Dasharo (coreboot + Heads) firmware variant
For the NovaCustom NV4x 12th Gen, Heads-based variant of Dasharo firmware is offered as a Technology Preview Release.
Please consider supporting the project financially by purchasing the Dasharo Entry Subscription. With this subscription, you get access to the Transition from Dasharo UEFI to Heads variant feature in Dasharo Tools Suite and support from Dasharo directly via Matrix. The subscription is not automatically renewed.
Following Release Notes describe status of development of Dasharo (coreboot + Heads) firmware for NovaCustom NV4x 12th Gen.
v0.9.0 - 2024-02-29
Test results for this release can be found here.
Changed
- This is a Dasharo Entry Subscription release
- Heads Linux is used as a payload
Known issues
- Power button does not work in Qubes
- Heads shuts down instead of rebooting
- Existing Qubes installation is not found as bootable after transition back to EDK2
- Builds are not fully reproducible
Binaries
This is a Dasharo Entry Subscription Release. To obtain access to the pre-built binaries you will have to become the Dasharo Entry Subscription subscriber. You will get the access to all of the firmware updates for the duration of the subscription via Dasharo Entry Subscription newsletter.
To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key
SBOM (Software Bill of Materials)
- Dasharo heads fork based on v0.2.0 revision ccf49703
- Dasharo coreboot fork based on 4.21 revision 3a9aa3a4
- Intel Management Engine based on v16.1.30.2307 revision d0b63476
- Intel Flash Descriptor based on v1.0 revision d0b63476
- Intel Firmware Support Package based on ADL-P C.1.75.10 revision 481ea7cf
- Intel microcode based on ADL L0/R0 0x0000042c revision microcode-20230808
- Intel microcode based on RPL J0/Q0 0x00004119 revision microcode-20230808
Hardware Configuration Matrix
Generally, the same hardware configuration as for the UEFI variant applies.
A notable addition is usage of the Nitrokey 3A Mini USB device, which is required for Heads installation and usage.
Test Matrix
Please refer to the tests results spreadsheet.
Building manual
This section presents the crucial steps required to build the Dasharo Heads firmware. For more information, you may also refer to the official Heads building documentation.
Requirements
This guide was verified on Ubuntu 22.04. In practice, any Linux distribution with Docker support should be enough to complete it.
Make sure that you have following packages installed:
- Docker
-
Git
sudo apt -y install git
Building
-
Clone Dasharo Heads repository:
git clone https://github.com/Dasharo/heads.git -
Navigate to the source code directory and checkout to the desired revision:
cd heads git checkout novacustom_nv4x_adl_v0.9.0 -
Start the build inside the docker container:
docker run --rm -it -v $PWD:$PWD -w $PWD \ 3mdeb/heads-docker:3.0.1 make BOARD=nitropad-nv41
This will produce a Dasharo binary placed in
build/x86/nitropad-nv41/dasharo-nitropad-nv41-*.rom.
Switching from Dasharo UEFI to Heads
To change firmware branches from UEFI to Heads, because of how different the two firmware types are, it's required to disable some security measures before flashing. Follow the steps below to install Heads from an existing Dasharo UEFI firmware installation:
- Hold down the F2 key and press the Power button to enter the UEFI Setup Menu
- Enter the
Device Managersubmenu and disableSecure Boot - Enter the
Dasharo System Featuressubmenu - In the
Dasharo Security Optionssubmenu, disable:- SMM BIOS Write Protection
- BIOS boot medium lock
- In the
Intel Management Engine Optionssubmenu disable the Management Engine
Tip
For a more detailed guide on the UEFI Setup Menu options, check out the Dasharo menu documentation.
- Boot into Dasharo Tools Suite
- Enter your DES subscription credentials
- Select
Update Dasharo firmwareto check for updates - When asked to switch to Heads firmware, press
Y - Proceed with DTS firmware update as usual
When the update is finished, your laptop will shut down automatically. Power it back on to boot into your new Heads installation!
TOTP secrets warning
On the first boot, you will be shown a warning about TOTP secrets. This is
normal and expected on the first boot. Run OEM Factory Reset /
Re-Ownership to finish deploying Heads.
Check out Heads documentation for a detailed factory reset guide.
Note for Qubes OS users
After installing Qubes while Heads is installed, you will need to select
Reset TPM in the Heads menu to finish the installation.
From the main menu, enter Options -> TPM/TOTP/HOTP Options and select
Reset the TPM.
Users upgrading to Heads while Qubes is already installed are not affected.
Switching from Dasharo Heads back to UEFI
To revert back to UEFI, you will need to boot into DTS from a USB stick.
- Follow the Dasharo Tools Suite documentation to boot DTS from a USB stick
- In the DTS main menu, select
Update Dasharo firmwareto check for available updates. - When prompted to revert back to UEFI, press
Y - Proceed with DTS firmware update as usual
Once finished, your laptop will shut down automatically. Power it back on to boot into your UEFI firmware.
When reverting to UEFI, it's not possible to restore EFI boot manager entries that were added before installing Heads. Therefore, you may need to re-create your boot entries manually, or find your boot loader using
Boot From Fileoption in the UEFI setup menu.
Logo customization
To replace the logo, one must rebuild the firmware. Other methods are not
supported as of now. You would need to replace the
branding/Dasharo/bootsplash.jpg with your own, and proceed with the
Building manual.
Initial deployment
The supported method is to follow the initial deployment, and then the Transition from Dasharo UEFI to Heads variant.
Firmware update
Build or download Dasharo Heads firmware, and proceed with the official Heads update documentation.