Intel Boot Guard is planned for the next Dasharo firmware update. I don’t see a separate ticket for Intel Boot Guard yet on Dasharo, but we have requested our firmware developers team to integrate this. There were some related discussions about this here: Dasharo Enterprise roadmap for reaching fwupd HSI-4 security level · Issue #463 · Dasharo/dasharo-issues · GitHub. Please feel free to join the discussions!
Some users might prefer not to use Intel Boot Guard as firmware modifications are no longer possible, so it will be optional and prompted as a recommended step during the firmware update.
You can switch between S3 (suspend-to-RAM) and S0ix (suspend-to-idle) in the UEFI firmware settings: Dasharo System Features - Dasharo Universe
We now already have SPI write locks: Dasharo System Features - Dasharo Universe
Encrypted RAM is not feasible, as it is not supported by the CPU, unfortunately. This is also the case for the upcoming V54 and V56 Series models.
You can consider using Heads firmware as a better alternative to UEFI Secure Boot: Dasharo coreboot+Heads firmware version - NovaCustom
About the Intel Management Engine (ME), this can be disabled in the UEFI firmware settings and it is disabled for our Heads variant by default. Dasharo System Features - Dasharo Universe
I hope this helps to get a better understanding of our commitment to improve the security of our devices.