December 25, 2025
End Of Manufacturing? End Of Updates!
Dasharo TrustRoot Ephemeral Key Incident
Dasharo’s test-key fiasco leaves laptops stuck, users furious
TLDR: Dasharo fused some laptops with a temporary test key, blocking future updates for affected users. The community split: freedom-loving “owner-controlled” folks defend the model, while others rage at the process and demand recalls or compensation—plus a flood of memes about the “End Of Me” fuse mishap.
Dasharo dropped a bomb: some NovaCustom laptops fused their “forever lock” with the wrong key, meaning future firmware updates are dead on arrival for anyone who fused between Oct 24 and Dec 5. Think of fusing like flipping a tiny switch you can only flip once. Flip it with a test key, and your laptop says “no updates, ever.” Cue meltdown. One commenter called it a supply-chain failure; Reddit dubbed it “TrustRoot turns RustRoot.” Another joked EOM (End of Manufacturing) now stands for “End Of Me.”
The fight got spicy. Fans of “owner-controlled security” say this is the price of freedom; critics say it’s “DIY bricking.” Some blame Intel’s FPF—one-time fuses—with no undo; others blame release engineering: “you had one job—use the production key.” Meanwhile, pragmatists demand real fixes: board swaps, recall, or compensation. The meme crowd ran wild with “test key Tuesday” and “trust, but verify (the key).”
Dasharo’s detailed postmortem and DSB-001 guidance won points for transparency, but trust is wobbling. Supporters praise the honesty; skeptics ask why a “test” anything could ever touch the fuse step. The community agrees on one thing: this is a landmark oops that will reshape how “owner-choice” security is shipped—and safeguarded.
Key Points
- •On December 5, 2025, Dasharo identified that TrustRoot fusing binaries were signed with an ephemeral testing key instead of the production key.
- •Users who fused NovaCustom V540TU/V560TU devices between October 24 and December 5, 2025 may have irreversibly programmed the wrong OEM key hash into FPFs.
- •Because the fuses are One-Time Programmable and the ephemeral key’s private component is unavailable, affected devices cannot receive future firmware updates.
- •Dasharo Tools Suite, based on the Yocto Project, executed the fusing process correctly but was provided the wrong firmware binary due to a release engineering error.
- •Intel Boot Guard’s verification chain and the EOM process make post-fusing software recovery impossible once the FPFs are locked with an incorrect key.