~bpv/website

5a3b29a0333de69d1150f167bb3b5c02fdca5713 — Bryce Vandegrift 2 months ago 2aef1f7
Article on Coreboot
3 files changed, 494 insertions(+), 0 deletions(-)

A blog/corebooting-a-thinkpad-x220/corebooting-a-thinkpad-x220.html
M blog/index.html
M rss.xml
A blog/corebooting-a-thinkpad-x220/corebooting-a-thinkpad-x220.html => blog/corebooting-a-thinkpad-x220/corebooting-a-thinkpad-x220.html +246 -0
@@ 0,0 1,246 @@
<!DOCTYPE html>
<html lang="en" dir="ltr">
<head>
<meta charset="utf-8">
<link rel="icon" href='//brycevandegrift.xyz/p/icon.ico' type="image/x-icon">
<link rel="stylesheet" href='//brycevandegrift.xyz/index.css'>
<title>Corebooting a Thinkpad X220</title>
</head>
<body>
<h1 id="corebooting-a-thinkpad-x220">Corebooting a Thinkpad X220</h1>
<figure>
<img src="https://brycevandegrift.xyz/p/thinkpad.jpg"
alt="My Thinkpad X220" />
<figcaption aria-hidden="true">My Thinkpad X220</figcaption>
</figure>
<h2 id="you-need">You need</h2>
<ul>
<li>A Thinkpad X220</li>
<li>A Raspberry Pi</li>
<li>Female to female jumper wires</li>
<li>SOIC8 test clip</li>
<li>Another computer</li>
</ul>
<h2 id="disassembly">Disassembly</h2>
<p>For disassembly you can watch my video <a
href="https://www.youtube.com/watch?v=hERguULT7Vo">here</a>.</p>
<p>But you’ll just have to remove all the screws with the keyboard icon
and all the screws with the box(ish) icon. (Like I said, you can watch
the video).</p>
<h2 id="attaching-the-clip-to-the-bios-chip">Attaching the clip to the
BIOS chip</h2>
<p>In order to actually read/write to the BIOS chip you need to attach
the SOIC8 clip to the bios chip.</p>
<h3 id="x220-bios-pinout">X220 BIOS pinout</h3>
<pre><code>                   ______
        MOSI  5 --|      |-- 4  GND
         CLK  6 --| BIOS |-- 3  No Connection
No Connection 7 --|      |-- 2  MISO
   VCC (3.3V) 8 --|______|-- 1  CS</code></pre>
<h3 id="raspberry-pi-pinout">Raspberry PI pinout</h3>
<pre><code>                        CS
  1                     |           20
+-----------------------v-------------+
| x x x x x x x x x x x x x x x x x x |
| x x x x x x x x x x x x x x x x x x |
+-----------------^-^-^-^-------------+
 21               | | | |           40
                VCC | | CLK
           MOSI/   \MISO</code></pre>
<h2 id="setting-up-raspberry-pi">Setting up Raspberry PI</h2>
<p>Make sure to update your Raspberry PI and install and the needed
packages as well as flashrom using these commands:</p>
<div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> apt-get update <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> apt-get upgrade</span>
<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> apt-get install build-essential pciutils usbutils libpci-dev libusb-dev libftdi1 libftdi-dev zlib1g-dev</span>
<span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone https://review.coreboot.org/flashrom.git</span>
<span id="cb3-4"><a href="#cb3-4" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> flashrom</span>
<span id="cb3-5"><a href="#cb3-5" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> <span class="at">-j3</span> <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> make install</span></code></pre></div>
<p>Now we need to install ifdtool on the Raspberry PI, you can do that
by running:</p>
<div class="sourceCode" id="cb4"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> ~/coreboot/util/ifdtool</span>
<span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> <span class="at">-j3</span> <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> make install</span></code></pre></div>
<h2 id="reading-the-bios">Reading the BIOS</h2>
<p>First, we are going to create an alias so we don’t need to type in a
long drawn out command every time we want to read/write to the BIOS.</p>
<div class="sourceCode" id="cb5"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="bu">alias</span> fr=<span class="st">&#39;sudo flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=1024&#39;</span></span></code></pre></div>
<p>Now we can get the name of our BIOS chip by just running
<code>fr</code>.</p>
<div class="sourceCode" id="cb6"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span></span></code></pre></div>
<p>The output should give you multiple chip names. All of these are the
same chip just with different names so you can use any of them, mine is
“MX25L6405”. We are going to use this to set a <code>CHIP</code>
variable.</p>
<div class="sourceCode" id="cb7"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="va">CHIP</span><span class="op">=</span><span class="st">&quot;MX25L6405&quot;</span></span></code></pre></div>
<p>We are now ready to read the flash from the BIOS chip. We are going
to do this a few times in order to make sure that the connection is
consistent when reading and writing.</p>
<div class="sourceCode" id="cb8"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash01.bin</span>
<span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash02.bin</span>
<span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash03.bin</span>
<span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a><span class="fu">md5sum</span> flash01.bin flash02.bin flash03.bin</span></code></pre></div>
<p>The output for <code>md5sum</code> for all three of the files should
be exactly the same. If the checksum for all three files are not the
same then <strong>DO NOT CONTINUE!!!</strong> Make sure that your
connection is good and retry until everything reads correctly. (If
necessary, the spispeed can be lowered from 1024 for a more reliable
read).</p>
<h2 id="optional-removing-the-management-engine">(Optional) Removing the
management engine</h2>
<p>First we need to download me_cleaner.</p>
<div class="sourceCode" id="cb9"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb9-1"><a href="#cb9-1" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone https://github.com/corna/me_cleaner ~/me_cleaner</span></code></pre></div>
<p>Now we can run me_cleaner on our flash file, in this case I will be
using <code>flash01.bin</code>.</p>
<div class="sourceCode" id="cb10"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb10-1"><a href="#cb10-1" aria-hidden="true" tabindex="-1"></a><span class="ex">~/me_cleaner/me_cleaner.py</span> <span class="at">-S</span> flash01.bin</span></code></pre></div>
<p>If all goes well you should see a message that says:
<code>Done! Good Luck!</code></p>
<h2 id="separating-the-image">Separating the image</h2>
<p>Now we can run ifdtool on our flash image in order to separate
it.</p>
<div class="sourceCode" id="cb11"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb11-1"><a href="#cb11-1" aria-hidden="true" tabindex="-1"></a><span class="ex">ifdtool</span> <span class="at">-x</span> flash01.bin</span></code></pre></div>
<p>You should now have four different <code>.bin</code> files: 1.
<code>flashregion_0_flashdescriptor.bin</code> 2.
<code>flashregion_1_bios.bin</code> (Not needed) 3.
<code>flashregion_2_intel_me.bin</code> 4.
<code>flashregion_3_gbe.bin</code></p>
<p>We can now rename all the files to have a shorter name.</p>
<div class="sourceCode" id="cb12"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb12-1"><a href="#cb12-1" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> flashregion_0_descriptor.bin descriptor.bin</span>
<span id="cb12-2"><a href="#cb12-2" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> flashregion_2_intel_me.bin me.bin</span>
<span id="cb12-3"><a href="#cb12-3" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> flashregion_3_gbe.bin gbe.bin</span></code></pre></div>
<h2 id="setting-up-coreboot">Setting Up Coreboot</h2>
<p>If you want to compile Coreboot on your Raspberry PI you can go
ahead, however it might take anywhere from a few hours to a few
<strong>DAYS</strong>, so be warned. I copied my “.bin” files to my
laptop in order to compile faster.</p>
<p>Now we want to download the Coreboot repo onto our computer that we
are compiling Coreboot on. (This may take a while).</p>
<div class="sourceCode" id="cb13"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb13-1"><a href="#cb13-1" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone <span class="at">--recursive</span> https://review.coreboot.org/coreboot.git ~/coreboot</span></code></pre></div>
<blockquote>
<h3 id="optional-downloading-vga-bios">(Optional) Downloading VGA
BIOS</h3>
<p>Windows and some Linux distributions rely on the VGA BIOS in order to
display video. So you can optionally download it if you need it.</p>
<div class="sourceCode" id="cb14"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb14-1"><a href="#cb14-1" aria-hidden="true" tabindex="-1"></a><span class="ex">curl</span> <span class="at">-fLO</span> <span class="st">&quot;https://github.com/thetarkus/x220-coreboot-guide/raw/master/vga-8086-0126.bin&quot;</span></span></code></pre></div>
</blockquote>
<p>Now we need to make a directory to place our “.bin” files.</p>
<div class="sourceCode" id="cb15"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb15-1"><a href="#cb15-1" aria-hidden="true" tabindex="-1"></a><span class="fu">mkdir</span> <span class="at">-p</span> ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220</span>
<span id="cb15-2"><a href="#cb15-2" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> descriptor.bin ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220/</span>
<span id="cb15-3"><a href="#cb15-3" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> me.bin ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220/</span>
<span id="cb15-4"><a href="#cb15-4" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> gbe.bin ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220/</span></code></pre></div>
<h2 id="configuring-coreboot">Configuring Coreboot</h2>
<p>On the computer you’re compiling Coreboot with, you’ll need to
install these development packages (or their equivalents). On Ubuntu,
Debian, or any derivative you can run:</p>
<div class="sourceCode" id="cb16"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb16-1"><a href="#cb16-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> apt-get install git build-essential gnat flex bison libncurses5-dev wget zlib1g-dev</span></code></pre></div>
<p>On Void Linux (what I use) I ran:</p>
<div class="sourceCode" id="cb17"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb17-1"><a href="#cb17-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> xbps-install git base-devel ncurses-devel wget zlib-devel gcc-ada</span></code></pre></div>
<p>Now we can go into the Coreboot directory and run
<code>make nconfig</code>.</p>
<div class="sourceCode" id="cb18"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb18-1"><a href="#cb18-1" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> ~/coreboot</span>
<span id="cb18-2"><a href="#cb18-2" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> nconfig</span></code></pre></div>
<p>You should see a menu pop up, now we can configure our Coreboot
build. Below is a list of what needs to be enabled, you can leave the
rest of the settings just the way they are.</p>
<pre><code>General Setup
    - [*] Compress ramstage with LZMA
    - [*] Include coreboot .config file into the ROM image
    - [*] Allow use of binary-only repository

Mainboard
    - Mainboard vendor (Lenovo)
    - Mainboard model (Thinkpad X220)
    - ROM chip size (8192 KB (8 MB))
    - (0x100000) Size of CBFS filesystem in ROM

Chipset
    - [*] Enable VMX for virtualization
    - Include CPU microcode in CBFS (Generate from tree)
    - Flash ROM locking on S3 resume (Don&#39;t lock ROM sections on S3 resume)
    - [*] Add Intel descriptor.bin file
      (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin) Path and filename of the descriptor.bin file
    - [*] Add Intel ME/TXE firmware
      (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin) Path to management engine firmware
    - [*] Add gigabit ethernet firmware
      (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin) Path to gigabit ethernet firmware
      
Devices
    - Graphics initialization (Run VGA Option ROMs)
    - [*] Use native graphics initialization
    - [*] Add a VGA BIOS image
      (/home/$USER/vga-8086-0126.bin) VGA BIOS path and filename
      (8086,0126) VGA device PCI IDs
      
Generic Drivers
    - [*] PS/2 keyboard init
    - [*] Support Intel PCI-e WiFi adapters

Console
    - [*] Squelch AP CPUs from early console.
    - [*] Show POST codes on the debug console

System tables
    - [*] Generate SMBIOS tables

Payload
    - Add a payload (SeaBIOS)
    - SeaBIOS version (master)
    - (3000) PS/2 keyboard controller initialization timeout (milliseconds)
    - [*] Harware init during option ROM execution
    - [*] Include generated option rom that implements legacy VGA BIOS compatibility
    - [*] Use LZMA compression for payloads</code></pre>
<p>You can press <code>F6</code> to save your config and then press
<code>F9</code> to exit. Now we can actually compile Coreboot now.</p>
<blockquote>
<h3 id="optional-create-cross-compiler">(Optional) Create Cross
Compiler</h3>
<p>If you don’t have an <code>i386</code> cross compiler you can make
one by running:</p>
<div class="sourceCode" id="cb20"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb20-1"><a href="#cb20-1" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> crossgcc-i386</span>
<span id="cb20-2"><a href="#cb20-2" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> iasl</span></code></pre></div>
</blockquote>
<p>Let’s compile coreboot by running:</p>
<div class="sourceCode" id="cb21"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb21-1"><a href="#cb21-1" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> <span class="at">-j</span><span class="va">$(</span><span class="fu">nproc</span><span class="va">)</span></span></code></pre></div>
<p>This might take a while.</p>
<p><strong>NOTE</strong>: If you can’t compile Coreboot, try checking
and making sure you did everything correctly.</p>
<h2 id="flashing-coreboot">Flashing Coreboot</h2>
<p><strong>WARNING: Proceed with caution, you can possibly brick your
computer if you are not careful!!!</strong></p>
<p>You should now be left with a file named <code>coreboot.rom</code> in
the <code>~/coreboot</code> directory. You can copy this file back to
your Raspberry PI into order to flash it.</p>
<p>Now let’s go ahead and read our flash chip again to make sure that
our connection is still good.</p>
<div class="sourceCode" id="cb22"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb22-1"><a href="#cb22-1" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash01.bin</span>
<span id="cb22-2"><a href="#cb22-2" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash02.bin</span>
<span id="cb22-3"><a href="#cb22-3" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash03.bin</span>
<span id="cb22-4"><a href="#cb22-4" aria-hidden="true" tabindex="-1"></a><span class="fu">md5sum</span> flash01.bin flash02.bin flash03.bin</span></code></pre></div>
<p>And, like before, if all the checksums match, you can go ahead and
flash <code>coreboot.rom</code>.</p>
<div class="sourceCode" id="cb23"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb23-1"><a href="#cb23-1" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-w</span> coreboot.rom</span></code></pre></div>
<p>Now, for the moment of truth, go ahead and boot your Thinkpad. If it
won’t boot, don’t sweat, just rebuild and try again. If Coreboot won’t
work on your Thinkpad no matter what you try, then you can just flash a
backup of the BIOS that you read earlier and your computer should work
just fine.</p>
<h2 id="aftermath">Aftermath</h2>
<p><strong>Congrats!!!</strong> You successfully freed your computer
from the spying eyes of Intel and your local three letter government
agency. You can now enjoy your computing in peace.</p>
<h3 id="contact">Contact</h3>
<p>If you have any questions or comments you find my contact info on my
home page <a href="https://brycevandegrift.xyz/">here</a>.</p>
</body>
</html>
\ No newline at end of file

M blog/index.html => blog/index.html +2 -0
@@ 14,6 14,8 @@
		<ul>
<!-- SB -->

<li>May 31, 2022 - <a href='https://brycevandegrift.xyz/blog/corebooting-a-thinkpad-x220/corebooting-a-thinkpad-x220.html'>Corebooting a Thinkpad X220</a></li>

<li>May 13, 2022 - <a href='https://brycevandegrift.xyz/blog/gone-for-two-weeks/gone-for-two-weeks.html'>Gone for Two Weeks</a></li>

<li>Mar 07, 2022 - <a href='https://brycevandegrift.xyz/blog/website-redesign/website-redesign.html'>Website Redesign</a></li>

M rss.xml => rss.xml +246 -0
@@ 8,6 8,252 @@
<!-- SB -->

<item>
<title>Corebooting a Thinkpad X220</title>
<guid>https://brycevandegrift.xyz/blog/corebooting-a-thinkpad-x220/corebooting-a-thinkpad-x220.html</guid>
<link>https://brycevandegrift.xyz/blog/corebooting-a-thinkpad-x220/corebooting-a-thinkpad-x220.html</link>
<pubDate>Tue, 31 May 2022 19:45:52 -0500</pubDate>
<description>
<![CDATA[
<h1 id="corebooting-a-thinkpad-x220">Corebooting a Thinkpad X220</h1>
<figure>
<img src="https://brycevandegrift.xyz/p/thinkpad.jpg"
alt="My Thinkpad X220" />
<figcaption aria-hidden="true">My Thinkpad X220</figcaption>
</figure>
<h2 id="you-need">You need</h2>
<ul>
<li>A Thinkpad X220</li>
<li>A Raspberry Pi</li>
<li>Female to female jumper wires</li>
<li>SOIC8 test clip</li>
<li>Another computer</li>
</ul>
<h2 id="disassembly">Disassembly</h2>
<p>For disassembly you can watch my video <a
href="https://www.youtube.com/watch?v=hERguULT7Vo">here</a>.</p>
<p>But you’ll just have to remove all the screws with the keyboard icon
and all the screws with the box(ish) icon. (Like I said, you can watch
the video).</p>
<h2 id="attaching-the-clip-to-the-bios-chip">Attaching the clip to the
BIOS chip</h2>
<p>In order to actually read/write to the BIOS chip you need to attach
the SOIC8 clip to the bios chip.</p>
<h3 id="x220-bios-pinout">X220 BIOS pinout</h3>
<pre><code>                   ______
        MOSI  5 --|      |-- 4  GND
         CLK  6 --| BIOS |-- 3  No Connection
No Connection 7 --|      |-- 2  MISO
   VCC (3.3V) 8 --|______|-- 1  CS</code></pre>
<h3 id="raspberry-pi-pinout">Raspberry PI pinout</h3>
<pre><code>                        CS
  1                     |           20
+-----------------------v-------------+
| x x x x x x x x x x x x x x x x x x |
| x x x x x x x x x x x x x x x x x x |
+-----------------^-^-^-^-------------+
 21               | | | |           40
                VCC | | CLK
           MOSI/   \MISO</code></pre>
<h2 id="setting-up-raspberry-pi">Setting up Raspberry PI</h2>
<p>Make sure to update your Raspberry PI and install and the needed
packages as well as flashrom using these commands:</p>
<div class="sourceCode" id="cb3"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb3-1"><a href="#cb3-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> apt-get update <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> apt-get upgrade</span>
<span id="cb3-2"><a href="#cb3-2" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> apt-get install build-essential pciutils usbutils libpci-dev libusb-dev libftdi1 libftdi-dev zlib1g-dev</span>
<span id="cb3-3"><a href="#cb3-3" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone https://review.coreboot.org/flashrom.git</span>
<span id="cb3-4"><a href="#cb3-4" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> flashrom</span>
<span id="cb3-5"><a href="#cb3-5" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> <span class="at">-j3</span> <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> make install</span></code></pre></div>
<p>Now we need to install ifdtool on the Raspberry PI, you can do that
by running:</p>
<div class="sourceCode" id="cb4"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb4-1"><a href="#cb4-1" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> ~/coreboot/util/ifdtool</span>
<span id="cb4-2"><a href="#cb4-2" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> <span class="at">-j3</span> <span class="kw">&amp;&amp;</span> <span class="fu">sudo</span> make install</span></code></pre></div>
<h2 id="reading-the-bios">Reading the BIOS</h2>
<p>First, we are going to create an alias so we don’t need to type in a
long drawn out command every time we want to read/write to the BIOS.</p>
<div class="sourceCode" id="cb5"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb5-1"><a href="#cb5-1" aria-hidden="true" tabindex="-1"></a><span class="bu">alias</span> fr=<span class="st">&#39;sudo flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=1024&#39;</span></span></code></pre></div>
<p>Now we can get the name of our BIOS chip by just running
<code>fr</code>.</p>
<div class="sourceCode" id="cb6"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb6-1"><a href="#cb6-1" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span></span></code></pre></div>
<p>The output should give you multiple chip names. All of these are the
same chip just with different names so you can use any of them, mine is
“MX25L6405”. We are going to use this to set a <code>CHIP</code>
variable.</p>
<div class="sourceCode" id="cb7"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb7-1"><a href="#cb7-1" aria-hidden="true" tabindex="-1"></a><span class="va">CHIP</span><span class="op">=</span><span class="st">&quot;MX25L6405&quot;</span></span></code></pre></div>
<p>We are now ready to read the flash from the BIOS chip. We are going
to do this a few times in order to make sure that the connection is
consistent when reading and writing.</p>
<div class="sourceCode" id="cb8"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb8-1"><a href="#cb8-1" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash01.bin</span>
<span id="cb8-2"><a href="#cb8-2" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash02.bin</span>
<span id="cb8-3"><a href="#cb8-3" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash03.bin</span>
<span id="cb8-4"><a href="#cb8-4" aria-hidden="true" tabindex="-1"></a><span class="fu">md5sum</span> flash01.bin flash02.bin flash03.bin</span></code></pre></div>
<p>The output for <code>md5sum</code> for all three of the files should
be exactly the same. If the checksum for all three files are not the
same then <strong>DO NOT CONTINUE!!!</strong> Make sure that your
connection is good and retry until everything reads correctly. (If
necessary, the spispeed can be lowered from 1024 for a more reliable
read).</p>
<h2 id="optional-removing-the-management-engine">(Optional) Removing the
management engine</h2>
<p>First we need to download me_cleaner.</p>
<div class="sourceCode" id="cb9"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb9-1"><a href="#cb9-1" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone https://github.com/corna/me_cleaner ~/me_cleaner</span></code></pre></div>
<p>Now we can run me_cleaner on our flash file, in this case I will be
using <code>flash01.bin</code>.</p>
<div class="sourceCode" id="cb10"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb10-1"><a href="#cb10-1" aria-hidden="true" tabindex="-1"></a><span class="ex">~/me_cleaner/me_cleaner.py</span> <span class="at">-S</span> flash01.bin</span></code></pre></div>
<p>If all goes well you should see a message that says:
<code>Done! Good Luck!</code></p>
<h2 id="separating-the-image">Separating the image</h2>
<p>Now we can run ifdtool on our flash image in order to separate
it.</p>
<div class="sourceCode" id="cb11"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb11-1"><a href="#cb11-1" aria-hidden="true" tabindex="-1"></a><span class="ex">ifdtool</span> <span class="at">-x</span> flash01.bin</span></code></pre></div>
<p>You should now have four different <code>.bin</code> files: 1.
<code>flashregion_0_flashdescriptor.bin</code> 2.
<code>flashregion_1_bios.bin</code> (Not needed) 3.
<code>flashregion_2_intel_me.bin</code> 4.
<code>flashregion_3_gbe.bin</code></p>
<p>We can now rename all the files to have a shorter name.</p>
<div class="sourceCode" id="cb12"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb12-1"><a href="#cb12-1" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> flashregion_0_descriptor.bin descriptor.bin</span>
<span id="cb12-2"><a href="#cb12-2" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> flashregion_2_intel_me.bin me.bin</span>
<span id="cb12-3"><a href="#cb12-3" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> flashregion_3_gbe.bin gbe.bin</span></code></pre></div>
<h2 id="setting-up-coreboot">Setting Up Coreboot</h2>
<p>If you want to compile Coreboot on your Raspberry PI you can go
ahead, however it might take anywhere from a few hours to a few
<strong>DAYS</strong>, so be warned. I copied my “.bin” files to my
laptop in order to compile faster.</p>
<p>Now we want to download the Coreboot repo onto our computer that we
are compiling Coreboot on. (This may take a while).</p>
<div class="sourceCode" id="cb13"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb13-1"><a href="#cb13-1" aria-hidden="true" tabindex="-1"></a><span class="fu">git</span> clone <span class="at">--recursive</span> https://review.coreboot.org/coreboot.git ~/coreboot</span></code></pre></div>
<blockquote>
<h3 id="optional-downloading-vga-bios">(Optional) Downloading VGA
BIOS</h3>
<p>Windows and some Linux distributions rely on the VGA BIOS in order to
display video. So you can optionally download it if you need it.</p>
<div class="sourceCode" id="cb14"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb14-1"><a href="#cb14-1" aria-hidden="true" tabindex="-1"></a><span class="ex">curl</span> <span class="at">-fLO</span> <span class="st">&quot;https://github.com/thetarkus/x220-coreboot-guide/raw/master/vga-8086-0126.bin&quot;</span></span></code></pre></div>
</blockquote>
<p>Now we need to make a directory to place our “.bin” files.</p>
<div class="sourceCode" id="cb15"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb15-1"><a href="#cb15-1" aria-hidden="true" tabindex="-1"></a><span class="fu">mkdir</span> <span class="at">-p</span> ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220</span>
<span id="cb15-2"><a href="#cb15-2" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> descriptor.bin ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220/</span>
<span id="cb15-3"><a href="#cb15-3" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> me.bin ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220/</span>
<span id="cb15-4"><a href="#cb15-4" aria-hidden="true" tabindex="-1"></a><span class="fu">mv</span> gbe.bin ~/coreboot/3rdparty/blobs/mainboard/lenovo/x220/</span></code></pre></div>
<h2 id="configuring-coreboot">Configuring Coreboot</h2>
<p>On the computer you’re compiling Coreboot with, you’ll need to
install these development packages (or their equivalents). On Ubuntu,
Debian, or any derivative you can run:</p>
<div class="sourceCode" id="cb16"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb16-1"><a href="#cb16-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> apt-get install git build-essential gnat flex bison libncurses5-dev wget zlib1g-dev</span></code></pre></div>
<p>On Void Linux (what I use) I ran:</p>
<div class="sourceCode" id="cb17"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb17-1"><a href="#cb17-1" aria-hidden="true" tabindex="-1"></a><span class="fu">sudo</span> xbps-install git base-devel ncurses-devel wget zlib-devel gcc-ada</span></code></pre></div>
<p>Now we can go into the Coreboot directory and run
<code>make nconfig</code>.</p>
<div class="sourceCode" id="cb18"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb18-1"><a href="#cb18-1" aria-hidden="true" tabindex="-1"></a><span class="bu">cd</span> ~/coreboot</span>
<span id="cb18-2"><a href="#cb18-2" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> nconfig</span></code></pre></div>
<p>You should see a menu pop up, now we can configure our Coreboot
build. Below is a list of what needs to be enabled, you can leave the
rest of the settings just the way they are.</p>
<pre><code>General Setup
    - [*] Compress ramstage with LZMA
    - [*] Include coreboot .config file into the ROM image
    - [*] Allow use of binary-only repository

Mainboard
    - Mainboard vendor (Lenovo)
    - Mainboard model (Thinkpad X220)
    - ROM chip size (8192 KB (8 MB))
    - (0x100000) Size of CBFS filesystem in ROM

Chipset
    - [*] Enable VMX for virtualization
    - Include CPU microcode in CBFS (Generate from tree)
    - Flash ROM locking on S3 resume (Don&#39;t lock ROM sections on S3 resume)
    - [*] Add Intel descriptor.bin file
      (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/descriptor.bin) Path and filename of the descriptor.bin file
    - [*] Add Intel ME/TXE firmware
      (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/me.bin) Path to management engine firmware
    - [*] Add gigabit ethernet firmware
      (3rdparty/blobs/mainboard/$(MAINBOARDDIR)/gbe.bin) Path to gigabit ethernet firmware
      
Devices
    - Graphics initialization (Run VGA Option ROMs)
    - [*] Use native graphics initialization
    - [*] Add a VGA BIOS image
      (/home/$USER/vga-8086-0126.bin) VGA BIOS path and filename
      (8086,0126) VGA device PCI IDs
      
Generic Drivers
    - [*] PS/2 keyboard init
    - [*] Support Intel PCI-e WiFi adapters

Console
    - [*] Squelch AP CPUs from early console.
    - [*] Show POST codes on the debug console

System tables
    - [*] Generate SMBIOS tables

Payload
    - Add a payload (SeaBIOS)
    - SeaBIOS version (master)
    - (3000) PS/2 keyboard controller initialization timeout (milliseconds)
    - [*] Harware init during option ROM execution
    - [*] Include generated option rom that implements legacy VGA BIOS compatibility
    - [*] Use LZMA compression for payloads</code></pre>
<p>You can press <code>F6</code> to save your config and then press
<code>F9</code> to exit. Now we can actually compile Coreboot now.</p>
<blockquote>
<h3 id="optional-create-cross-compiler">(Optional) Create Cross
Compiler</h3>
<p>If you don’t have an <code>i386</code> cross compiler you can make
one by running:</p>
<div class="sourceCode" id="cb20"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb20-1"><a href="#cb20-1" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> crossgcc-i386</span>
<span id="cb20-2"><a href="#cb20-2" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> iasl</span></code></pre></div>
</blockquote>
<p>Let’s compile coreboot by running:</p>
<div class="sourceCode" id="cb21"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb21-1"><a href="#cb21-1" aria-hidden="true" tabindex="-1"></a><span class="fu">make</span> <span class="at">-j</span><span class="va">$(</span><span class="fu">nproc</span><span class="va">)</span></span></code></pre></div>
<p>This might take a while.</p>
<p><strong>NOTE</strong>: If you can’t compile Coreboot, try checking
and making sure you did everything correctly.</p>
<h2 id="flashing-coreboot">Flashing Coreboot</h2>
<p><strong>WARNING: Proceed with caution, you can possibly brick your
computer if you are not careful!!!</strong></p>
<p>You should now be left with a file named <code>coreboot.rom</code> in
the <code>~/coreboot</code> directory. You can copy this file back to
your Raspberry PI into order to flash it.</p>
<p>Now let’s go ahead and read our flash chip again to make sure that
our connection is still good.</p>
<div class="sourceCode" id="cb22"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb22-1"><a href="#cb22-1" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash01.bin</span>
<span id="cb22-2"><a href="#cb22-2" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash02.bin</span>
<span id="cb22-3"><a href="#cb22-3" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-r</span> flash03.bin</span>
<span id="cb22-4"><a href="#cb22-4" aria-hidden="true" tabindex="-1"></a><span class="fu">md5sum</span> flash01.bin flash02.bin flash03.bin</span></code></pre></div>
<p>And, like before, if all the checksums match, you can go ahead and
flash <code>coreboot.rom</code>.</p>
<div class="sourceCode" id="cb23"><pre
class="sourceCode sh"><code class="sourceCode bash"><span id="cb23-1"><a href="#cb23-1" aria-hidden="true" tabindex="-1"></a><span class="ex">fr</span> <span class="at">-c</span> <span class="st">&quot;</span><span class="va">$CHIP</span><span class="st">&quot;</span> <span class="at">-w</span> coreboot.rom</span></code></pre></div>
<p>Now, for the moment of truth, go ahead and boot your Thinkpad. If it
won’t boot, don’t sweat, just rebuild and try again. If Coreboot won’t
work on your Thinkpad no matter what you try, then you can just flash a
backup of the BIOS that you read earlier and your computer should work
just fine.</p>
<h2 id="aftermath">Aftermath</h2>
<p><strong>Congrats!!!</strong> You successfully freed your computer
from the spying eyes of Intel and your local three letter government
agency. You can now enjoy your computing in peace.</p>
<h3 id="contact">Contact</h3>
<p>If you have any questions or comments you find my contact info on my
home page <a href="https://brycevandegrift.xyz/">here</a>.</p>
]]>
</description>
</item>

<item>
<title>Gone for Two Weeks</title>
<guid>https://brycevandegrift.xyz/blog/gone-for-two-weeks/gone-for-two-weeks.html</guid>
<link>https://brycevandegrift.xyz/blog/gone-for-two-weeks/gone-for-two-weeks.html</link>