qubes-mirage-firewall
coreboot
qubes-mirage-firewall | coreboot | |
---|---|---|
5 | 92 | |
201 | 2,075 | |
0.0% | 1.2% | |
7.2 | 10.0 | |
11 days ago | 3 days ago | |
OCaml | C | |
- | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
qubes-mirage-firewall
-
Is running OpenBSD inside a QUBE as a router/firewall an interesting and good idea?
2) https://github.com/mirage/qubes-mirage-firewall is by far a better firewall for Qubes than OpenBSD ever will be - unikernels are far more secure than a traditional operating system is and you can read all about it on https://mirageos.org/
-
the maddening truth of using Qubes
That's correct. It does mean that the closest to a self-contained program you can run is a unikernel like the mirage-firewall, unfortunately. On the upside, those remain easily portable to essentially anything that can run VMs so long as you adjust the image format.
-
I had to relocate CHUNGUS because of the old warehouse I operate it is being torn down.
That sounds similar to a unikernel. There are actual uses for those in seL4 and Qubes OS such as a firewall-qube (in theory unikernel qubes should be able to take far less system resources to run than full Linux+distro qubes).
-
Ask HN: Examples of Microkernels?
Here's one that is "production" ready: the Mirage-Firewall microkernel running on Qubes OS.[0]
[0] : https://github.com/mirage/qubes-mirage-firewall
-
Qubes OS: A reasonably secure operating system
sys-net, sys-firewall and other administrative vms should slowly migrate to unikernels instead of running linux, which should help with ram usage. The mirage.io project seems to build a couple qubes vms, for example https://github.com/mirage/qubes-mirage-firewall is a firewall which they indicate to give 64Mb of ram.
coreboot
-
Chromebooks will get 10 years of automatic updates
Why BIOS (did you mean UEFI?) when it runs the best boot loader, which is Coreboot¹. Many users would love to re-flash their bios/uefi for it, if it’s supported.
1: https://www.coreboot.org/
-
C++ is everywhere, but noone really talks about it. What are people's thoughts?
Coreboot is 0.6% C++.
-
Laptops with best Linux support (latest gen, battery life, performance)?
NovaCustom ; some models come with Dasharo a coreboot distribution.
-
Asus flip c302 last update
You can also use Mr. Chromebox Script to install Coreboot on your chromebook to get a UEFI BIOS on your Chromebook and then you can go an install either a linux distro or even Windows if you want. It's a pretty straightforward process and also reversable if you want to go back to just using ChromeOS.
-
A Linux laptop under 1350€
Some models are available with Dasharo a [coreboot]https://www.coreboot.org/) distribution.
-
why no haswell_ult_dmi_registers for broadwell? in https://github.com/coreboot/coreboot/blob/master/util/inteltool/pcie.c
why no haswell_ult_dmi_registers for broadwell? in https://github.com/coreboot/coreboot/blob/master/util/inteltool/pcie.c
-
Having issues restoring the firmware with u/MrChromebox's utility
use croshfirmware.sh from https://github.com/coreboot/coreboot/tree/master/util/chromeos
-
AMD to move to open source firmware in 2026
There may be other protections to restrict SPI flash access for security reasons (so you might not be able to flash your custom firmware in the OS), but worst case you can use a HW flasher (or maybe USB flashback). Still, this doesn't address the elephant in the room - platform initialization code might be open-sourced, but that isn't everything. You'll still need to figure out the board-specific stuff (the Super I/O chip, chipset GPIOs, other peripherals, etc.). Using coreboot as an example, Intel provides the Firmware Support Package blob to handle platform initialization. I think AGESA is somewhat similar to this, though Intel publicly releases the binaries for use in coreboot/etc. Thanks to the FSP, coreboot has support for recent Intel chipsets. However, there is only support for two recent consumer boards: the MSI PRO Z690-A WiFi DDR4 and DDR5.
-
what is VCU (Validation Control Unit) mailbox in haswell nri
does anyone know what is https://github.com/coreboot/coreboot/blob/b12caef23bc1b29c2e658f2b728cc4beac1e62b9/src/northbridge/intel/haswell/vcu_mailbox.c
-
Need stock ROM for Acer Chromebook CB314 - DROID
Download crosfirmware.sh and run it from command line: bash crosfirmware.sh droid
What are some alternatives?
miragevpn - An opinionated implementation of the OpenVPN protocol
1vyrain - LiveUSB Bootable exploit chain to unlock all features of xx30 ThinkPad machines. WiFi Whitelist, Advanced Menu, Overclocking.
qubes-issues - The Qubes OS Project issue tracker
edk2 - EDK II
unikraft - FlexOS is a Unikraft-based OS allowing users to easily specialize the safety and isolation strategy at compilation time.
u-boot - "Das U-Boot" Source Tree
unikernels - MirageOS unikernels
UEFITool - UEFI firmware image viewer and editor
reason - Simple, fast & type safe code that leverages the JavaScript & OCaml ecosystems
OpenCore-Install-Guide - Repo for the OpenCore Install Guide
lk - LK embedded kernel
thinkpad-firmware-patches - Collection of ThinkPad UEFI patches.