#firmware

Our contribution to coreboot 4.20 release

Published at May 18, 2023 · Piotr Kr├│l ·  4 min read

­čÄë Celebrating coreboot 4.20 release! ­čÜÇ Kudos to our contributors who have pushed the envelope in firmware security & optimization. Key updates: improved SoC support, TPM security, VT-d DMA protection & more. Check out the blog for all the details....

Categories: firmware



TrenchBoot Anti Evil Maid for Qubes OS

Published at January 31, 2023 · Micha┼é ┼╗ygowski ·  14 min read

Qubes OS Anti Evil Maid (AEM) software heavily depends on the availability of the DRTM technologies to prevent the Evil Maid attacks. However, the project has not evolved much since the beginning of 2018 and froze on the support of TPM 1.2 with Intel TXT in legacy boot mode (BIOS). In the post we show how existing solution can be replaced with TrenchBoot and how one can install it on the Qubes OS. Also the post will also briefly explain how TrenchBoot opens the door for future TPM 2.0 and UEFI support for AEM....

Categories: bootloader firmware hypervisor os-dev security






Fobnail Token - platform provisioning

Published at March 21, 2022 · Krystian Hebel ·  7 min read

The Fobnail Token is an open-source hardware USB device that helps to determine the integrity of the system. The purpose of this blog post is to present the development progress of this project. This phase was focused on platform provisioning....

Categories: firmware security


A new source of trust for your platform - Dasharo with Intel TXT support

Published at March 17, 2022 · Micha┼é ┼╗ygowski ·  9 min read

Do you trust the firmware on your system? No? Then this post is a must-read for you. Get to know what Intel Trusted Execution Technology (TXT) is and how it may help you securely measure and attest your operating system and software running on your machine. You will also hear about open-source implementation of Intel TXT for Ivy Bridge/Sandy Bridge platforms including Dell OptiPlex 7010 / 9010....

Categories: firmware security



KGPE-D16 open-source firmware status

Published at February 3, 2022 · Micha┼é ┼╗ygowski ·  6 min read

This post covers the struggles and efforts behind the revival of KGPE-D16. Something that community was waiting for a long time. With Dasharo firmware the platform obtained a new life and sees a new daylight with more security features and improvements....

Categories: firmware security


Porting EDK II to an old Allwinner A13 tablet

Published at January 18, 2022 · Artur Kowalski ·  7 min read

Most ARM SoC's run U-Boot or some custom bootloader. That was the case with Allwinner SoC's, until I started porting EDK II to my A13 tablet. In this post, I will tell you about the current UEFI support status on Allwinner SoC's, my future plans, and how to test UEFI on a compatible device...

Categories: firmware manufacturing


Fobnail Token - developing communication method that meets the CHARRA requirements

Published at December 15, 2021 · Tomasz ┼╗yjewski ·  4 min read

The Fobnail Token is an open-source hardware USB device that helps to determine the integrity of the system. The purpose of this blog post is to present the development progress of this project. During the last phase, we managed to implement the communication method that will be used between verifier and attester....

Categories: firmware security


Enabling Secure Boot on RockChip SoCs

Published at December 3, 2021 · Artur Kowalski ·  9 min read

RockChip Secure Boot is an essential security feature that helps tablet, PC, streaming media TV box, and IoT solution vendors secure their devices against malware infecting the firmware. In the following post, we will tell a story about enabling Secure Boot on the RK32xx family, but the lesson learned can be used on other models...

Categories: firmware security



Fobnail vs other boot security projects

Published at October 28, 2021 · Micha┼é ┼╗ygowski ·  11 min read

Have you ever thought about securing the boot process of your computer? No? This post will compare the available open source boot process hardening projects and explain the importance of signing and protection the software/operating system you launch. You will also get to know how the boot process may be secured even further and with the incoming Fobnail security token....

Categories: firmware security


fTPM vs dTPM

Published at October 8, 2021 · Micha┼é Kope─ç ·  5 min read

An introduction to TPMs. Let's explore the differences between common implementations of TPMs and how they might matter to you....

Categories: security


Open Source Firmware on AMD Milan server processors

Published at September 9, 2021 · Micha┼é ┼╗ygowski ·  6 min read

There were times where AMD was actively supporting open source firmware ecosystem by providing silicon initialization code. With a few years break AMD is now trying to support open source firmware again with the mobile platform like Chromebooks. However, the recent achievements have made everybody think that open source firmware is also possible on servers....

Categories: firmware













coreboot port for OpenPOWER - why bother?

Published at December 31, 2020 · Krystian Hebel ·  9 min read

You may have heard by now that we are working on coreboot port for Talos II. OpenPOWER already has, nomen omen, open source firmware, so one may ask why bother? We will try to answer that question....

Categories: firmware





What features PCIe has?

Published at October 8, 2020 · Marek Kasiewicz ·  7 min read

Introductory blog post to PCIe features. In this article you can read what PCIe capability is and see examples of such capabilities....

Categories: firmware






Minnowboard Turbot remote firmware flashing with RTE (Remote Testing Environment)

Published at March 23, 2018 · Arkadiusz Cichocki ·  7 min read

Minnowboard Turbot remote firmware flashing with RTE (Remote Testing Environment) Introduction Work related to a hardware carries some restrictions which don’t occur when working only with a software. One of them is a limited number of devices. This one may cause a problem with a accessibility to the platform. The limited number of users could slow development and testing. What is more work with a hardware requires a minimal knowledge of the theory of circuits and signals to eliminate platform damage by a user....

Categories: