Protectli VP4630/VP4650/VP4670 Dasharo Release Notes
Following Release Notes describe status of Open Source Firmware development for Protectli VP4630/VP4650/VP4670
For details about our release process please read Dasharo Standard Release Process.
Test results for this platform can be found here.
v1.2.0 - 2024-03-25
Test results for this release can be found here.
Added
- Setup menu password configuration
- Serial port console redirection option in setup menu
- Customizable Serial Number and UUID via CBFS support
- Customizable boot logo support
- Support for taking screenshots in the firmware
- ESP partition scanning in look for grubx64.efi or shimx64.efi or Windows bootmgr
- Microsoft and Windows 2023 UEFI Secure Boot certificates
- UEFI 2.8 errata C compliance in EDKII fork
Changed
- Rebased to coreboot 4.21
- Enroll default UEFI Secure Boot keys on the first boot
- Improved UEFI Secure Boot menu user experience
- Scope of reset to defaults hotkey to global in firmware setup
- Updated microcode to the newer version; refer to SBOM section below
- Updated ME to the newer version; refer to SBOM section below
- Prepared unified support for v1 and v2 CPUs resulting in a single binary for all 3 board variants
Fixed
- Auto Boot Time-out is reset to 0 when F9 is pressed
- Reset to defaults with F9 causes the wrong settings to be restored
- RTC time and date resetting to the coreboot build date on 29th February
Known issues
- Unexpected errors in dmesg on VP4670 v2 with 1.2.0
- Maximum reported frequency is base frequency, not turbo frequency (Windows 11)
- No ability to change active PCR banks with TPM PPI in FW
- DisplayPort output does not work with 16:10 (1920x1200) monitors
Binaries
protectli_vp46xx_v1.2.0.rom sha256 sha256.sig
protectli_vp46xx_v1.2.0_dev_signed.rom sha256 sha256.sig
To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key
SBOM (Software Bill of Materials)
- Dasharo coreboot fork based on 4.21 revision add9d720
- Dasharo EDKII fork based on edk2-stable202002 revision 2a15268b
- iPXE based on 2023.12 revision 838611b3
- vboot based on 0c11187c75 revision 0c11187c
- Intel Management Engine based on v14.0.47.1558 revision d0b63476
- Intel Flash Descriptor based on v1.0 revision d0b63476
- Intel Firmware Support Package based on CometLake1 9.0.7B.20 revision 481ea7cf
- Intel Firmware Support Package based on CometLake2 9.2.7B.20 revision 481ea7cf
- Intel microcode based on CML-U42 V0 0x000000f8 revision microcode-20230808
- Intel microcode based on CML-U62 V1 A0 0x000000f8 revision microcode-20230808
- Intel microcode based on CML-U62 V2 K1 0x000000f8 revision microcode-20230808
v1.1.0 - 2023-06-05
Release version v1.1.0 is currently only available for the VP4670 platform.
Added
Changed
- Reverted to use FSP GOP for graphics initialization as it caused problems with Windows 11 display on VP4670
- Switched to use driver for IT8784E Super I/O, which is present on the boards
- CPU power limits increased from baseline to performance
- Updating from v1.0.x requires flashing the WP_RO recovery partition
- Firmware version v1.1.x are signed with a new key
Fixed
- Booting problems with Ubuntu 22.04
- Low CPU frequency values
- Disabled C states deeper than C1 on VP4670 to fix Proxmox booting issue
- Protectli VP4670 - windows crashes after installing updates
- The inconvenience of using external headsets VP46XX
Known issues
Binaries
protectli_vp4670_v1.1.0.rom sha256 sha256.sig
To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key
SBOM (Software Bill of Materials)
- coreboot based on c6ee1509da revision dcc5f2e2
- edk2 based on 7f90b9cd revision 19bf14b4
- iPXE based on 6ba671ac revision 6ba671ac
v1.0.19 - 2022-12-08
Changed
- ME is now disabled by default (ME soft-disable)
- vboot is now run as separate verstage (previously was run inside bootblock)
- increased pre-RAM console buffer to fit more early cbmem logs
Binaries
protectli_vp4630_vp4650_v1.0.19.rom sha256 sha256.sig
protectli_vp4670_v1.0.19.rom sha256 sha256.sig
To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key
SBOM (Software Bill of Materials)
- coreboot based on c6ee1509da revision 9034fb12
- edk2 based on 7f90b9cd revision e31b7a71
- iPXE for EFI revision 988d2
- VP4670: Cometlake1 FSP 9.0.7B.20
- VP4630 and VP4650: Cometlake2 FSP 9.2.7B.20
- Intel i225 EFI driver version 0.10.4, SHA256: 2d234ecf629fc10dc0c291a1390de3d27a05c6ecbd935628b6ff154f386d061e
- Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
- microcode:
- CPU signature: 0x0806EC, Date: 17.11.2021, Revision: 0xF0
- CPU signature: 0x0A0660, Date: 15.11.2021, Revision: 0xF0
- CPU signature: 0x0A0661, Date: 16.11.2021, Revision: 0xF0
v1.0.18 - 2022-11-16
Test results for this release can be found here.
Added
- Support for VP4650 and VP4670 platforms
- Platform will beep 12 times and blink HDD led on critical firmware errors
Changed
- Disabled Intel PTT (fTPM)
- Removed workaround for graphics power management as the issue no longer reproduces on newer revision of the hardware
- Binaries are built with coreboot-sdk 2021-09-23_b0d87f753c (was 0ad5fbd48d)
- Open-source graphics initialization with libgfxinit instead of proprietary and closed FSP GOP driver
Binaries
protectli_vp4630_vp4650_v1.0.18.rom sha256 sha256.sig
protectli_vp4670_v1.0.18.rom sha256 sha256.sig
To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key
SBOM (Software Bill of Materials)
- coreboot based on c6ee1509da revision ed9f6fe0
- edk2 based on 7f90b9cd revision e31b7a71
- iPXE for EFI revision 988d2
- VP4670: Cometlake1 FSP 9.0.7B.20
- VP4630 and VP4650: Cometlake2 FSP 9.2.7B.20
- Intel i225 EFI driver version 0.10.4, SHA256: 2d234ecf629fc10dc0c291a1390de3d27a05c6ecbd935628b6ff154f386d061e
- Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
- microcode:
- CPU signature: 0x0806EC, Date: 17.11.2021, Revision: 0xF0
- CPU signature: 0x0A0660, Date: 15.11.2021, Revision: 0xF0
- CPU signature: 0x0A0661, Date: 16.11.2021, Revision: 0xF0
v1.0.17 - 2022-08-17
Test results for this release can be found here.
Added
Changed
- Set thermal throttling temperature to 80 degrees
- Disabled UEFI Secure Boot by default
Fixed
- Platform rebooting every 56 minutes
- Incorrect menu labels displayed in network boot menu
- Built-in audio jack does not work
Binaries
protectli_vault_cml_v1.0.17.rom_file protectli_vault_cml_v1.0.17.rom_hash protectli_vault_cml_v1.0.17.rom_sig
To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key
SBOM (Software Bill of Materials)
- coreboot based on 4.16 revision d662831d
- edk2 based on 7f90b9cd revision 576aa6a4
- iPXE for EFI revision 988d2
- Cometlake2 FSP 9.2.7B.20
- Intel i225 EFI driver version 0.10.4, SHA256: 2d234ecf629fc10dc0c291a1390de3d27a05c6ecbd935628b6ff154f386d061e
- Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
- microcode:
- CPU signature: 0x0806EC, Date: 28.04.2021, Revision: 0xEC
- CPU signature: 0x0A0660, Date: 28.04.2021, Revision: 0xEA
- CPU signature: 0x0A0661, Date: 29.04.2021, Revision: 0xEC
v1.0.16 - 2022-07-13
Test results for this release can be found here.
Added
- Vboot Verified Boot
- TPM Measured Boot
- Vboot recovery notification in UEFI Payload
- UEFI Shell
- UEFI Secure Boot
- Intel ME soft disable
- BIOS flash protection for Vboot recovery region
Changed
Fixed
Binaries
protectli_vault_cml_v1.0.16.rom sha256 sha256.sig
To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key
SBOM (Software Bill of Materials)
- coreboot based on 4.16 revision dfaaf44d
- edk2 based on 7f90b9cd revision 5345a611
- iPXE for EFI revision 988d2
- Cometlake2 FSP 9.2.7B.20
- Intel i225 EFI driver version 0.10.4, SHA256: 2d234ecf629fc10dc0c291a1390de3d27a05c6ecbd935628b6ff154f386d061e
- Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
- microcode:
- CPU signature: 0x0806EC, Date: 28.04.2021, Revision: 0xEC
- CPU signature: 0x0A0660, Date: 28.04.2021, Revision: 0xEA
- CPU signature: 0x0A0661, Date: 29.04.2021, Revision: 0xEC
v1.0.13 - 2022-03-22
Added
- UEFI boot support
- i225 network controller network boot support
- Customized boot menu keys
- Customized setup menu keys
- Configurable boot order
- Configurable boot options
Changed
- ME version to 14.0.47.1558
Known issues
Binaries
protectli_vault_cml_v1.0.13.rom sha256 sha256.sig
To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key
SBOM (Software Bill of Materials)
- coreboot based on 4.16 revision 546e1c86
- edk2 based on 7f90b9cd revision 7f90b9cd
- iPXE for EFI revision 988d2
- Cometlake1 FSP 9.0.7B.20
- Intel i225 EFI driver version 0.9.03, SHA256: 63e77b237dc9a8aacdd7465675ee88afc01dad3204156a91a0976a4ad1ed5b00
- Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
- microcode:
- CPU signature: 0x0806EC, Date: 28.04.2021, Revision: 0xEC
- CPU signature: 0x0A0660, Date: 28.04.2021, Revision: 0xEA