Releases: tiiuae/ghaf
Releases · tiiuae/ghaf
Release 25.06
This is a monthly Ghaf release which has been fully tested on Nvidia Orin NX, Nvidia Orin AGX and Lenovo X1 Carbon Gen11 platforms.
This release complies with SLSA v1.0 level 3 requirements.
Supported Hardware
The following target hardware is supported by this release:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Lenovo ThinkPad X1 Carbon Gen 10/11/12/13, Gen9 2-in-1
- Dell Latitude 7230, 7330
- Alienware M18
- NXP i.MX 8M Plus
What's Changed
- version: Bump the version to start the June cycle by @brianmcgillion in #1221
- crazyflie: add the usb passthrough by @brianmcgillion in #1222
- Add GitHub actions security analysis with zizmor by @henrirosten in #1223
- build(deps): bump cachix/install-nix-action from 31.3.0 to 31.4.0 by @dependabot in #1225
- xbox: Add new variant by @brianmcgillion in #1226
- dell: Make network PCI device detection dynamic by @vunnyso in #1220
- Yubikey: Add FIDO2 device authentication for UI user by @mbssrc in #1224
- build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @dependabot in #1230
- bump: updates by @brianmcgillion in #1229
- build(deps): bump github/codeql-action from 3.28.18 to 3.28.19 by @dependabot in #1231
- feat: set COSMIC as default DE, related minor adjustments by @kajusnau in #1217
- build(deps): bump step-security/harden-runner from 2.12.0 to 2.12.1 by @dependabot in #1237
- docs: add ghaf-25.05 release notes by @clayhill66 in #1228
- docs: fix domain cname, improve contrast, and update deps by @humaidq-tii in #1238
- refactor: Modularize acpid and import of mitmproxy by @everton-dematos in #1227
- build(deps): bump github/codeql-action from 3.28.19 to 3.29.0 by @dependabot in #1241
- fix: hardware-scan was broken by @brianmcgillion in #1242
- hardware: add x1 2-in-1 gen9 by @brianmcgillion in #1243
- bump: update to the latest by @brianmcgillion in #1235
- vhotplug: Add option to prepend rules by @vunnyso in #1245
- apparmor: Fix the chrome policy by @brianmcgillion in #1246
- build(deps): bump astral-sh/setup-uv from 6.1.0 to 6.2.1 by @dependabot in #1248
- feat(logging): log service names by @mbssrc in #1250
- fix(bluetooth): remove bluetooth from host by @mbssrc in #1249
- Microvm boot order by @mbssrc in #1169
- build(deps): bump astral-sh/setup-uv from 6.2.1 to 6.3.0 by @dependabot in #1251
- guivm: add service to propagate gui-vm timezone changes to givc by @kajusnau in #1252
- Add GIVC documentation by @mbssrc in #1234
- build(deps): bump cachix/install-nix-action from 31.4.0 to 31.4.1 by @dependabot in #1253
New Contributors
- @everton-dematos made their first contribution in #1227
Full Changelog: ghaf-25.05...ghaf-25.06
Contributors
brianmcgillion, dependabot, and 7 other contributors
Assets 2
Release 25.05
ghaf-25.05
This tag was signed with the committer’s verified signature.
This is a monthly Ghaf release which has been fully tested on Nvidia Orin NX, Nvidia Orin AGX and Lenovo X1 Carbon Gen11 platforms.
This release complies with SLSA v1.0 level 3 requirements.
Supported Hardware
The following target hardware is supported by this release:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Lenovo ThinkPad X1 Carbon Gen 10/11/12/13
- Dell Latitude 7230, 7330
- Alienware M18
- NXP i.MX 8M Plus
What's Changed
- version: start the May release cycle by @brianmcgillion in #1173
- docs: update docs by @brianmcgillion in #1175
- docs: Add x86 GPU PT and hardware acceleration by @vunnyso in #1174
- terminfo: Install terminfo for better rendering by @brianmcgillion in #1176
- cosmic: Add an x1 target to trial cosmic desktop by @brianmcgillion in #1178
- iGPU: Add compute engine offload capability by @brianmcgillion in #1179
- refactor(desktop): remove sticky notes from cosmic, switch to oculante img viewer by @kajusnau in #1171
- cleanup: move packages to dt-gui by @brianmcgillion in #1181
- Docs: add ghaf-25.04 release notes by @clayhill66 in #1182
- Fix GPU Accelleration by @mbssrc in #1183
- bugfix: cleanup display tmp files on logout by @kajusnau in #1180
- docs: Point to new archive by @ktusawrk in #1177
- build(deps): bump cachix/install-nix-action from 31.2.0 to 31.3.0 by @dependabot in #1184
- build(deps): bump github/codeql-action from 3.28.16 to 3.28.17 by @dependabot in #1187
- fix(desktop): adjust ghaf-launcher env vars by @kajusnau in #1190
- New demo tower hardware with RTX 5080 by @mbssrc in #1186
- bump ghaf-givc by @gngram in #1185
- Add security context indicator to COSMIC by @nesteroff in #1193
- bump:wireguard reactivating buttons and improvements by @enesoztrk in #1192
- bump: jetpack-nixos by @TanelDettenborn in #1191
- build(deps): bump actions/dependency-review-action from 4.6.0 to 4.7.0 by @dependabot in #1194
- fix: add configurable password for mitmweb UI by @enesoztrk in #1197
- build(deps): bump actions/dependency-review-action from 4.7.0 to 4.7.1 by @dependabot in #1198
- feat: Kernel version option for NVIDIA Orin NX/AGX targets by @TanelDettenborn in #1195
- refactor: cosmic, labwc docs, desktop improvements by @kajusnau in #1200
- hardware: Add the lenovo x1 gen 13 by @brianmcgillion in #1199
- lenovo-x1-gen11-hardening: build image with dm-verity by @humaidq-tii in #1074
- build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @dependabot in #1204
- bump: standard bump by @brianmcgillion in #1158
- Orin rework by @emrahbillur in #1201
- Remove the older caches by @brianmcgillion in #1209
- fix: Include the latest version of sticky-notes by @brianmcgillion in #1206
- Fix Sticky Notes segfault in Cosmic by @gngram in #1210
- vhotplug: Set precedence of ChromeVM over AudioVM by @vunnyso in #1213
- fix: repair the imx8 building by @brianmcgillion in #1214
- usb: Added a common stub for external usb devices by @vunnyso in #1215
- docs: Migrate to Astro Starlight by @humaidq-tii in #1203
- bump: bump to pick up some fixes by @brianmcgillion in #1218
- Update COSMIC security context indicator patch by @nesteroff in #1205
- bump(ctrl-panel): bump ctrl-panel by @brianmcgillion in #1211
Full Changelog: ghaf-25.04...ghaf-25.05
Bug Fixes
Fixed bugs that were present in the ghaf-25.04 release:
- Sending bug report from Control Panel causes Control Panel to crash
Contributors
brianmcgillion, nesteroff, and 11 other contributors
Assets 2
Release 25.04
This is a monthly Ghaf release which has been fully tested on Nvidia Orin NX, Nvidia Orin AGX and Lenovo X1 Carbon Gen11 platforms. This release contains a major update of upgrading Linux kernel for Nvidia platforms to 6.6.75
This release complies with SLSA v1.0 level 3 requirements.
Supported Hardware
The following target hardware is supported by this release:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Lenovo ThinkPad X1 Carbon Gen 10, 11, 12
- Dell Latitude 7230, 7330
- Alienware M18
- NXP i.MX 8M Plus
What's Changed
- Add netvm kernel params and rtl8126 by @mbssrc in #1108
- Demo desktop by @brianmcgillion in #1107
- docs:add release note 25.03 by @clayhill66 in #1111
- feat(graphics): add idle management configuration option by @kajusnau in #1110
- nvidia: generalize the setup by @brianmcgillion in #1109
- bump: standard bump by @brianmcgillion in #1033
- docs: fix formatting and typo in release note by @clayhill66 in #1116
- Orin NX/AGX: Switch from nvidia bsp 5.15 kernel to upstream 6.6 by @TanelDettenborn in #1115
- vulkan: Add vulkan support for nvidia by @brianmcgillion in #1117
- build(deps): bump actions/dependency-review- 8000 action from 4.5.0 to 4.6.0 by @dependabot in #1118
- build(deps): bump cachix/install-nix-action from 31.0.0 to 31.1.0 by @dependabot in #1119
- VPN: Add wireguard-gui service by @enesoztrk in #1099
- UI Idle management by @mbssrc in #1120
- Update SCS section in Ghaf github.io pages by @ktusawrk in #1123
- Bug fix SSRCSP-5890 by @gngram in #1121
- build(deps): bump step-security/harden-runner from 2.11.0 to 2.11.1 by @dependabot in #1124
- chore: update pull request template by @kajusnau in #1127
- Fix hw name by @brianmcgillion in #1130
- build(deps): bump tj-actions/changed-files from 46.0.3 to 46.0.4 by @dependabot in #1131
- VPN: wireguard-gui integration to ghaf control panel by @enesoztrk in #1129
- debug: add some additional tools by @brianmcgillion in #1132
- feat: power manager module, refactor ghaf-powercontrol by @kajusnau in #1125
- build(deps): bump github/codeql-action from 3.28.13 to 3.28.14 by @dependabot in #1134
- fix: fix the xhci pt in gui-vm by @brianmcgillion in #1133
- bump: need the new firefox by @brianmcgillion in #1122
- fix: devshell by @brianmcgillion in #1136
- vhotplug: Enable type-c display for x86_64 variants by @vunnyso in #1135
- build(deps): bump github/codeql-action from 3.28.14 to 3.28.15 by @dependabot in #1137
- Refactor: Imports structure by @mbssrc in #1085
- Refactor: Add PCI devices to common by @mbssrc in #1138
- Fix typo by @mbssrc in #1140
- Fix ci devshell by @brianmcgillion in #1142
- Github actions: Evaluate devShells by @henrirosten in #1139
- keys: Add Milla to known devs by @brianmcgillion in #1144
- docs: Update Chapter 7. CI/CD in github.io pages by @ktusawrk in #1143
- fix: graphics dropped in refactor by @brianmcgillion in #1145
- build(deps): bump tj-actions/changed-files from 46.0.4 to 46.0.5 by @dependabot in #1146
- firefox: Make in to a reference program by @brianmcgillion in #1147
- desktop: add COSMIC Epoch DE by @kajusnau in #1104
- bump nixos-hardware by @gngram in #1148
- bump: fix wireguard-gui flake file for check command by @enesoztrk in #1151
- bump: nixos-hardware by @gngram in #1153
- Update vhotplug to fix issues with multiple devices with the same VID/PID by @nesteroff in #1149
- keys: Add new nixos key for rodrigo by @brianmcgillion in #1156
- bump: standard bump by @brianmcgillion in #1150
- intel-gpu: Cleanup the intel setup configuration by @vunnyso in #1157
- build(deps): bump cachix/install-nix-action from 31.1.0 to 31.2.0 by @dependabot in #1160
- bugfix: fix Falcon AI app not starting, rework package by @kajusnau in #1154
- Input devices: remove hardcoded evdevs by @mbssrc in #1159
- GhA: Authorize workflow by @henrirosten in #1161
- build(deps): bump step-security/harden-runner from 2.11.1 to 2.12.0 by @dependabot in #1162
- GhA: authorize.yml: url-encode actor by @henrirosten in #1163
- Adapt to microvm changes by @slakkala in #1165
- GhA: warn also on authorize.yml change by @henrirosten in #1166
- Support for AGX 64 GB is added with different target options. by @emrahbillur in #1164
- build(deps): bump github/codeql-action from 3.28.15 to 3.28.16 by @dependabot in #1167
- testing: replace speedtest-cli with ookla by @brianmcgillion in #1168
- Fix: ids-vm networking by @mbssrc in #1170
- version number fix by @brianmcgillion in #1172
New Contributors
Full Changelog: ghaf-25.03...ghaf-25.04
Contributors
brianmcgillion, nesteroff, and 12 other contributors
Assets 2
Release 25.03
This is a quarterly release which is fully tested on Nvidia Orin NX, Nvidia Orin AGX and Lenovo X1 Carbon Gen11 platforms. This release complies with SLSA v1.0 level 3 requirements.
Supported Hardware
The following target hardware is supported by this release:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Lenovo ThinkPad X1 Carbon Gen 10, 11, 12
- Dell Latitude 7230, 7330
- Alienware M18
- Generic x86 (PC)
- NXP i.MX 8M Plus
What is New in ghaf-25.03
Main changes since ghaf-24.12:
- General refactoring and modularization to make Ghaf easy to consume by downstream projects.
- Major updates on upstream dependencies.
- More robust user account management.
- RISC-V Polarfire Icicle Kit builds are currently disabled but can be re-enabled if needed.
- Support for Alienware M18 laptop added.
- Added support for Lenovo ThinkPad X1 Carbon Gen 12.
Lenovo X1 Carbon Gen 10/11:
- Audio device selection and microphone slider are added to the quick settings widget.
- Audio control was removed from the application menu.
- TLS enabled for GIVC.
- Reworked networking:
- 'debug' network removed.
- auto-generation of IP and MAC addresses.
- Disabled Nix tooling in release builds.
- Hotplugging of GPS devices.
- Hardened systemd config in gui-vm.
- Chromecast support on a normal browser.
- Added keybindings to move the active window to the next or previous desktop.
- Logging improvements.
- Window Manager widget added.
- VM-level Audio Control added.
- XDG-handlers using GIVC instead of SSH.
- File system changes for debug builds: ext4 used for root, btrfs for persistence partition.
- MitmWebUI app replaces mitmweb-ui script in chrome-vm.
Nvidia Jetson Orin AGX/NX:
- JetPack 6.2 including NVIDIA Jetson Linux 36.4.3 with Linux kernel 5.15.
- Docker with Nvidia container and CUDA 12.x support.
- Podman support, disabled by default.
Bug Fixes
Fixed bugs that were present in the ghaf-24.12 release:
- A laptop cannot be unlocked after suspension sometimes.
- Audio output via 3.5mm jack doesn't work.
- Missing application menu icons on the first boot after the software installation.
- Location sharing does not work.
- File manager not displaying downloaded file.
- The application menu cannot be accessed using the Windows key
Release 24.12.4
This is a bi-weekly release for Ghaf adding support for Nvidia containers and CUDA 12.x for Nvidia platforms based on JetPack 6
Supported Hardware
The following target hardware is supported by this release:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Lenovo ThinkPad X1 Carbon Gen 10, 11, 12
- Dell Latitude 7230, 7330
- Alienware M18
- Generic x86 (PC)
- NXP i.MX 8M Plus - build support only
What is New in ghaf-24.12.4
- General refactoring and modularization
- Support for Alienware M18 laptop added
Lenovo X1 Carbon / x86 platforms:
- File system changes for debug builds: ext4 used for root, btrfs for persistence partition
- MitmWebUI app replaces mitmweb-ui script in chrome-vm
Nvidia Jetson Orin AGX/NX:
- Docker with Nvidia container and CUDA 12.x support
- Podman support, disabled by default
Bug Fixes
Fixed bugs that were present in the ghaf-24.12.3 release:
- Location sharing does not work
- File manager not displaying downloaded file
Release 24.12.3
This is a bi-weekly release with a major update to JetPack 6.2 for NVIDIA platforms.
Supported Hardware
The following target hardware is supported by this release:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Generic x86 (PC)—build support only
- Lenovo ThinkPad X1 Carbon Gen 10, 11, 12
- NXP i.MX 8M Plus—build support only
What is New in ghaf-24.12.3
Lenovo X1 Carbon:
- Window Manager widget added.
- VM-level Audio Control added.
- XDG-handlers using GIVC instead of SSH.
NVIDIA Jetson Orin AGX/NX:
- JetPack 6.2 including NVIDIA Jetson Linux 36.4.3 with Linux kernel 5.15.
Bug Fixes
- Audio output via 3.5mm jack.
- Missing application menu icons on the first boot after the software installation.
Release 24.12.2
This is a bi-weekly release containing new features and additional hardening for Ghaf.
Supported Hardware
The following target hardware is supported by this release:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Generic x86 (PC) (build support only)
- Lenovo ThinkPad X1 Carbon Gen 10, 11, 12
- NXP i.MX 8M Plus (build support only)
What is New in ghaf-24.12.2
- TLS enabled for GIVC.
- Reworked networking:
- 'debug' network removed
- auto-generation of IP and MAC addresses
- Disabled NIX tooling in release builds.
- Hotplugging of GPS devices.
Lenovo X1 Carbon Gen 10/11:
- Added support for Lenovo ThinkPad X1 Carbon Gen 12.
- Hardened systemd config in gui-vm.
- Chromecast support on a normal browser.
- Added keybindings to move the active window to the next or previous desktop.
- Logging improvements.
Bug Fixes
Element location sharing not working.
Release 24.12.1
This bi-weekly release brings a major update on Ghaf dependencies, most notably the compiler GCC 14 version.
Supported Hardware
This release supports the following target hardware:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Generic x86 (PC) (build support only)
- Lenovo ThinkPad X1 Carbon Gen 11
- Lenovo ThinkPad X1 Carbon Gen 10
- NXP i.MX 8M Plus (build support only)
What is New in ghaf-24.12.1
- Major update on upstream dependencies.
- More robust user account management.
- RISC-V Polarfire Icicle Kit builds are currently disabled but can be re-enabled.
Lenovo X1 Carbon Gen 10/11:
- Audio device selection and microphone slider are added to the quick settings widget.
- Audio control was removed from the application menu.
Bug Fixes
A laptop cannot be unlocked after suspension sometimes.
Release 24.12
This is a quarterly release for all supported hardware platforms, and it complies with SLSA v1.0 Level 3 requirements.
Supported Hardware
This release supports the following target hardware:
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Generic x86 (PC)
- Polarfire Icicle Kit
- Lenovo ThinkPad X1 Carbon Gen 11
- Lenovo ThinkPad X1 Carbon Gen 10
- NXP i.MX 8M Plus (build support only)
What is New in ghaf-24.12
Lenovo X1 Carbon Gen 10/11:
- Chromium replaced with Google Chrome.
- Zoom web application added into comms-vm.
- Xarchiver file compression application added.
- Audio Control, USB, and Network Manager applets added.
- Bluetooth applet added to the system tray.
- The first version of the Control Panel currently supports the following:
- display resolution and scale settings;
- locale and timezone settings.
- The System Idle behavior has been reworked: the screen dims after 4 minutes of inactivity, the session locks in 5 minutes, the screen goes off in 7.5 minutes, and the system suspends in 15 minutes.
- User account management has been added. The user sets a username and password when a device is first booted.
- The username is displayed on a lock screen.
- Dynamic updates of Microsoft endpoint URLs.
- A separate configurable repository for adding allowed URLs for business-vm.
- Auto-reconnect hotplugged devices when the VM restarts.
- Wayland security context protocol enabled.
- Refactored application definitions to make it easier to add and remove applications.
- Hardened greetd.service.
- AppArmor enabled.
- Multiple user experience improvements.
Lenovo X1 and NVIDIA Jetson Orin NX/AGX Orin:
- Lock and Log Out buttons moved from the applications menu to the power menu.
- Shutdown and Reboot buttons were removed from the applications menu and are now available in the Power menu.
- The Powerbar module is added to the lock screen.
- Run-time multi-monitor support.
- Taskbar control for four virtual desktops.
- Development, testing, and performance tooling improvements.
Bug Fixes
Fixed bugs that were present in the ghaf-24.09 release:
- Changing the Wi-Fi network from the Network Settings application is impossible.
- Cannot connect to a hidden Wi-Fi network from GUI.
- The taskbar on the extended display is visible only when booting up with an HDMI connection.
- Suspend does not work from the taskbar power menu.
- The Mute status is not visible in the taskbar.
- Bluetooth notification windows stay on a screen.
- Time synchronization between host and VMs does not work in all scenarios.
Release 24.09.4
This patch release is targeted at Secure Laptop (Lenovo X1 Carbon) test participants and brings in new features and bug fixes. Lenovo X1 Carbon has been fully tested for this release, other platforms have been sanity-tested only.
Supported Hardware
- NVIDIA Jetson AGX Orin
- NVIDIA Jetson Orin NX
- Generic x86 (PC)
- Polarfire Icicle Kit
- Lenovo ThinkPad X1 Carbon Gen 11
- Lenovo ThinkPad X1 Carbon Gen 10
- NXP i.MX 8M Plus
What is New in ghaf-24.09.4
Lenovo X1 Carbon Gen 10/11:
- Local and timezone settings are added to the Control Panel.
- The username is displayed on a lock screen.
- The Powerbar module is added to a lock screen.
- System idle behavior reworked.
- Allowed URLs for business-vm are now fetched from the separate configurable repository.
Bug Fixes
- Some cursor types are missing causing a cursor to disappear in some cases.
- Cannot open images and PDF files from the file manager.
- Suspend does not work from the taskbar power menu.