On 12/28/18 3:48 AM, John Keates wrote:
> On 28 Dec 2018, at 00:36, Piotr Król <piotr.krol(a)3mdeb.com> wrote:
> On 8/19/18 4:06 PM, John Keates wrote:
The extra pointers are helpful indeed. I have started
ULV and mobile series single board computers that don’t have
BootGuard enforcement enabled, but no luck so far.
I would like to learn more about requirements here from my understanding
there should be big selection of devices that match your requirements.
Appollo Lake platforms should not have BootGuard since those mostly
target embedded market. Maybe Denverton-based hardware would also be
interesting to you. I'm not sure if it match your price point.
2. Are you active in pfSense, OPNSense or any
other UTM/firewall OS?
I’m active in OPNSense these days. I used to be rather active in
pfSense, but the environment has gotten too toxic for me over the
past years. I do have some side projects using Linux-based SDN setups
on this type of hardware.
Understood. It looks like Qotom is pretty popular in UTM/firewall community.
As 3mdeb we
are official maintainers of PC Engines and looking to
support whole network appliance environment. Recently we working also on
some support for Qotom based platforms.
I suspect you then have to get around the BootGuard
Because as far as I know, you cannot boot coreboot with BootGard
fuses blown in enforcement mode.
PC Engines is AMD based and there is no BootGuard
there. There is
Hardware Validated Boot but hardware is shipped without enabling it,
truly it would be great if it would be possible to leverage that using
open source tools, but probably without PSP keys not much can be done.
I did switch to ARM based systems (often i.MX) and
systems before the APU platforms became available locally because at
that point, white label import became a real option.
Yes, we also did some work with NXP but their mindset is very similar to
Intel - lot of stuff rely on proprietary tools that you can get only
signing NDAs and getting through their verification process.
Embedded Systems Consultant