Dasharo TrustRoot Ephemeral Key Incident
Published at December 22, 2025 · Michał Kopeć · Maciej Pijanowski · 8 min read
This report details a release engineering incident where a Dasharo firmware update successfully performed End-of-Manufacturing (EOM) fusing on NovaCustom laptops but utilized an ephemeral testing key instead of the persistent production key. We provide a technical analysis of the situation and outline impact for affected end users....
Stop dreading NIS2: Unlock your firmware digital sovereignty with Zarhus.
Published at November 28, 2025 · Kamil Aronowski · 12 min read
The NIS2 Directive marks a new era of mandatory cyber risk management and accountability, with a focus on supply chain integrity. Today, we'll discover how Zarhus empowers you to master NIS2 compliance effortlessly, so you can take back control, secure your digital sovereignty, and focus on what truly matters - YOUR way....
Securing embedded Linux: Secure Boot, encryption and A/B updates with Yocto
Published at July 25, 2025 · Michał Iwanicki · 28 min read
Generating UKI files, encrypting and decrypting rootfs in initramfs, A/B OTA updates with meta-otab and swupdate....
Enabling Secure Boot on ODROID M1 (RK3568B)
Published at April 22, 2025 · Michał Iwanicki · 14 min read
This blog post describes how to enable Secure Boot on ODROID-M1(RK3568B). Read how to write hash of public key to OTP memory, how to sign loader and how to build signed U-Boot with enabled signature verification....
UEFI Secure Booting FreeBSD with Dasharo firmware
Published at November 14, 2024 · Filip Lewiński · 8 min read
This blogpost is a very brief introduction to the UEFI Secure Boot. It focuses on enabling Secure Boot on FreeBSD, on the example of a device running Dasharo firmware....
Implementing UEFI Secure Boot on MPL PIP4x
Published at April 18, 2024 · Paweł Langowski · 13 min read
This post explains how we tackled the problem of implementing UEFI Secure Boot on MPL's PIP platforms. The process included testing the platform's compatibility with Secure Boot and integrating automatic image signing into an existing Yocto layer....
Enabling Secure Boot on RockChip SoCs
Published at December 3, 2021 · Artur Kowalski · 9 min read
RockChip Secure Boot is an essential security feature that helps tablet, PC, streaming media TV box, and IoT solution vendors secure their devices against malware infecting the firmware. In the following post, we will tell a story about enabling Secure Boot on the RK32xx family, but the lesson learned can be used on other models...
Boot Guard - pre-execution firmware verification on Protectli FW6
Published at February 21, 2020 · Michał Żygowski · 9 min read
This post will not describe how to guard your shoes. However, will definitely introduce you to Boot Guard feature present on Intel processors which allows firmware verification before the first instruction executes. One may call it pre-execution firmware verification. The post will also show you how Boot Guard can work well with coreboot based firmware on an example of Protectli FW6....
.png){kind=small}
