Skip to content

TrenchBoot Hardware Compatibility List #24

New issue
New issue
Open
Open
TrenchBoot Hardware Compatibility List#24
Assignees
pietrushnic
@pietrushnic

Description

@pietrushnic
pietrushnic
opened on Dec 10, 2023

I am writing to highlight the need for a Hardware Compatibility List (HCL) for the TrenchBoot project. This request is based on the challenges and discussions highlighted during the Qubes OS Summit 2023 (TrenchBoot Anti Evil Maid: Roadmap, Challenges, and Advancements, Creating a Tool to Check Platform Security Features for Qubes OS + Platform Security Design Session) and the TrenchBoot Steering Committee meeting in 2021.

Key Points:

  • The current list for TrenchBoot is outdated and does not reflect the latest hardware advancements.
  • 3mdeb, with its involvement in TrenchBoot as AEM for Qubes OS and the AMD patches contribution supported by NLNet, is in a strong position to lead this HCL creation.
  • An updated HCL is crucial for ensuring broader hardware support and compatibility, enhancing the project's usability and security.
  • We propose creating a preliminary list of HCL candidates, which can be verified and tested over time with community involvement. Some examples below.
  • We would like to align Dasharo's development 2024 roadmap with the best candidates from HCL.

We believe that updating the HCL is essential for the continued success and reliability of the TrenchBoot project. We look forward to your response and any guidance on how we can assist in this process.

Initial candidates:

  • PC Engines apu2/apu3 and apu3 - those will likely get Dasharo release in Q1'24
  • Protectli VP4670 - @miczyg1 had some preliminary success with that hardware
  • NovaCustom: nv40mz-i5, nv41pz-i5 - there are also other models on the roadmap
  • Lenovo M920Q - Dasharo Porting Ready: System is Intel Boot Guard Ready, verified boot disabled, ME not in Manufacturing Mode
  • HP EliteDesk 800 G2 DM - TB AEM for Qubes OS was proven on this hardware with proprietary firmware. During vPub 0x9 it was proven that the system is Dasharo Porting Ready (need confirmation)
  • Dell OptiPlex 7010/9010 , Dell Precision T1650- still good systems to check backward compatibility of TrenchBoot
  • Supermicro X11SSH-TF?
  • ASUS Pro Q670M-C-CSM

We will extend that list as new opportunities and synergies appear.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions