Our contribution to coreboot 4.20 release
Published at May 18, 2023 · Piotr Król · 4 min read
🎉 Celebrating coreboot 4.20 release! 🚀 Kudos to our contributors who have pushed the envelope in firmware security & optimization. Key updates: improved SoC support, TPM security, VT-d DMA protection & more. Check out the blog for all the details....
Categories: firmware
Dasharo compatible with MSI PRO Z690-A release v1.1.1
Published at March 2, 2023 · Michał Żygowski · 11 min read
A short overview of changes introduced in v1.1.1 release of Dasharo compatible with MSI PRO Z690-A with a short demo of Qubes OS R4.1.2-rc1....
Categories: firmware
TrenchBoot Anti Evil Maid for Qubes OS
Published at January 31, 2023 · Michał Żygowski · 14 min read
Qubes OS Anti Evil Maid (AEM) software heavily depends on the availability of the DRTM technologies to prevent the Evil Maid attacks. However, the project has not evolved much since the beginning of 2018 and froze on the support of TPM 1.2 with Intel TXT in legacy boot mode (BIOS). In the post we show how existing solution can be replaced with TrenchBoot and how one can install it on the Qubes OS. Also the post will also briefly explain how TrenchBoot opens the door for future TPM 2.0 and UEFI support for AEM....
Categories: bootloader firmware hypervisor os-dev security
Talos II - second CPU support and test automation
Published at April 15, 2022 · Krystian Hebel · 5 min read
Another post about our adventures with porting coreboot for Talos II. This phase focused on enabling second CPU and its internal devices. We also expanded our test suite....
Categories: firmware
Open Source Firmware on TigerLake platforms - part 1
Published at April 14, 2022 · Michał Żygowski · 9 min read
This post describes efforts of building open source firmware for Tiger Lake UP3 RVP platform and the problems faced in the process. Tiger Lake is one of the newest Intel processors for which the FSP and EDK2 MinPlatform has been recently released....
Categories: firmware
Fobnail Token - platform attestation
Published at April 6, 2022 · Artur Kowalski · Krystian Hebel · 6 min read
The Fobnail Token is an open-source hardware USB device that helps to determine the integrity of the system. The purpose of this blog post is to present the development progress of this project. This phase was focused on attestation....
ASUS KGPE-D16 Dasharo testing update
Published at March 23, 2022 · Michał Żygowski · 3 min read
This blog post describes the updates in the validation process of Dasharo for ASUS KGPE-D16. You will read about new tests and newly detected issues....
Categories: firmware
Fobnail Token - platform provisioning
Published at March 21, 2022 · Krystian Hebel · 7 min read
The Fobnail Token is an open-source hardware USB device that helps to determine the integrity of the system. The purpose of this blog post is to present the development progress of this project. This phase was focused on platform provisioning....
A new source of trust for your platform - Dasharo with Intel TXT support
Published at March 17, 2022 · Michał Żygowski · 9 min read
Do you trust the firmware on your system? No? Then this post is a must-read for you. Get to know what Intel Trusted Execution Technology (TXT) is and how it may help you securely measure and attest your operating system and software running on your machine. You will also hear about open-source implementation of Intel TXT for Ivy Bridge/Sandy Bridge platforms including Dell OptiPlex 7010 / 9010....
Current status of coreboot and Heads ports for Talos II
Published at February 16, 2022 · Krystian Hebel · 8 min read
This post summarizes our current progress on making first coreboot port for POWER platform, including Heads as a payload. It will also show how You can test it without having to flash firmware to PNOR....
Categories: firmware
KGPE-D16 open-source firmware status
Published at February 3, 2022 · Michał Żygowski · 6 min read
This post covers the struggles and efforts behind the revival of KGPE-D16. Something that community was waiting for a long time. With Dasharo firmware the platform obtained a new life and sees a new daylight with more security features and improvements....
Porting EDK II to an old Allwinner A13 tablet
Published at January 18, 2022 · Artur Kowalski · 7 min read
Most ARM SoC's run U-Boot or some custom bootloader. That was the case with Allwinner SoC's, until I started porting EDK II to my A13 tablet. In this post, I will tell you about the current UEFI support status on Allwinner SoC's, my future plans, and how to test UEFI on a compatible device...
Categories: firmware manufacturing
Fobnail Token - developing communication method that meets the CHARRA requirements
Published at December 15, 2021 · Tomasz Żyjewski · 4 min read
The Fobnail Token is an open-source hardware USB device that helps to determine the integrity of the system. The purpose of this blog post is to present the development progress of this project. During the last phase, we managed to implement the communication method that will be used between verifier and attester....
Enabling Secure Boot on RockChip SoCs
Published at December 3, 2021 · Artur Kowalski · 9 min read
RockChip Secure Boot is an essential security feature that helps tablet, PC, streaming media TV box, and IoT solution vendors secure their devices against malware infecting the firmware. In the following post, we will tell a story about enabling Secure Boot on the RK32xx family, but the lesson learned can be used on other models...
Dasharo for Dell OptiPlex 7010 / 9010
Published at November 26, 2021 · Michał Żygowski · 8 min read
Open source firmware may be hundreds of times better than the proprietary one. On the example of Dell OptiPlex 7010 / 9010 we will show you the advantages of Dasharo firmware on this machine....
Categories: firmware
Fobnail vs other boot security projects
Published at October 28, 2021 · Michał Żygowski · 11 min read
Have you ever thought about securing the boot process of your computer? No? This post will compare the available open source boot process hardening projects and explain the importance of signing and protection the software/operating system you launch. You will also get to know how the boot process may be secured even further and with the incoming Fobnail security token....
Published at October 8, 2021 · Michał Kopeć · 5 min read
An introduction to TPMs. Let's explore the differences between common implementations of TPMs and how they might matter to you....
Categories: security
Open Source Firmware on AMD Milan server processors
Published at September 9, 2021 · Michał Żygowski · 6 min read
There were times where AMD was actively supporting open source firmware ecosystem by providing silicon initialization code. With a few years break AMD is now trying to support open source firmware again with the mobile platform like Chromebooks. However, the recent achievements have made everybody think that open source firmware is also possible on servers....
Categories: firmware
OSF vPub (vBeer) - what a fun event!
Published at July 1, 2021 · Mike Banon · 2 min read
Our 2nd OSF vPub gathering was really fun and interesting - together with Richard Stallman as our honored guest!...
Categories: firmware miscellaneous
Open Compute Open System Firmware (OCP OSF) and its' importance
Published at June 10, 2021 · Piotr Król · 6 min read
Let's figure out what is OCP Open System Firmware, see how it relates to the Open Source Firmware (OSF) - and why it is important for your company to have one running on your product....
Categories: firmware miscellaneous
Right to Repair - and why is it important?
Published at April 30, 2021 · Mike Banon · 4 min read
Let's observe the struggles of today's repairman, why a right to repair is important and how 3mdeb can help....
Categories: hardware miscellaneous
Thoughts on OSFC 2020 – day 2 and 3
Published at April 14, 2021 · Kamila Banecka · 8 min read
Lets share some thoughts that evolved during the OSFC 2020 talks and send kudos to many people who made this conference happen....
Categories: app-dev firmware iot manufacturing miscellaneous os-dev security
The backdoor to your firmware 2
Published at March 25, 2021 · Anastazja Lapanova · 6 min read
Firmware vulnerabilities in the light of recent attacks as a backdoor of the firmware - part 2...
Categories: firmware
Creating ports for BSD distributions
Published at March 15, 2021 · Norbert Kamiński · Piotr Konkol · 8 min read
In this blog post, we will present how to build packages for FreeBSD, DragonFlyBSD, NetBSD, and OpenBSD. Also, we will show you how to create CI for FreeBSD distribution with the use of GitHub action....
Categories: firmware
Published at March 12, 2021 · Anastazja Lapanova · 5 min read
Firmware vulnerabilities in the light of recent attacks as a backdoor of the firmware...
Categories: firmware
OSF vPub (vBeer) - what a fun event!
Published at February 23, 2021 · Mike Banon · 2 min read
We've just had our first OSF vPub gathering, with lots of fun & really interesting talk about the open-source firmware/hardware with 50 masters from all over the world!...
Categories: firmware miscellaneous
Published at February 18, 2021 · Piotr Konkol · Kamila Banecka · 5 min read
Pros and cons of automated testing and the process of performing transparent validation....
Porting fwupd to the BSD distributions - How to compile fwupd on FreeBSD
Published at February 16, 2021 · Norbert Kamiński · 14 min read
The security of the whole system is not determined only by the software it runs, but also the firmware. We want to provide easy firmware update method to BSD distributions....
Categories: firmware
What is IOMMU and how it can be used?
Published at January 13, 2021 · Marek Kasiewicz · 6 min read
Welcome to a new blogpost series dedicated to IOMMU. In this article, you can read what IOMMU is and find out if its use may be beneficial for you....
coreboot port for OpenPOWER - why bother?
Published at December 31, 2020 · Krystian Hebel · 9 min read
You may have heard by now that we are working on coreboot port for Talos II. OpenPOWER already has, nomen omen, open source firmware, so one may ask why bother? We will try to answer that question....
Categories: firmware
Proof of concept implementation of RATS attestation for the TrenchBoot
Published at December 14, 2020 · Norbert Kamiński · 9 min read
This blog post will describe the concept of the IETF Remote Attestation Procedures (RATS) and implementation of CHAllenge-Response based Remote Attestation (CHARRA) with TPM 2.0 for TrenchBoot....
Building coreboot for RISC-V and running it in Qemu
Published at November 18, 2020 · Wojciech Niewiadomski · 4 min read
In this article, I will briefly explain what is RISC-V and why it is so exciting, then I`ll show you step by step how to build coreboot for this architecture and run it in QEMU emulator...
Categories: firmware miscellaneous
Trenchboot: Xen hypervisor support for the TrenchBoot
Published at October 15, 2020 · Norbert Kamiński · Marek Kasiewicz · 4 min read
In this blog post, we will describe the development of the Xen hypervisor support for TrenchBoot....
Published at October 8, 2020 · Marek Kasiewicz · 7 min read
Introductory blog post to PCIe features. In this article you can read what PCIe capability is and see examples of such capabilities....
Categories: firmware
Reasonably secure way to update your system firmware
Published at September 18, 2020 · Norbert Kamiński · 3 min read
As you may know from the previous blog post, the qubes-fwupd is the wrapper that allows you to update the firmware of your devices in the Qubes OS. This time I will briefly describe the new features, whereby you will securely update your system firmware....
Project status of the fwupd/LVFS support for Qubes OS
Published at July 14, 2020 · Norbert Kamiński · 5 min read
During the QubesOS minisummit, I have presented the initial status of the fwupd/LVFS support for the Qubes OS. Now it is time to share some more information about the progress....
Qubes OS & 3mdeb 'minisummit' 2020 summation
Published at June 17, 2020 · Kamila Banecka · 8 min read
The second Qubes OS & 3mdeb minisummit is ahead of us. We had gone through four evenings of topics devoted to Qubes OS, so it is time for broad summation of the event....
Categories: firmware miscellaneous security
Qubes OS and 3mdeb 'minisummit' 2020
Published at May 15, 2020 · Kamila Banecka · 5 min read
Once again, we will meet on QubesOs & 3mdeb minisummit 2020 discussing #QubesOS, #firmware, #coreboot, #security and #TPM related topics. All the event details are presented in the following blog post....
Categories: firmware miscellaneous security
Minnowboard Turbot remote firmware flashing with RTE (Remote Testing Environment)
Published at March 23, 2018 · Arkadiusz Cichocki · 7 min read
Minnowboard Turbot remote firmware flashing with RTE (Remote Testing Environment) Introduction Work related to a hardware carries some restrictions which don’t occur when working only with a software. One of them is a limited number of devices. This one may cause a problem with a accessibility to the platform. The limited number of users could slow development and testing. What is more work with a hardware requires a minimal knowledge of the theory of circuits and signals to eliminate platform damage by a user....
Categories:
.png){kind=small}
