How Dasharo works
Let’s us briefly explain what exactly Dasharo stack consists of
The first layer is a target platform. Most clients have it already chosen when starting a journey with Dasharo, however sometimes the platform is only adapted to a pre-selected set of features. With the knowledge about it’s specification we can proceed further.
The next step is about the firmware layer. The most common is coreboot due to its strong focus on boot speed, security and flexibility, however the choice depends on targeted users of the platform. Further, depending on the chosen firmware, integration of Intel FSP or AMD AGESA is set. Having it all confirmed, the payload and the operating system may become the next layer – The stack may differ at this point. For example, UEFI firmware doesn’t need payload to be implemented, due to its compatibility with UEFI specification.
Followingly, selected set of features is implemented. The choice depends on platform specification and it’s overall destination. The list of the sample features is available below. The process of creating dedicated Dasharo firmware is performed with the constant support of our team, from the early advisory steps to the constant maintenance process.
Check ready-to-buy Dasharo products
Dasharo Modules
Below are sample Dasharo features that can be added to your Dasharo product.
Security Module
Static Code Root of Trust for Measurement (S-CRTM)
To establish trust anchor for all integrity measurements gathered during boot process.
Dynamic Root of Trust for Measurement (D-RTM)
To reestablish trust in a compromised environment without reboot.
Secure, verified and measured boot integration
To make sure your platform boots only trusted code.
Firmware Recovery
To recover the firmware image in any situation.
Firmware re-ownership
To complete the ownership transfer and verification of the software delivered with hardware.
Trusted Platform Module 2.0 (TPM)
To make your platform tamper resistant, with secure chip that carries out cryptographic operations.
Secure firmware update
To mitigate supply chain attacks and provide secure system firmware update.
Security Features Automatic Report
To raise awareness of the security features implemented and the level of protection offered by platform firmware.
OPAL integration
To enhance the safety of the data on the disk by leveraging its security features.
Intel STM or AMD SMM Supervisor
To allow only controlled access and harden the level of isolation.
Hypervisor as payload
To increase the security of the running target software to the highest possible level.
Compatibility Module
Regression Test Results (RTR)
To prove the Dasharo generic and customer-specific features for your platform with a powerful set of automated suites integrated with Dasharo CI and results visualization.
Documentation
To make users self-sufficient with explicit, user-dedicated manuals of released binaries, installation steps and best practices guidelines.
Continuous Integration
To handle faults, isolate and resolve them in a reasonable time, including emergency releases.
USB boot
To easily and quickly change the stuff the platforms boot into, including OS or any bootable tool.
Support for implementation of the Preboot eXecution Environment (iPXE).
To boot from a network using the open source network boot firmware that provides full PXE implementation.To retrieve data through protocols other than TFTP (HTTP, iSCSI and more).
Continuous Deployment with fwupd/LVFS
To have an insight into the continuous delivery process for the embedded firmware in hardware products and faster release rate.
Operating Systems Compatibility
To improve the product accessibility.
Industry Standards Compliance Testing
To gain an insurance on the product operability.
Legacy support
To maintain backward compatibility.
USB BIOS Recovery Dongle
To recover BIOS even in offline environment.
Performance Module
CPU Boost
To increase significantly performance of the processor.
Boot time optimization
To improve the boot time of the bootloader.
Power consumption optimization
To reach a lower power consumption.
Marketing
Newsletter
To allow your clients to be up-to-date with product release notes and events, rising strong interest around the product.
Blog
To make your product visible with blog posts based on release notes with implementation examples marketing means.
Website
To create a Dasharo product dedicated source base that may contain all crucial aspects of the product: RTR results, CI, Blog, binaries, releases and more according to your choice.
Dedicated firmware release site with changelogs
To place all the binaries in one place with detailed changelogs.
Dasharo DIY
coreboot YOURSELF
coreboot source-code is available in the official repository. That means you can port coreboot and adjust payload with chosen features providing that you are deeply experienced in firmware engineering and have a sufficient amount of time. Step-by-step procedures do not exist yet, so in case of any issue or bug, it is challenging to find a solution or at least a guide. Furthermore, integration, validation, emergency releases and maintenance may cause a problem without the constant support of an experienced firmware team.
Are we trying to tell you that it is not a good idea to port and adjust coreboot by yourself? No.
If you are experienced and porting coreboot will serve your purposes, you can fully manage it by yourself and we encourage you to do so! For OEM/ODM vendors, the need for time, quality and stability measures makes Dasharo the best choice. Let all the effort involved in porting, adjusting, maintenance and validation be on us – experienced firmware experts.
coreboot with Dasharo
For OEM/ODM vendors the need for time, quality and stability measures Dasharo solution as the best choice. Let all the effort involved in porting, adjusting, maintenance, and validation be set on us – experienced firmware expert.
What can you gain?
-
Full coreboot integration compatible with your specification
-
Implementation of preferred Dasharo features available for your platform
-
Graphical User Interface that will let you modify your features
-
Maintenance support including emergency releases
-
Transparent validation with regression tests results
-
Marketing support with technical writing, documentation releases, blog posts and newsletters
Dasharo FAQ
Question categories:
General
What is Dasharo?
Copied
Dasharo is a complete ecosystem of tools and products that are used in the process of creating a binary. It offers the components that are needed to develop and maintain a high quality, scalable, and modular firmware, for the stability and security of your platform. It is the common effect of R&D effort, transparent validation, heavy attestation, smart components, reference OS, long maintenance, and enthusiasm for security and open source solutions.
What is firmware?
Copied
Firmware is a set of instructions created to provide low-level control over a hardware device. Firmware provides information on how the device should operate. A good example of a firmware are embedded systems like traffic lights and consumer appliances. Computers with the most recognized firmware, commonly known as BIOS firmware, used during the booting process of a computer.
What is the difference between Dasharo and traditional UEFI/BIOS firmware development provided by IBV?
Copied
Dasharo relies on open-source components with, as much as possible, a transparent supply chain. IBV-driven UEFI/BIOS development doesn’t reveal the firmware components supply chain details, so the customers don’t know what components binary consists of and where the components come from. Dasharo enables the revenue model extension, but also cooperation with the community, crowdsourcing and organizations. UEFI/BIOS business model is dedicated to IBV / OEM customers only. Dasharo delivers transparent validation results, on the contrary IBV UEFI/BIOS development process doesn’t reveal testing results, so the changes cannot be tracked. This also leads to low quality release notes and poor communication with end customers and users. Dasharo by design gives you the opportunity to differentiate through firmware and maximize hardware features utilization, where the most basic UEFI/BIOS provided by OEM/ODM with their platforms focus on crucial features and building margin through volume sales . Dasharo focus, strategy, and goals are targeting into domain-specific computing instead one size fits all.
Can I port coreboot to the chosen platform myself since it is open-source?
Copied
coreboot source-code is available in the official repository. That means you can port coreboot and adjust payload with chosen features providing that you are deeply experienced in firmware engineering and have a sufficient amount of time. Step-by-step procedures do not exist yet, so in case of any issue or bug, it is challenging to find a solution or at least a guide. Furthermore, integration, validation, emergency releases and maintenance may cause a problem without the constant support of an experienced firmware team. Are we trying to tell you that it is not a good idea to port and adjust coreboot by yourself? No. If you are experienced and porting coreboot will serve your purposes, you can fully manage it by yourself and we encourage you to do so! For OEM/ODM vendors, the need for time, quality and stability measures makes Dasharo the best choice. Let all the effort involved in porting, adjusting, maintenance and validation be on us – experienced firmware experts.
Can I request any demo?
Copied
Visit dasharo.com/products where product line implementations and details will be available soon.
Why do I need Dasharo?
Copied
To gain transparent validation, heavy attestation, smart components, reference OS, long maintenance and marketing support. Dasharo brings solutions to many of the problems of the traditional UEFI/BIOS firmware development provided by IBV, for example:
- Existing BIOS firmware products leaves burden of responsibility for optimization to end user
- Lack of security-focused BIOS firmware product which can seamlessly leverage advanced hardware security features
- Maintaining compatibility and compliance of BIOS firmware is a very complex task
- Even in the light of competitive advantage OEMs/ODMs usually do not have time and/or resources to increase brand awareness and customer value through BIOS firmware solutions
If you don’t have a solution yet, let Dasharo become your answer. Contact us
What consulting services can Dasharo Team provide beyond online courses?
Copied
We offer a wide range of consulting services at all stages of the hardware life cycle. These include open-source firmware feasibility analysis, proprietary to open-source transition plans, firmware porting, custom development and debugging, automated firmware validation, and maintenance through Dasharo open-source firmware distribution. We also provide firmware incident response, Trusted Computing consulting and development, Root of Trust implementation and integration, and more. If you are interested in our services, feel free to contact us.
Where can I find your GitHub repository to raise an issue/question as an active supporter/user?
Copied
- Visit github.com/Dasharo/dasharo-issues where you can find details on how to raise an issue or question.
- Optionally, use our Matrix Dasharo Space where you can discuss the problem with our community that will gladly help in troubleshooting firmware questions.
Can I get the Dasharo as an individual user?
Copied
Yes, Dasharo firmware is publicly available for free, therefore please go through steps below to make sure that you will get the recent news and find the desired support for your hardware:
Join the newsletter with the latest firmware realeases and news - Dasharo External newsletter
Find “Supported hardware” tab in our documentation database - Docs Dasharo where all downloadable firmware binaries for the target platform are linked. Also, check the unique mailing lists for chosen platforms:
There is also posibility to build it yourself, visit github.com/Dasharo where you can find more information about coreboot build process.
Product Info
What are Dasharo modules?
Copied
Dasharo consists of four modules. Each covers a wide range of features from which the client can build up their own Dasharo firmware:
- Security Module - hardware protection features, eg. S-CRTM/DRTM
- Performance Module - hardware performance optimization features, eg. CPU Boost
- Compatibility Module - maintenance features, eg. CI/CD
- Marketing Module - brand awareness and customer value features, eg. Newsletter campaigns
For the full list of features visit “Dasharo Modules”.
How long does it take to deliver Dasharo?
Copied
Dasharo is created from ready-to-implement components, but the time to implement depends on many factors, such as the amount of features, platform amount and specification, needed standard.Contact us to get more detailed information.
How open is Dasharo?
Copied
We are strong believers in Freedom and Open Source Software (FOSS), but we also have to deal with reality. Silicon Vendors and other providers in the firmware supply chain try to monopolize the ecosystem by including NDA procedures and binary blobs. Because of that, Dasharo has to provide seamless integration of Intel FSP, AMD AGESA and other binary components. Dasharo is needed for liberating the firmware ecosystem, because it is the only product that transparently leverages the Open Source Firmware. Dasharo promotes best practices that can prove that a non-closed approach is financially feasible and can lead to an equally effective business model. Concluding, our mission is to make Dasharo product lines as open as possible under existing market circumstances and invest in liberating remaining pieces of the ecosystem. For the Dasharo ecosystem we always use OSS and OSHW.
Who makes Dasharo?
Copied
Dasharo is created by experienced embedded firmware engineers from 3mdeb. The team of world-class experts in creating secure firmware, publicly recognized by industry leaders (for more information check our Press Release website). The significant amount of code of the Dasharo ecosystem comes from the Open Source Firmware community of which we are proud members always evangelizing about FOSS and giving back as much as we can.
How can I learn more about Dasharo?
Copied
- If you want to know more about how Dasharo works, visit “How Dasharo works”.
- If you want to get details about particular features, “Dasharo Modules”.
- If you want to see, where Dasharo can be already found, check our use cases.
- If you want to talk and ask questions, contact us or book a meeting online.
What is the difference between Dasharo and coreboot?
Copied
coreboot is an open source, extended firmware framework dedicated to embedded systems and modern computers. While is increasingly popular due to its adoption (e.g. Chromebook series), its availability is still limited. coreboot in Dasharo may play the role of a main component, implemented along with chosen Dasharo features, payloads, OS and CI/CD support. But coreboot is only a framework and does not produce a fully-featured BIOS firmware solution.For example, Dasharo easily can work well with LinuxBoot, UEFI/edk2, oreboot and others.
What in case of potential sudden vulnerabilities during maintenance period?
Copied
In case of any suddenly discovered vulnerabilities, according to Dasharo Maintenance Agreement, we will provide you with emergency release to prevent your platform from the potential threat. If you want to know more – contact us.
What OS do I have to choose for my Dasharo Platform?
Copied
You can choose any OS you wish to. The most common are Windows and Linux distributions. Please note Dasharo supports also various hypervisors and embedded operating systems.
What about the ownership rights?
Copied
We do believe that taking ownership of firmware and passing it on when needed is critical to platform security. Existing BIOS firmware solutions make this process difficult— or impossible — to perform. Dasharo helps hardware vendors and their customers in making the firmware re-ownership process secure and trustworthy by providing required cryptographic primitives. We believe that there are two state-of-the-art solutions of the problem:
Is there a Dasharo community?
Copied
Users demand more communication and interaction with vendors. Communication standards that worked in the past—for presenting incremental changes in firmware—are insufficient now. When it is not provided, informal and unofficial channels will emerge. We direct and coordinate support through communication channels e.g. vendor, OS and firmware forums, Github/Gitlab issue trackers, social media, Slack/Gitter, and similar real-time media.
What will be the difference in user experience between Dasharo and traditional firmware?
Copied
The average user doesn’t know how to update their BIOS firmware. This is because of lack of support, lack of long-term, regular releases, and finally, lack of explicit documentation with clear manuals. Firmware is considered part of hardware and this is the paradigm which is changing right now. Innovations around the releases are summarized, but without information concerning maintenance details. Dasharo’s primary focus is features set, but long term we plan to offer customers product-dedicated GUI, continuous integration with regular releases supported by user-friendly documentation, support channels and video manuals. Additional information about your Dasharo product releases, features, development and news can be provided in the form of newsletter campaigns and blog posts created directly by our specialists. The development of your Dasharo firmware can be tracked through Dasharo Regression Test Results website.
Do I need to have my platform already chosen to request Dasharo?
Copied
No, you don’t. Dasharo is a complete ecosystem of tools and components that are crucial to create, adapt and maintain firmware. Platform architecture and microarchitecture largely determines which components can be implemented. If you have a platform you can get a quote or, if not you can contact us, to gain detailed information about the possible solutions.
What Dasharo consists of?
Copied
Dasharo is the common effect of R&D effort, transparent validation, heavy attestation, dedicated components, reference OS, long maintenance, marketing support and enthusiasm for security and open source solutions.
How can I provide my clients with detailed release information?
Copied
Each Dasharo release contains a binary file, a SHA256 hash of a binary file and a signed hash with a Dasharo release key
Each Dasharo release includes a test report
Dasharo generic test procedures from a given segment are described in the documentation
Dasharo specific test procedures are delivered in the form of a PDF document with a release
Each Dasharo release includes an integrity and signature verification procedure
How can I know about the quality of Dasharo firmware?
Copied
Each release of Dasharo includes a version compatible with Semantic Versioning 2.0.0
Each Dasharo release includes a release note compliant with the Keep A Changelog 1.0.0 specification
Each Dasharo release contains a detailed description of the components version and a link to the scope of changes introduced since the last release
Payment
How much does Dasharo cost?
Copied
Get a quote, to get some detailed information.
How can I buy Dasharo?
Copied
Contact us to set the details of your Dasharo product. Book a call or leave a message so we will call you back.
What is the payment policy and who pays for Dasharo?
Copied
Typically, firmware solutions are sold through royalty payment or subscription-based models. The first option relies on the volume of offered products, what effectively eliminates industries with low volume but high-value platforms e.g. medical robots. Subscription-based models, although better, are still tied to firmware solution providers and similarly lead to all the scope of negative effects of vendor lock-in.
Also, there is no license fee. For example, if client chooses the support package for a half a year to maintain Dasharo releases for chosen platform, the monthly payment depends on the Senior’s Time Equivalent (STE) that was utilized during the development or monthly STE budget enforced by the client.
What pricing model do you offer?
Copied
Dasharo can be purchased by OEM/ODM providers, community crowdfunding support, individuals, companies that are looking for dedicated or confidential firmware solutions. To get more detailed payment information, please fill Get a quote.
Platforms
How are Dasharo firmware updates requested?
Copied
Firmware release cycle is set at the early product development stage and according to the individual case. Updates can vary widely, but one common schedule would be delivering updates to users every three to six months depending on the Open Source Core Framework Software release cycle. We also support emergency releases occurring in case of sudden vulnerabilities as well as customer on-demand builds.
What platforms/microarchitectures are supported?
Copied
Dasharo is not limited by the processor architecture or hardware platform. We support any platform with the architecture x86, ARM/Arm64, POWER or RISC-V.
What Dasharo features are supported on my platform?
Copied
Features that are supported on your platform mostly depend on the architecture, microarchitecture and hardware platform design. We need to get this basic information to provide you with the list of supported features on your platform. If you don’t know this information or you don’t know what platform would be the best choice for you – contact us, we will help you in either case.
How are Dasharo firmware updates requested?
Copied
Firmware release cycle is set at the early product development stage and according to the individual case. Updates can vary widely, but one common schedule would be delivering updates to users every three to six months depending on the Open Source Core Framework Software release cycle. We also support emergency releases occurring in case of sudden vulnerabilities as well as customer on-demand builds.
Are there any Dasharo product lines that support the latest hardware?
Copied
Yes, you can check our roadmap through Dasharo GitHub Announcement forum and [Supported Hardware] tab, where you can find our latest releases for the newest architectures. Dasharo Team aims to support the latest processor families available in the market, therefore our next big project will be related to Raptor Lake generation.
Can I introduce custom firmware feature into my existing platform?
Copied
Yes, Dasharo Team is very flexible in the terms of preparing the ideal solution for the client needs. For example, we can prepare project charter that contains coreboot port for target platform with UEFI payload, iPXE support, security hardening (e.g. Intel’s Boot Guard) and on top of that, with full verification of the platform stability through a wide scope of automated regression testing.Example Dasharo stack and how to build custom solution can be found here.
Can Dasharo Team develop, maintain and support software for common laptops or desktops produced by well-known OEMs?
Copied
Yes, the answer for such request is Dasharo Support Package. Details of such project should be discussed beforehand on the dedicated meeting, therefore feel free to book a matching time in our calendar.