Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TrenchBoot Hardware Compatibility List #24

Open
pietrushnic opened this issue Dec 10, 2023 · 0 comments
Open

TrenchBoot Hardware Compatibility List #24

pietrushnic opened this issue Dec 10, 2023 · 0 comments
Assignees
@pietrushnic

Comments

@pietrushnic
Copy link
Member

I am writing to highlight the need for a Hardware Compatibility List (HCL) for the TrenchBoot project. This request is based on the challenges and discussions highlighted during the Qubes OS Summit 2023 (TrenchBoot Anti Evil Maid: Roadmap, Challenges, and Advancements, Creating a Tool to Check Platform Security Features for Qubes OS + Platform Security Design Session) and the TrenchBoot Steering Committee meeting in 2021.

Key Points:

  • The current list for TrenchBoot is outdated and does not reflect the latest hardware advancements.
  • 3mdeb, with its involvement in TrenchBoot as AEM for Qubes OS and the AMD patches contribution supported by NLNet, is in a strong position to lead this HCL creation.
  • An updated HCL is crucial for ensuring broader hardware support and compatibility, enhancing the project's usability and security.
  • We propose creating a preliminary list of HCL candidates, which can be verified and tested over time with community involvement. Some examples below.
  • We would like to align Dasharo's development 2024 roadmap with the best candidates from HCL.

We believe that updating the HCL is essential for the continued success and reliability of the TrenchBoot project. We look forward to your response and any guidance on how we can assist in this process.

Initial candidates:

  • PC Engines apu2/apu3 and apu3 - those will likely get Dasharo release in Q1'24
  • Protectli VP4670 - @miczyg1 had some preliminary success with that hardware
  • NovaCustom: nv40mz-i5, nv41pz-i5 - there are also other models on the roadmap
  • Lenovo M920Q - Dasharo Porting Ready: System is Intel Boot Guard Ready, verified boot disabled, ME not in Manufacturing Mode
  • HP EliteDesk 800 G2 DM - TB AEM for Qubes OS was proven on this hardware with proprietary firmware. During vPub 0x9 it was proven that the system is Dasharo Porting Ready (need confirmation)
  • Dell OptiPlex 7010/9010 , Dell Precision T1650- still good systems to check backward compatibility of TrenchBoot
  • Supermicro X11SSH-TF?
  • ASUS Pro Q670M-C-CSM

We will extend that list as new opportunities and synergies appear.
@pietrushnic pietrushnic self-assigned this Dec 12, 2023
@krystian-hebel krystian-hebel changed the title TrechBoot Hardware Compatibility List TrenchBoot Hardware Compatibility List Dec 12, 2023
@krystian-hebel krystian-hebel mentioned this issue Jul 1, 2024
Open
53 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pietrushnic pietrushnic

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pietrushnic