Frequenty Asked Questions about Dasharo
What is Dasharo?
Dasharo is registered trademark and product developed by 3mdeb.
Dasharo is an open-source firmware distribution focusing on:
- seamless deployment,
- clean and simple code,
- long-term maintenance,
- professional support,
- transparent validation,
- extensive and structured documentation,
- privacy-respecting implementation,
- liberty for the owners and
- trustworthiness for all.
Dasharo consists of commercial services available for business customers, set of open-source repositories, and quality control which help to provide scalable, modular, easy to combine open-source BIOS, UEFI, and firmware solutions. It offers the components that are needed to develop and maintain a high quality, and modular firmware, for the stability and security of your platform.
For individuals Dasharo provides optional features in subscription model called Supporters Entrance.
Why 3mdeb created Dasharo?
3mdeb created Dasharo to establish a recognized brand with a proven history of successful firmware integrations. Dasharo aims to deliver added value to customers and the community as an open-source firmware distribution, such as transparent validation, long-term maintenance, bleeding-edge integration for modern hardware, and other products requested by the community and customers.
3mdeb has been providing services related to open-source firmware for years and has been asked multiple times by various parties to create a recognized brand. Therefore, the creation of Dasharo was a move to fulfill that need and establish a marketing vehicle to deliver value to customers.
In addition, 3mdeb plans to provide a camp for all coreboot refugees, including platforms moved to branches due to the need for code evolution, such as Intel Intel Quark SoC deprecation and [LEGACY_SMP_INIT & RESOURCE_ALLOCATOR_V3][legacy-smp]. We want to provide solutions for those requiring long-term maintenance and firmware support. More elaborate explanation of our position you can find below.
Dasharo typically supports fully open platforms like [Raptor Computing Systems Talos II][raptor] family, [ASUS KGPE-D16][kgpe-d16], and other which are not as open but provide modern computing experience, such as [MSI PRO Z690-A DDR4/DDR5][msi-z690a]. The goal is to provide a reliable, secure, and scalable firmware solution for a wide range of platforms and applications, aligning with the vision of a new golden age of computing advocated by experts in computer architecture.
What Dasharo provides?
Dasharo has 10 rules that govern the production and release of firmware within its ecosystem. Dasharo rules define what we deliver with every release. These rules are:
- Every release of firmware produced by Dasharo Ecosystem must contain source code, binary, SHA256 hash, and Dasharo cryptographic signature of that hash.
- Dasharo Universe contains structured documentation for key activities related to open-source firmware life-cycle: initial deployment, update and recovery.
-
Cryptographic keys hierarchy should be followed:
- CEO/Founder
(GPG fingerint:
E030 9B2D 85A6 7E84 6329 E34B B2EE 71E9 67AA 9E4C
) which signs - 3mdeb Master
Key
(GPG fingerint:
1B57 85C2 965D 84CF 85D1 652B 4AFD 81D9 7BD3 7C54
) which signs - 3mdeb Dasharo Master
Key
(GPG fingerint:
0D5F 6F1D A800 329E B7C5 97A2 ABE1 D0BC 6627 8008
) which signs - Customer Open Source Firmware Release x.y Signing Key (e.g. Novacustom Open Source Firmware Release 1.0 Signing Key)
- or dedicated 3mdeb keys to given platform.
Keys can be found in 3mdeb-secpack repository.
- CEO/Founder
(GPG fingerint:
-
Every release of firmware produced by Dasharo Ecosystem must have an attached test report according to requirements. Every test should be described by test specification documentation.
- Customer-specific Dasharo validation procedures are delivered with the release notes directly to the customer and does not have to be publicly available.
- Every firmware produced by Dasharo Ecosystem use Semantic Versioning 2.0.0 compatible versioning scheme. For details please check description.
- Every firmware produced by Dasharo Ecosystem should use Keep A Changelog 1.0.0 compatible scheme as changelog format.
- Every Dasharo firmware release should be delivered with integrity and signature verification procedures.
- Every Dasharo firmware release must contain a detailed description of components and links to the range of code changes since the last release.
- Dasharo Ecosystem uses open-source software to create and maintain its firmware solutions, and the company strives to maintain transparency in its processes and procedures.
These 10 rules are designed to ensure that every release of firmware produced by Dasharo Ecosystem is reliable, secure, and meets the needs of customers and the community. By following these rules, Dasharo Ecosystem provides a consistent and high-quality firmware solution for a wide range of platforms and applications.
What is Dasharo binary blob policy?
Modern x86 platforms' firmware requires closed source blobs to be integrated into the image to properly initialize the silicon. The ecosystem is shifting towards designs and technologies with a lot of small microcontrollers and intellectual property (IP) blocks specialized in a very thin range of tasks. Those microcontrollers and IP blocks typically require firmware blobs as well. Some of the blobs are clearly visible, some may be obfuscated and hidden inside the silicon or other firmware blobs (e.g. Intel Management Engine region contains multiple other blobs besides the ME firmware - more about Intel ME blob).
So Dasharo's binary blob policy is as follows:
Integrate only the necessary amount of blobs required for proper platform operation and minimize the amount of blobs that are optional whenever possible by providing open equivalent implementations or removing them if there is no functional impact on the platform operation. Ultimately the blobs should be attested and properly documented. Dasharo Team is trying to achieve it by working on firmware SBOMs.
Dasharo also works without blobs on platforms that allow that. For example, ASUS KGPE-D16 can run without any blobs (officially there is no PSP on that hardware, and Opteron 6200 series CPUs can run without microcode patches). There is also a libre, POWER9-based server/workstation Talos II by Raptor Computing Systems, which also do not use any binary blobs, however it is more expensive than x86 platforms.