Release ghaf-25.09.3
This release is an update for x86 platforms, full testing has been performed with Lenovo X1 Carbon Gen11 and System76 Darter Pro
Release Tag
Section titled “Release Tag”https://github.com/tiiuae/ghaf/releases/tag/ghaf-25.09.3
Supported Hardware
Section titled “Supported Hardware”The following target hardware is supported by this release:
- Lenovo ThinkPad X1 Carbon Gen 10/11/12/13, Gen9 2-in-1
- Dell Latitude 7230, 7330
- Alienware M18
- System76 Darter Pro
What’s Changed
Section titled “What’s Changed”- version: bump for the next release target by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1429
- docs: bump core versions by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1430
- Yubikey: Remove unused authorizedYubikeys by @vunnyso in https://github.com/tiiuae/ghaf/pull/1428
- docs: add 25.09.2 rel note by @clayhill66 in https://github.com/tiiuae/ghaf/pull/1435
- Add tls_config support to alloy server by @everton-dematos in https://github.com/tiiuae/ghaf/pull/1433
- build(deps): bump actions/dependency-review-action from 4.7.3 to 4.8.0 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1440
- build(deps): bump astro from 5.13.10 to 5.14.1 in /docs by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1441
- build(deps): bump cachix/install-nix-action from 31.6.2 to 31.7.0 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1439
- build(deps): bump github/codeql-action from 3.30.3 to 3.30.5 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1442
- power: allow system vms to shutdown gracefully, preserve audio on shutdown by @kajusnau in https://github.com/tiiuae/ghaf/pull/1434
- Jetpack mainline by @brianmcgillion in https://github.com/tiiuae/ghaf/pull/1332
- Add ghaf-killswitch doc & Bump ghafpkgs for fix by @vunnyso in https://github.com/tiiuae/ghaf/pull/1437
- Service hardenings by @enesoztrk in https://github.com/tiiuae/ghaf/pull/1436
- Audio: Drop the removePciDevice workaround by @vunnyso in https://github.com/tiiuae/ghaf/pull/1443
- Extending attack-mitigation module options by @enesoztrk in https://github.com/tiiuae/ghaf/pull/1438
- Enable TLS for alloy client to server by @everton-dematos in https://github.com/tiiuae/ghaf/pull/1444
- build(deps): bump github/codeql-action from 3.30.5 to 3.30.6 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1447
- build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by @dependabot[bot] in https://github.com/tiiuae/ghaf/pull/1448
Full Changelog: https://github.com/tiiuae/ghaf/compare/ghaf-25.09.2…ghaf-25.09.3
Bug fixes
Section titled “Bug fixes”Fixed bugs that were present in the previous release
- Battery drains fast after suspend
- GUI not launched if booting with Yubikey
Known Issues and Limitations
Section titled “Known Issues and Limitations”| Issue | Status | Comments |
|---|---|---|
| x86 | ||
| (System76 only) Suspension has been disabled | In Progress | |
| Can’t share Trusted Browser window in Teams | In Progress | Issue is under investigation |
| Using audio through USB device may cause instability | In Progress | Workaround: Use either internal speaker or headphones with 3.5mm jack |
| Downloading large file (10G) crashes the browser | In progress | Issue is under investigation |
| Unlock with fingerprint doesn’t work | In Progress | Issue is under investigation |
| Audio control not working after suspend | In Progress | Issue is under investigation |
Installation Instructions
Section titled “Installation Instructions”Released images are available at https://archive.vedenemo.dev/ghaf-25.09.3/
Download the required image and use the following instructions: Build and Run.