How Dasharo works
Let’s us briefly explain what exactly Dasharo stack consists of
The first layer is a target platform. Most clients have it already chosen when starting a journey with Dasharo, however sometimes the platform is only adapted to a pre-selected set of features. With the knowledge about it’s specification we can proceed further.
The next step is about the firmware layer. The most common is coreboot due to it's strong focus on boot speed, security and flexibility, however the choice depends on targeted users of the platform. Further, depending on the chosen firmware, integration of Intel FSP or AMD AGESA is set. Having it all confirmed, the payload and the operating system may become the next layer – The stack may differ at this point. For example, UEFI firmware doesn't need payload to be implemented, due to it's compatibility with UEFI specification.
Followingly, selected set of features is implemented. The choice depends on platform specification and it's overall destination. The list of the sample features is available below. The process of creating dedicated Dasharo firmware is performed with the constant support of our team, from the early advisory steps to the constant maintenance process.Check ready-to-buy Dasharo products
Below are sample Dasharo features that can be added to your Dasharo product.
Static Code and Dynamic Root of Trust for Measurement (S-CRTM and D-RTM)
- Static Code and Dynamic Root of Trust for Measurement (S-CRT and D-RTM)
- To reestablish trust in a compromised environment without reboot (D-RTM)
Secure, verified and measured boot integration
Trusted Platform Module 2.0 (TPM)
Secure firmware update
Security Features Automatic Report
Intel STM or AMD SMM Supervisor
Hypervisor as payload
Regression Test Results (RTR)
Support for implementation of the Preboot eXecution Environment (iPXE).
Continuous Deployment with fwupd/LVFS
Operating Systems Compatibility
Industry Standards Compliance Testing
USB BIOS Recovery Dongle
Boot time optimization
Power consumption optimization
Dedicated firmware release site with changelogs
coreboot source-code is available in the official repository. That means you can port coreboot and adjust payload with chosen features providing that you are deeply experienced in firmware engineering and have a sufficient amount of time. Step-by-step procedures do not exist yet, so in case of any issue or bug, it is challenging to find a solution or at least a guide. Furthermore, integration, validation, emergency releases and maintenance may cause a problem without the constant support of an experienced firmware team.
Are we trying to tell you that it is not a good idea to port and adjust coreboot by yourself? No.
If you are experienced and porting coreboot will serve your purposes, you can fully manage it by yourself and we encourage you to do so! For OEM/ODM vendors, the need for time, quality and stability measures makes Dasharo the best choice. Let all the effort involved in porting, adjusting, maintenance and validation be on us – experienced firmware experts.
coreboot with Dasharo
For OEM/ODM vendors the need for time, quality and stability measures Dasharo solution as the best choice. Let all the effort involved in porting, adjusting, maintenance, and validation be set on us – experienced firmware expert.
What can you gain?
- Full coreboot integration compatible with your specification
- Implementation of preferred Dasharo features available for your platform
- Graphical User Interface that will let you modify your features
- Maintenance support including emergency releases
- Transparent validation with regression tests results
- Marketing support with technical writing, documentation releases, blog posts and newsletters
What is the difference between Dasharo and traditional
UEFI/BIOS firmware development provided by IBV?
- Existing BIOS firmware products leaves burden of responsibility for optimization to end user
- Lack of security-focused BIOS firmware product which can seamlessly leverage advanced hardware security features
- aintaining compatibility and compliance of BIOS firmware is a very complex task
- Even in the light of competitive advantage OEMs/ODMs usually do not have time and/or resources to increase brand awareness and customer value through BIOS firmware solutions
- Each Dasharo release contains a binary file, a SHA256 hash of a binary file and a signed hash with a Dasharo release key
- Each Dasharo release includes a test report
- Dasharo generic test procedures from a given segment are described in the documentation
- Dasharo specific test procedures are delivered in the form of a PDF document with a release
- Each Dasharo release includes an integrity and signature verification procedure
- Each release of Dasharo includes a version compatible with Semantic Versioning 2.0.0: visit
- Each Dasharo release includes: a release note compliant with the Keep A Changelog 1.0.0 specification: visit
- Each Dasharo release contains a detailed description of the components version and a link to the scope of changes introduced since the last release