Martin Kepplinger fdfaa11bc5 | 3 years ago | |
---|---|---|
.. | ||
.gitignore | 5 years ago | |
LICENSE | 6 years ago | |
NEWS | 3 years ago | |
README.md | 4 years ago | |
bootsplash.jpg | 6 years ago | |
bootsplash.xcf | 6 years ago | |
build.sh | 5 years ago | |
ch341a.jpg | 6 years ago | |
compile.sh | 6 years ago | |
external_install_bottom.sh | 3 years ago | |
external_install_top.sh | 3 years ago | |
free-defconfig-a2642d0ffe | 3 years ago | |
front.jpg | 6 years ago | |
nonfree-defconfig-a2642d0ffe | 3 years ago | |
pci8086,0166.rom | 6 years ago | |
release.sh | 4 years ago | |
rpi_clip.jpg | 6 years ago | |
soic8.png | 5 years ago | |
util | 5 years ago | |
x230_heads.sh | 4 years ago | |
x230_heads_extract_blobs.sh | 5 years ago | |
x230_skulls.sh | 4 years ago |
Get it from our release page
0x21
from 2019-02-13We release multiple different, but very similar images you can choose from. They all should work on all versions of the X230. These are the differences; (xxxxxxxxxx stands for random characters in the filename):
x230_coreboot_seabios_xxxxxxxxxx_top.rom
includes the proprietary
VGA BIOS from Intel
which is non-free software. It is executed in "secure" mode.x230_coreboot_seabios_free_xxxxxxxxxx_top.rom
includes the
VGA BIOS
SeaVGABIOS which is free software.
While technically more interesting, visually this is currently not as
beautiful:
sudo ./x230_skulls.sh
on your current X230 Linux systemsudo ./external_install_bottom.sh
on the lower chip
and sudo ./external_install_top.sh
on the top chip of the two../x230_skulls.sh
. No need to disassemble.And always use the latest released package. This will be tested. The git master branch is not meant to be stable. Use it for testing only.
Run Linux on your X230, install dmidecode
and run
sudo ./x230_skulls.sh
. It simply prints system information and
helps you to be up to date.
Make sure you have the latest skulls-x230 package release by running
./x230_skulls.sh -U
.
If the script, sudo ./x230_skulls.sh
says "The installed original BIOS is very
old.", it means that you have a BIOS version that may include an EC version
older than 1.14.
If that's the case, consider doing one original Lenovo upgrade process. This is not supported anymore, once you're running coreboot (You'd have to manually flash back your backup images first, see later chapters).
This updates the BIOS and Embedded Controller (EC) firmware. The EC is not updated anymore, when running coreboot. Since official BIOS release 2.77 and its EC version 1.15 Lenovo includes a digital signature check, which prevents further firmware patching.
You have 2 options:
Remove the 7 screws of your X230 to remove the keyboard (by pushing it towards the screen before lifting) and the palmrest. You'll find the chips using the photo below. This is how the SPI connection looks like on both of the X230's chips:
Screen (furthest from you)
Edge (closest to you)
... choose one of the following supported flashing hardware examples:
A Raspberry Pi can directly be a flasher through it's I/O pins, see below. Use a test clip or hooks, see required hardware.
On the RPi we run Raspbian and have the following setup:
Connect to the console: Either
picocom -b 115200 /dev/ttyUSB0
) or minicomin the SD Cards's /boot/config.txt
file enable_uart=1
and dtparam=spi=on
For flashrom we put spi_bcm2835
and spidev
in /etc/modules
Connect to a wifi
or ethernet to sudo apt-get install flashrom
connect the Clip to the Raspberry Pi 3 (there are prettier images too):
Edge of pi (furthest from you)
(UART)
L GND TX RX CS
E | | | |
F +---------------------------------------------------------------------------------+
T | x x x x x x x x x x x x x x x x x x x x |
| x x x x x x x x x x x x x x x x x x x x |
E +----------------------------------^---^---^---^-------------------------------^--+
D | | | | |
G 3.3V MOSIMISO| GND
E (VCC) CLK
Body of Pi (closest to you)
Now copy the Skulls release tarball over to the Rasperry Pi and continue on the Pi.
The CH341A from Winchiphead, a USB interface chip, is used by some cheap memory programmers. The one we describe can be bought at aliexpress, but it's available elsewhere too. This means you need a different computer running a Linux based system here. Also, we don't use the included 3,3V power output (provides too little power), but a separate power supply. If you don't have any, consider getting a AMS1117 based supply for a second USB port (like this or this).
tar -xf skulls-x230-<version>.tar.xz
cd skulls-x230-<version>
Flashing the bottom chip (closer to you) is optional but highly recommended. It has the same pinout as the upper chip. When you don't unlock the bottom chip with an external flasher, you can't flash internally and fix the security issues in the Intel Management Engine.
sudo ./external_install_bottom.sh -m -k <backup-file-to-create>
That's it. Keep the backup safe. Here are the options (just so you know):
-m
option applies me_cleaner -S -d
before flashing back, see
me_cleaner.-l
option will (re-)lock your flash ROM, in case you want to force
yourself (and others) to hardware-flashing, see updating.Now it's time to make your choice! Choose one of the images included in our release and select it during running:
sudo ./external_install_top.sh -k <backup-file-to-create>
This selects and flashes it and that's it. Keep the backup safe, assemble and turn on the X230. coreboot will do hardware init and start SeaBIOS.
If you have locked your flash (i.e. ./external_install_bottom -l
) you can
flash externally using external_install_top.sh
just like the
first time, see above. Only the "upper" 4MB chip has to be written.
It is recommended to do the the update directly on your X230 using Linux
though. This is considered more safe for your hardware and is very convenient -
just install the "flashrom" program and run ./x230_skulls.sh
, see below.
iomem=relaxed
boot parameter (for example in /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT
)./x230_skulls.sh -U
.sudo ./x230_skulls.sh
and choose the image to flash.Hint: In case your Linux distribution's GRUB bootloader doesn't use the full
screen, put the line GRUB_GFXMODE=1366x768x32
in your /etc/default/grub
file
(and run update_grub
).
Heads is an alternative BIOS system with advanced security features. It's more complicated to use though. When having Skulls installed, installing Heads is as easy as updating Skulls. You can directly start using it:
iomem=relaxed
boot parameterbuild/x230/coreboot.rom
to Skulls' x230 directorysudo ./x230_heads.sh
That's it. Heads is a completely different project. Please read the documentation for how to use it and report bugs over there
Switching back to Skulls is the same as updating. Just run
./x230_skulls.sh
.
On the X230, there are 2 physical "BIOS" chips. The "upper" 4MB one holds the actual bios we can generate using coreboot, and the "lower" 8MB one holds the rest that you can modify yourself once, if you like, but strictly speaking, you don't need to touch it at all. What's this "rest"? Mainly a tiny binary used by the Ethernet card and the Intel Management Engine. Read the coreboot documentation for more details.
git clone https://github.com/merge/skulls
cd skulls/x230
git checkout 0.1.5
for the release you want to build. In this example 0.1.5../build.sh
and choose the configuration you want to buildIn order to create your own splashscreen image, before building,
overwrite the splashscreen.jpg
with your own JPEG, using