This report details a release engineering incident where a Dasharo firmware update successfully performed End-of-Manufacturing (EOM) fusing on NovaCustom laptops but utilized an ephemeral testing key instead of the persistent production key. We provide a technical analysis of the situation and outline impact for affected end users.
This is a post about the process of porting Dasharo to a modern Intel-based server platform if you would like to learn how a coreboot port is integrated into Dasharo and enhanced with its features feel free to ask any questions.
In the blog post, the author explains the effort of porting platform-specific ACPI code and shows the extent of bugfixes required to run operating systems without issues on the AMD Turin server platform, the Gigabyte MZ33-AR1.
Another post about the Gigabyte MZ33-AR1 porting effort progress. This time, we add definitions for PCI Express initialization, and validate BMC KVM VGA and keyboard. Also, improvements to HCL reporting and data dumping on AMD systems have been made.
This is precisely it. Also, maybe some regulatory requirements of cloud providers and organizations like OCP. Commoditizing their complement is probably another obvious goal.
We also have to note that AMD seems to be heading for being a market leader in the server market (some signals are active in OCP Caliptra and OSF). We can see their presence at the upcoming OCP Summit, where they (together with Intel) will push forward the agenda of a generic framework for bootstrapping firmware, which is called openSFI:
https://youtu.be/1CE6olXT604
Sovereign Boot Provisioning Wizard is a UEFI application designed to guide end users through the provisioning of UEFI Secure Boot. The objective is to offer a user-controllable mechanism for managing platform trust relationships and establishing UEFI Secure Boot infrastructure, with a primary focus on transparency, informed consent, and usability.
Unlike traditional firmware interfaces, which expose UEFI Secure Boot as a collection of loosely connected toggleable settings and unmanaged certificate stores, this application presents a coherent, wizard-like experience. Its purpose is to make the process of reviewing and enrolling platform keys intuitive for users who are not security experts.
