hwbtool: boot signing instructions
hwbtool: don't require key-files
hwbtool: let me set / or /boot LUKS password
An easy to use and reasonably secure source based coreboot setup.
At hacktivista.com, we needed a coreboot setup we could hack easily for the laptops we sell.
Ended up with a very robust and easy to use coreboot setup that uses GRUB as primary payload, works dynamically for end-users, and can be configured to be reasonably safe against physical attacks.
Works on Debian only (I use it on an LXD container).
It only works for X230 and X230t laptops and CH341a SPI flashers, but support for other Thinkpad laptops and other flashers is easy to add, and will be added over time.
hwbtool
git clone
this repocd
to this repoCONFIG_PXE_ROM_ID
on <board-dir>/defconfig
./<board-dir>/flash_ec_firmware.sh
and follow instructions./<board-dir>/flash_spi.sh
and follow instructionshwbtool
That's it!
We also support the setup of T400 and T500 laptops with binary Libreboot ROMs. Simply run ./libreboot-flash_spi.sh <t400|t500>
.
No secondary payloads other than SeaBIOS nor simplified full disk encryption are supported on Libreboot.
Here is documentation on how to update EC firmware previous to Libreboot installation, which is recommended.
Source code is available on https://git.hacktivista.org/hackware-boot.
Bug reports and patches are welcome on https://lists.hacktivista.org/hacktivista-dev.
If you profit out of this software or in base to its derivation, please remember to give back.
In order to increase awareness and create a saner socioeconomic system for libre software I'm providing "reciprocity certificates" that will allow your clients and friends to know that you are contributing back instead of just free riding. To support our work and receive your certificate go to https://hacktivista.org/reciprocity.
This project's code is released under the GPL version 2 or "at your option" any later version.
This is done for compatibility with coreboot's license (GPL 2 only) and Libreboot's license (GPLv3 or later). Maybe the safest for you is to consider the parts of this setup as licensed under the conditions of the software these are based on. If you have other suggestions regarding this copy-mess, please let me know.
Documentation - that is .md files and links to hacktivista.com or hacktivista.org that explain how to do things related to this software - is released under the CC0.