Celebrating coreboot 4.20 release! 🚀 Kudos to our contributors who have pushed the envelope in firmware security & optimization. Key updates: improved SoC support, TPM security, VT-d DMA protection & more. Check out the blog for all the details....

Categories: firmware


3mdeb Insights: A Look into 3mdeb's Open-Source Contributions

Published at April 27, 2023 · Norbert Kamiński · Piotr Król ·  13 min read

We're thrilled to share our team's summary of open-source contributions from 2021 to the first half of 2023 with you. We've actively worked on enhancing various projects, including coreboot and fwupd. Our involvement has not only boosted the functionality and security of these projects but also equipped us with valuable expertise for our clients. Stay tuned for an insightful blog post diving into our open-source contributions!...

Categories: firmware manufacturing



TrenchBoot Anti Evil Maid for Qubes OS

Published at January 31, 2023 · Michał Żygowski ·  14 min read

Qubes OS Anti Evil Maid (AEM) software heavily depends on the availability of the DRTM technologies to prevent the Evil Maid attacks. However, the project has not evolved much since the beginning of 2018 and froze on the support of TPM 1.2 with Intel TXT in legacy boot mode (BIOS). In the post we show how existing solution can be replaced with TrenchBoot and how one can install it on the Qubes OS. Also the post will also briefly explain how TrenchBoot opens the door for future TPM 2.0 and UEFI support for AEM....

Categories: bootloader firmware hypervisor os-dev security


Infrastructure for Xen development and debugging

Published at July 4, 2022 · Piotr Król · Norbert Kamiński ·  5 min read

Back in 2018 at OSFC, we've presented AMD IOMMU enabling for PC Engines apuX (GX-412TC) platforms. Our hypervisor of choice was Xen and we used it to verify the PCI pass-through feature. Unfortunately, the booting process was not exactly stable. In this article, you can check how to prepare infrastructure for Xen development and debugging...

Categories: firmware os-dev security



Open Source Firmware on TigerLake platforms - part 1

Published at April 14, 2022 · Michał Żygowski ·  9 min read

This post describes efforts of building open source firmware for Tiger Lake UP3 RVP platform and the problems faced in the process. Tiger Lake is one of the newest Intel processors for which the FSP and EDK2 MinPlatform has been recently released....

Categories: firmware



A new source of trust for your platform - Dasharo with Intel TXT support

Published at March 17, 2022 · Michał Żygowski ·  9 min read

Do you trust the firmware on your system? No? Then this post is a must-read for you. Get to know what Intel Trusted Execution Technology (TXT) is and how it may help you securely measure and attest your operating system and software running on your machine. You will also hear about open-source implementation of Intel TXT for Ivy Bridge/Sandy Bridge platforms including Dell OptiPlex 7010 / 9010....

Categories: firmware security



KGPE-D16 open-source firmware status

Published at February 3, 2022 · Michał Żygowski ·  6 min read

This post covers the struggles and efforts behind the revival of KGPE-D16. Something that community was waiting for a long time. With Dasharo firmware the platform obtained a new life and sees a new daylight with more security features and improvements....

Categories: firmware security


Dell OptiPlex and coreboot - a story about porting cursed hardware (part 2)

Published at June 1, 2021 · Michał Żygowski ·  10 min read

This post is a second part of the series which tells a story about porting Dell OptiPlex 9010 workstation to open-source firmware - coreboot. What was simple is long past us in the first part of the series. This time we are taking a deeper dive into the technical aspects of Environmental Controller reverse engineering and locating the problem with machine not booting after AC loss....

Categories: firmware


coreboot port for OpenPOWER - why bother?

Published at December 31, 2020 · Krystian Hebel ·  9 min read

You may have heard by now that we are working on coreboot port for Talos II. OpenPOWER already has, nomen omen, open source firmware, so one may ask why bother? We will try to answer that question....

Categories: firmware



3mdeb contribution 2020'Q2

Published at September 3, 2020 · Kamila Banecka ·  4 min read

The second post on 3mdeb contribution summary! The second quarter of 2020 has brought new merged patches. Check the samples of code that we successfully contributed and feel free to use them in your own projects....

Categories: miscellaneous


Booting coreboot on Intel Comet Lake S RVP8

Published at August 31, 2020 · Michał Żygowski ·  10 min read

This blog post shows the procedure of building coreboot for a Comet Lake S platform. Also it describes problems occurred when building and booting the image. As a bonus, few tips and tricks will be shown how to fix/workaround these kind of problems....

Categories: firmware security


coreboot Fundamentals Training

Published at August 9, 2020 · Kamila Banecka ·  4 min read

coreboot Fundamentals Training is the first step of 3mdeb Firmware Training path. It provides solid grounds for further development towards proficiency in coreboot firmware platform enginering. With this blogpost we are starting coreboot fundamentals mini-course....

Categories: firmware miscellaneous


Dell OptiPlex and coreboot - a story about porting cursed hardware (part 1)

Published at June 24, 2020 · Michał Żygowski ·  7 min read

This post begins a new series telling a story of a stubborn firmware engineer who overcame never-ending amount of obstacles to create a Dell OptiPlex 9010 workstation as open as possible. In this series, you will not only read about the adventures which accompanied the work on the hardware but also you will have a chance to learn the way of BIOS developer....

Categories: firmware











Boot Guard - pre-execution firmware verification on Protectli FW6

Published at February 21, 2020 · Michał Żygowski ·  9 min read

This post will not describe how to guard your shoes. However, will definitely introduce you to Boot Guard feature present on Intel processors which allows firmware verification before the first instruction executes. One may call it pre-execution firmware verification. The post will also show you how Boot Guard can work well with coreboot based firmware on an example of Protectli FW6....

Categories: firmware security


3mdeb roadmap for August 2019

Published at August 19, 2019 · Artur Raglis · Łukasz Wcisło ·  2 min read

Thrilled about what we are doing to change the world right now? Interested in the fancy stuff we make? Check out our plan for August 2019, find out more about our recent projects and stay tuned with the most sophisticated tech-team in the neighborhood....

Categories: miscellaneous


Meltdown and Spectre on PC Engines apu2

Published at May 29, 2019 · Michał Żygowski ·  9 min read

As a continuation the Meltdown and Spectre blog post, this post present the vulnerability status and mitigation with microcode update on PC Engines apu2. Read the post and get to know the open source tools for vulnerability and mitigation checks, as well as exploiting proof of concepts....

Categories: firmware security


Reproducible builds

Published at May 22, 2019 · Krystian Hebel ·  3 min read

Recently we made sure that every build of PC Engines' firmware is built in a reproducible manner. This short post shows what exactly does it mean and why this should be important to firmware developers....

Categories: firmware


How to enable Core Performance Boost on AMD platforms?

Published at February 14, 2019 · Michał Żygowski ·  13 min read

Pushing hardware to its limits In the epoch of efficient and fast processors, performance becomes one of the most crucial aspects when choosing and working with hardware. We want our computers to execute their tasks with possibly highest speeds. But what really influences the performance of our platforms? It’s the processor’s manufacturer design one may say. In this post, I will show You how firmware may boost Your silicon to higher performance level....

Categories: firmware


Xen HVM guests on PC Engines apu2

Published at August 16, 2018 · Piotr Król ·  15 min read

Continuing blog post series around Xen and IOMMU enabling in coreboot we are reaching a point in which some features seem to work correctly on top of recent patch series in firmware. What we can do at this point is PCI passthrough to guest VMs. Previously trying that on Xen caused problems: random hangs firmware cause Linux kernel booting issues (hang during boot) IOMMU disabled - unable to use PCI passthrough Now we can see something like that in dom0:...

Categories: firmware os-dev


How to boot Xen over PXE and NFS on PC Engines apu2

Published at July 18, 2018 · Piotr Król ·  9 min read

From time to time we face requests to correctly enable support for various Xen features on PC Engines apu2 platform. Doing that requires firmware modification, which 3mdeb is responsible for. Xen have very interesting requirements from firmware development perspective. Modern x86 have a bunch of features that support virtualization in hardware. Those features were described in Xen FAQ. It happens that most requesting were IOMMU and SR-IOV. First, give the ability to dedicate PCI device to given VM and second enables so-called Virtual Functions, what means on a physical device (e....

Categories: firmware os-dev


Flashing MinnowBoard Turbot with Raspberry Pi Zero W

Published at November 20, 2017 · Piotr Król ·  10 min read

Recently we started preparation of coreboot training for one of our customers. Our platform of choice for that training is MinnowBoard Turbot. There are couple reasons for that: During training we can show recent firmware trends - despite we don’t like blobs (FSP, AGESA, PSP, ME etc.) and bloated designs (UEFI) we cannot escape reality and have to show customers how to deal with those components. MinnowBoard Turbot use couple of them, but also supports coreboot....

Categories: firmware


UEFI/EDK II CorebootPayloadPkg on PC Engines apu2

Published at November 3, 2017 · Piotr Król ·  9 min read

Recently we were reached by person interested in running CoreOS on apu2. CoreOS is a very interesting system from security point of view. It was created to support containers and scalability out of the box. Unfortunately it requires firmware supporting GPT. At that point I was not sure if I can utilize GRUB GPT support on apu2, but this led to other questions: Is it possible to boot UEFI-aware OS on PC Engines apux boards?...

Categories: firmware


PC Engines apu2 python Robot Framework validation automation

Published at November 2, 2017 · Piotr Król ·  8 min read

Recently we attended ECC2017 conference. One of topics that we considered was a system for development and validation automation. Unfortunately this talk was not accepted, but we present some research below and plan to provide more soon. As maintainers of PC Engines platforms in coreboot we debug and fix quite a lot of bugs, but to take full responsibility for our code everything should be validated each time we do release....

Categories: firmware


PC Engines APU2 netboot Debian installation

Published at March 26, 2016 · Piotr Król ·  3 min read

In previous post I described how to setup PXE server and boot Debian installer using it. I mentioned that provided setup is limited and some extensive configuration is needed to make it useful for real world example. Since that time I learned that there is chain command in iPXE, which give ability to use arbitrary TFTP server as boot file source. Using RPi PXE server For example by changing my test network topology from previous post to something like that:...

Categories: os-dev


Coreboot for QEMU armv7 (vexpress-a9) emulated mainboard

Published at August 7, 2014 · Piotr Król ·  8 min read

Recently I came back to look into coreboot. Mainly because low level is fun and skills related to firmware (even coreboot) starting get attention on freelance portals (first odesk job, second odesk job). I was surprised that under the wings of Google coreboot team start to support ARM (BTW ARM programming is IMHO next great skill to learn). So I cloned latest, code compiled QEMU armv7 mainboard model and tried to kick it in latest qemu-system-arm....

Categories: firmware


Debugging coreboot in qemu environment - part 2

Published at April 18, 2012 · Piotr Król ·  2 min read

In previous post coreboot was configured and installed. Here we try to establish good debugging environment for it. To create a good emulated environment to debug, research and learn coreboot few tricks are required. First of all we need to know how to run our emulated environment (qemu). What I mean by that?...

Categories: firmware


Debugging coreboot in qemu environment - part 1

Published at March 12, 2012 · Piotr Król ·  2 min read

First of all I use testing version of Debian - wheezy. Clone coreboot repository: 1 2 git clone http://review.coreboot.org/p/coreboot cd coreboot; make menuconfig Configure FILO as apayload and use its latest version: 1 Payload -> Add a payload -> FILO Payload -> FILO version -> HEAD Add verbose debugging messages: 1 2 3 Debugging -> Check PIRQ table consistency Debugging -> Output verbose malloc debug messages Debugging -> Output verbose ACPI debug messages Debugging -> Enable debug messages for option ROM execution Debugging -> Built-in low-level shell Debugging -> Trace function calls Try to build:...

Categories: firmware


flashrom and Shuttle AV18E2

Published at January 6, 2012 · Piotr Król ·  2 min read

During Christmas break I found an old unused motherboard in my home, right away I thought that it maybe useful as learning environment for coreboot. First you need to do with this kind of board is to check if it is possible to flash its BIOS with user space tool called flashrom List of supported hardware can be found here. All you need to do is go through this HOWTO. Be aware that these operations can cause you will not be able to run your motherboard if something goes wrong....

Categories: firmware


How to begin with coreboot

Published at January 6, 2012 · Piotr Król ·  1 min read

About a month ago I started my adventure with coreboot. As coreboot home page says “coreboot is a Free Software project aimed at replacing the proprietary BIOS (firmware) found in most computers”. Although I read the majority of materials from mentioned page I still suffered from a lack of basic information that would help me to arrange everything in my head. Therefore, I decided to write a series of posts described my actions associated with this interesting project....

Categories: firmware