TrenchBoot Anti Evil Maid - Phase 2
Published at October 20, 2023 · 10 min read

TrenchBoot Anti Evil Maid project for Qubes OS is progressing. With the addition of TPM 2.0 support, Anti Evil Maid gains much higher adoption and possibilities than ever before....
Categories: bootloader firmware hypervisor os-dev security
Dasharo compatible with MSI PRO Z690-A release v1.1.1
Published at March 2, 2023 · 11 min read

A short overview of changes introduced in v1.1.1 release of Dasharo compatible with MSI PRO Z690-A with a short demo of Qubes OS R4.1.2-rc1....
Categories: firmware
TrenchBoot Anti Evil Maid for Qubes OS
Published at January 31, 2023 · 14 min read

Qubes OS Anti Evil Maid (AEM) software heavily depends on the availability of the DRTM technologies to prevent the Evil Maid attacks. However, the project has not evolved much since the beginning of 2018 and froze on the support of TPM 1.2 with Intel TXT in legacy boot mode (BIOS). In the post we show how existing solution can be replaced with TrenchBoot and how one can install it on the Qubes OS. Also the post will also briefly explain how TrenchBoot opens the door for future TPM 2.0 and UEFI support for AEM....
Categories: bootloader firmware hypervisor os-dev security
Open Source Firmware on TigerLake platforms - part 1
Published at April 14, 2022 · 9 min read

This post describes efforts of building open source firmware for Tiger Lake UP3 RVP platform and the problems faced in the process. Tiger Lake is one of the newest Intel processors for which the FSP and EDK2 MinPlatform has been recently released....
Categories: firmware
ASUS KGPE-D16 Dasharo testing update
Published at March 23, 2022 · 3 min read

This blog post describes the updates in the validation process of Dasharo for ASUS KGPE-D16. You will read about new tests and newly detected issues....
Categories: firmware
A new source of trust for your platform - Dasharo with Intel TXT support
Published at March 17, 2022 · 9 min read
Do you trust the firmware on your system? No? Then this post is a must-read for you. Get to know what Intel Trusted Execution Technology (TXT) is and how it may help you securely measure and attest your operating system and software running on your machine. You will also hear about open-source implementation of Intel TXT for Ivy Bridge/Sandy Bridge platforms including Dell OptiPlex 7010 / 9010....
KGPE-D16 open-source firmware status
Published at February 3, 2022 · 6 min read

This post covers the struggles and efforts behind the revival of KGPE-D16. Something that community was waiting for a long time. With Dasharo firmware the platform obtained a new life and sees a new daylight with more security features and improvements....
Dasharo for Dell OptiPlex 7010 / 9010
Published at November 26, 2021 · 8 min read
Open source firmware may be hundreds of times better than the proprietary one. On the example of Dell OptiPlex 7010 / 9010 we will show you the advantages of Dasharo firmware on this machine....
Categories: firmware
Fobnail vs other boot security projects
Published at October 28, 2021 · 11 min read

Have you ever thought about securing the boot process of your computer? No? This post will compare the available open source boot process hardening projects and explain the importance of signing and protection the software/operating system you launch. You will also get to know how the boot process may be secured even further and with the incoming Fobnail security token....
Open Source Firmware on AMD Milan server processors
Published at September 9, 2021 · 6 min read

There were times where AMD was actively supporting open source firmware ecosystem by providing silicon initialization code. With a few years break AMD is now trying to support open source firmware again with the mobile platform like Chromebooks. However, the recent achievements have made everybody think that open source firmware is also possible on servers....
Categories: firmware