Password protection for Firmware setup #257
Comments
|
@thePretendend thanks for reporting, but it looks like duplicated of #120 |
|
Thank's for the reply, sorry for the deuplicate. |
|
@thePretendend correct. @wessel-novacustom cc |
|
Can I somehow get this version as a precompiled binary? I'm not yet confident enought to compile this myself, since I do not have the adaptor for arduino for flashing the firmware externaly yet (in case of an error). Or can I just downgrade to v1.3.0 on an intel alderlake without major issues? |
|
@pietrushnic Are you sure that this functionality is in our latest Dasharo version implemented? I don't think that this is the case for NS51PU yet, right? :-) @thePretendend Version 1.4.0 is currently the latest available firmware version. Also, you already have the latest open EC firmware. Newer versions will be easy to flash with Dasharo Tools Suite (DTS). We are working on documentation for that (https://docs.dasharo.com/). If you choose to get firmware update notifications while ordering your laptop, you will receive an email as soon as a new version has been released. |
|
Thank's for the reply. I'm looking forward to this update, and hope password protection will be implemented there. Will upgrade as soon as I get the notification (which I think, I have chosen, else I'll subscribe to it on the dasharo.com website. afaik tou can do that right?) |
|
I hope so too, it would be a nice security feature. We'll discuss it with the team. The Alder Lake version's documentation and news letter is still under construction. If you have chosen to be informed at firmware updates via our website while ordering, you should receive the right newsletter somewhere between December and February. Otherwise, you can check in December again if the Alder Lake laptop you have has been added to docs.dasharo.com and sign up for the news letter there then. |
|
Also, will there be a toutorial how to correctly compile this firmware using the docker container: |
@wessel-novacustom I'm pretty sure it is not integrated since this is very new thing, we created it at the end of October. @macpijan can you elaborate about that?
@macpijan let's consider this as feature request. |
|
Should I create a new feature request for that, or will this here do? |
|
Sorry, we focus on Ubuntu and/or Debian for the build process. I don't know how easy it is to make this possible under Fedora, too. We will discuss this internally. I believe that the requested security feature will be integrated into the new release, which will be available in a few months. It's up to @macpijan to confirm this. Yes, please create separate tickets for separate feature requests. |
|
The password lock is not part of the 1.4.0 release, which is shipping now with new units. |
|
Podman claims to be a drop-in replacement for Docker. So in theory, you should be able to replace |
|
Thank's, will do |
ghost
closed this as
|
|
It might be (and I think there is a good reason to be) along with some more features we implemented in October here: https://github.com/Dasharo/dasharo-issues/projects/5 We just need to agree the roadmap. |
|
Ok. I think it is a good idea to implement this feature, yes. |
The problem you're addressing (if any)
There currently is no way to protect e.G. the secureboot state from tampering.
Describe the solution you'd like
An optional password prompt when entering the firmware setup at boot (pressing Esc when turning the unit on)
Where is the value to a user, and who might that user be?
Added security for any user by preventing unauthorized third parties to access security related settings or booting images without authorization.
Describe alternatives you've considered
There are none.
Additional context
When entering firmware setup, secure boot for example can be turned off without authentication. Also, the boot order can be modified without authentication.
The text was updated successfully, but these errors were encountered: