At NovaCustom, we are committed to deliver high quality laptops. This includes the firmware, which is responsible for the boot process and the overall functionality of the device. This month, we are thrilled to unveil the new firmware updates for our Dasharo coreboot models. These updates are packed with a host of groundbreaking features and improvements that will elevate your computer experience and enhance the security of your notebook.
Our dedicated developer’s team has been hard at work, focusing on fine-tuning and expanding the capabilities of our firmware to meet the evolving needs of our valued users. Whether you own an NV40 Series with Tiger Lake processor, an NV41 Series with Alder Lake processor or an NS50 or NS70 Series with either of these processor generations: this update has something special for you.
In this blog post, we will outline the firmware update’s key features and enhancements. From improved security measures to extended battery life, faster boot times and greater user control, our October 2023 update is designed to make your NovaCustom experience more secure, efficient and user-centric.
Overview
- Security
– UEFI Setup Password
– SMM BIOS Write Protection
– Early Boot DMA Protection
– Network and USB Stack Control
– WiFi + Bluetooth Module Switch
– Intel ME disabling (HECI and HAP) for Tiger Lake Series - Privacy
– Camera Switch in UEFI Firmware - Durability
– Earlier CPU throttling (75°C instead of 90°C)
– Battery Charge Thresholds and Micro-charging Prevention - Functionality
– Hibernation Support (S4)
– Suspend-to-RAM Support (S3) for Tiger Lake Series - Stability
– Boot Block When Battery Charge Is Too Low
– Improved Docking Station Compatibility - Accessibility
– Easy Firmware Update Mode - Documentation
– Openness Score - Coming soon
– Heads firmware for NV41 Series
Security: UEFI Setup Password
One of the key highlights of this update is the introduction of the UEFI Setup Password feature. It enables you to set up a password that restricts unauthorised access to your system’s UEFI settings. By doing so, you have piece of mind knowing that your device’s configuration remains secure from tampering and unwanted changes.
Security: SMM BIOS Write Protection
System Management Mode (SMM) is a crucial component of your device’s firmware, and protecting it is paramount to safeguarding your system’s integrity. SMM BIOS Write Protection ensures that unauthorised modifications to the BIOS are virtually impossible, enhancing the security and reliability. This feature acts as a shield, preventing any malicious attempts to tamper with the BIOS, which can lead to potential vulnerabilities and system instability.
By implementing SMM BIOS Write Protection, we provide our users with the assurance that their laptop’s firmware remains intact and free from tampering. This level of protection is a testament to our commitment to fortifying your notebook against security threats.
The option can be enabled and disabled in the firmware settings.
Security: Early Boot DMA Protection
Security starts from the moment your laptop powers on, and with the NovaCustom-Dasharo October 2023 Firmware Update, we’ve taken proactive steps to fortify your system right from the early boot stage. Introducing Early Boot DMA Protection, a crucial security enhancement that safeguards your device against Direct Memory Access (DMA) attacks.
DMA attacks are a sophisticated methods employed by malicious actors to gain unauthorised access to your system’s memory. By exploiting vulnerabilities during the early boot process, attackers can potentially compromise sensitive data or even gain control of your device.
Our Early Boot DMA Protection is like a guardian for your notebook right from the moment it starts up. It keeps your the memory safe from any unauthorised access attempts during the boot process, adding an extra layer of security to protect your important data and privacy.
Security: Network and USB Stack Control
We understand the importance of flexibility and control when it comes to connectivity. That’s why we’re excited to introduce the Network and USB Stack Enable/Disable feature in this update.
This enhancement empowers you to take charge of your laptop’s network and USB functionality. With the ability to enable or disable these stacks at the firmware level, you have the flexibility to tailor your connectivity according to your preferences and security needs.
Disabling the network stack prevents exploits against network drivers which may be loaded from the SPI flash or from PCIe devices. Similarly, the ability to disable the USB stack provides an added layer of security, preventing users from booting from unauthorised media. This feature also includes an option for only allowing USB HID devices such as keyboards to be initialised during boot, which allows users to access the UEFI setup menu and booth options with a USB keyboard, while preventing other USB devices from being loaded before the OS is loaded.
Security: WiFi + Bluetooth Module Switch
Your device, your rules. With this feature, you can adapt your laptop’s connectivity to suit your needs, ensuring that you remain in charge of your wireless connections. If you don’t need the WiFi and Bluetooth module to be active, you can disable its power in the UEFI firmware settings so that you don’t need to remove the module physically.
Security: Intel ME disabling (HECI and HAP) for Tiger Lake Series
By disabling Intel ME using the HAP disabling mode, you can fortify your laptop against potential vulnerabilities associated with the Intel ME. This feature was already introduced for our Alder Lake devices, but has been expanded to our Tiger Lake Series with this firmware update.
Privacy: Camera Switch in UEFI Firmware
Privacy is a fundamental concern in the digital age, and NovaCustom prioritises your personal security. Having a camera module installed in the laptop can potentially cause serious privacy problems. Certainly, we deliver laptops without a camera module. But most people do need this camera module regularly, although not daily. With this update, you have the power to cut the power of the camera fully off at firmware level, even before your operating system boots. This means you can have confidence that your camera remains inactive when you don’t need it, effectively protecting your privacy.
Durability: Earlier CPU throttling (75°C instead of 90°C)
Throttling is a crucial mechanism that prevents overheating and ensures longevity. With this update, the throttling mechanism will start at 75 °C, while keeping an 8-second allowance to exceed this temperature. This way, high CPU temperatures are still allowed for a very short period of time, while the overall CPU temperature doesn’t get too high.
The result is that the CPU fan doesn’t need to rotate at disturbing speeds. In addition, lowering the throttling threshold has the benefit of potentially extending the laptop’s lifespan. Heat is a primary factor contributing to wear and tear. By initiating throttling at a lower temperature, the processor and other components will experience less thermal stress, potentially leading to improved long-term reliability.
Durability: Battery Charge Thresholds and Micro-charging Prevention
Your laptop’s battery health is a vital aspect of its longevity, and NovaCustom is dedicated to preserving it. In this update, we introduce Battery Charge Thresholds and Micro-charging Prevention, two groundbreaking features that safeguard your battery and extend its lifespan.
Battery Charge Thresholds enable you to set limits on how much your battery charges, preventing it from constantly charging to full capacity. This proactive measure reduces wear and tear on your battery, ultimately contributing to its long-term health.
Micro-charging Prevention is equally significant. This feature increases the span of charging when the laptop is fully charged. This way, small charging cycles which can degrade your battery over time are being prevented. By minimising these micro-charges, your battery experiences less stress, resulting in a longer and more reliable lifespan.
Functionality: Hibernation Support (S4)
Hibernation, or technically the S4 state, is often seen as an old way to suspend a computer. Sure, laptops can go into sleep mode (S3 or S0ix) these days, allowing to resume way quicker. But the NS51 and NS70 Series with Alder Lake processor don’t support S3 suspend mode, meaning they can only enter the S0ix modern standby state to suspend the laptop. However, that state is not supported when Intel ME is disabled. Moreover, S3 and S0ix are considered to be not so safe, as the power of the RAM memory remains on.
To bypass these inconveniences, one can now use hibernation, also known as suspend-to-disk. This state allows the laptop to save the current state of open applications to the storage drive before shutting down completely. When the computer is later awakened from hibernation, it restores the previous state, allowing the user to continue working from where they left off.
Functionality: Suspend-to-RAM Support (S3) for Tiger Lake Series
This functionality was already introduced for our NV41 Series to get this laptop Qubes OS certified, but has been developed for the NV40 Series as well as NS51 and NS70 Series with the 11th generation Intel Core (Tiger Lake) processor as well.
Suspend-to-RAM (S3) is a power-saving state that offers distinct advantages over the modern standby (S0ix) commonly found in today’s devices. While S0ix is known for its quick wake times, S3 offers a deeper level of power savings. When your laptop enters S3, it effectively goes into a low-power state, conserving energy while retaining your open applications in memory. This means you can resume your work almost instantly while enjoying the benefits of an extended battery life.
Moreover, S3 serves as an excellent suspend mode alternative for Intel ME-disabled notebooks. When Intel ME is disabled, S0ix modern standby may not be supported. In such cases, S3 provides an excellent power-saving option, ensuring that users with the Intel ME disabled can enjoy a seamless and energy-efficient computing experience.
Stability: Boot Block When Battery Charge Is Too Low
This protective feature ensures that your laptop won’t attempt to boot up when the battery charge falls below a critical threshold. When the battery level is too low, attempting to boot could lead to data corruption or other potential issues. With this feature, your notebook remains in a safe state until the battery is adequately charged, preserving your data integrity.
Stability: Improved Docking Station Compatibility
This update includes bug resolves for docking stations, especially the docking station that we sell as accessory. This enhancement streamlines the process of docking and undocking your laptop, eliminating potential compatibility issues and ensuring a smoother transition between mobile and desktop computing.
Accessibility: Easy Firmware Update Mode
The Easy Firmware Update Mode simplifies the firmware update process, ensuring that users of all levels of technical expertise can easily keep the laptop up to date. With just a few keystrokes, you can initiate firmware updates, ensuring that your device benefits from the latest enhancements and security patches. This update mode temporarily disables the locks to write the main SPI flash (BIOS) and makes sure it gets secured again as soon as the firmware update has been completed.
Documentation: Openness Score
This documentation section is designed to provide you with valuable insights about the openness of the firmware. It reveals what percentage of your firmware is comprised of open source software and, equally important, what percentage consists of binary blobs.
With this new addition, you can make informed choices about your firmware, aligning your values and preferences with technology. We believe that knowledge is power, and the ‘Openness Score’ is our commitment to providing you with the knowledge you deserve.
Coming soon: Heads firmware for NV41 Series
As part of our ongoing commitment to providing top-tier security and flexibility to our users, we’re excited to announce the upcoming addition of Heads firmware, exclusively available for the NV41 Series. This groundbreaking firmware option is set to elevate your laptop’s security to new heights, with a particular focus on enhancing the experience for Qubes OS users. That operating system does not support Secure Boot.
Heads firmware is synonymous with uncompromising security, and it’s poised to become an invaluable asset for those seeking the utmost protection for their digital lives. With Heads, you’ll gain the power to safeguard your notebook against even the most advanced threats, ensuring that your data and privacy remain impenetrable fortresses.
The transition to Heads firmware will be seamless, thanks to the Dasharo Tools Suite (DTS). This suite empowers users to upgrade effortlessly from coreboot+EDK-II to coreboot+Heads, allowing you to take advantage of the enhanced security features without any hassle.
The primary advantage of Heads firmware is its ability to provide an outstanding chain of trust by using the TPM. This assures robust protection against firmware tampering. With Heads, your laptop becomes a bastion of security in an increasingly digital world.
Stay tuned for the imminent release of Heads firmware, exclusively available for the NV41 Series. Your security and peace of mind are our top priorities, and this addition underscores our unwavering commitment to providing you with the best in firmware technology.
Heads firmware is now available as pre-sale. To select it, see the ‘Firmware options’ tab in the configurator.
Conclusion
In the current world of technology, NovaCustom and Dasharo remain dedicated to shaping a better computing experience for our users. Our October 2023 Firmware Update represents a significant milestone in our journey, introducing a multitude of features and enhancements designed to empower you, our valued users.
We remain committed to innovation, safety and user-centred design. Your trust in NovaCustom-Dasharo is our driving force and your satisfaction is our ultimate goal. With every update, we not only improve the firmware; we also improve your daily life in the digital world.
We can improve our firmware together.
We highly encourage you to stay involved with new firmware features. You can browse through requests and opening one by yourself on this page.
Thank you for being a part of our journey. We look forward to continuing to provide you with the best in computing excellence. Stay connected, stay secure, and enjoy mobile computing that puts you in control!
Meet me in Berlin (again)!
In conjunction with 3mdeb, the fifth edition of our Qubes OS Summit will be held live this year from October 6 to 8 in Berlin, Germany.
We will be there for a demonstration of the upcoming Heads firmware variant (if we get this done in time). Furthermore, we will further explain our plans for 2024.
Can’t be there? No worries, the Summit will be broadcasted live and saved on YouTube, just like last year.
Also interesting to read: the advantages of Dasharo coreboot firmware.
Wessel klein Snakenborg (Director of NovaCustom)
About the author: Wessel Klein Snakenborg is passionate about technology since childhood. He launched NovaCustom in 2015, crafting tailor-made laptops with privacy and security in mind. With a focus on user-friendliness, NovaCustom continues to redefine the laptop experience, led by Wessel's commitment to innovation and collaboration.
