From e287ee286273b7aa5ca14b1e6fbda469994e99d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Yaroslav=20de=20la=20Pe=C3=B1a=20Smirnov?= Date: Sun, 23 Oct 2022 23:58:50 +0300 Subject: X200 Libreboot --- content/weblog/2022-10-23_x200-libreboot/index.md | 166 +++++++++++++ .../2022-10-23_x200-libreboot/libreboot-01.jpg | Bin 0 -> 810401 bytes .../2022-10-23_x200-libreboot/libreboot-02.jpg | Bin 0 -> 893892 bytes .../2022-10-23_x200-libreboot/libreboot-03.jpg | Bin 0 -> 1116015 bytes .../2022-10-23_x200-libreboot/libreboot-04.jpg | Bin 0 -> 686303 bytes .../2022-10-23_x200-libreboot/x200-soic8.svg | 274 +++++++++++++++++++++ 6 files changed, 440 insertions(+) create mode 100644 content/weblog/2022-10-23_x200-libreboot/index.md create mode 100644 content/weblog/2022-10-23_x200-libreboot/libreboot-01.jpg create mode 100644 content/weblog/2022-10-23_x200-libreboot/libreboot-02.jpg create mode 100644 content/weblog/2022-10-23_x200-libreboot/libreboot-03.jpg create mode 100644 content/weblog/2022-10-23_x200-libreboot/libreboot-04.jpg create mode 100644 content/weblog/2022-10-23_x200-libreboot/x200-soic8.svg (limited to 'content/weblog/2022-10-23_x200-libreboot') diff --git a/content/weblog/2022-10-23_x200-libreboot/index.md b/content/weblog/2022-10-23_x200-libreboot/index.md new file mode 100644 index 0000000..f62d96f --- /dev/null +++ b/content/weblog/2022-10-23_x200-libreboot/index.md @@ -0,0 +1,166 @@ ++++ +title = "Liberating my X200" +date = 2022-10-23T23:56:42 ++++ + +I had wanted to libreboot my trusty old Thinkpad X200 for quite sometime. Only +recently did I get around to librebooting mine. Even though the information on +how to do it is out there and quite good, some of it is spread throughout the +internet and didn't all completely apply to my particular case, hence I decided +to write this post on how I went about flashing Libreboot on my X200. + + + +I had been wanting to flash Libreboot on my X200 ever since I got it, but only +recently did I get around actually doing it. The process isn't hard at all, you +don't need any special skills besides knowing how to use the Linux command line +and not being afraid to open your laptop and connecting some wires to it. + +There's many reasons to want to install Libreboot or Coreboot, some which are +faster boot times, custom payloads, and of course, muh freedumbs. I was mainly +looking for faster boot times and having an almost completely free and open +source laptop without backdoors, i.e. Intel ME[^1]. + +For this I used a CH341A programmer. Yes, the official Libreboot site[^2] warns +against using it, but really it just because of a batch of faulty boards that +deliver 5V instead of 3.3V on the 3.3V pin. That said, if you have a multimeter +lying around it quite easy to make sure that you have a proper CH341A with 3.3V +DC instead of 5V. After plugging my multimeter I found that mine was fine and so +I proceeded to use to flash my laptop. + +Most Thinkpads out there have 16 pin SPI chip, and that's why most information +out there is about them, but mine had an 8 pin. In my case that was better for +me, since the CH341A I bought came with a SOIC8 clip, so I didn't have to buy +a separate clip. I did end up desoldering the cables that came attached to the +clip since I wanted to use jumper female-female cables to connect the clip to +the CH341A. + +[![Unsoldered SOIC8 clip](libreboot-01.jpg)](libreboot-01.jpg) +
+ +Unsoldered SOIC8 clip next to the CH341A with jumper cables already connected to +the board. +
+ +After unsoldering the clip, I went ahead and opened my laptop. It's only +necessary to remove the keyboard and palmrest to get access to the chip. +Removing the keyboard and palmrest assembly is really easy. The only thing that +you need to do is unscrew 8 phillip-head screws which are marked with the +palmrest and the keyboard icons, the push the keyboard towards the screen pull +it up, disconnect it and next lift off the palmrest. You might need to also +disconnect the fingerprint reader if you have one, mine doesn't so I didn't have +to. Also, don't forget to remove the laptop battery and disconnect the CMOS +battery. + +[![Removing keyboard and palmrest](libreboot-02.jpg)](libreboot-02.jpg) +
+ +Removing the keyboard and palmrest. +
+ +After getting the keyboard and palmrest out of the way, there was the chip. All +of those chips have a dot indicating pin 1. It's important to locate pin 1 in +order to know how to properly connect the pins to the flashing board. The +scheme is as follows: + +![Thinkpad X200 SOIC8 scheme](x200-soic8.svg) + +Wire all of the pins on the chip to the following pins on the CH341A: + +1. CS +2. MISO/MIOS +3. _unused_ +4. GND +5. MOSI +6. CLK +7. _unused_ +8. 3.3V + +After wiring up properly the clip to the CH341A, I proceeded to secure the clip +to the chip by making sure that pin 1 was correctly wired to CS on the CH341A. +Then, after making sure that the clip was properly and securely in place, I +proceeded to connect the CH341A to the host computer from which I would be +flashing. **It's very important to first connect the clip and then the board to +the host, otherwise you risk frying your chip and bricking your laptop!** + +[![CH341A connected to the chip](libreboot-03.jpg)](libreboot-03.jpg) +
+ +CH341A connected to the chip and host computer. +
+ +For reading and flashing SPI chips, a program called flashrom is needed, which +is available in most distributions' repos. + +After I checked dmesg to see that the CH341A properly recognized by the host, I +went ahead and proceeded to dump the original firmware. I did this twice to run +a diff on both dumps and make sure that I was getting correct readings before +actually flashing the Libreboot image: + +``` +# flashrom -p ch341a_spi -r bak1.rom +... +# flashrom -p ch341a_spi -r bak2.rom +... +# diff bak1.rom bak2.rom +``` + +I got an empty output from diff, which means that the two reads were +identically, and so I could continue with more confidence that I wouldn't brick +my laptop. Also, from the output, I could gather that my chip was a 4mb one, so +the image that I downloaded was the 20220710 4mb release for the X200. All +Libreboot images can be downloaded from here: +. + +I chose to install the one with grub as first payload and SeaBios as secondary +since I only use Linux. After choosing and downloading the image I proceeded to +flash it: + +``` +# flashrom -p ch341a_spi -w grub_x200_4mb_libgfxinit_corebootfb_usqwerty.rom +``` + +After a couple of minutes of flashing it was done. I was now able to fully enjoy +muh freedumbs. I assembled back the computer and booted it up and there it was, +the libreboot grub menu greeting me. + +Everything was fine until the computer froze, I rebooted it and was greeted by +some weird noise on the screen and nothing else. I fiddled around, dumped the +chip to check it was correctly flashed (it was), tried different images, until +it dawned on me that I had two different RAM sticks on my X200, a 4GB one and a +2GB one. After removing the 2GB one everything went back to normal. + +Libreboot/Coreboot does indeed boot much faster than the native firmware. It +even wakes up instantaneously from sleep, whereas with the native firmware it +would take 1-2s seconds to do so. I also noticed slightly better graphics +performance, which could be attributed to the bigger amount of RAM that is +dedicated to iGPU with Libreboot compared to the native firmware. + +[![X200 Libreboot grub menu](libreboot-04.jpg)](libreboot-04.jpg) +
+ +Muh freedumbs! +
+ +That's it, it really is that easy. After flashing Libreboot it is possible to +flash the SPI chip using software only without having to use an external +flasher. It's as simple as using the flashrom program, except that you use `-p +internal` to let know flashrom that you will be flashing the chip internally. + +If you are interested in making any further modifications to your Libreboot +image, it's best to read the official Libreboot and possibly Coreboot resources. +If, for example, you want to change GRUB's background just as I did, you can +read more about it here: . + +[^1]: The Intel Management Engine is a secondary processor installed on all + Intel chips from circa 2007 onwards. It runs its own OS and environment and + has full control over the machine, furthermore it can't be officially disabled + by the user, and requires measures such as flashing custom firmware or even + soldering/desoldering certain components in order for it to be completely + neutered. It's a huge security risk, but unfortunately one can't be easily + mitigated and continues to be deployed like a virus in all modern x86 + machines. Yes, AMD also has its own version of the ME called the PSP or + Platform Security Processor. Another reason why closed proprietary systems are + a bad thing for privacy, security and freedom. + +[^2]: diff --git a/content/weblog/2022-10-23_x200-libreboot/libreboot-01.jpg b/content/weblog/2022-10-23_x200-libreboot/libreboot-01.jpg new file mode 100644 index 0000000..79219e9 Binary files /dev/null and b/content/weblog/2022-10-23_x200-libreboot/libreboot-01.jpg differ diff --git a/content/weblog/2022-10-23_x200-libreboot/libreboot-02.jpg b/content/weblog/2022-10-23_x200-libreboot/libreboot-02.jpg new file mode 100644 index 0000000..c28099f Binary files /dev/null and b/content/weblog/2022-10-23_x200-libreboot/libreboot-02.jpg differ diff --git a/content/weblog/2022-10-23_x200-libreboot/libreboot-03.jpg b/content/weblog/2022-10-23_x200-libreboot/libreboot-03.jpg new file mode 100644 index 0000000..fc619a4 Binary files /dev/null and b/content/weblog/2022-10-23_x200-libreboot/libreboot-03.jpg differ diff --git a/content/weblog/2022-10-23_x200-libreboot/libreboot-04.jpg b/content/weblog/2022-10-23_x200-libreboot/libreboot-04.jpg new file mode 100644 index 0000000..f393229 Binary files /dev/null and b/content/weblog/2022-10-23_x200-libreboot/libreboot-04.jpg differ diff --git a/content/weblog/2022-10-23_x200-libreboot/x200-soic8.svg b/content/weblog/2022-10-23_x200-libreboot/x200-soic8.svg new file mode 100644 index 0000000..dea8970 --- /dev/null +++ b/content/weblog/2022-10-23_x200-libreboot/x200-soic8.svg @@ -0,0 +1,274 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3