coreboot+Heads
In the world of digital security, we want our devices – including laptops – to be resilient against all kind of possible threats. These days, cyber security isn’t limited to software, but has also become relevant for the ‘controlling software’ of a device, known as firmware. As cyber threats become more and more advanced, the need for firmware solutions that prioritise security and transparency has become all-important. With the introduction of our Dasharo coreboot laptops, we have already proven that we are taking the security of our laptops to a next level. But moving in this direction has led us to many more insights to improve the security of our computers even further. This includes an alternative firmware version: Dasharo coreboot+Heads. But what is Heads firmware and in what way is it different from the standard coreboot version?
Note: Heads firmware is complex. We recommend this firmware version only for advanced users where a high level of security is a requirement. Furthermore, we recommend Heads firmware for Qubes OS users.
The definition of a payload
To properly understand the matter concerning Heads firmware, it is crucial to have an understanding of what a payload is. A payload is the piece of boot code executed right after the initialisation process of the laptop. It often provides settings and boot options, as well as boot protection mechanisms.
Heads payload instead of TianoCore EDK II
By default, NovaCustom ships its laptops with the TianoCore EDK II payload. This payload offers high flexibility, thanks to the possibility of integrating UEFI firmware settings. This way, a user can set a fan profile, apply battery charge thresholds and enable UEFI Secure Boot. Moreover, EDK II offers a way to boot to an iPXE server and to boot to an external USB device easily.
UEFI Secure Boot has its limitations
Although the EDK II payload provides remarkable flexibility with these great features, it is important to acknowledge the potential security implications of UEFI Secure Boot. While it can block potentially harmful boot files, it does not provide a boot verification from the very first moment of the start of your device to the finalisation of the boot stage. Furthermore, UEFI Secure Boot doesn’t require a reliable and independent TPM chip.
One notable constraint is UEFI Secure Boot’s reliance on a pre-installed set of signing keys. In fact, it only checks the signature of a boot file and blocks it if the file isn’t known as a trusted boot file. It does not address potential threats at other levels of the system’s boot process, such as firmware vulnerabilities or tamperings in the kernel of the operating system.
Additionally, the reliance on predefined keys can pose challenges for users who wish to install alternative operating systems or bootloaders that are not officially signed. Well-known operating systems like Windows, as well as Linux operating systems such as Ubuntu, Linux Mint and Fedora officially support the Microsoft-dominated Secure Boot technology. However, other Linux operating systems such as Pop!_OS and the security-focused operating system Qubes OS do not support UEFI Secure Boot, meaning that there is no boot verification at all for these OSes when using EDK II, at least not after loading the payload.
Yes: you can set your own custom UEFI Secure Boot keys in the firmware settings of our Dasharo models. Nevertheless, this is a complicated process and does not provide a comprehensive solution.
Why Heads firmware offers a better boot integrity verification
Unlike EDK II, Heads firmware ensures the system’s firmware and boot integrity at all stages. It does this with measured boot technology. Measured boot provides cryptographic hashes for each boot component. This covers the main SPI (BIOS) firmware itself and all of the important boot files in the /boot directory, including the disk encryption setup files, the kernel, the initrd file and the GRUB configuration. The hashes are securely stored and attested in the independent TPM hardware.
The outcome is a reliable boot setup, while you (instead of a big tech giant) are fully controlling the keys. Actually, Heads firmware creates a chain of trust from the beginning of the boot process till the end. Without the measurement and attestation of the entire boot process, assurance against potential tampering would remain uncertain.
Protection against rootkits
Rootkits are malicious applications that are focussing on the UEFI firmware. They do so to prevent a deletion of the malware in case the storage drive would be formatted. After all, a rootkit is integrated into the UEFI firmware and not stored on the regular storage drive. This means that the malicious application can re-appear after the installation of a new operating system, as it is executed before the operating system itself.
In case a rootkit would be implemented in the UEFI firmware, Heads would detect that there has been tampered with the firmware. This is because the hash of the boot component in which the rootkit is located would change, and that would prevent the boot process to be marked as trustworthy by Heads. The user would be informed about this event and can then decide to power off the laptop and take the needed measures.
Examples of known rootkits of the past can be found here, here and here.
Heads puts the user back in control
Current usual boot security techniques like UEFI Secure Boot use exclusive software, allowing the computer only to boot operating systems that have been marked as trusted. This means that the end user must rely on the vendor to approve any code he or she wishes to execute.
In contrast to UEFI Secure Boot, Heads firmware identifies tampering by using keys that are completely within the end user’s control. These keys can be modified by the user at any given time.
UEFI Secure Boot and other standard UEFI boot security mechanisms block the boot process completely if the boot component couldn’t be verified. Heads firmware, on the other hand, still allows the user to boot the computer to the selected boot file, but only after alerting him about any potential tampering.
Heads offers additional boot verification
Unlike other payloads, Heads firmware uses a hash code from the TPM chip that is verified as follows:
- By using a USB Security Device, such as the Nitrokey 3A Mini, and:
- (Optional) By using a 2FA application like Google Authenticator (or a trusted alternative TOTP authenticator)
By using this technology, one can prove that the main SPI (BIOS) firmware itself hasn’t been tampered with. If tampered with, the 2FA application’s input wouldn’t be accepted (1) or the USB Security Device is blinking red (2).
Why the TPM chip is a crucial part of Heads’ boot verification
As stated earlier, Heads firmware uses the TPM chip to store and attest the cryptographic hashes of every boot component. But why is this considered to be secure?
The key point here is that the TPM chip is designed in a way that it cannot change the hash if the hash of the previous boot component’s hash hasn’t been provided. In other words, the next boot block requires the previous boot block’s hash. In case the hash value could not be verified, Heads firmware marks the boot component as potentially tampered with and will inform the user about this event.
Why openness about firmware is important
If we want to increase the security of the foundation of our laptops, it becomes essential to adopt firmware that is transparent and inspectable. Without the ability to study the firmware coding, comprehension of the crucial stages in the boot procedure cannot be achieved. Moreover, addressing vulnerabilities or customising it to meet specific requirements becomes unfeasible.
Heads firmware is published as free software. It is open-source, enabling not just examination but also reproduction: if you wish, you can build the Heads firmware ROM file from source.
Dasharo Entry Subscription
The Dasharo Entry Subscription includes coreboot+Heads support for the NV41 Series, which currently is our only supported laptop for Heads firmware. The subscription is not automatically renewed. You will need to buy this product again after the expiry of the subscription in order to keep access to further updates and direct support from Dasharo.
Why should I buy the subscription if I can build and flash Heads firmware myself?
There are a few reasons to buy the subscription, even if you can build and flash Heads by yourself.
- Support the project financially. For every Dasharo Entry Subscription we sell, the revenue is shared with NovaCustom, 3mdeb (the company behind Dasharo) and the main developer of Heads firmware. Your financial contribution allows us to keep maintaining our Heads firmware version.
- Easy deployment. When having a Dasharo Entry Subscription, you will get access to the easy deployment instructions by the guided flash option of the Dasharo Tools Suite. This will save you a lot of time.
- Premium support from our firmware developer’s team and the community. Once you have an active subscription, you will get access to the Matrix room Dasharo Premiere Support. This will allow you to ask for support from professionals and the developers and start discussions with them and other subscribers.
You may also like the following articles:
Wessel klein Snakenborg (Director of NovaCustom)
About the author: Wessel Klein Snakenborg is passionate about technology since childhood. He launched NovaCustom in 2015, crafting tailor-made laptops with privacy and security in mind. With a focus on user-friendliness, NovaCustom continues to redefine the laptop experience, led by Wessel's commitment to innovation and collaboration.
