How Dasharo works
Let’s us briefly explain what exactly Dasharo stack consists of
The first layer is a target platform. Most clients have it already chosen when starting a journey with Dasharo, however sometimes the platform is only adapted to a pre-selected set of features. With the knowledge about it’s specification we can proceed further.
The next step is about the firmware layer. The most common is coreboot due to its strong focus on boot speed, security and flexibility, however the choice depends on targeted users of the platform. Further, depending on the chosen firmware, integration of Intel FSP or AMD AGESA is set. Having it all confirmed, the payload and the operating system may become the next layer – The stack may differ at this point. For example, UEFI firmware doesn’t need payload to be implemented, due to its compatibility with UEFI specification.
Followingly, selected set of features is implemented. The choice depends on platform specification and it’s overall destination. The list of the sample features is available below. The process of creating dedicated Dasharo firmware is performed with the constant support of our team, from the early advisory steps to the constant maintenance process.Check ready-to-buy Dasharo products
Below are sample Dasharo features that can be added to your Dasharo product.
Static Code Root of Trust for Measurement (S-CRTM)
To establish trust anchor for all integrity measurements gathered during boot process.
Dynamic Root of Trust for Measurement (D-RTM)
To reestablish trust in a compromised environment without reboot.
Secure, verified and measured boot integration
To make sure your platform boots only trusted code.
To recover the firmware image in any situation.
To complete the ownership transfer and verification of the software delivered with hardware.
Trusted Platform Module 2.0 (TPM)
To make your platform tamper resistant, with secure chip that carries out cryptographic operations.
Secure firmware update
To mitigate supply chain attacks and provide secure system firmware update.
Security Features Automatic Report
To raise awareness of the security features implemented and the level of protection offered by platform firmware.
To enhance the safety of the data on the disk by leveraging its security features.
Intel STM or AMD SMM Supervisor
To allow only controlled access and harden the level of isolation.
Hypervisor as payload
To increase the security of the running target software to the highest possible level.
Regression Test Results (RTR)
To prove the Dasharo generic and customer-specific features for your platform with a powerful set of automated suites integrated with Dasharo CI and results visualization.
To make users self-sufficient with explicit, user-dedicated manuals of released binaries, installation steps and best practices guidelines.
To handle faults, isolate and resolve them in a reasonable time, including emergency releases.
To easily and quickly change the stuff the platforms boot into, including OS or any bootable tool.
Support for implementation of the Preboot eXecution Environment (iPXE).
To boot from a network using the open source network boot firmware that provides full PXE implementation.To retrieve data through protocols other than TFTP (HTTP, iSCSI and more).
Continuous Deployment with fwupd/LVFS
To have an insight into the continuous delivery process for the embedded firmware in hardware products and faster release rate.
Operating Systems Compatibility
To improve the product accessibility.
Industry Standards Compliance Testing
To gain an insurance on the product operability.
To maintain backward compatibility.
USB BIOS Recovery Dongle
To recover BIOS even in offline environment.
To increase significantly performance of the processor.
Boot time optimization
To improve the boot time of the bootloader.
Power consumption optimization
To reach a lower power consumption.
To allow your clients to be up-to-date with product release notes and events, rising strong interest around the product.
To make your product visible with blog posts based on release notes with implementation examples marketing means.
To create a Dasharo product dedicated source base that may contain all crucial aspects of the product: RTR results, CI, Blog, binaries, releases and more according to your choice.
Dedicated firmware release site with changelogs
To place all the binaries in one place with detailed changelogs.
coreboot source-code is available in the official repository. That means you can port coreboot and adjust payload with chosen features providing that you are deeply experienced in firmware engineering and have a sufficient amount of time. Step-by-step procedures do not exist yet, so in case of any issue or bug, it is challenging to find a solution or at least a guide. Furthermore, integration, validation, emergency releases and maintenance may cause a problem without the constant support of an experienced firmware team.
Are we trying to tell you that it is not a good idea to port and adjust coreboot by yourself? No.
If you are experienced and porting coreboot will serve your purposes, you can fully manage it by yourself and we encourage you to do so! For OEM/ODM vendors, the need for time, quality and stability measures makes Dasharo the best choice. Let all the effort involved in porting, adjusting, maintenance and validation be on us – experienced firmware experts.
coreboot with Dasharo
For OEM/ODM vendors the need for time, quality and stability measures Dasharo solution as the best choice. Let all the effort involved in porting, adjusting, maintenance, and validation be set on us – experienced firmware expert.
What can you gain?
- Full coreboot integration compatible with your specification
- Implementation of preferred Dasharo features available for your platform
- Graphical User Interface that will let you modify your features
- Maintenance support including emergency releases
- Transparent validation with regression tests results
- Marketing support with technical writing, documentation releases, blog posts and newsletters
What is Dasharo?
What is firmware?
What is the difference between Dasharo and traditional UEFI/BIOS firmware development provided by IBV?
Can I port coreboot to the chosen platform myself since it is open-source?
Can I request any demo?
Why do I need Dasharo?
To gain transparent validation, heavy attestation, smart components, reference OS, long maintenance and marketing support. Dasharo brings solutions to many of the problems of the traditional UEFI/BIOS firmware development provided by IBV, for example:
- Existing BIOS firmware products leaves burden of responsibility for optimization to end user
- Lack of security-focused BIOS firmware product which can seamlessly leverage advanced hardware security features
- aintaining compatibility and compliance of BIOS firmware is a very complex task
- Even in the light of competitive advantage OEMs/ODMs usually do not have time and/or resources to increase brand awareness and customer value through BIOS firmware solutions
If you don’t have a solution yet, let Dasharo become your answer. Contact us
What are Dasharo modules?
How long does it take to deliver Dasharo?
How open is Dasharo?
Who makes Dasharo?
How can I learn more about Dasharo?
What is the difference between Dasharo and coreboot?
What in case of potential sudden vulnerabilities during maintenance period?
What OS do I have to choose for my Dasharo Platform?
What about the ownership rights?
We do believe that taking ownership of firmware and passing it on when needed is critical to platform security. Existing BIOS firmware solutions make this process difficult— or impossible — to perform. Dasharo helps hardware vendors and their customers in making the firmware re-ownership process secure and trustworthy by providing required cryptographic primitives. We believe that there are two state-of-the-art solutions of the problem:
Is there a Dasharo community?
What will be the difference in user experience between Dasharo and traditional firmware?
Do I need to have my platform already chosen to request Dasharo?
What Dasharo consists of?
How can I provide my clients with detailed release information?
Each Dasharo release contains a binary file, a SHA256 hash of a binary file and a signed hash with a Dasharo release key
Each Dasharo release includes a test report
Dasharo generic test procedures from a given segment are described in the documentation
Dasharo specific test procedures are delivered in the form of a PDF document with a release
Each Dasharo release includes an integrity and signature verification procedure
How can I know about the quality of Dasharo firmware?
Each release of Dasharo includes a version compatible with Semantic Versioning 2.0.0: visit
Each Dasharo release includes: a release note compliant with the Keep A Changelog 1.0.0 specification: visit
Each Dasharo release contains a detailed description of the components version and a link to the scope of changes introduced since the last release