search

Dasharo / dasharo-issues

The Dasharo issue tracker
https://dasharo.com/
24 stars 0 forks source link

NovaCustom NV41 (pz-i7) - Ability to disable NVMe in firmware #693

Open fsbof opened 6 months ago

fsbof commented 6 months ago

The problem you're addressing (if any)

This a feature request - The problem I have is that I would like to be able to boot a live distro or an installation on a USB type medium and not have it access the NVMe drive at all. This would prevent any accidental damage. We do this quite a bit with laptops that need to have a very specific tool-set for a single job but that tool-set is incompatible with the daily operating environment.

Describe the solution you'd like

I'd like enable/disable check-boxes somewhere in the firmware for hardware like the NVMe drives.

Where is the value to a user, and who might that user be?

I believe the value is to anyuser who either wants to test different distros or to multiboot from different devices. With the capabilities of USB3, it is very feasible to run an OS from a USB attached NVMe or similar device with acceptable performance.

If the NVMe is available, regardless of it's encryption state, it is subject to be re-encrypted and is therefore vulnerable, even if the data on it is not directly accessible.

Describe alternatives you've considered

The only other real alternative is to physical remove the internal NVMe device prior to booting. This is not very practicle if you do this regularly. The other option is to encrypt the NVMe so it is not accessible. I have found that sometimes encrypted drives appear to some operating system like Windows as drives that require formatting - that is a bad mistake for a user to make and this option can help to preent that! :-(

Additional context

No response

wessel-novacustom commented 6 months ago

Not a bad option indeed.

@macpijan You can quote this feature to us for any next release.

wessel-novacustom commented 4 months ago

Unfortunately, implementing this feature would cost quite a lot of effort, time and money. So far, no other (potential) customers have asked for this firmware feature. The sad reality is that we will need to await and not to proceed until new users come here and support the potential feature.