coreboot Versions, Info, and Security Features for all Protectli Vaults

Protectli has developed a script called "Flashli" that runs on Ubuntu. This script will automatically detect which Protectli Vault you have, and will flash your firmware accordingly. It is very important to note that  you should not turn off the unit while the flashing is in progress. This script makes the process of flashing very simple and makes it extremely (!) unlikely to brick your device while flashing. The key concept here is that you must boot to a USB thumb drive that has Ubuntu on it, and run a script.

Please keep in mind the VP4600 and VP6600 series must disable BIOS lock before flashing if you are currently on AMI firmware (Go to the 'Chipset' tab in BIOS/UEFI menu, then to PCH-IO Configuration, and disable the BIOS Lock. Save settings). 

If you are flashing from one version of coreboot to another, BIOS lock must be disabled beforehand (found in Dasharo Security Features), and this is applicable to all VP units.

Please follow the instructions in this article to properly utilize Flashli: https://kb.protectli.com/kb/how-to-use-flashli/

The coreboot booting process consists of four main stages.

bootblock

The first stage is the "bootblock" which does the most basic tasks for the CPU, such as loading microcode, setting 32 bit mode, and setting the stack pointer for the next instruction.

romstage

The second stage is the "romstage". The romstage sets up the onboard cache to use as RAM before DRAM is initialized, known as "cache-as RAM" setup. It also calls the Intel Firmware Support Package (FSP) which is an Application Programming Interface (API) specific to the CPU which initializes on-chip functionality. It then initializes memory so that DRAM can be used.

ramstage

The third stage is "ramstage". In this stage the system is running in DRAM and it initializes the devices and functions of the hardware.

payload

The fourth and final stage of coreboot is the "payload". The payload is a third-party binary application that is primarily used to boot an OS or application. In the case of Protectli’s coreboot configuration, this payload is Tianocore/edk2 (UEFI payload) for the UEFI implementation.

As computers have evolved with more functionality, they have also become more vulnerable to security threats. Threats now include not only software viruses and malware, but threats to the firmware that initially boots the computer. These attacks can persist across reboots and OS updates so it is critical that they are mitigated. The coreboot implementation for the Protectli VP6600 series, VP4600 series and VP2400 series contains multiple security features to mitigate vulnerabilities to the firmware.

As noted above, the firmware process and "booting" a computer involves multiple stages. In order to guarantee a secure system, each stage must be verified as secure before it is loaded. In a secure system, a "Root of Trust" is established. In coreboot, the firmware is cryptographically signed to establish the Root of Trust. A "Chain of Trust" is then established as cryptographic signatures are checked against the additional modules before they are loaded into the system.

System Firmware User Password

Allows a user to setup a personal password to access the coreboot firmware menu in order to prevent unwanted access. Once a user password is setup, the password will be required to enter the coreboot firmware menu. The system firmware password prevents unauthorized access to the coreboot firmware menu. Present in coreboot v1.2.0 and newer. Password can be set at User Password Management > Change Admin Password.

Verified Boot (Always enabled)

In coreboot, "Verified Boot" is the feature / mechanism to provide the Root of Trust and Chain of Trust to ensure that the firmware has not been compromised. The Protectli VP6600 series, VP4600 and VP2420 coreboot images have been "signed" with a cryptographic key. This establishes the "Root of Trust" for the secure boot process. Verified Boot adds another stage in the boot process called the "verstage". It is called right after bootblock and it adds the hooks into the process so that the subsequent stages can be verified cryptographically before they are loaded in order to establish the Chain of Trust.

Verified Boot requires 2 partitions in the BIOS chip for 2 copies of coreboot. When coreboot with Verified Boot is flashed into the BIOS chip, it writes 2 copies of the image. One partition is read-write and the recovery partition is read-only. Booting starts from the recovery partition, which verifies the read-write partition. If the read-write partition is verified, the system will boot from that partition. If it fails verification, the system will boot from the recovery partition and send a message to the screen that it is booting from the recovery partition.

BIOS Lock (Enabled by default)

Another security feature is BIOS Lock. When BIOS Lock is enabled (default setting) in the coreboot firmware menu, it protects the recovery partition from being overwritten. The recovery partition is used to verify the read-write partition. When updating a version of coreboot, only the read-write partition is updated. If you are flashing to a different firmware such as AMI or updating to a newer version of coreboot, BIOS Lock must be disabled so that the entire BIOS chip can be written. The BIOS lock setting can be changed at Dasharo System Features > Dasharo Security Options > Lock the BIOS boot medium.

UEFI Secure Boot (Disabled by default)

Disabled by default, can be enabled in coreboot firmware menu at Device Manager > Secure Boot Configuration. Supported by Ubuntu, Windows, and a handful of other operating systems.

While Verified Boot ensures security of the boot process through loading the Payload, UEFI Secure Boot is an additional security feature which verifies the security of an OS. It essentially adds the OS to the Chain of Trust by verifying the signature of the OS before loading it. It requires support in the OS. Popular OSes such as Windows and Ubuntu support Secure Boot, with adoption steadily growing. These OSes have their public keys included in the coreboot image in order to verify the integrity of the OS. If Secure Boot is enabled in the BIOS menu, it will not load the OS if the OS does not support Secure Boot, the public key for the OS has not already been installed in the firmware, or the OS fails its integrity check. Therefore, Secure Boot must be disabled in the BIOS menu in order to load an OS that does not support Secure Boot. Examples of OSes that do not currently support Secure Boot are OPNsense and other FreeBSD-based OSes.

Measured Boot (Enabled by default, requires physical dTPM 2.0)

Measured Boot is a security feature that "measures", or checks, each stage of the boot process. In addition to Verified Boot, Measured Boot also writes the hash digest from each stage into a Trusted Platform Module (TPM) so that the OS can check/verify the value later. A TPM can be a separate physical component, referred to as discrete TPM (dTPM), or it can be implemented in firmware, known as firmware TPM (fTPM). The Protectli VP6600 series, VP4600 series, VP2410 and VP2420 supports an optional physical dTPM. If no dTPM is present, Measured Boot will not be utilized, but other Verified Boot, BIOS Lock and UEFI Secure Boot will still function correctly.

Disk encryption utilities such as BitLocker and LUKS can be used to encrypt disks. However, a downside is that the password to unencrypt the disk must be entered manually when the system is booted or disk is remounted. If supported by the OS, it can read the measurements stored in the TPM which were made during the Measured Boot process and can be used to automatically unencrypt the disk. This means that you will not need to enter your disk encryption password as long as the firmware and settings have not been tampered with.

The USB security feature allows you to enable or disable the USB UEFI driver loading. This feature can help prevent the loading and execution of malicious firmware or software on your device via USB. The feature is regulated by two settings, "USB Stack" and "USB Mass Storage"; they are enabled by default. These settings load the drivers for both USB devices as well as USB storage media. USB Stack controls drivers that load anything pertaining to USB devices such as a keyboard; when this setting is disabled neither USB devices nor USB storage will work within the UEFI menu. After the OS is initialized then USB devices will be operable. On the other hand the USB Mass storage setting only loads drivers pertaining to USB storage media. When enabled any USB storage media will be operable, while disabled USB storage media will not be operable until the OS initializes.

NOTE: disabling USB stack will render your keyboard inoperable within the BIOS. To re-enable the USB stack you will have to use a serial connection. The setting persists through a CMOS reset. Mac users with a VP2400 or VP4600 will be unable to serial in due to a lack of driver support

For more information regarding the serial connection please see COM port tutorial documentation at this link: https://kb.protectli.com/kb/com-port-tutorial/

VP2420 and VP4600 series with coreboot version 1.1.0 (and above) and VP6600 series with coreboot version 0.9.0 are the only units that currently utilizes USB security features. VP2420 and VP4600 series both use a USB micro to USB A connection for serial, which is included with each unit. VP6600 series can use a RJ45 to USB A connection or USB C to USB A connection for serial.

These settings are found at Dasharo System Features > Dasharo Security Options > USB Configuration.

The Intel Management Engine (ME) is a complete stack on an independent subsystem that allows remote access to a system. In some cases, the ME can run even when the device is powered off. However, there have been multiple vulnerabilities over the years, and security conscious customers have wanted the ability to disable the functionality. Intel ME Disable is a feature which disables the Intel ME. The implementation of coreboot for the Protectli VP4600 and VP2420 has Intel ME disabled by default using the soft-disable method, VP6600 uses HAP method. These methods are documented at this link: https://docs.dasharo.com/osf-trivia-list/me/#soft-disabling-me

Note that if the unit is reflashed to AMI firmware, Intel ME will be reenabled and all of the security features mentioned above will be inactive.

Addtional information can be found on this article: [https://kb.protectli.com/kb/me-disable/]

Found in all Vault Pro coreboot images. Settings found at Dasharo System Features > Power Management Options.

Power State After Power/AC Loss

A primary feature is the ability to change the default power state after power loss. This settings works in tandem with the JPWR header on the motherboard (header not present on VP2410). By default, these Vaults will automatically attempt to power back on after a case of power loss. This setting can be changed between "Powered Off", "Powered On", or "The state at the moment of power failure". The behavior that occurs in relation to the JPWR jumper and the coreboot setting can be found within the datasheets for the Vault model you have.

CPU Throttling Temperature Offset

This sets the temperature offset from maximum CPU temperature which the CPU will start throttling itself.

Fan Profile

This setting is currently only available on the VP6600 series due to the presence of two built-in fans. This setting can set the preferred fan operation mode. The options are "Silent", "Performance", or "Fans Off".

This setting will slightly vary between models, but generally allows the ability to disable/enable serial console output.

VP6600

Located at Dasharo System Features > Serial Port Configuration, the user can enable/disable COM output for either the RJ45 COM port (COM0), or USB-C COM port (COM1).

All other VP Models

Located at Dasharo System Features > Serial Port Configuration, the user can enable/disable the COM port.

The VP6600 Series contains CPU Configuration settings that allow the user to edit the number of active Efficiency-Cores or Performance-Cores for the CPU. This can be especially useful if certain operating systems cannot properly utilize one or the other. For example, ESXi requires E-Cores to be disabled in order to properly run.

The user may also enable/disable Hyper-Threading.

Settings are located at Dasharo System Features > CPU Configuration.

The Boot Maintenance Manager allows the user to modify a host of boot options. Located at Boot Maintance Manager.

Boot Options

Allows the user to change boot order or add/remove boot options. When a boot option is selected, it can be moved up or down in the boot order by pressing both "Shift" and "+" or "-" key.

Boot From File

This allows the user to select a file and then navigate through the filesystem to find the bootable file. This typically requires knowledge of the OS filesystem to identify the correct file.

Boot Next Value

Sets the boot source for the next time the system boots, one time only, and overrides the default setting.

Auto Boot Time-out

Allows the user to set the amount of time that the Protectli splash screen is displayed during boot. Default setting is typically 6.

This feature allows the user to iPXE boot the Vault over the network to a default Protectli site, or to specify a site. For example, one could boot to the netboot.xyz server which hosts multiple Operating Systems (OS) at https://boot.netboot.xyz. See example below. Note that using a specific site to boot an OS is supported by Protectli, but the actual OS that is loaded is not supported by Protectli, as is the case with all OS. In order to use the Network Boot feature:

• Verify the Vault is connected to the Internet via Ethernet port 1
• When the Protectli splash screen is displayed, press the F11 key
• Verify the Boot Menu is displayed

• Select "Network Boot and Utilities"
• Verify the "Network Boot and Utilities" page is displayed

If nothing is selected, the system will count down a few seconds and automatically netboot to the default Protectli Network Boot and Utilities page at: https://netboot.protectli.com/menu.ipxe In order to specify a site:

• Select "Advanced"
• Verify the "Change Netboot Payload" page is displayed
• Enter the desired URL (Example: https://boot.netboot.xyz)

• Hit "Enter"
• Verify the Vault returns to the "Network Boot and Utilities" page
• Select "Apply and Exit"

• Verify the Vault begins the iPXE boot process
• Verify the Vault boots to the netboot.xyz Main Menu

• For this example, select "Linux Network Installs (64-bit)
• Verify the "Linux Installers" page is displayed

• Select the desired OS (In this example we use Ubuntu)
• Verify Netbooting starts

• Follow the OS instructions to install and configure the Vault as desired

Note that if a specified URL such as https://boot.netboot.xyz is selected, it will not be saved across reboots. It will need to be manually entered if the Vault is rebooted.