Release Notes

Following Release Notes describe status of Open Source Firmware development for Protectli VP46xx

For details about our release process please read Dasharo Standard Release Process.

Subscribe to Protectli VP46xx Dasharo Release Newsletter

Test results for this platform can be found here.

v1.1.0 - 2023-06-05

Release version v1.1.0 is currently only available for the VP4670 platform.

Added

• USB stack and mass storage enable/disable option
• SMM BIOS write protection enable/disable option

Changed

• Reverted to use FSP GOP for graphics initialization as it caused problems with Windows 11 display on VP4670
• Switched to use driver for IT8784E Super I/O, which is present on the boards
• CPU power limits increased from baseline to performance
• Updating from v1.0.x requires flashing the WP_RO recovery partition
• Firmware version v1.1.x are signed with a new key

Fixed

• Booting problems with Ubuntu 22.04
• Low CPU frequency values
• Disabled C states deeper than C1 on VP4670 to fix Proxmox booting issue
• Protectli VP4670 - windows crashes after installing updates
• The inconvenience of using external headsets VP46XX

Known issues

• Popup with information about recovery mode is still displayed after flashing with a valid binary

Binaries

protectli_vp4670_v1.1.0.rom sha256 sha256.sig

To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key

SBOM (Software Bill of Materials)

• coreboot based on c6ee1509da revision dcc5f2e2
• edk2 based on 7f90b9cd revision 19bf14b4
• iPXE based on 6ba671ac revision 6ba671ac

v1.0.19 - 2022-12-08

Changed

• ME is now disabled by default (ME soft-disable)
• vboot is now run as separate verstage (previously was run inside bootblock)
• increased pre-RAM console buffer to fit more early cbmem logs

Binaries

protectli_vp4630_vp4650_v1.0.19.rom sha256 sha256.sig

protectli_vp4670_v1.0.19.rom sha256 sha256.sig

To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key

SBOM (Software Bill of Materials)

• coreboot based on c6ee1509da revision 9034fb12
• edk2 based on 7f90b9cd revision e31b7a71
• iPXE for EFI revision 988d2
• VP4670: Cometlake1 FSP 9.0.7B.20
• VP4630 and VP4650: Cometlake2 FSP 9.2.7B.20
• Intel i225 EFI driver version 0.10.4, SHA256: 2d234ecf629fc10dc0c291a1390de3d27a05c6ecbd935628b6ff154f386d061e
• Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
• microcode:
  • CPU signature: 0x0806EC, Date: 17.11.2021, Revision: 0xF0
  • CPU signature: 0x0A0660, Date: 15.11.2021, Revision: 0xF0
  • CPU signature: 0x0A0661, Date: 16.11.2021, Revision: 0xF0

v1.0.18 - 2022-11-16

Test results for this release can be found here.

Added

• Support for VP4650 and VP4670 platforms
• Platform will beep 12 times and blink HDD led on critical firmware errors

Changed

• Disabled Intel PTT (fTPM)
• Removed workaround for graphics power management as the issue no longer reproduces on newer revision of the hardware
• Binaries are built with coreboot-sdk 2021-09-23_b0d87f753c (was 0ad5fbd48d)
• Open-source graphics initialization with libgfxinit instead of proprietary and closed FSP GOP driver

Binaries

protectli_vp4630_vp4650_v1.0.18.rom sha256 sha256.sig

protectli_vp4670_v1.0.18.rom sha256 sha256.sig

To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key

SBOM (Software Bill of Materials)

• coreboot based on c6ee1509da revision ed9f6fe0
• edk2 based on 7f90b9cd revision e31b7a71
• iPXE for EFI revision 988d2
• VP4670: Cometlake1 FSP 9.0.7B.20
• VP4630 and VP4650: Cometlake2 FSP 9.2.7B.20
• Intel i225 EFI driver version 0.10.4, SHA256: 2d234ecf629fc10dc0c291a1390de3d27a05c6ecbd935628b6ff154f386d061e
• Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
• microcode:
  • CPU signature: 0x0806EC, Date: 17.11.2021, Revision: 0xF0
  • CPU signature: 0x0A0660, Date: 15.11.2021, Revision: 0xF0
  • CPU signature: 0x0A0661, Date: 16.11.2021, Revision: 0xF0

v1.0.17 - 2022-08-17

Test results for this release can be found here.

Added

• Tools for resigning Vboot images with one RW partition

Changed

• Set thermal throttling temperature to 80 degrees
• Disabled UEFI Secure Boot by default

Fixed

• Platform rebooting every 56 minutes
• Incorrect menu labels displayed in network boot menu
• Built-in audio jack does not work

Binaries

protectli_vault_cml_v1.0.17.rom_file protectli_vault_cml_v1.0.17.rom_hash protectli_vault_cml_v1.0.17.rom_sig

To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key

SBOM (Software Bill of Materials)

• coreboot based on 4.16 revision d662831d
• edk2 based on 7f90b9cd revision 576aa6a4
• iPXE for EFI revision 988d2
• Cometlake2 FSP 9.2.7B.20
• Intel i225 EFI driver version 0.10.4, SHA256: 2d234ecf629fc10dc0c291a1390de3d27a05c6ecbd935628b6ff154f386d061e
• Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
• microcode:
  • CPU signature: 0x0806EC, Date: 28.04.2021, Revision: 0xEC
  • CPU signature: 0x0A0660, Date: 28.04.2021, Revision: 0xEA
  • CPU signature: 0x0A0661, Date: 29.04.2021, Revision: 0xEC

v1.0.16 - 2022-07-13

Test results for this release can be found here.

Added

• Vboot Verified Boot
• TPM Measured Boot
• Vboot recovery notification in UEFI Payload
• UEFI Shell
• UEFI Secure Boot
• Intel ME soft disable
• BIOS flash protection for Vboot recovery region

Changed

• Changed supported CPUs to Comet Lake stepping 2

Fixed

• i225 network controller initialization takes too much time
• CVE-2022-29264

Binaries

protectli_vault_cml_v1.0.16.rom sha256 sha256.sig

To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key

SBOM (Software Bill of Materials)

• coreboot based on 4.16 revision dfaaf44d
• edk2 based on 7f90b9cd revision 5345a611
• iPXE for EFI revision 988d2
• Cometlake2 FSP 9.2.7B.20
• Intel i225 EFI driver version 0.10.4, SHA256: 2d234ecf629fc10dc0c291a1390de3d27a05c6ecbd935628b6ff154f386d061e
• Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
• microcode:
  • CPU signature: 0x0806EC, Date: 28.04.2021, Revision: 0xEC
  • CPU signature: 0x0A0660, Date: 28.04.2021, Revision: 0xEA
  • CPU signature: 0x0A0661, Date: 29.04.2021, Revision: 0xEC

v1.0.13 - 2022-03-22

Added

• UEFI boot support
• i225 network controller network boot support
• Customized boot menu keys
• Customized setup menu keys
• Configurable boot order
• Configurable boot options

Changed

• ME version to 14.0.47.1558

Known issues

• i225 network controller initialization takes too much time

Binaries

protectli_vault_cml_v1.0.13.rom sha256 sha256.sig

To verify binary integrity with hash and signature please follow the instructions in Dasharo release signature verification using this key

SBOM (Software Bill of Materials)

• coreboot based on 4.16 revision 546e1c86
• edk2 based on 7f90b9cd revision 7f90b9cd
• iPXE for EFI revision 988d2
• Cometlake1 FSP 9.0.7B.20
• Intel i225 EFI driver version 0.9.03, SHA256: 63e77b237dc9a8aacdd7465675ee88afc01dad3204156a91a0976a4ad1ed5b00
• Management Engine: Custom image based on ME 14.0.47.1558, SHA256: 7fa37e108176c9a2d0df60c93b10b3ad9c7725f1f82b87197a2991208c4cffec
• microcode:
  • CPU signature: 0x0806EC, Date: 28.04.2021, Revision: 0xEC
  • CPU signature: 0x0A0660, Date: 28.04.2021, Revision: 0xEA