-
This OpenBMC [port](https://www.raptorengineering.com/coreboot/kgpe-d16-bmc-port-status.php) for the KGPE-D16 and KCMA-D8 works but is left unmaintained.
PCB plans for the ASMv4 have [been open sou…
-
Attempting box64 bump downstream in https://github.com/NixOS/nixpkgs/pull/326034 showed a build failure for `rkboot`.
[rockchip-linux/rkbin](https://github.com/rockchip-linux/rkbin) has a static x8…
-
[DICE](https://trustedcomputinggroup.org/wp-content/uploads/Hardware-Requirements-for-Device-Identifier-Composition-Engine-r78_For-Publication.pdf) is a hardware/software specification for lightweight…
-
That question was answered on slack/matrix here: https://matrix.to/#/!pAlHOfxQNPXOgFGTmo:matrix.org/$SDLnmO-F3ALUZKvlnW0TR8SY8nZlbFaR_8C7Hgygoxw?via=matrix.org&via=nitro.chat&via=talk.puri.sm :
> i…
-
**Is your feature request related to a problem? Please describe.**
HSMs are expensive and require Vault Enterprise. KMS solutions only work in the cloud. TPM-based auto-unseal would allow for auto-…
-
## Feature Request
Seal the LUKS encryption keys for the `EPHEMERAL` partition using a TPM register that depends on confidential information from the `STATE` partition.
### Description
Consider a…
-
The Heads documentation [suggests](https://osresearch.net/Heads-threat-model/#system-firmware):
>Finally, once Coreboot has been flashed into the ROM, the write protect pins on the ROMs can be shorte…
-
For SEV-SNP the measurement included in the attestation report only covers flash0 (at least for QEMU). For confidential containers, we need to measure the firmware, the initrd, the kernel, and the ker…
-
## Attendees
- [X] @ansasaki
- [ ] @aplanas
- [ ] @edwards-n
- [X] @galmasi
- [X] @Isaac-Matthews
- [ ] @kkaarreell
- [ ] @lkatalin
- [ ] @lukehinds
- [X] @maugustosilva
- [ ] @maya…
-
On Intel devices, fwupd checks the `DMA_CTRL_PLATFORM_OPT_IN_FLAG` bit in the `DMAR` ACPI table to determine if pre-boot DMA protection is enabled as part of the HSI checks. But this flag seems to onl…