From fddfc956079c849625e1ff7bc07f3797d017718f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 11 Dec 2025 11:00:27 +0100 Subject: [PATCH 1/3] docs/projects/sovereign-boot-wizard.md: Add v1.0.0 release notes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- docs/projects/sovereign-boot-wizard.md | 65 ++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/docs/projects/sovereign-boot-wizard.md b/docs/projects/sovereign-boot-wizard.md index af21367ed7..9240dcf7eb 100644 --- a/docs/projects/sovereign-boot-wizard.md +++ b/docs/projects/sovereign-boot-wizard.md @@ -66,6 +66,71 @@ If you have any questions about Sovereign Boot Provisioning Wizard, visit the ## Releases +### v1.0.0 - 2025-12-10 + +#### Added + +* Interactive mode for fine-grained control of bootloaders and key databases + once the wizard is provisioned: + + Listing all bootloaders and their certificates, attributes and an option + to add/remove certificates or image hash to the databases + + Listing all entries in Trusted Key/Image Database (DB) and Untrusted + Key/Image Database (DBX) with an option to remove entries + + Option to enroll a certificate or image hash from a file on a disk + +#### Fixed + +* [Sovereign Boot shows that it detected bootloader/key when running QEMU with + empty disk image](https://github.com/Dasharo/dasharo-issues/issues/1685) +* Sovereign Boot Wizard boots the last trusted bootloader instead of first + when provisioning is finished +* Sovereign Boot Wizard does not set the selected trusted bootloader as first + boot priority when provisioning is finished +* Sovereign Boot Wizard does not remove the image data from untrusted database + if the image verification fails and user wants to change their trust + decision for the image. + +#### SBOM + +* [coreboot based on 24.12 revision qemu_q35_sovereign_boot-v1.0.0](https://github.com/Dasharo/coreboot/tree/qemu_q35_sovereign_boot-v1.0.0) + + [License](https://github.com/Dasharo/coreboot/blob/qemu_q35_sovereign_boot-v1.0.0/COPYING) +* [Dasharo EDKII fork based on edk2-stable202502 revision sovereign-boot-v1.0.0](https://github.com/Dasharo/edk2/tree/sovereign-boot-v1.0.0) + + [License](https://github.com/Dasharo/edk2/blob/sovereign-boot-v1.0.0/License.txt) + +#### Building + +Follow the [instructions for +QEMU](../variants/qemu_q35/building-manual.md#procedure). Checkout +`qemu_q35_sovereign_boot-v1.0.0` tag on coreboot repository and use new +`qemu_svboot` target as an argument to `./build.sh` script. + +### Binaries + +[qemu_q35_sovereign-boot-v1.0.0.rom][qemu_q35_sovereign-boot-v1.0.0.rom]{.md-button} +[sha256][qemu_q35_sovereign-boot-v1.0.0.rom.sha256]{.md-button} + +[qemu_q35_sovereign-boot-v1.0.0.rom]: https://dl.3mdeb.com/open-source-firmware/Dasharo/qemu_q35/sovereign-boot-v1.0.0/qemu_q35_sovereign-boot-v1.0.0.rom +[qemu_q35_sovereign-boot-v1.0.0.rom.sha256]: https://dl.3mdeb.com/open-source-firmware/Dasharo/qemu_q35/sovereign-boot-v1.0.0/qemu_q35_sovereign-boot-v1.0.0.rom.sha256 + +#### Video demonstration + +Watch a short demonstration of Sovereign Boot Wizard in action. This video +covers the new features of the Sovereign Boot Wizard and complements the +documentation. + +
+ +
+ ### RC4 - 2025-09-30 #### Fixed From 0f1c599daa20abcd079431a65c8127756828ed1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 11 Dec 2025 11:01:15 +0100 Subject: [PATCH 2/3] docs/projects/sovereign-boot-wizard.md: Add running instructions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- docs/projects/sovereign-boot-wizard.md | 28 ++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/docs/projects/sovereign-boot-wizard.md b/docs/projects/sovereign-boot-wizard.md index 9240dcf7eb..716fcdf35b 100644 --- a/docs/projects/sovereign-boot-wizard.md +++ b/docs/projects/sovereign-boot-wizard.md @@ -64,6 +64,34 @@ Boot Provisioning Wizard. If you have any questions about Sovereign Boot Provisioning Wizard, visit the [FAQ](../osf-trivia-list/sovereign-boot-wizard.md). +## Running in QEMU + +Sovereign Boot Wizard can be run with QEMU emulator. Set of minimal parameters +required to run the Wizard: + +```bash +qemu-system-x86_64 -m 4G -machine q35,smm=on -cpu Skylake-Client \ + -global driver=cfi.pflash01,property=secure,value=off \ + -drive if=pflash,format=raw,unit=0,file=${QEMU_FW_FILE} \ + -global ICH9-LPC.disable_s3=1 \ + -device virtio-scsi-pci,id=scsi \ + -device qemu-xhci,id=usb -smp 2 \ + -enable-kvm -mem-prealloc \ + -object rng-random,id=rng0,filename=/dev/urandom \ + -device virtio-rng-pci,max-bytes=1024,period=1000 \ + -display gtk,window-close=off +``` + +Set `QEMU_FW_FILE` variable to point to the QEMU firmware binary with +Sovereign Boot Wizard integrated. Optionally mount additional drives +using `-hda` or `-hdb` parameters. + +!!! Note + + To have a stretched, full screen menu window, disable the [Serial Port + Console Redirection](../dasharo-menu-docs/dasharo-system-features.md#serial-port-configuration) + once booted to the firmware setup in QEMU. + ## Releases ### v1.0.0 - 2025-12-10 From 413f3c223c62227b762ef17587ed32abdfd9e2ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20=C5=BBygowski?= Date: Thu, 11 Dec 2025 14:30:12 +0100 Subject: [PATCH 3/3] docs/projects/sovereign-boot-wizard.md: Add v1.0.0 demo YT link MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Michał Żygowski --- docs/projects/sovereign-boot-wizard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/projects/sovereign-boot-wizard.md b/docs/projects/sovereign-boot-wizard.md index 716fcdf35b..bc8dba67c1 100644 --- a/docs/projects/sovereign-boot-wizard.md +++ b/docs/projects/sovereign-boot-wizard.md @@ -148,7 +148,7 @@ documentation.