You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

216 lines
9.1 KiB

6 years ago
  1. # Skulls - [Thinkpad X230](https://pcsupport.lenovo.com/en/products/laptops-and-netbooks/thinkpad-x-series-laptops/thinkpad-x230).
  2. ![seabios_bootmenu](front.jpg)
  3. ## Latest release (config overview and version info)
  4. * Get it from our [release page](https://github.com/merge/coreboot-x230/releases)
  5. * The only proprietary binary, the VGA BIOS is executed in "secure" mode ([PCI_OPTION_ROM_RUN_YABEL](https://www.coreboot.org/Coreboot_Options))
  6. ### coreboot
  7. * We simply take coreboot's current state in it's master branch at the time we build a release image.
  8. That's the preferred way to use coreboot. The git revision we use is always included in the release.
  9. ### Intel microcode
  10. * revision `1f` from 2018-02-07 see package [20180312](https://downloadcenter.intel.com/download/27591) under [Intel's license](LICENSE.microcode)
  11. ### SeaBIOS
  12. * version [1.11.1](https://seabios.org/Releases) from 2018-03-19
  13. ## table of contents
  14. * [TL;DR](#tldr)
  15. * [First-time installation](#firsttime-installation)
  16. * [Updating](#updating)
  17. * [Moving to Heads](#moving-to-heads)
  18. * [Why does this work](#why-does-this-work)
  19. ## TL;DR
  20. 1. run `sudo ./x230_before_first_install.sh` on your current X230 Linux system
  21. 2. Power down, remove the battery. Remove the keyboard and palmrest. Connect
  22. a hardware flasher to an external PC (a Raspberry Pi with a SPI 8-pin chip clip
  23. can directly be used), and run
  24. `sudo ./external_install_bottom.sh` on the lower chip
  25. and `sudo ./external_install_top.sh` on the top chip of the two.
  26. 3. For updating later, run `./x230_update.sh`. No need to disassemble.
  27. And always use the latest [released](https://github.com/merge/coreboot-x230/releases)
  28. package. This will be tested. The git master
  29. branch is _not_ meant to be stable. Use it for testing only.
  30. ## First-time installation
  31. ### before you begin
  32. Before starting, run Linux on your X230, install `dmidecode` and run
  33. `sudo ./x230_before_first_install.sh`. It simply prints system information and helps
  34. you find out your RAM voltage. Make sure you have RAM that uses 1,5V, not 1,35V.
  35. ### original BIOS update / EC firmware (optional)
  36. Before flashing coreboot, consider doing one original Lenovo upgrade process
  37. in case you're not running the latest version. This is not supported anymore,
  38. once you're running coreboot (You'd have to manually flash back your backup
  39. images first, see later chapters).
  40. Also, this updates the BIOS _and_ Embedded Controller (EC) firmware. The EC
  41. is not updated anymore, when running coreboot. The latest EC version is 1.14
  42. and that's unlikely to change.
  43. In case you're not running the latest BIOS version, either
  44. * use [the latest original CD](https://support.lenovo.com/at/en/downloads/ds029188) and burn it, or
  45. * use the same, only with a patched EC firmware that allows using any battery:
  46. #### Disable the battery validation check
  47. By default, only original Lenovo batteries are allowed.
  48. Thanks to [this](http://zmatt.net/unlocking-my-lenovo-laptop-part-3/)
  49. [project](https://github.com/eigenmatt/mec-tools) we can use Lenovo's bootable
  50. upgrade image, change it and create a bootable _USB_ image, with an EC update
  51. that allows us to use any 3rd party aftermarket battery:
  52. sudo apt-get install build-essential git mtools libssl-dev
  53. git clone https://github.com/hamishcoleman/thinkpad-ec && cd thinkpad-ec
  54. make patch_disable_keyboard clean
  55. make patch_enable_battery clean
  56. make patched.x230.img
  57. That's it. You can create a bootable USB stick: `sudo dd if=patched.x230.img of=/dev/sdx`
  58. and boot from it. Alternatively, burn `patched.x230.iso` to a CD. And make sure
  59. you have "legacy" boot set, not "UEFI" boot.
  60. ### preparation: required hardware
  61. * An 8 Pin SOIC Clip, for example from
  62. [Pomona electronics](https://www.pomonaelectronics.com/products/test-clips/soic-clip-8-pin)
  63. or alternatively hooks, for example from
  64. [E-Z-Hook](http://catalog.e-z-hook.com/viewitems/test-hooks/e-z-micro-hooks-single-hook-style)
  65. * 6 [female](https://electronics.stackexchange.com/questions/37783/how-can-i-create-a-female-jumper-wire-connector)
  66. [jumper wires](https://en.wikipedia.org/wiki/Jump_wire) to connect the clip to
  67. a hardware flasher
  68. * a hardware flasher
  69. [supported by flashrom](https://www.flashrom.org/Flashrom/0.9.9/Supported_Hardware#USB_Devices)
  70. but we currently only support using a Raspberry Pi
  71. ### open up the X230
  72. Remove the 7 screws of your X230 to remove the keyboard (by pushing it towards the
  73. screen before lifting) and the palmrest. You'll find the chips using the photo
  74. below. This is how the SPI connection looks on both of the X230's chips:
  75. Screen (furthest from you)
  76. __
  77. MOSI 5 --| |-- 4 GND
  78. CLK 6 --| |-- 3 N/C
  79. N/C 7 --| |-- 2 MISO
  80. VCC 8 --|__|-- 1 CS
  81. Edge (closest to you)
  82. ... choose one of the following supported flashing hardware examples:
  83. ### Hardware Example: Raspberry Pi 3
  84. A Raspberry Pi can directly be a flasher through it's I/O pins, see below.
  85. Use a test clip or hooks, see [required hardware](#preparation-required-hardware).
  86. On the RPi we run [Raspbian](https://www.raspberrypi.org/downloads/raspbian/)
  87. and have the following setup:
  88. * [Serial connection](https://elinux.org/RPi_Serial_Connection) using a
  89. "USB to Serial" UART Adapter and picocom or minicom (yes, in this case you
  90. need a second PC connected to the RPi over UART)
  91. * in the SD Cards's `/boot/config.txt` file `enable_uart=1` and `dtparam=spi=on`
  92. * [For flashrom](https://www.flashrom.org/RaspberryPi) we put `spi_bcm2835`
  93. and `spidev` in /etc/modules
  94. * [Connect to a wifi](https://www.raspberrypi.org/documentation/configuration/wireless/wireless-cli.md)
  95. or ethernet to `sudo apt-get install flashrom`
  96. * connect the Clip to the Raspberry Pi 3 (there are
  97. [prettier images](https://github.com/splitbrain/rpibplusleaf) too):
  98. Edge of pi (furthest from you)
  99. (UART)
  100. L GND TX RX CS
  101. E | | | |
  102. F +---------------------------------------------------------------------------------+
  103. T | x x x x x x x x x x x x x x x x x x x x |
  104. | x x x x x x x x x x x x x x x x x x x x |
  105. E +----------------------------------^---^---^---^-------------------------------^--+
  106. D | | | | |
  107. G 3.3V MOSIMISO| GND
  108. E (VCC) CLK
  109. Body of Pi (closest to you)
  110. ![Raspberry Pi at work](rpi_clip.jpg)
  111. Now copy the Skulls release tarball over to the Rasperry Pi and continue on the Pi.
  112. ### Hardware Example: CH341A based
  113. CH341A, a USB interface chip, is used by some cheap memory programmers.
  114. TODO
  115. ### unpack the Skulls release archive
  116. mkdir skulls
  117. tar -xf skulls-x230-<version>.tar.xz -C skulls
  118. cd skulls
  119. ### ifd unlock and me_cleaner: the 8MB chip
  120. The Intel Management Engine resides on the 8MB chip (at the bottom, closer to
  121. you). We don't need to touch it for coreboot-upgrades in the future, but to
  122. enable internal flashing, we need to unlock it once:
  123. sudo ./external_install_bottom.sh -m -k <backup.bin>
  124. That's it. Keep the backup safe.
  125. #### background (just so you know)
  126. * The `-m` option above also runs `me_cleaner -S` before flashing back.
  127. * The `-l` option will (re-)lock your flash ROM, in case you want to force
  128. yourself (and others) to hardware-flashing externally.
  129. * Connecting an ethernet cable as a power-source for SPI (instead of the VCC pin)
  130. is not necessary (some other flashing how-to guides mention this).
  131. Setting a fixed (and low) SPI speed for flashrom offeres the same stability.
  132. Our scripts do this for you.
  133. ### BIOS: the 4MB chip
  134. sudo ./external_install_top.sh -i <release-image-file>.rom -k <backup>
  135. That's it. Keep the backup safe.
  136. ## Updating
  137. Only the "upper" 4MB chip has to be written.
  138. You can again flash externally, using `external_install_top.sh` just like the
  139. first time, see above.
  140. Instead you can run the update directly on your X230
  141. using Linux. That's of course very convenient - just install flashrom from your
  142. Linux distribution - but according to the
  143. [flashrom manpage](https://manpages.debian.org/stretch/flashrom/flashrom.8.en.html)
  144. this is very dangerous:
  145. 1. Boot Linux with the `iomem=relaxed` boot parameter (for example set in /etc/default/grub)
  146. 2. download the latest Skulls release tarball (4MB "top" BIOS image is included) and extract it
  147. 3. run `sudo ./x230_update.sh` for generating all necessary files and instructions
  148. ## Moving to Heads
  149. [Heads](http://osresearch.net/) is an alternative BIOS system with advanced
  150. security features. When having Skulls installed, installing Heads should be
  151. as easy as updating Skulls.
  152. TODO
  153. ## Why does this work?
  154. On the X230, there are 2 physical "BIOS" chips. The "upper" 4MB
  155. one holds the actual bios we can generate using coreboot, and the "lower" 8MB
  156. one holds the rest that you can [modify yourself once](#flashing-for-the-first-time),
  157. if you like, but strictly speaking, you
  158. [don't need to touch it at all](https://www.coreboot.org/Board:lenovo/x230#Building_Firmware).
  159. What's this "rest"?
  160. Mainly a tiny binary used by the Ethernet card and the Intel Management Engine.