Release 24.12

This is a quarterly release for all supported hardware platforms, and it complies with SLSA v1.0 Level 3 requirements.

Supported Hardware

The following target hardware is supported by this release:

• NVIDIA Jetson AGX Orin
• NVIDIA Jetson Orin NX
• Generic x86 (PC)
• Polarfire Icicle Kit
• Lenovo ThinkPad X1 Carbon Gen 11
• Lenovo ThinkPad X1 Carbon Gen 10
• NXP i.MX 8M Plus (build support only)

What is New in ghaf-24.12

Lenovo X1 Carbon Gen 10/11:

• Chromium replaced with Google Chrome.
• Zoom web application added into comms-vm.
• Xarchiver file compression application added.
• Audio Control, USB, and Network Manager applets added.
• Bluetooth applet added to the system tray.
• The first version of the Control Panel currently supports the following:
  • display resolution and scale settings;
  • locale and timezone settings.
• The System Idle behavior has been reworked: the screen dims after 4 minutes of inactivity, the session locks in 5 minutes, the screen goes off in 7.5 minutes, and the system suspends in 15 minutes.
• User account management has been added. The user sets a username and password when a device is first booted.
• The username is displayed on a lock screen.
• Dynamic updates of Microsoft endpoint URLs.
• A separate configurable repository for adding allowed URLs for business-vm.
• Auto-reconnect hotplugged devices when the VM restarts.
• Wayland security context protocol enabled.
• Refactored application definitions to make it easier to add and remove applications.
• Hardened greetd.service.
• AppArmor enabled.
• Multiple user experience improvements.

Lenovo X1 and NVIDIA Jetson Orin NX/AGX Orin:

• Lock and Log Out buttons moved from the applications menu to the power menu.
• Shutdown and Reboot buttons were removed from the applications menu and are now available in the Power menu.
• The Powerbar module is added to the lock screen.
• Run-time multi-monitor support.
• Taskbar control for four virtual desktops.
• Development, testing, and performance tooling improvements.

Bug Fixes

Fixed bugs that were present in the ghaf-24.09 release:

• It is impossible to change the Wi-Fi network from the Network Settings application.
• Cannot connect to a hidden Wi-Fi network from GUI.
• The taskbar on the extended display is visible only when booting up with an HDMI connection.
• Suspend does not work from the taskbar power menu.
• The Mute status is not visible in the taskbar.
• Bluetooth notification windows stay on a screen.
• Time synchronization between host and VMs does not work in all scenarios.

Release 24.09.4

This patch release is targeted at Secure Laptop (Lenovo X1 Carbon) test participants and brings in new features and bug fixes. Lenovo X1 Carbon has been fully tested for this release, other platforms have been sanity-tested only.

Supported Hardware

• NVIDIA Jetson AGX Orin
• NVIDIA Jetson Orin NX
• Generic x86 (PC)
• Polarfire Icicle Kit
• Lenovo ThinkPad X1 Carbon Gen 11
• Lenovo ThinkPad X1 Carbon Gen 10
• NXP i.MX 8M Plus

What is New in ghaf-24.09.4

Lenovo X1 Carbon Gen 10/11:

• Local and timezone settings are added to the Control Panel.
• The username is displayed on a lock screen.
• The Powerbar module is added to a lock screen.
• System idle behavior reworked.
• Allowed URLs for business-vm are now fetched from the separate configurable repository.

Bug Fixes

• Some cursor types are missing causing a cursor to disappear in some cases.
• Cannot open images and PDF files from the file manager.
• Suspend does not work from the taskbar power menu.

Release 24.09.3

This patch release is targeted at Secure Laptop (Lenovo X1 Carbon) test participants and brings in new features and bug fixes. Lenovo X1 Carbon has been fully tested for this release, other platforms have been sanity-tested only.

Supported Hardware

• NVIDIA Jetson AGX Orin
• NVIDIA Jetson Orin NX
• Generic x86 (PC)
• Polarfire Icicle Kit
• Lenovo ThinkPad X1 Carbon Gen 11
• Lenovo ThinkPad X1 Carbon Gen 10
• NXP i.MX 8M Plus

What is New in ghaf-24.09.3

Lenovo X1 Carbon Gen 10/11:

• Chromium was replaced with Google Chrome.
• Dynamic updates of Microsoft endpoint URLs.
• Updated GALA version 0.1.30 with SACA.
• Bluetooth applet added to the system tray.
• Auto-reconnect hotplugged devices when the VM restarts.

Bug Fixes

• NVIDIA Jetson AGX Orin/Orin NX: the taskbar is no longer available.
• Bluetooth notification windows stay on the screen.
• Audio recording is delayed by several seconds.

Release 24.09.2

This patch release is targeted at Secure Laptop (Lenovo X1 Carbon) test participants and brings in new features and bug fixes. Lenovo X1 Carbon has been fully tested for this release, other platforms have been sanity-tested only.

Supported Hardware

• NVIDIA Jetson AGX Orin
• NVIDIA Jetson Orin NX
• Generic x86 (PC)
• Polarfire Icicle Kit
• Lenovo ThinkPad X1 Carbon Gen 11
• Lenovo ThinkPad X1 Carbon Gen 10
• NXP i.MX 8M Plus

What is New in ghaf-24.09.2

Lenovo X1 Carbon Gen 10/11:

• Wayland security context protocol enabled.
• The timeout of the Autolock feature at which re-entry of login and password is required has been fixed. Also, the screen dim intensity was adjusted.
• Taskbar control for two virtual desktops.
• Taskbar audio and brightness control responsiveness improved.
• The closing widgets feature is available when clicking outside their area.
• Zoom web application added into comms-vm.
• Display resolution and Scale settings added to the Control Panel.

Bug Fixes

• The USB camera is not working on Chromium VM.
• Double login issue with the Autolock feature on.
• The Control Panel is causing a high CPU load in GUI VM.
• Volume and brightness pop-ups do not close automatically.

Release 24.09.1

This patch release is targeted at Secure Laptop (Lenovo X1 Carbon) test participants and brings in new features and bug fixes. Lenovo X1 Carbon has been fully tested for this release, other platforms have been sanity-tested only.

Supported Hardware

This release supports the following target hardware:

• NVIDIA Jetson AGX Orin
• NVIDIA Jetson Orin NX
• Generic x86 (PC)
• Polarfire Icicle Kit
• Lenovo ThinkPad X1 Carbon Gen 11
• Lenovo ThinkPad X1 Carbon Gen 10
• NXP i.MX 8M Plus

What is New in ghaf-24.09.1

Lenovo X1 Carbon Gen 10/11:

• Audio Control and Xarchiver file compression applications.
• Network Manager applet.
• The first version of the Control Panel (mainly non-functional).
• Log Out and Lock buttons were moved to the power menu.
• Shutdown and Reboot buttons were removed from the applications menu and are now available in the Power menu.
• Multiple monitors support.

Bug Fixes

Fixed bugs that were in the ghaf-24.09 release:

• It is impossible to change the Wi-Fi network from the Network Settings application.
• The taskbar on extended display is visible only when booting up with HDMI connected.
• The Mute status is not visible in the taskbar.

Release 24.09

Supported Hardware

This release supports the following target hardware:

• NVIDIA Jetson AGX Orin
• NVIDIA Jetson Orin NX
• Generic x86 (PC)
• Polarfire Icicle Kit
• Lenovo ThinkPad X1 Carbon Gen 11
• Lenovo ThinkPad X1 Carbon Gen 10
• NXP i.MX 8M Plus

What is New in ghaf-24.09

• Lenovo X1 Carbon Gen 10/11:
  • Trusted Business VM with firewall protection containing the following applications: Microsoft 365 (with Outlook and Teams), Trusted Browser, Text Editor, Video Editor.
    • Integrated camera supported with Business VM applications.
  • The previous Element VM was modified to a more generic Comms VM, adding Slack..
  • GlobalProtect VPN client.
  • Centralized logging solution using Grafana.
  • The ZFS file system and Logical Volume Manager (LVM).
  • Storage VM using the NixOS Impermanence framework.
  • USB hot plug supports input, audio, and media devices.
  • USB camera support on Chromium VM.
  • Initial version of file manager.
  • Hardware detection scanner to generate hardware definition files for different laptops.
  • GPU acceleration enabled.
  • YubiKey authentication.
  • The Falcon LLM AI model installed.
  • The greetd login manager with the system automatic screen lock enabled locks screen after 5 minutes of inactivity.
  • The UI Waybar was replaced by the EWW (Elkowars Wacky Widgets) taskbar.
  • Magnification, Sticky Notes, Screenshot, Calculator applications.
  • AppFlowy was disabled.
• NVIDIA Jetson Orin NX:
  • JetPack baseline software updates and fixes.
• Further refactoring and modularization of the Ghaf framework.
• Development, testing, and performance tooling improvements.

Bug Fixes

Fixed bugs that were in the ghaf-24.06 release: N/A

Release 24.06

Supported Hardware

• NVIDIA Jetson AGX Orin
• NVIDIA Jetson Orin NX
• Generic x86 (PC)
• Polarfire Icicle Kit
• Lenovo ThinkPad X1 Carbon Gen 11
• Lenovo ThinkPad X1 Carbon Gen 10
• New in this release: NXP iMX8-MPlus

What is New in ghaf-24.06

• NixOS updated to NixOS 24.05 and further to nixos-unstable
• Labwc used as a default compositor on all platforms. Support for weston removed.
• Static networking with external DNS server support only. Internal DHCP and DNS removed
• affects all new guest VM networking
• Windows VM must be configured with static IP and DNS
• Lenovo X1 Carbon Gen 10/11:
• Image compression using zstd
• Initial vTPM implementation for Application VMs added
• Audio VM with Pipewire backend and pulseaudio TCP remote comms layer
• Multimedia function key passthrough
• Initial implementation of IDS-VM as a defensive network mechanism
• Support for Element chat application
• AppFlowy using Flutter application framework
• GPS location sharing through Element application
• Nvidia Jetson Orin:
• UARTI passthrough
• Jetpack baseline software updates and fixes.
• Further refactoring and modularization of the Ghaf framework
• Development, testing, and performance tooling improvements.

Bug Fixes

• Fixed bugs that were in the ghaf-24.03 release:
• Applications do not open from icons when netvm is restarted
• Closing and re-opening a deck lid of an X1 laptop with running Ghaf causes instability

Release 24.03

Supported Hardware

• NVIDIA Jetson AGX Orin
• NVIDIA Jetson Orin NX
• Generic x86 (PC)
• Polarfire Icicle Kit
• Lenovo ThinkPad X1 Carbon Gen 11
• Lenovo ThinkPad X1 Carbon Gen 10 (new in this release)

What is New in ghaf-24.03

• Lenovo X1 Carbon Gen 10/11
• Labwc window compositor
• weston no longer supported
• Standalone installer
• Hardened host and guest kernel configurations, disabled by default
• Power control (Power Off and Reboot)
• Configurable border colors for application windows
• Initial TPM2-PKCS11 support
• Screen lock, disabled by default
• Minimized systemd
• Nvidia Jetson Orin
• Boot and Power Management virtualization, built as a separate target
• Jetpack baseline software updates and fixes.
• Further modularization of the Ghaf framework: Ghaf as Library: Templates - Ghaf Framework
• Development, testing, and performance tooling improvements.

Bug Fixes

The following issues from the previous release (ghaf-23.12) have been fixed:

• The GALA app does not work
• Copy text from the browser address bar to another application does not work
• Task bar disappears when ext display is disconnected.

Release 23.12

Release 23.12

Release 23.09

ghaf-23.09

Release 23.09