From 8b2219bfa2da36e7809588ef723a10483a6e137f Mon Sep 17 00:00:00 2001
From: Francis Rowe <info@gluglug.org.uk>
Date: Wed, 05 Nov 2014 20:52:36 -0500
Subject: Documentation: *major* cleanup.
Cleanup was long overdue. Old structure was messy and inefficient.
---
(limited to 'docs/howtos')
diff --git a/docs/howtos/cbfstool_libreboot5_strace b/docs/howtos/cbfstool_libreboot5_strace
deleted file mode 100644
index 7e3794f..0000000
--- a/docs/howtos/cbfstool_libreboot5_strace
+++ /dev/null
@@ -1,48 +0,0 @@
-# strace ./cbfstool coreboot.rom add -n grub.cfg -f grub.cfg -t raw
-execve("./cbfstool", ["./cbfstool", "coreboot.rom", "add", "-n", "grub.cfg", "-f", "grub.cfg", "-t", "raw"], [/* 25 vars */]) = 0
-brk(0) = 0x9577000
-access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
-mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb76f6000
-access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
-open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
-fstat64(3, {st_mode=S_IFREG|0644, st_size=94605, ...}) = 0
-mmap2(NULL, 94605, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb76de000
-close(3) = 0
-access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
-open("/lib/i386-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
-read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\232\1\0004\0\0\0"..., 512) = 512
-fstat64(3, {st_mode=S_IFREG|0755, st_size=1775080, ...}) = 0
-mmap2(NULL, 1784604, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb752a000
-mmap2(0xb76d8000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ae) = 0xb76d8000
-mmap2(0xb76db000, 11036, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb76db000
-close(3) = 0
-mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7529000
-set_thread_area({entry_number:-1 -> 6, base_addr:0xb7529900, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
-mprotect(0xb76d8000, 8192, PROT_READ) = 0
-mprotect(0x8067000, 4096, PROT_READ) = 0
-mprotect(0xb7719000, 4096, PROT_READ) = 0
-munmap(0xb76de000, 94605) = 0
-brk(0) = 0x9577000
-brk(0x9598000) = 0x9598000
-open("grub.cfg", O_RDONLY) = 3
-fstat64(3, {st_mode=S_IFREG|0644, st_size=810, ...}) = 0
-mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb76f5000
-fstat64(3, {st_mode=S_IFREG|0644, st_size=810, ...}) = 0
-_llseek(3, 0, [0], SEEK_SET) = 0
-read(3, "set default=\"0\"\nset timeout=1\nse"..., 810) = 810
-_llseek(3, 810, [810], SEEK_SET) = 0
-close(3) = 0
-munmap(0xb76f5000, 4096) = 0
-open("coreboot.rom", O_RDONLY) = 3
-fstat64(3, {st_mode=S_IFREG|0644, st_size=2097152, ...}) = 0
-mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb76f5000
-fstat64(3, {st_mode=S_IFREG|0644, st_size=2097152, ...}) = 0
-_llseek(3, 2097152, [2097152], SEEK_SET) = 0
-_llseek(3, 0, [0], SEEK_SET) = 0
-mmap2(NULL, 2101248, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7328000
-read(3, "LARCHIVE\0\0\6\30\0\0\1\252\0\0\0\0\0\0\0(cmos_lay"..., 2097152) = 2097152
-close(3) = 0
-munmap(0xb76f5000, 4096) = 0
---- SIGSEGV (Segmentation fault) @ 0 (0) ---
-+++ killed by SIGSEGV +++
-Segmentation fault
diff --git a/docs/howtos/configuring_parabola.html b/docs/howtos/configuring_parabola.html
deleted file mode 100644
index 56c5420..0000000
--- a/docs/howtos/configuring_parabola.html
+++ /dev/null
@@ -1,784 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- div.important {
- background-color:#ccc;
- }
- </style>
-
- <title>Configuring Parabola (post-install)</title>
-</head>
-
-<body>
- <header>
- <h1 id="pagetop">Configuring Parabola (post-install)</h1>
- <aside>Or <a href="../index.html">back to main index</a></aside>
- </header>
-
-<hr/>
-
- <h2>Table of Contents</h2>
- <ul>
- <li>
- <a href="#pacman_configure">Configuring pacman</a>
- <ul>
- <li><a href="#pacman_update">Updating Parabola</a></li>
- <li>
- <a href="#pacman_maintain">Maintaining Parabola during system updates</a>
- <ul>
- <li><a href="#pacman_cacheclean">Clearing package cache after updating</a></li>
- <li><a href="#pacman_commandequiv">Pacman command equivalents (compared to other package managers)</a></li>
- </ul>
- </li>
- <li><a href="#yourfreedom">your-freedom</a></li>
- </ul>
- </li>
- <li><a href="#useradd">Add a user account</a></li>
- <li><a href="#systemd">System D</a></li>
- <li><a href="#interesting_repos">Interesting repositories</a></li>
- <li>
- <a href="#network">Setup a network connection in Parabola</a>
- <ul>
- <li><a href="#network_hostname">Setting hostname</a></li>
- <li><a href="#network_status">Network status</a></li>
- <li><a href="#network_devicenames">Network interface names</a></li>
- <li><a href="#network_setup">Network setup</a></li>
- </ul>
- </li>
- <li><a href="#system_maintain">System maintenance</a> - important!</li>
- <li>
- <a href="#desktop">Configuring the desktop</a>
- <ul>
- <li><a href="#desktop_xorg">Install Xorg</a></li>
- <li><a href="#desktop_kblayout">Xorg keyboard layout</a></li>
- <li><a href="#desktop_lxde">Install LXDE</a></li>
- <li><a href="#lxde_clock">LXDE - clock</a></li>
- <li><a href="#lxde_font">LXDE - font</a></li>
- <li><a href="#lxde_screenlock">LXDE - screenlock</a></li>
- <li><a href="#lxde_automount">LXDE - automounting</a></li>
- <li><a href="#lxde_suspend">LXDE - disable suspend</a></li>
- <li><a href="#lxde_battery">LXDE - battery monitor</a></li>
- <li><a href="#lxde_network">LXDE - network manager</a></li>
- </ul>
- </li>
- </ul>
-
-<hr/>
-
- <p>
- While not strictly related to the libreboot project, this guide
- is intended to be useful for those interested in installing
- Parabola on their libreboot machine. This is also beneficial because development
- is now being done on Parabola, where Trisquel is no longer used by the maintainer
- at the time of writing.
- </p>
-
- <p>
- It details configuration steps that I took after installing the base system,
- as a follow up to <a href="encrypted_parabola.html">encrypted_parabola.html</a>.
- This guide is likely to become obsolete at a later date (due to the volatile
- 'rolling-release' model that Arch/Parabola both use), but attempts will be made to maintain it.
- </p>
-
- <p>
- <b>
- This guide was valid on 2014-09-21. If you see any changes that should to be made at the present date, please get in touch
- with the libreboot project!
- </b>
- </p>
-
- <p>
- You do not necessarily have to follow this guide word-for-word; <i>parabola</i> is extremely flexible.
- The aim here is to provide a common setup that most users will be happy with. While Parabola
- can seem daunting at first glance (especially for new GNU/Linux users), with a simple guide it can provide
- all of the same usability as Trisquel, without hiding any details from the user.
- </p>
-
- <p>
- Paradoxically, as you get more advanced Parabola can actually become <i>easier to use</i>
- when you want to setup your machine in a special way compared to what most distributions provide.
- You will find over time that other distributions tend to <i>get in your way</i>.
- </p>
-
- <p>
- <b>
- This guide assumes that you already have Parabola installed. If you have not yet installed Parabola,
- then <a href="encrypted_parabola.html">this guide</a> is highly recommended!
- </b>
- </p>
-
- <p>
- A lot of the steps in this guide will refer to the Arch wiki. Arch is the upstream distribution that Parabola uses.
- Most of this guide will also tell you to read wiki articles, other pages, manuals, and so on. In general it tries
- to cherry pick the most useful information but nonetheless you are encouraged to learn as much as possible.
- <b>It might take you a few days to fully install your system how you like, depending on how much you need to read. Patience is key,
- especially for new users</b>.
- </p>
-
- <p>
- The Arch wiki will sometimes use bad language, such as calling the whole system Linux, using the term open-source (or closed-source),
- and it will sometimes recommend the use of proprietary software. You need to be careful about this when reading anything on the
- Arch wiki.
- </p>
-
- <p>
- Some of these steps require internet access. I'll go into networking later but for now, I just connected
- my machine to a switch and did:<br/>
- # <b>systemctl start dhcpcd.service</b><br/>
- You can stop it later by running:<br/>
- # <b>systemctl stop dhcpcd.service</b><br/>
- For most people this should be enough, but if you don't have DHCP on your network then you should setup your network connection first:<br/>
- <a href="#network">Setup network connection in Parabola</a>
- </p>
-
-<hr/>
-
- <h2 id="pacman_configure">Configure pacman</h2>
- <p>
- pacman (<b>pac</b>kage <b>man</b>ager) is the name of the package management system in Arch, which Parabola
- (as a deblobbed parallel effort) also uses. Like with 'apt-get' on debian-based systems like Trisquel,
- this can be used to add/remove and update the software on your computer.
- </p>
- <p>
- Based on <a href="https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman">https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman</a>
- and from reading <a href="https://wiki.archlinux.org/index.php/Pacman">https://wiki.archlinux.org/index.php/Pacman</a> (make sure to read and understand this,
- it's very important) and
- <a href="https://wiki.parabolagnulinux.org/Official_Repositories">https://wiki.parabolagnulinux.org/Official_Repositories</a>
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="pacman_update">Updating Parabola</h3>
- <p>
- In the end, I didn't change my configuration for pacman. When you are updating, resync with the latest package names/versions:<br/>
- # <b>pacman -Syy</b><br/>
- (according to the wiki, -Syy is better than Sy because it refreshes the package list even if it appears to be up to date,
- which can be useful when switching to another mirror).<br/>
- Then, update the system:<br/>
- # <b>pacman -Syu</b>
- </p>
- <p>
- <b>
- Before installing packages with 'pacman -S', always update first, using the notes above.
- </b>
- </p>
- <p>
- Keep an eye out on the output, or read it in /var/log/pacman.log. Sometimes, pacman will show messages
- about maintenance steps that you will need to perform with certain files (typically configurations)
- after the update. Also, you should check both the Parabola and Arch home pages to see if they mention any issues.
- If a new kernel is installed, you should also update to be able to use it (the currently running kernel will
- also be fine). It's generally good enough to update Parabola once every week, or maybe twice. As a
- rolling release distribution, it's a good idea never to leave your install too outdated; update regularly. This
- is simply because of the way the project works; old packages are deleted from the repositories quickly, once they are updated.
- A system that hasn't been updated for quite a while will mean potentially more reading of previous posts through the website,
- and more maintenance work.
- </p>
- <p>
- The Arch forum can also be useful, if others have the same issue as you (if you encounter issues, that is). Parabola's
- IRC channel (#parabola on freenode) can also help you.
- </p>
- <p>
- Due to this and the volatile nature of Parabola/Arch, you should only update when you have at least a couple hours of spare time
- in case of issues that need to be resolved. You should never update, for example, if you need your system for an important event,
- like a presentation or sending an email to an important person before an allocated deadline, and so on.
- </p>
- <p>
- Relax - packages are well-tested regularly when new updates are made to the repositories. Separate 'testing' repositories
- exist for this exact reason. Despite what many people will tell you, Parabola is fairly stable and trouble-free,
- so long as you are aware of how to check for issues, and are willing to spend some time fixing issues in
- the rare event that they do occur.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="pacman_maintain">Maintaining Parabola</h3>
- <p>
- Parabola is a very simple distro, in the sense that you are in full control
- and everything is made transparent to you. One consequence is
- that you also need to know what you are doing, and what you have done before. In general, keeping notes (such as what I have done
- with this page) can be very useful as a reference in the future (if you wanted to re-install it or install the distro
- on another computer, for example).
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h4 id="pacman_cacheclean">Cleaning the package cache</h4>
- <p>
- <b>
- The following is very important as you continue to use, update and maintain your Parabola system:<br/>
- <a href="https://wiki.archlinux.org/index.php/Pacman#Cleaning_the_package_cache">https://wiki.archlinux.org/index.php/Pacman#Cleaning_the_package_cache</a>.
- Essentially, this guide talks about a directory that has to be cleaned once in a while, to prevent it from growing too big (it's a cache
- of old package information, updated automatically when you do anything in pacman).
- </b>
- </p>
- <p>
- To clean out all old packages that are cached:<br/>
- # <b>pacman -Sc</b>
- </p>
- <p>
- The wiki cautions that this should be used with care. For example, since older packages are deleted from the repo,
- if you encounter issues and want to revert back to an older package then it's useful to have the caches available.
- Only do this if you are sure that you won't need it.
- </p>
- <p>
- The wiki also mentions this method for removing everything from the cache, including currently installed packages that are cached:<br/>
- # <b>pacman -Scc</b><br/>
- This is inadvisable, since it means re-downloading the package again if you wanted to quickly re-install it. This should only be used
- when disk space is at a premium.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h4 id="pacman_commandequiv">pacman command equivalents</h4>
- <p>
- The following table lists other distro package manager commands, and their equivalent in pacman:<br/>
- <a href="https://wiki.archlinux.org/index.php/Pacman_Rosetta">https://wiki.archlinux.org/index.php/Pacman_Rosetta</a>
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
- <h3 id="yourfreedom">your-freedom</h3>
- <p>
- your-freedom is a package specific to Parabola, and it is installed by default. What it does is conflict with packages
- from Arch that are known to be non-free (proprietary) software. When migrating from Arch (there is a guide on the Parabola
- wiki for migrating - converting - an existing Arch system to a Parabola system), installing
- your-freedom will also fail if these packages are installed, citing them as conflicts; the recommended solution
- is then to delete the offending packages, and continue installing <i>your-freedom</i>.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="useradd">Add a user</h2>
- <p>
- Based on <a href="https://wiki.archlinux.org/index.php/Users_and_Groups">https://wiki.archlinux.org/index.php/Users_and_Groups</a>.
- </p>
- <p>
- It is important (for security reasons) to create and use a non-root (non-admin) user account for every day use. The default 'root' account is intended
- only for critical administrative work, since it has complete access to the entire operating system.
- </p>
- <p>
- Read the entire document linked to above, and then continue.
- </p>
- <p>
- Add your user:<br/>
- # <b>useradd -m -G wheel -s /bin/bash <i>yourusername</i></b><br/>
- Set a password:<br/>
- # <b>passwd <i>yourusername</i></b>
- </p>
-
- <p><a href="#pagetop">Back to top of page</a></p>
-
-<hr/>
-
- <h2 id="systemd">systemd</h2>
- <p>
- This is the name of the system used for managing services in Parabola. It is a good idea to become familiar with it.
- Read <a href="https://wiki.archlinux.org/index.php/systemd">https://wiki.archlinux.org/index.php/systemd</a>
- and <a href="https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage">https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage</a>
- to gain a full understanding. <b>This is very important! Make sure to read them.</b>
- </p>
- <p>
- An example of a 'service' could be a webserver (such as lighttpd), or sshd (openssh), dhcp, etc. There are countless others.
- </p>
- <p>
- <a href="https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530">https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530</a> explains
- the background behind the decision by Arch (Parabola's upstream supplier) to use systemd.
- </p>
-
- <p>
- The manpage should also help:<br/>
- # <b>man systemd</b><br/>
- The section on 'unit types' is especially useful.
- </p>
-
- <p>
- According to the wiki, systemd 'journal' keeps logs of a size up to 10% of the total size your / partition takes up.
- on a 60GB root this would mean 6GB. That's not exactly practical, and can have performance implications later when the
- log gets too big. Based on instructions from the wiki, I will reduce the total size of the journal to 50MiB (the wiki
- recommends 50MiB).
- </p>
- <p>
- Open /etc/systemd/journald.conf and find the line that says:<br/>
- <i>#SystemMaxUse=</i><br/>
- Change it to say:<br/>
- <i>SystemMaxUse=50M</i>
- </p>
- <p>
- The wiki also recommended a method for forwarding journal output to TTY 12 (accessible by pressing ctrl+alt+f12,
- and you use ctrl+alt+[F1-F12] to switch between terminals). I decided not to enable it.
- </p>
- <p>
- Restart journald:<br/>
- # <b>systemctl restart systemd-journald</b>
- </p>
-
- <p>
- The wiki recommends that if the journal gets too large, you can also simply delete (rm -rf) everything inside /var/log/journald/*
- but recommends backing it up. This shouldn't be necessary, since you already set the size limit above and systemd will automatically
- start to delete older records when the journal size reaches it's limit (according to systemd developers).
- </p>
-
- <p>
- Finally, the wiki mentions 'temporary' files and the utility for managing them.<br/>
- # <b>man systemd-tmpfiles</b><br/>
- The command for 'clean' is:<br/>
- # <b>systemd-tmpfiles --clean</b><br/>
- According to the manpage, this <i>"cleans all files and directories with an age parameter"</i>.
- According to the Arch wiki, this reads information in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/
- to know what actions to perform. Therefore, it is a good idea to read what's stored in these locations
- to get a better understanding.
- </p>
- <p>
- I looked in /etc/tmpfiles.d/ and found that it was empty on my system. However, /usr/lib/tmpfiles.d/ contained some files.
- The first one was etc.conf, containing information and a reference to this manpage:<br/>
- # <b>man tmpfiles.d</b><br/>
- Read that manpage, and then continue studying all of the files.
- </p>
- <p>
- The systemd developers tell me that it usually isn't necessary to touch the systemd-tmpfiles utility manually at all.
- </p>
-
- <p><a href="#pagetop">Back to top of page</a></p>
-
-<hr/>
-
- <h2 id="interesting_repos">Interesting repositories</h2>
- <p>
- Parabola wiki at <a href="https://wiki.parabolagnulinux.org/Repositories#kernels">https://wiki.parabolagnulinux.org/Repositories#kernels</a>
- mentions about a repository called [kernels] for custom kernels that aren't in the default base. It might be worth looking into what is available
- there, depending on your use case.
- </p>
- <p>
- I enabled it on my system, to see what was in it. Edit /etc/pacman.conf and below the 'extra' section add:<br/>
- <i>
- [kernels]<br/>
- Include = /etc/pacman.d/mirrorlist
- </i>
- </p>
- <p>
- Now sync with the repository:<br/>
- # <b>pacman -Syy</b>
- </p>
- <p>
- List all available packages in this repository:<br/>
- # <b>pacman -Sl kernels</b>
- </p>
- <p>
- In the end, I decided not to install anything from it but I kept the repository enabled regardless.
- </p>
- <p><a href="#pagetop">Back to top of page.</a></p>
-
-<hr/>
-
- <h2 id="network">Setup a network connection in Parabola</h2>
- <p>
- Read <a href="https://wiki.archlinux.org/index.php/Configuring_Network">https://wiki.archlinux.org/index.php/Configuring_Network</a>.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="network_hostname">Set the hostname</h3>
- <p>
- This should be the same as the hostname that you set in /etc/hostname when installing Parabola. You can also do it with systemd (do so now, if you like):<br/>
- # <b>hostnamectl set-hostname <i>yourhostname</i></b><br/>
- This writes the specified hostname to /etc/hostname. More information can be found in these manpages:<br/>
- # <b>man hostname</b><br/>
- # <b>info hostname</b><br/>
- # <b>man hostnamectl</b>
- </p>
- <p>
- Add the same hostname to /etc/hosts, on each line. Example:<br/>
- <i>
- 127.0.0.1 localhost.localdomain localhost <u>myhostname</u><br/>
- ::1 localhost.localdomain localhost <u>myhostname</u>
- </i>
- </p>
- <p>
- You'll note that I set both lines; the 2nd line is for IPv6. More and more ISP's are providing this now (mine does)
- so it's good to be forward-thinking here.
- </p>
- <p>
- The <i>hostname</i> utility is part of the <i>inetutils</i> package and is in core/, installed by default (as part of <i>base</i>).
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="network_status">Network Status</h3>
- <p>
- According to the Arch wiki, <a href="https://wiki.archlinux.org/index.php/Udev">udev</a> should already detect the ethernet chipset
- and load the driver for it automatically at boot time. You can check this in the <i>"Ethernet controller"</i> section
- when running this command:<br/>
- # <b>lspci -v</b>
- </p>
- <p>
- Look at the remaining sections <i>'Kernel driver in use'</i> and <i>'Kernel modules'</i>. In my case it was as follows:<br/>
- <i>
- Kernel driver in use: e1000e<br/>
- Kernel modules: e1000e
- </i>
- </p>
- <p>
- Check that the driver was loaded by issuing <i>dmesg | grep module_name</i>. In my case, I did:<br/>
- # <b>dmesg | grep e1000e</b>
- </p>
- <h3 id="network_devicenames">Network device names</h3>
- <p>
- According to <a href="https://wiki.archlinux.org/index.php/Configuring_Network#Device_names">https://wiki.archlinux.org/index.php/Configuring_Network#Device_names</a>,
- it is important to note that the old interface names like eth0, wlan0, wwan0 and so on no longer apply. Instead, <i>systemd</i>
- creates device names starting with en (for enternet), wl (for wifi) and ww (for wwan) with a fixed identifier that systemd automatically generates.
- An example device name for your ethernet chipset would be <i>enp0s25</i>, where it is never supposed to change.
- </p>
- <p>
- If you want to enable the old names (eth0, wlan0, wwan0, etc), the Arch wiki recommends
- adding <i>net.ifnames=0</i> to your kernel parameters (in libreboot context, this would be accomplished by following the
- instructions in <a href="grub_cbfs.html">grub_cbfs.html</a>).
- </p>
- <p>
- For background information,
- read <a href="http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames/">Predictable Network Interface Names</a>
- </p>
- <p>
- Show device names:<br/>
- # <b>ls /sys/class/net</b>
- </p>
- <p>
- Changing the device names is possible (I chose not to do it):<br/>
- <a href="https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name">https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name</a>
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="network_setup">Network setup</h3>
- <p>
- I actually chose to ignore most of Networking section on the wiki. Instead, I plan to setup LXDE desktop with the graphical
- network-manager client. Here is a list of network managers:<br/>
- <a href="https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers">https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers</a>.
- If you need to, set a static IP address (temporarily) using the networking guide an the Arch wiki, or start the dhcpcd service in systemd.
- NetworkManager will be setup later, after installing LXDE.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="system_maintain">System Maintenance</h2>
- <p>
- Read <a href="https://wiki.archlinux.org/index.php/System_maintenance">https://wiki.archlinux.org/index.php/System_maintenance</a> before continuing.
- Also read <a href="https://wiki.archlinux.org/index.php/Enhance_system_stability">https://wiki.archlinux.org/index.php/Enhance_system_stability</a>.
- <b>This is important, so make sure to read them!</b>
- </p>
- <p>
- Install smartmontools (can be used to check smart data - note: HDD's use non-free firmware inside, it's transparent to you
- but the smart data comes from it. Therefore, don't rely on it too much):<br/>
- # <b>pacman -S smartmontools</b><br/>
- Read <a href="https://wiki.archlinux.org/index.php/S.M.A.R.T.">https://wiki.archlinux.org/index.php/S.M.A.R.T.</a> to learn how to use it.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="desktop">Configuring the desktop</h2>
- <p>
- Based on steps from
- <a href="https://wiki.archlinux.org/index.php/General_recommendations#Graphical_user_interface">General Recommendations</a> on the Arch wiki.
- The plan is to use LXDE and LXDM/LightDM, along with everything else that you would expect on other distributions that provide LXDE
- by default.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
- <h3 id="desktop_xorg">Installing Xorg</h3>
- <p>
- Based on <a href="https://wiki.archlinux.org/index.php/Xorg">https://wiki.archlinux.org/index.php/Xorg</a>.
- </p>
- <p>
- Firstly, install it!<br/>
- # <b>pacman -S xorg-server</b><br/>
- I also recommend installing this (contains lots of useful tools, including <i>xrandr</i>):<br/>
- # <b>pacman -S xorg-server-utils</b>
- </p>
- <p>
- Install the driver. For me this was <i>xf86-video-intel</i> on the ThinkPad X60. T60 and macbook11/21 should be the same.<br/>
- # <b>pacman -S xf86-video-intel</b><br/>
- For other systems you can try:<br/>
- # <b>pacman -Ss xf86-video- | less</b><br/>
- Combined with looking at your <i>lspci</i> output, you can determine which driver is needed.
- By default, Xorg will revert to xf86-video-vesa which is a generic driver and doesn't provide true hardware acceleration.
- </p>
- <p>
- Other drivers (not just video) can be found by looking at the <i>xorg-drivers</i> group:<br/>
- # <b>pacman -Sg xorg-drivers</b><br/>
- </p>
- <p>
- Mostly you will rely on a display manager, but in case you ever want to start X without one:<br/>
- # <b>pacman -S xorg-xinit</b>
- </p>
- <p>
- <optional><br/>
- Arch wiki recommends installing these, for testing that X works:<br/>
- # <b>pacman -S xorg-twm xorg-xclock xterm</b><br/>
- Refer to <a href="https://wiki.archlinux.org/index.php/Xinitrc">https://wiki.archlinux.org/index.php/Xinitrc</a>.
- and test X:<br/>
- # <b>startx</b><br/>
- When you are satisfied, type <b><i>exit</i></b> in xterm, inside the X session.<br/>
- Uninstall them (clutter. eww): # <b>pacman -S xorg-xinit xorg-twm xorg-xclock xterm</b><br/>
- </optional>
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
- <h3 id="desktop_kblayout">Xorg keyboard layout</h3>
- <p>
- Refer to <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg</a>.
- </p>
- <p>
- Xorg uses a different configuration method for keyboard layouts, so you will notice that the layout you
- set in /etc/vconsole.conf earlier might not actually be the same in X.
- </p>
- <p>
- To see what layout you currently use, try this on a terminal emulator in X:<br/>
- # <b>setxkbmap -print -verbose 10</b>
- </p>
- <p>
- In my case, I wanted to use the Dvorak (UK) keyboard which is quite different from Xorg's default Qwerty (US) layout.
- </p>
- <p>
- I'll just say it now: <i>XkbModel</i> can be <i>pc105</i> in this case (ThinkPad X60, with a 105-key UK keyboard).
- If you use an American keyboard (typically 104 keys) you will want to use <i>pc104</i>.
- </p>
- <p>
- <i>XkbLayout</i> in my case would be <i>gb</i>, and <i>XkbVariant</i> would be <i>dvorak</i>.
- </p>
- <p>
- The Arch wiki recommends two different methods for setting the keyboard layout:<br/>
- <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files</a> and<br/>
- <a href="https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl">https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl</a>.
- </p>
- <p>
- In my case, I chose to use the <i>configuration file</i> method:<br/>
- Create the file /etc/X11/xorg.conf.d/10-keyboard.conf and put this inside:<br/>
- <i>
- Section "InputClass"<br/>
- Identifier "system-keyboard"<br/>
- MatchIsKeyboard "on"<br/>
- Option "XkbLayout" "gb"<br/>
- Option "XkbModel" "pc105"<br/>
- Option "XkbVariant" "dvorak"<br/>
- EndSection
- </i>
- </p>
- <p>
- For you, the steps above may differ if you have a different layout. If you use a US Qwerty keyboard, then
- you don't even need to do anything (though it might help, for the sake of being explicit).
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
- <h3 id="desktop_lxde">Install LXDE</h3>
- <p>
- Desktop choice isn't that important to me, so for simplicity I decided to use LXDE. It's lightweight
- and does everything that I need.
- If you would like to try something different, refer to
- <a href="https://wiki.archlinux.org/index.php/Desktop_environment">https://wiki.archlinux.org/index.php/Desktop_environment</a>
- </p>
- <p>
- Refer to <a href="https://wiki.archlinux.org/index.php/LXDE">https://wiki.archlinux.org/index.php/LXDE</a>.
- </p>
- <p>
- Install it, choosing 'all' when asked for the default package list:<br/>
- # <b>pacman -S lxde obconf</b>
- </p>
- <p>
- I didn't want the following, so I removed them:<br/>
- # <b>pacman -R lxmusic lxtask</b>
- </p>
- <p>
- I also lazily installed all fonts:<br/>
- # <b>pacman -S $(pacman -Ssq ttf-)</b>
- </p>
- <p>
- LXDE comes with a terminal. You probably want a browser to go with that; I choose GNU IceCat, part of the <i><a href="https://gnu.org/">GNU project</a></i>:<br/>
- # <b>pacman -S icecat</b><br/>
- And a mail client:<br/>
- # <b>pacman -S icedove</b>
- </p>
- <p>
- In IceCat, go to <i>Preferences :: Advanced</i> and disable <i>GNU IceCat Health Report</i>.
- </p>
- <p>
- I also like to install these:<br/>
- # <b>pacman -S xsensors stress htop</b>
- </p>
- <p>
- Enable LXDM (the default display manager, providing a graphical login):<br/>
- # <b>systemctl enable lxdm.service</b><br/>
- It will start when you boot up the machine. To start it now, do:<br/>
- # <b>systemctl start lxdm.service</b>
- </p>
- <p>
- Log in with your standard (non-root) user that you created earlier.
- It is advisable to also create an xinitrc rule in case you ever want to start lxde without lxdm.
- Read <a href="https://wiki.archlinux.org/index.php/Xinitrc">https://wiki.archlinux.org/index.php/Xinitrc</a>.
- </p>
- <p>
- Open LXterminal:<br/>
- $ <b>cp /etc/skel/.xinitrc ~</b><br/>
- Open .xinitrc and add the following plus a line break at the bottom of the file.<br/>
- <i>
- # Probably not needed. The same locale info that we set before<br/>
- # Based on advice from the LXDE wiki
- export LC_ALL=en_GB.UTF-8<br/>
- export LANGUAGE=en_GB.UTF-8<br/>
- export LANG=en_GB.UTF-8<br/>
- <br/>
- # Start lxde desktop<br/>
- exec startlxde<br/>
- </i>
- Now make sure that it is executable:<br/>
- $ <b>chmod +x .xinitrc</b>
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
- <h3 id="lxde_clock">LXDE - clock</h3>
- <p>
- In <b>Digital Clock Settings</b> (right click the clock) I set the Clock Format to <i>%Y/%m/%d %H:%M:%S</i>
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
- <h3 id="lxde_font">LXDE - font</h3>
- <p>
- NOTE TO SELF: come back to this later.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
- <h3 id="lxde_screenlock">LXDE - screenlock</h3>
- <p>
- Arch wiki recommends to use <i>xscreensaver</i>:<br/>
- # <b>pacman -S xscreensaver</b>
- </p>
- <p>
- Under <i>Preferences :: Screensaver</i> in the LXDE menu, I chose <i>Mode: Blank Screen Only</i>,
- setting <i>Blank After</i>, <i>Cycle After</i> and <i>Lock Screen After</i> (checked) to 10 minutes.
- </p>
- <p>
- You can now lock the screen with <i>Logout :: Lock Screen</i> in the LXDE menu.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
- <h3 id="lxde_automount">LXDE - automounting</h3>
- <p>
- Refer to <a href="https://wiki.archlinux.org/index.php/File_manager_functionality">https://wiki.archlinux.org/index.php/File_manager_functionality</a>.
- </p>
- <p>
- I chose to ignore this for now. NOTE TO SELF: come back to this later.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="lxde_suspend">LXDE - disable suspend</h3>
- <p>
- When closing the laptop lid, the machine suspends. This is annoying at least to me.
- NOTE TO SELF: disable it, then document the steps here.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="lxde_battery">LXDE - battery monitor</h3>
- <p>
- Right click lxde panel and <i>Add/Remove Panel Items</i>. Click <i>Add</i> and select <i>Battery Monitor</i>, then click <i>Add</i>.
- Close and then right-click the applet and go to <i>Battery Monitor Settings</i>, check the box that says <i>Show Extended Information</i>.
- Now click <i>Close</i>. When you hover the cursor over it, it'll show information about the battery.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
- <h3 id="lxde_network">LXDE - Network Manager</h3>
- <p>
- Refer to <a href="https://wiki.archlinux.org/index.php/LXDE#Network_Management">https://wiki.archlinux.org/index.php/LXDE#Network_Management</a>.
- Then I read: <a href="https://wiki.archlinux.org/index.php/NetworkManager">https://wiki.archlinux.org/index.php/NetworkManager</a>.
- </p>
- <p>
- Install Network Manager:<br/>
- # <b>pacman -S networkmanager</b>
- </p>
- <p>
- You will also want the graphical applet:<br/>
- # <b>pacman -S network-manager-applet</b><br/>
- Arch wiki says that an autostart rule will be written at <i>/etc/xdg/autostart/nm-applet.desktop</i>
- </p>
- <p>
- I want to be able to use a VPN at some point, so the wiki tells me to do:<br/>
- # <b>pacman -S networkmanager-openvpn</b>
- </p>
- <p>
- LXDE uses openbox, so I refer to:<br/>
- <a href="https://wiki.archlinux.org/index.php/NetworkManager#Openbox">https://wiki.archlinux.org/index.php/NetworkManager#Openbox</a>.
- </p>
- <p>
- It tells me for the applet I need:<br/>
- # <b>pacman -S xfce4-notifyd gnome-icon-theme</b><br/>
- Also, for storing authentication details (wifi) I need:<br/>
- # <b>pacman -S gnome-keyring</b>
- </p>
- <p>
- I wanted to quickly enable networkmanager:<br/>
- # <b>systemctl stop dhcpcd</b><br/>
- # <b>systemctl start NetworkManager</b><br/>
- Enable NetworkManager at boot time:<br/>
- # <b>systemctl enable NetworkManager</b>
- </p>
- <p>
- Restart LXDE (log out, and then log back in).
- </p>
- <p>
- I added the volume control applet to the panel (right click panel, and add a new applet).
- I also later changed the icons to use the gnome icon theme, in <i>lxappearance</i>.
- </p>
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/dock.html b/docs/howtos/dock.html
deleted file mode 100644
index ef62e83..0000000
--- a/docs/howtos/dock.html
+++ /dev/null
@@ -1,163 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- div.important {
- background-color:#ccc;
- }
- </style>
-
- <title>Notes about DMA and the docking station (X60/T60)</title>
-</head>
-
-<body>
- <header>
- <h1>Notes about DMA and the docking station (X60/T60)</h1>
- <aside>Or <a href="../index.html">back to main index</a></aside>
- </header>
-
-<pre>
-
-Use case:
----------
-Usually when people do full disk encryption, it's not really full disk,
-instead they still have a /boot in clear.
-
-So an evil maid attack can still be done, in two passes:
-1) Clone the hdd, Infect the initramfs or the kernel.
-2) Wait for the user to enter its password, recover the password,
-luksOpen the hdd image.
-
-I wanted a real full-disk encryption so I've put grub in flash and I
-have the following: The HDD has a LUKS rootfs(containing /boot) on an
-lvm partition, so no partition is in clear.
-
-So when the computer boots it executes coreboot, then grub as a payload.
-Grub then opens the LUKS partition and loads the kernel and initramfs
-from there.
-
-To prevent hardware level tempering(like reflashing), I used nail
-polish with a lot of gilder, that acts like a seal. Then a high
-resolution picture of it is taken, to be able to tell the difference.
-
-The problem:
-------------
-But then comes the docking port issue: Some LPC pins are exported
-there, such as the CLKRUN and LDRQ#.
-
-LDRQ# is "Encoded DMA/Bus Master Request": "Only needed by
-peripherals that need DMA or bus mastering. Requires an
-individual signal per peripheral. Peripherals may not share
-an LDRQ# signal."
-
-So now DMA access is possible trough the dock connector.
-So I want to be able to turn that off.
-
-If I got it right, the X60 has 2 superio, one is in the dock, and the
-other one is in the laptop, so we have:
- ________________
- _________________ | |
-| | | Dock connector:|
-|Dock: NSC pc87982|<--LPC--->D_LPC_DREQ0 |
-|_________________| |_______^________|
- |
- |
- |
- |
- ___________________|____
- | v |
- | SuperIO: DLDRQ# |
- | NSC pc87382 LDRQ# |
- |___________________^____|
- |
- |
- |
- |
- ___________________|___
- | v |
- | Southbridge: LDRQ0 |
- | ICH7 |
- |_______________________|
-
-
-The code:
----------
-Now if I look at the existing code, there is some superio drivers, like
-pc87382 in src/superio/nsc, the code is very small.
-The only interesting part is the pnp_info pnp_dev_info struct.
-
-Now if I look inside src/mainboard/lenovo/x60 there is some more
-complete dock driver:
-
-Inside dock.c I see some dock_connect and dock_disconnect functions.
-
-Such functions are called during the initialisation (romstage.c) and
-from the x60's SMI handler (smihandler.c).
-
-Questions:
-----------
-1) Would the following be sufficent to prevent DMA access from the
-outside:
-> int dock_connect(void)
-> {
-> int timeout = 1000;
-> + int val;
-> +
-> + if (get_option(&val, "dock") != CB_SUCCESS)
-> + val = 1;
-> + if (val == 0)
-> + return 0;
-> [...]
-> }
->
-> void dock_disconnect(void) {
-> + if (dock_present())
-> + return;
-> [...]
-> }
-2) Would an nvram option be ok for that? Should a Kconfig option be
-added too?
-
-> config DOCK_AUTODETECT
-> bool "Autodetect"
-> help
-> The dock is autodetected. If unsure select this option.
->
-> config DOCK_DISABLED
-> bool "Disabled"
-> help
-> The dock is always disabled.
->
-> config DOCK_NVRAM_ENABLE
-> bool "Nvram"
-> help
-> The dock autodetection is tried only if it is also enabled
-> trough nvram.
-
-</pre>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/encrypted_parabola.html b/docs/howtos/encrypted_parabola.html
deleted file mode 100644
index 3a1a75d..0000000
--- a/docs/howtos/encrypted_parabola.html
+++ /dev/null
@@ -1,577 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- div.important {
- background-color:#ccc;
- }
- </style>
-
- <title>Installing Parabola GNU/Linux with full disk encryption (including /boot)</title>
-</head>
-
-<body>
- <header>
- <h1>Installing Parabola GNU/Linux with full disk encryption (including /boot)</h1>
- <aside>Or <a href="../index.html">back to main index</a></aside>
- </header>
-
- <p>
- Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
- by default, which means that the GRUB configuration file
- (where your GRUB menu comes from) is stored directly alongside libreboot
- and it's GRUB payload executable, inside
- the flash chip. In context, this means that installing distributions and managing them
- is handled slightly differently compared to traditional BIOS systems.
- </p>
-
- <p>
- On most systems, the /boot partition has to be left unencrypted while the others are encrypted.
- This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware
- can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a
- payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical
- access to the machine.
- </p>
-
- <p>
- Boot Parabola's install environment. <a href="grub_boot_installer.html">How to boot a GNU/Linux installer</a>.
- </p>
-
- <p>
- For this guide I used the 2013 09 01 image to boot the live installer and install the system.
- </p>
-
- <p>
- Parabola is much more flexible than Trisquel, but also more involved to setup. Use Parabola. It's 10 million times better than Trisquel.
- </p>
-
- <p>
- Firstly if you use an SSD, beware there are issues with TRIM (not enabled through luks) and security issues if you do enable it.
- See <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Specialties#Discard.2FTRIM_support_for_solid_state_drives_.28SSD.29">this page</a>
- for more info.
- </p>
-
- <p>
- <b>If you are using an SSD for this, make sure it's brand-new (or barely used). Or, otherwise, be sure that it never previously
- contained plaintext copies of your data.</b>
- </p>
-
- <p>
- Wipe the MBR (if you use MBR):<br/>
- # <b>lsblk</b><br/>
- Your HDD is probably /dev/sda:
- # <b>dd if=/dev/zero of=/dev/sda bs=446 count=1; sync</b><br/>
- Never use SeaBIOS! The MBR section can easily be changed with malicious code, which SeaBIOS will blindly execute.
- This guide is for libreboot with GRUB-as-payload only.
- </p>
-
- <p>
- Securely wipe the drive:<br/>
- # <b>dd if=/dev/urandom of=/dev/sda; sync</b><br/>
- NOTE: If you have an SSD, only do this the first time. If it was already LUKS-encrypted before,
- use the info below to wipe the LUKS header. Also, check online for your SSD what the recommended
- erase block size is. For example if it was 2MiB:<br/>
- # <b>dd if=/dev/urandom of=/dev/sda bs=2M; sync</b>
- </p>
- <p>
- If your drive was already LUKS encrypted (maybe you are re-installing your distro) then
- it is already 'wiped'. You should just wipe the LUKS header.
- <a href="https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/">https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/</a>
- showed me how to do this. It recommends to do the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:<br/>
- # <b>head -c 3145728 /dev/urandom > /dev/sda; sync</b><br/>
- (wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk).
- </p>
- <p>
- <b>
- If you do plan to use an SSD, make sure to read
- <a href="https://wiki.archlinux.org/index.php/Solid_State_Drives">https://wiki.archlinux.org/index.php/Solid_State_Drives</a><br/>
- Edit /etc/fstab later on when chrooted into your install. Also, read the whole article and keep all points in mind, adapting
- them for this guide.
- </b>
- </p>
-
- <p>
- This guide will go through the installation steps taken at the time of writing, which may or may not change due to
- the volatile nature of Parabola (it changes all the time). In general most of it should remain the same. If you spot mistakes,
- please say so! This guide will be ported to the Parabola wiki at a later date. For up to date Parabola install guide, go to
- the Parabola wiki. This guide essentially cherry picks the useful information (valid at the time of writing: 2014-09-15).
- </p>
-
- <h2>
- Change keyboard layout
- </h2>
- <p>
- Parabola live shell assumes US Qwerty. If you have something different, use:<br/>
- # <b>loadkeys LAYOUT</b><br/>
- For me, LAYOUT would have been dvorak-uk.
- </p>
-
- <h2>Getting started</h2>
- <p>
- The beginning is based on <a href="https://wiki.parabolagnulinux.org/Installation_Guide">https://wiki.parabolagnulinux.org/Installation_Guide</a>.
- Then I referred to <a href="https://wiki.archlinux.org/index.php/Partitioning">https://wiki.archlinux.org/index.php/Partitioning</a> at first.
- </p>
-
- <h2>dm-mod</h2>
- <p>
- device-mapper will be used - a lot. Make sure that the kernel module is loaded:<br/>
- # <b>modprobe dm-mod</b>
- </p>
-
- <h2>Create LUKS partition</h2>
- <p>
- I am using MBR partitioning, so I use cfdisk:<br/>
- # <b>cfdisk /dev/sda</b>
- </p>
- <p>
- I create a single large sda1 filling the whole drive, leaving it as the default type 'Linux' (83).
- </p>
- <p>
- Now I refer to <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning">https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning</a>:<br/>
- I am then directed to <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption">https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption</a>.
- </p>
- <p>
- Parabola forces you to RTFM.
- </p>
- <p>
- It tells me to run:<br/>
- # <b>cryptsetup benchmark</b> (for making sure the list below is populated)<br/>
- Then:<br/>
- # <b>cat /proc/crypto</b><br/>
- This gives me crypto options that I can use. It also provides a representation of the best way to setup LUKS (in this case, security is a priority; speed, a distant second).
- To gain a better understanding, I am also reading:<br/>
- # <b>man cryptsetup</b>
- </p>
- <p>
- Following that page, based on my requirements, I do the following based on
- based on <a href="https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode">https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode</a>.
- Reading through, it seems like Serpent (encryption) and Whirlpool (hash) is the best option.
- </p>
- <p>
- I am initializing LUKS with the following:<br/>
- # <b>cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random --verify-passphrase luksFormat /dev/sda1</b>
- -- choose a <b>secure</b> passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The password
- length should be as long as you are able to handle without writing it down or storing it anywhere. Ideally, 100 characters or more.
- It might take you a while to memorize a long passphrase before beginning this step.
- </p>
-
- <h2>Create LVM</h2>
- <p>
- Now I refer to <a href="https://wiki.archlinux.org/index.php/LVM">https://wiki.archlinux.org/index.php/LVM</a>.
- </p>
- <p>
- Open the LUKS partition:<br/>
- # <b>cryptsetup open --type luks /dev/sda1 lvm</b><br/>
- (it will be available at /dev/mapper/lvm)<br/>
- I'm told that the above is old syntax, which is what I did anyway. You could also try:<br/>
- # <b>cryptsetup luksOpen /dev/sda1 lvm</b>
- </p>
- <p>
- Create LVM partition:<br/>
- # <b>pvcreate /dev/mapper/lvm</b><br/>
- Show that you just created it:<br/>
- # <b>pvdisplay</b>
- </p>
- <p>
- Now I create the volume group, inside of which the logical volumes will be created:<br/>
- # <b>vgcreate matrix /dev/mapper/lvm</b> (volume group name is 'matrix')<br/>
- Show that you created it:<br/>
- # <b>vgdisplay</b>
- </p>
- <p>
- Now create the logical volumes:<br/>
- # <b>lvcreate -L 2G matrix -n swapvol</b> (2G swap partition, named <u>swapvol</u>)<br/>
- # <b>lvcreate -l +100%FREE matrix -n rootvol</b> (single large partition in the rest of the space, named <u>rootvol</u>)<br/>
- You can also be flexible here, for example you can specify a /boot, a /, a /home, a /var, a /usr, etc. For example,
- if you will be running a web/mail server then you want /var in it's own partition (so that if it fills up with logs, it won't crash your system).
- For a home/laptop system (typical use case), a root and a swap will do (really).
- </p>
- <p>
- Verify that the logical volumes were created, using the following command:<br/>
- # <b>lvdisplay</b>
- </p>
-
- <h2>Create / and swap partitions</h2>
- <p>
- For the swapvol LV I use:<br/>
- # <b>mkswap /dev/mapper/matrix-swapvol</b>
- </p>
- <p>
- For the rootvol LV I use:<br/>
- # <b>mkfs.ext4 /dev/mapper/matrix-rootvol</b>
- </p>
-
- <h2>Continue with Parabola installation</h2>
- <p>
- Mount the root (/) partition:<br/>
- # <b>mount /dev/matrix/rootvol /mnt</b><br/>
- </p>
- <p>
- This guide is really about GRUB, Parabola and cryptomount. I have to show how to install Parabola
- so that the guide can continue.
- </p>
- <p>
- Now I am following the rest of <a href="https://wiki.parabolagnulinux.org/Installation_Guide">https://wiki.parabolagnulinux.org/Installation_Guide</a>.
- I also also cross referencing <a href="https://wiki.archlinux.org/index.php/Installation_guide">https://wiki.archlinux.org/index.php/Installation_guide</a>.
- </p>
- <p>
- Create /home and /boot on rootvol mountpoint:<br/>
- # <b>mkdir /mnt/home</b><br/>
- # <b>mkdir /mnt/boot</b>
- </p>
- <p>
- The wiki says to enable the swap so that it can be detected by 'genfstab':<br/>
- # <b>swapon /dev/matrix/swapvol</b>
- </p>
- <p>
- DHCP was already working for me, so I had internet during the install. Therefore, I ignore the 'Connect to the Internet' section of the install guide.
- I also ignore wifi, since I can set that up after the install. For now, I am just using ethernet.
- Otherwise, refer to <a href="https://wiki.archlinux.org/index.php/Configuring_Network">https://wiki.archlinux.org/index.php/Configuring_Network</a>.
- You can test to see if internet is already working by pinging a few domains.
- </p>
-
- <p>
- I commented out all lines except the Server line for the UK Parabola server (main server) in <b>/etc/pacman.d/mirrorlist</b> and then did:<br/>
- # <b>pacman -Syy</b><br/>
- # <b>pacman -Syu</b><br/>
- # <b>pacman -Sy pacman</b> (and then I did the other 2 steps above, again)<br/>
- In my case I did the steps in the next paragraph, and followed the steps in this paragraph again.
- </p>
- <p>
- <troubleshooting><br/>
- The following is based on 'Verification of package signatures' in the Parabola install guide.<br/>
- Check there first to see if steps differ by now.<br/>
- Now you have to update the default Parabola keyring. This is used for signing and verifying packages:<br/>
- # <b>pacman -Sy parabola-keyring</b><br/>
- It says that you you get GPG errors, it's probably an expired key so do:<br/>
- # <b>pacman-key --populate parabola</b><br/>
- # <b>pacman-key --refresh-keys</b><br/>
- # <b>pacman -Sy parabola-keyring</b><br/>
- To be honest, you should do the above anyway. Parabola has a lot of maintainers, and a lot of keys. Really!<br/>
- Also, it says that if the clock is set incorrectly then you have to manually set the correct time <br/>
- (if keys are listed as expired because of it):<br/>
- # <b>date MMDDhhmm[[CC]YY][.ss]</b><br/>
- I also had to install:<br/>
- # <b>pacman -S archlinux-keyring</b><br/>
- # <b>pacman-key --populate archlinux</b><br/>
- In my case I saw some conflicting files reported in pacman, stopping me from using it.<br/>
- I deleted the files that it mentioned
- and then it worked. Specifically, I had this error:<br/>
- <i>licenses: /usr/share/licenses/common/MPS exists in filesystem</i><br/>
- I rm -rf'd the file and then pacman worked. I'm told that the following would have also made it work:<br/>
- # <b>pacman -Sf licenses</b><br/>
- </troubleshooting><br/>
- </p>
- <p>
- I also like to install other packages (base-devel, compilers and so on) and wpa_supplicant/dialog are needed for wireless after the install:<br/>
- # <b>pacstrap /mnt base base-devel wpa_supplicant dialog</b>
- </p>
-
- <h3>Configure the system</h3>
- <p>
- From the Parabola installation guide (Arch's one was identical):<br/>
- # <b>genfstab -p /mnt >> /mnt/etc/fstab</b>
- </p>
- <p>
- Chroot into new system:<br/>
- # <b>arch-chroot /mnt</b>
- </p>
- <p>
- It's a good idea to have this installed:<br/>
- # <b>pacman -S linux-libre-lts</b>
- </p>
- <p>
- It was also suggested that you should install this kernel (read up on what GRSEC is):<br/>
- # <b>pacman -S linux-libre-grsec</b>
- </p>
- <p>
- This is another kernel that sits inside /boot, which you can use. LTS means 'long-term support'. These are so-called 'stable' kernels
- that can be used as a fallback during updates, if a bad kernel causes issues for you.
- </p>
- <p>
- Parabola does not have wget. This is sinister. Install it:<br/>
- # <b>pacman -S wget</b>
- </p>
- <ul>
- <li>Write your hostname to /etc/hostname</li>
- <li>
- Symlink /etc/localtime to /usr/share/zoneinfo/Zone/SubZone. Replace Zone and Subzone to your liking. For example:
- <ul>
- <li># <b>ln -s /usr/share/zoneinfo/Europe/London /etc/localtime</b></li>
- </ul>
- </li>
- <li>
- Set <a href="https://wiki.parabolagnulinux.org/Locale#Setting_system-wide_locale">locale</a> preferences in /etc/locale.conf. In my case, I did:<br/>
- <i>
- LANG="en_GB.UTF-8"<br/>
- # Keep the default sort order (e.g. files starting with a '.'<br/>
- # should appear at the start of a directory listing.)<br/>
- LC_COLLATE="C"<br/>
- # Set the short date to YYYY-MM-DD (test with "date +%c")<br/>
- LC_TIME="en_GB.UTF-8"
- </i>
- </li>
- <li>
- Add <a href="https://wiki.parabolagnulinux.org/KEYMAP">console keymap and font</a> preferences in /etc/vconsole.conf. In my case:<br/>
- <i>
- KEYMAP=dvorak-uk<br/>
- FONT=Lat2-Terminus16
- </i>
- </li>
- <li>
- Uncomment the selected locale (same as what you specified in /etc/locale.conf) in /etc/locale.gen and generate it with:
- <ul>
- <li># <b>locale-gen</b></li>
- </ul>
- </li>
- <li>
- Configure /etc/mkinitcpio.conf as needed (see <a href="https://wiki.parabolagnulinux.org/Mkinitcpio">mkinitcpio</a>)
- Specifically, for this use case:<br/>
- <ul>
- <li>
- add <b>i915</b> to the MODULES array (forces the driver to load earlier, so that the consolefont isn't wiped out after getting to login).<br/>
- add <b>encrypt</b> and <b>lvm2</b> in that order, before the 'filesystems' entry in the HOOKS array.<br/>
- add <b>keymap</b>, <b>consolefont</b> and <b>shutdown</b> to the end of the HOOKS array in that order.<br/>
- move <b>keyboard</b>, <b>keymap</b> and <b>consolefont</b> in that order, to go before 'encrypt' in the HOOKS array.<br/>
- At the end your HOOKS array will look like this:<br/>
- <i>HOOKS="base udev autodetect modconf block keyboard keymap consolefont encrypt lvm2 filesystems fsck shutdown"</i>
- <ul>
- <li>keymap adds to initramfs the keymap that you specified in /etc/vconsole.conf</li>
- <li>consolefont adds to initramfs the font that you specified in /etc/vconsole.conf</li>
- <li>encrypt adds LUKS support to the initramfs - needed to unlock your disks at boot time</li>
- <li>lvm2 adds LVM support to the initramfs - needed to mount the LVM partitions at boot time</li>
- <li>shutdown is needed according to Parabola wiki for unmounting devices (such as LUKS/LVM) during shutdown</li>
- <li>
- Runtime modules can be found in /usr/lib/initcpio/hooks, and build hooks can be found in
- /usr/lib/initcpio/install.
- </li>
- <li><b>mkinitcpio -H hookname</b> gives information about each hook.</li>
- </ul>
- </li>
- </ul>
- </li>
- <li>
- Now using mkinitcpio, you can create the kernel and ramdisk for booting with (note, this is different than Arch, specifying linux-libre instead of linux):<br/>
- # <b>mkinitcpio -p linux-libre</b><br/>
- Also do it for linux-libre-lts:<br/>
- # <b>mkinitcpio -p linux-libre-lts</b><br/>
- Also do it for linux-libre-grsec:<br/>
- # <b>mkinitcpio -p linux-libre-grsec</b>
- </li>
- </ul>
-
- <h3>Set a root password</h3>
- <p>
- At the time of writing, Parabola used SHA512 by default for it's password hashing.
- </p>
- <p>
- I referred to <a href="https://wiki.archlinux.org/index.php/SHA_password_hashes">https://wiki.archlinux.org/index.php/SHA_password_hashes</a>.
- </p>
- <p>
- Open /etc/pam.d/passwd and add rounds=65536 at the end of the uncommented 'password' line.
- </p>
- <p>
- # <b>passwd root</b><br/>
- Make sure to set a secure password! Also, it must never be the same as your LUKS password.
- </p>
-
- <h3>Extra security tweaks</h3>
- <p>
- Based on <a href="https://wiki.archlinux.org/index.php/Security">https://wiki.archlinux.org/index.php/Security</a>.
- </p>
- <p>
- Restrict access to important directories:<br/>
- # <b>chmod 700 /boot /etc/{iptables,arptables}</b>
- </p>
- <p>
- Lockout user after three failed login attempts:<br/>
- Edit the file /etc/pam.d/system-login and comment out that line:<br/>
- <i># auth required pam_tally.so onerr=succeed file=/var/log/faillog</i><br/>
- Or just delete it. Above it, put:<br/>
- <i>auth required pam_tally.so deny=2 unlock_time=600 onerr=succeed file=/var/log/faillog</i><br/>
- To unlock a user manually (if a password attempt is failed 3 times), do:<br/>
- # <b>pam_tally --user <i>theusername</i> --reset</b>
- What the above configuration does is lock the user out for 10 minutes, if they make 3 failed login attempts.
- </p>
- <p>
- Configure sudo - not covered here. Will be covered post-installation in another tutorial, at a later date.
- If this is a single-user system, you don't really need sudo.
- </p>
-
- <h3>Unmount, reboot!</h3>
- <p>
- Exit from chroot:<br/>
- # <b>exit</b>
- </p>
- <p>
- unmount:<br/>
- # <b>umount /mnt</b><br/>
- # <b>swapoff -a</b>
- </p>
- <p>
- deactivate the lvm lv's:<br/>
- # <b>lvchange -an /dev/matrix/rootvol</b><br/>
- # <b>lvchange -an /dev/matrix/swapvol</b><br/>
- </p>
- <p>
- Lock the encrypted partition (close it):<br/>
- # <b>cryptsetup luksClose lvm</b>
- </p>
- <p>
- # <b>shutdown -h now</b><br/>
- Then boot up again.
- </p>
-
- <h3>Booting from GRUB</h3>
- <p>
- Initially you will have to boot manually. Press C to get to the GRUB command line. The underlined parts are optional
- (using those 2 underlines will boot lts kernel instead of normal).
- </p>
- <p>
- grub> <b>cryptomount -a (ahci0,msdos1)</b><br/>
- grub> <b>set root='lvm/matrix-rootvol'</b><br/>
- grub> <b>linux /boot/vmlinuz-linux-libre<u>-lts</u> root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root</b><br/>
- grub> <b>initrd /boot/initramfs-linux-libre<u>-lts</u>.img</b><br/>
- grub> <b>boot</b><br/>
- </p>
- <p>
- You could also make it load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img
- </p>
-
-<hr/>
-
- <h2>Modify grub.cfg inside the ROM</h2>
-
- <p>
- Now you need to modify the ROM, so that Parabola can boot automatically with this configuration.
- <a href="grub_cbfs.html">grub_cbfs.html</a> shows you how. Follow that guide, using the configuration details below.
- </p>
- <p>
- Inside the 'Load Operating System' menu entry, change the contents to:<br/>
- <b><i>
- cryptomount -a (ahci0,msdos1)<br/>
- set root='lvm/matrix-rootvol'<br/>
- linux /boot/vmlinuz-linux-libre<u>-lts</u> root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root<br/>
- initrd /boot/initramfs-linux-libre<u>-lts</u>.img
- </i></b>
- </p>
-
- <p>
- Note: the underlined parts above (-lts) can also be removed, to boot the latest kernel instead of LTS (long-term support) kernels.
- You could also copy the menu entry and in one have -lts, and without in the other menuentry.
- You could also create a menu entry to load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img
- </p>
-
- <p>
- Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default.
- </p>
-
- <p>
- Above the 'Load Operating System' menu entry you should also add a GRUB password, like so:
- </p>
-<pre><b><i>set superusers="root"
-password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
-</i></b></pre>
-
- <p>
- Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root.
- Change root on both of those 2 lines to whatever you want.
- </p>
-
- <p>
- Start dhcp on ethernet:<br/>
- # <b>systemctl start dhcpcd.service</b>
- This is just for the step below. I won't cover network configuration here. That is for another Parabola article.
- </p>
-
- <p>
- The password hash (it's <b>password</b>, by the way) after <i>'password_pbkdf2 root'</i> <i>should be changed</i> and is created by the <b>grub-mkpasswd-pbkdf2</b> utility, which you need to install or otherwise compile,
- like so:<br/>
- # <b>pacman -S grub</b>
- </p>
-
- <p>
- GRUB isn't needed for booting, since it's already included as a payload in libreboot. This is only so that the utility needed becomes available. Get your hash
- by entering your chosen password at the prompt, when running this command:<br/>
- # <b>grub-mkpasswd-pbkdf2</b>
- </p>
-
- <p>
- It will output the hash for the password that you entered. Make sure to specify a password that is different from both your LUKS *and* your root/user password.
- Use it to replace the default hash mentioned above.
- </p>
-
- <p>
- With this setup, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal.
- This protects your system from an attacker simply booting a live usb distro and re-flashing the boot firmware.
- </p>
-
- <p>
- You probably only need base-devel (compilers and so on) to build and use cbfstool. It was already installed if you followed this tutorial, but here it is:<br/>
- # <b>pacman -S base-devel</b>
- </p>
-
- <p>
- For flashing the modified ROM, I just used flashrom from the Parabola repo's:<br/>
- # <b>pacman -S flashrom</b><br/>
- I also installed dmidecode:<br/>
- # <b>pacman -S dmidecode</b>
- </p>
-
- <p>
- When done, deleted GRUB (remember, we only needed it for the <i>grub-mkpasswd-pbkdf2</i> utility;
- GRUB is already part of libreboot, flashed alongside it as a <i>payload</i>):<br/>
- # <b>pacman -R grub</b>
- </p>
-
-<hr/>
-
- <p>
- If you followed all that correctly, you should now have a fully encrypted Parabola installation.
- This is a very barebones Parabola install (the default one). Refer to the wiki for how to do the rest
- (desktop, etc).
- </p>
-
-<hr/>
-
- <h2>Further security tips</h2>
- <p>
- <a href="https://wiki.archlinux.org/index.php/Security">https://wiki.archlinux.org/index.php/Security</a>.<br/>
- <a href="https://wiki.parabolagnulinux.org/User:GNUtoo/laptop">https://wiki.parabolagnulinux.org/User:GNUtoo/laptop</a>
- </p>
-
-<hr/>
-
- <h2>Follow-up tutorial: configuring Parabola</h2>
- <p>
- <a href="configuring_parabola.html">configuring_parabola.html</a> shows my own notes post-installation. Using these, you can get a basic
- system similar to the one that I chose for myself. You can also cherry pick useful notes and come up with your own system.
- Parabola is user-centric, which means that you are in control. For more information, read <a href="https://wiki.archlinux.org/index.php/The_Arch_Way">The Arch Way</a>
- (Parabola also follows it).
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/encrypted_trisquel.html b/docs/howtos/encrypted_trisquel.html
deleted file mode 100644
index 7599e02..0000000
--- a/docs/howtos/encrypted_trisquel.html
+++ /dev/null
@@ -1,316 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- div.important {
- background-color:#ccc;
- }
- </style>
-
- <title>Installing Trisquel GNU/Linux with full disk encryption (including /boot)</title>
-</head>
-
-<body>
- <header>
- <h1>Installing Trisquel GNU/Linux with full disk encryption (including /boot)</h1>
- <aside>Or <a href="../index.html">back to main index</a></aside>
- </header>
-
- <p>
- Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
- by default, which means that the GRUB configuration file
- (where your GRUB menu comes from) is stored directly alongside libreboot
- and it's GRUB payload executable, inside
- the flash chip. In context, this means that installing distributions and managing them
- is handled slightly differently compared to traditional BIOS systems.
- </p>
-
- <p>
- On most systems, the /boot partition has to be left unencrypted while the others are encrypted.
- This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware
- can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a
- payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical
- access to the machine.
- </p>
-
- <p>
- This works in Trisquel 7, and probably Trisquel 6. Boot the 'net installer' (Install Trisquel in Text Mode). <a href="grub_boot_installer.html">How to boot a GNU/Linux installer</a>.
- </p>
-
- <p>
- Set a strong user password (ideally above 40 characters, of lowercase/uppercase, numbers and symbols).
- </p>
-
- <p>
- when the installer asks you to setup
- encryption (ecryptfs) for your home directory, select 'Yes' if you want to: <b>LUKS is already secure and performs well. Having ecryptfs on top of it
- will add noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and not recommended.
- Choose 'no'.</b>
- </p>
-
- <p>
- <b>
- Your user password should be different than the LUKS password which you will set later on.
- Your LUKS password should, like the user password, be secure.
- </b>
- </p>
-
- <h1>Partitioning</h1>
-
- <p>Choose 'Manual' partitioning:</p>
- <ul>
- <li>Select drive and create new partition table</li>
- <li>
- Single large partition. The following are mostly defaults:
- <ul>
- <li>Use as: physical volume for encryption</li>
- <li>Encryption: aes</li>
- <li>key size: 256</li>
- <li>IV algorithm: xts-plain64</li>
- <li>Encryption key: passphrase</li>
- <li>erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)</li>
- </ul>
- </li>
- <li>
- Select 'configure encrypted volumes'
- <ul>
- <li>Create encrypted volumes</li>
- <li>Select your partition</li>
- <li>Finish</li>
- <li>Really erase: Yes</li>
- <li>(erase will take a long time. be patient)</li>
- <li>(if your old system was encrypted, just let this run for about a minute to
- make sure that the LUKS header is wiped out)</li>
- </ul>
- </li>
- <li>
- Select encrypted space:
- <ul>
- <li>use as: physical volume for LVM</li>
- <li>Choose 'done setting up the partition'</li>
- </ul>
- </li>
- <li>
- Configure the logical volume manager:
- <ul>
- <li>Keep settings: Yes</li>
- </ul>
- </li>
- <li>
- Create volume group:
- <ul>
- <li>Name: <b>buzz</b> (you can use whatever you want here, this is just an example)</li>
- <li>Select crypto partition</li>
- </ul>
- </li>
- <li>
- Create logical volume
- <ul>
- <li>select <b>buzz</b> (or whatever you named it before)</li>
- <li>name: <b>distro</b> (you can use whatever you want here, this is just an example)</li>
- <li>size: default, minus 2048 MB</li>
- </ul>
- </li>
- <li>
- Create logical volume
- <ul>
- <li>select <b>buzz</b> (or whatever you named it before)</li>
- <li>name: <b>swap</b> (you can use whatever you want here, this is just an example)</li>
- <li>size: press enter</li>
- </ul>
- </li>
- </ul>
-
- <h1>Further partitioning</h1>
-
- <p>
- Now you are back at the main partitioning screen. You will simply set mountpoints and filesystems to use.
- </p>
- <ul>
- <li>
- LVM LV distro
- <ul>
- <li>use as: ext4</li>
- <li>mount point: /</li>
- <li>done setting up partition</li>
- </ul>
- </li>
- <li>
- LVM LV swap
- <ul>
- <li>use as: swap area</li>
- <li>done setting up partition</li>
- </ul>
- </li>
- <li>Now you select 'Finished partitioning and write changes to disk'.</li>
- </ul>
-
- <h1>Kernel</h1>
-
- <p>
- Installation will ask what kernel you want to use. linux-generic is fine.
- </p>
-
- <h1>Tasksel</h1>
-
- <p>
- Choose <i>"Trisquel Desktop Environment"</i> if you want GNOME,
- <i>"Trisquel-mini Desktop Environment"</i> if you
- want LXDE or <i>"Triskel Desktop Environment"</i> if you want KDE.
- If you want to have no desktop (just a basic shell)
- when you boot or if you want to create your own custom setup, then choose nothing here (don't select anything).
- You might also want to choose some of the other package groups; it's up to you.
- </p>
-
- <h1>Postfix configuration</h1>
-
- <p>
- If asked, choose <i>"No Configuration"</i> here (or maybe you want to select something else. It's up to you.)
- </p>
-
- <h1>Install the GRUB boot loader to the master boot record</h1>
-
- <p>
- Choose 'Yes'. It will fail, but don't worry. Then at the main menu, choose 'Continue without a bootloader'.
- You could also choose 'No'. Choice is irrelevant here.
- </p>
-
- <p>
- <i>You do not need to install GRUB at all, since in libreboot you are using the GRUB payload (for libreboot) to boot your system directly.</i>
- </p>
-
- <h1>Clock UTC</h1>
-
- <p>
- Just say 'Yes'.
- </p>
-
- <h1>
- Booting your system
- </h1>
-
- <p>
- At this point, you will have finished the installation. At your GRUB payload, press C to get to the command line.
- </p>
-
- <p>
- Do that:<br/>
- grub> <b>cryptomount -a (ahci0,msdos1)</b><br/>
- grub> <b>set root='lvm/buzz-distro'</b><br/>
- grub> <b>linux /vmlinuz root=/dev/mapper/buzz-distro cryptdevice=/dev/mapper/buzz-distro:root</b><br/>
- grub> <b>initrd /initrd.img</b><br/>
- grub> <b>boot</b>
- </p>
-
- <h1>
- ecryptfs
- </h1>
-
- <p>
- If you didn't encrypted your home directory, then you can safely ignore this section.
- </p>
-
- <p>
- Immediately after logging in, do that:<br/>
- $ <b>sudo ecryptfs-unwrap-passphrase</b>
- </p>
-
- <p>
- This will be needed in the future if you ever need to recover your home directory from another system, so write it down and keep the note
- somewhere secret. Ideally, you should memorize it and then burn the note (or not even write it down, and memorize it still)>
- </p>
-
- <h1>
- Modify grub.cfg (CBFS)
- </h1>
-
- <p>
- Now you need to set it up so that the system will automatically boot, without having to type a bunch of commands.
- </p>
-
- <p>
- Modify your grub.cfg (in the firmware) <a href="grub_cbfs.html">using this tutorial</a>;
- just change the default menu entry 'Load Operating System' to say this inside:
- </p>
-
- <p>
- <b>cryptomount -a (ahci0,msdos1)</b><br/>
- <b>set root='lvm/buzz-distro'</b><br/>
- <b>linux /vmlinuz root=/dev/mapper/buzz-distro cryptdevice=/dev/mapper/buzz-distro:root</b><br/>
- <b>initrd /initrd.img</b>
- </p>
-
- <p>
- Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see
- GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. <b>This should be different than your LUKS passphrase and user password.</b>
- </p>
-
- <p>
- The GRUB utility can be used like so:<br/>
- $ <b>grub-mkpasswd-pbkdf2</b>
- </p>
-
- <p>
- Give it a password (remember, it has to be secure) and it'll output something like:<br/>
- <b>grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b>
- </p>
-
- <p>
- Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):<br/>
- </p>
- <pre>
-<b>set superusers="root"</b>
-<b>password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711</b>
- </pre>
-
- <p>
- Obviously, replace it with the correct hash that you actually got for the password that you entered. Meaning, not the hash that you see above!
- </p>
-
- <p>
- After this, you will have a modified ROM with the menu entry for cryptomount, and the entry before that for the GRUB password. Flash the modified ROM
- using <a href="../index.html#flashrom">this tutorial</a>.
- </p>
-
- <h1>
- Update Trisquel
- </h1>
-
- <p>
- $ <b>sudo apt-get update</b><br/>
- $ <b>sudo apt-get upgrade</b>
- </p>
-
- <h1>
- Conclusion
- </h1>
-
- <p>
- If you followed all that correctly, you should now have a fully encrypted system.
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/grub_boot_installer.html b/docs/howtos/grub_boot_installer.html
deleted file mode 100644
index 757b48f..0000000
--- a/docs/howtos/grub_boot_installer.html
+++ /dev/null
@@ -1,142 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: installing GNU/Linux</title>
-</head>
-
-<body>
- <header>
- <h1>Boot a GNU/Linux installer on USB</h1>
- <aside>Or <a href="../index.html">back to main index</a></aside>
- </header>
-
- <h2>Prepare the USB drive (in GNU/Linux)</h2>
-
- <p>
- Connect the USB drive. Check dmesg:<br/>
- <b>$ dmesg</b><br/>
-
- Check lsblk to confirm which drive it is:<br/>
- <b>$ lsblk</b>
- </p>
-
- <p>
- Check that it wasn't automatically mounted. If it was, unmount it. For example:<br/>
- <b>$ sudo umount /dev/sdb*</b><br/>
- <b># umount /dev/sdb*</b>
- </p>
-
- <p>
- dmesg told you what device it is. Overwrite the drive, writing your distro ISO to it with dd. For example:<br/>
- <b>$ sudo dd if=gnulinux.iso of=/dev/sdb bs=8M; sync</b><br/>
- <b># dd if=gnulinux.iso of=/dev/sdb bs=8M; sync</b>
- </p>
-
- <h2>Booting the USB drive (in GRUB)</h2>
-
- <p>
- Boot it in GRUB using the <i>Parse ISOLINUX config (USB)</i> option (it's in default libreboot grub.cfg, at least).
-
- A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual
- ISOLINUX menu provided by that distro.
- </p>
-
- <p>
- If the ISOLINUX parser won't work, then press C to get to GRUB command line.<br/>
- grub> <b>ls</b><br/>
-
- Get the device from above output, eg (usb0). Example:<br/>
- grub> <b>cat (usb0)/isolinux/isolinux.cfg</b><br/>
-
- Either this will show the ISOLINUX menuentries for that ISO, or link to other .cfg files, for example /isolinux/foo.cfg.<br/>
-
- If it did that, then you do:<br/>
- grub> <b>cat (usb0)/isolinux/foo.cfg</b><br/>
-
- And so on, until you find the correct menuentries for ISOLINUX.
- </p>
-
- <p>
- Now look at the ISOLINUX menuentry. It'll look like:<br/>
- <b>
- kernel /path/to/kernel<br/>
- append PARAMETERS initrd=/path/to/initrd MAYBE_MORE_PARAMETERS<br/>
- </b>
-
- GRUB works the same way, but in it's own way. Example GRUB commands:<br/>
- grub> <b>linux (usb0)/path/to/kernel PARAMETERS MAYBE_MORE_PARAMETERS</b><br/>
- grub> <b>initrd (usb0)/path/to/initrd</b><br/>
- grub> <b>boot</b><br/>
-
- Of course this will vary from distro to distro. If you did all that correctly, it should now be booting the ISO
- the way you specified.
- </p>
-
- <h1>Troubleshooting</h1>
-
- <p>
- Most of these issues occur when using libreboot with coreboot's 'text mode' instead of the coreboot framebuffer.
- This mode is useful for booting payloads like memtest86+ which expect text-mode, but for GNU/Linux distributions
- it can be problematic when they are trying to switch to a framebuffer because it doesn't exist.
- </p>
-
- <p>
- In most cases, you should use the vesafb ROM's. Example filename: libreboot_ukdvorak_vesafb.rom.
- </p>
-
- <h2>parabola won't boot in text-mode</h2>
-
- <p>
- Use one of the ROM images with vesafb in the filename (uses coreboot framebuffer instead of text-mode).
- </p>
-
- <h2>debian-installer (trisquel net install) graphical corruption in text-mode</h2>
- <p>
- When using the ROM images that use coreboot's "text mode" instead of the coreboot framebuffer,
- booting the Trisquel net installer results in graphical corruption because it is trying to switch to a framebuffer which doesn't
- exist. Use that kernel parameter on the 'linux' line when booting it:<br/>
- <b>vga=normal fb=false</b>
- </p>
-
- <p>
- Tested in Trisquel 6 (and 7). This forces debian-installer to start in text-mode, instead of trying to switch to a framebuffer.
- </p>
-
- <p>
- If selecting text-mode from a GRUB menu created using the ISOLINUX parser, you can press E on the menu entry to add this.
- Or, if you are booting manually (from GRUB terminal) then just add the parameters.
- </p>
-
- <p>
- This workaround was found on the page: <a href="https://www.debian.org/releases/stable/i386/ch05s04.html">https://www.debian.org/releases/stable/i386/ch05s04.html</a>.
- It should also work for gNewSense, Debian and any other apt-get distro that provides debian-installer (text mode) net install method.
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/grub_cbfs.html b/docs/howtos/grub_cbfs.html
deleted file mode 100644
index e603247..0000000
--- a/docs/howtos/grub_cbfs.html
+++ /dev/null
@@ -1,408 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- div.important {
- background-color:#ccc;
- }
- </style>
-
- <title>Libreboot documentation: GRUB menu</title>
-</head>
-
-<body>
- <header>
- <h1 id="pagetop">How to change your default GRUB menu</h1>
- <aside>Or <a href="../index.html">back to main index</a></aside>
- </header>
-
- <p>
- Libreboot uses the GRUB <a href="http://www.coreboot.org/Payloads#GRUB_2">payload</a>
- by default, which means that the GRUB configuration file
- (where your GRUB menu comes from) is stored directly alongside libreboot
- and it's GRUB payload executable, inside
- the flash chip. In context, this means that installing distributions and managing them
- is handled slightly differently compared to traditional BIOS systems.
- </p>
-
- <p>
- A libreboot (or coreboot) ROM image is not simply "flat"; there is an actual
- filesystem inside called CBFS (coreboot filesystem). A utility called 'cbfstool'
- allows you to change the contents of the ROM image. In this case, libreboot is configured
- such that the 'grub.cfg' and 'grubtest.cfg' files exists directly inside CBFS instead of
- inside the GRUB payload's 'memdisk' (which is itself stored in CBFS).
- </p>
-
- <p>
- Here is an excellent writeup about CBFS (coreboot filesystem):
- <a href="http://lennartb.home.xs4all.nl/coreboot/col5.html" target="_blank">http://lennartb.home.xs4all.nl/coreboot/col5.html</a>.
- </p>
-
-<hr/>
-
- <h2>Table of Contents</h2>
-
- <ul>
- <li><a href="#getting_started">Getting started</a></li>
- <li><a href="#build_cbfstool">Build 'cbfstool' from source</a></li>
- <li><a href="#which_rom">Which ROM image should I use?</a></li>
- <li><a href="#extract_grubtest">Extract grubtest from the ROM image</a>
- <li>
- <a href="#example_modifications">Example modifications for <i>grubtest.cfg</i></a>
- <ul>
- <li><a href="#example_modifications_trisquel">Trisquel GNU/Linux-libre</a></li>
- <li><a href="#example_modifications_parabola">Parabola GNU/Linux-libre</a></li>
- </lu>
- </ul>
- <li><a href="#reinsert_modified_grubtest">Re-insert the modified grubtest.cfg into the ROM image</a></li>
- <li><a href="#test_it">Test it!</a>
- <li><a href="#final_steps">Final steps</a></li>
- <li><a href="#troubleshooting">Troubleshooting</a></li>
- </ul>
-
-<hr/>
-
- <h2 id="getting_started">Getting started</h2>
-
- <p>
- Download the latest release from
- <a href="http://libreboot.org/" target="_blank">http://libreboot.org/</a>
- <br/><b>If you downloaded from git, refer to
- <a href="../index.html#build_meta">../index.html#build_meta</a> before continuing.</b>
- </p>
-
- <p>
- <a href="../index.html#build_dependencies">Install the build dependencies</a>.
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="build_cbfstool">Build 'cbfstool' from source</h2>
-
- <p>
- If you are working with libreboot_src, then you can run <b><i>make</i></b> command in
- libreboot_src/coreboot/util/cbfstool to build the <b><i>cbfstool</i></b> and <b><i>rmodtool</i></b>
- executable.
- </p>
- <p>
- Alternatively if you are working with libreboot_bin, then you can run <b><i>./builddeps-cbfstool</i></b>
- command inside libreboot_bin/; a <b><i>cbfstool</i></b> and <b><i>rmodtool</i></b>
- executable will appear under libreboot_bin/
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="which_rom">Which ROM image should I use?</h2>
-
- <p>
- You can work directly with one of the ROM's already included in the libreboot ROM archives. For the purpose of
- this tutorial it is assumed that your ROM is named <i>libreboot.rom</i> so please make sure to adapt.
- </p>
-
- <p>
- If you want to re-use the ROM that you currently have flashed (and running) then see
- <a href="../index.html#build_flashrom">../index.html#build_flashrom</a>
- and then run:<br/>
- <b>$ sudo ./flashrom -p internal -r libreboot.rom</b><br/>
- Notice that this is using <b>"-r"</b> (read) instead of <b>"-w"</b> (write).
- This will create a dump (copy) of your current firmware and name it <b>libreboot.rom</b>.
- You need to take ownership of the file. For example:<br/>
- <b>$ sudo chown yourusername:yourusername libreboot.rom</b><br/>
- <b># chown yourusername:yourusername libreboot.rom</b>
- </p>
-
- <p>
- If you currently have flashed a ROM image from an older version, it is recommended to update first:
- basically, modify one of the latest ROM's and then flash it.
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="extract_grubtest">Extract grubtest.cfg from the ROM image</h2>
-
- <p>
- Display contents of ROM:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
-
- <p>
- The libreboot.rom file contains your <i>grub.cfg</i> and <i>grubtest.cfg</i> files.
- You should extract, modify and re-insert the copy first. grub.cfg will load first,
- but it has a menu entry for switching to the copy (grubtest.cfg).
- This reduces your chance of making a mistake that could make your machine unbootable (or very hard to boot).
- </p>
-
- <p>
- Extract grubtest.cfg from the ROM image:<br/>
- <b>$ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg</b>
- </p>
-
- <p>
- Now you have a grubtest.cfg in cbfstool directory. Edit it however you wish.
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <div class="important">
-
- <h2 id="example_modifications">Example modifications for <i>grubtest.cfg</i></h2>
-
- <p>
- These are some common examples of ways in which the grubtest.cfg file can be modified.
- </p>
-
- <h3 id="example_modifications_trisquel">Trisquel GNU/Linux-libre</h3>
-
- <p>
- As an example, on my test system in /boot/grub/grub.cfg (on the HDD/SSD) I see for the main menu entry:
- </p>
- <ul>
- <li><b>linux /boot/vmlinuz-3.15.1-gnu.nonpae root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro crashkernel=384M-2G:64M,2G-:128M quiet splash $vt_handoff</b></li>
- <li><b>initrd /boot/initrd.img-3.15.1-gnu.nonpae</b></li>
- </ul>
-
- <p>
- <b>ro</b>, <b>quiet</b>, <b>splash</b>, <b>crashkernel=384M-2G:64M,2G-:128M</b> and
- <b>$vt_handoff</b> can be safely ignored.
- </p>
-
- <p>
- I use this to get my partition layout:<br/>
- $ <b>lsblk</b>
- </p>
-
- <p>
- In my case, I have no /boot partition, instead /boot is on the same partition as / on sda1.
- Yours might be different. In GRUB terms, sda means ahci0. 1 means msdos1, or gpt1, depending
- on whether I am using MBR or GPT partitioning. Thus, /dev/sda1 is GRUB is (ahci0,msdos1) or
- (ahci0,gpt1). In my case, I use MBR partitioning so it's (ahci0,msdos1).
- 'msdos' is GRUB's name simply because this partitioning type is traditionally used by MS-DOS.
- It doesn't mean you have a proprietary OS.
- </p>
-
- <p>
- Trisquel doesn't keep the filenames of kernels consistent, instead it keeps old kernels and
- new kernel updates are provided with the version in the filename. This can make GRUB payload
- a bit tricky. Fortunately, there are symlinks /vmlinuz and /initrd.img
- so if your /boot and / are on the same partition, you can set GRUB to boot from that.
- These are also updated automatically when installing kernel updates from your distributions
- apt-get repositories.
- <b>
- Note: when using <a href="http://jxself.org/linux-libre">jxself kernel releases</a>,
- these are not updated at all and you have to update them manually.
- </b>
- </p>
-
- <p>
- For the GRUB payload's grubtest.cfg (in the 'Load Operating System' menu entry), we therefore have (in this example):<br/>
- <b>set root='ahci0,msdos1'</b><br/>
- <b>linux /vmlinuz root=UUID=3a008e14-4871-497b-95e5-fb180f277951</b><br/>
- <b>initrd /initrd.img</b>
- </p>
-
- <p>
- Optionally, you can convert the UUID to it's real device name, for example /dev/sda1 in this case.
- sdX naming isn't very reliable, though, which is why UUID is used for most distributions.
- </p>
-
- <p>
- Alternatively, if your /boot is on a separate partition then you cannot rely on the /vmlinuz and /initrd.img symlinks.
- Instead, go into /boot and create your own symlinks (update them manually when you install a new kernel update).<br/>
- $ <b>sudo -s</b><br/>
- # <b>cd /boot/</b><br/>
- # <b>rm -rf vmlinuz initrd.img</b><br/>
- # <b>ln -s <u>kernel</u> ksym</b><br/>
- # <b>ln -s <u>initrd</u> isym</b><br/>
- # <b>exit</b>
- </p>
-
- <p>
- Replace the underlined <b>kernel</b> and <b>initrd</b> filenames above with the actual filenames, of course.
- </p>
-
- <p>
- Then your grubtest.cfg menu entry (for payload) becomes like that, for example if / was on sda2 and /boot was on sda1:<br/>
- <b>set root='ahci0,msdos1'</b><br/>
- <b>linux /ksym root=/dev/sda2</b><br/>
- <b>initrd /isym</b>
- </p>
-
- <p>
- There are lots of possible variations so please try to adapt.
- </p>
-
- <h3 id="example_modifications_parabola">Parabola GNU/Linux-libre</h2>
-
- <p>
- You can basically adapt the above. Note however that Parabola does not keep old kernels still installed, and the file names
- are always consistent, so you don't need to boot from symlinks, you can just use the real thing directly.
- </p>
-
- </div>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="reinsert_modified_grubtest">Re-insert the modified grubtest.cfg into the ROM image</h2>
-
- <p>
- Delete the grubtest.cfg that remained inside the ROM:<br/>
- <b>$ ./cbfstool libreboot.rom remove -n grubtest.cfg</b>
- </p>
-
- <p>
- Display ROM contents and now you see grubtest.cfg no longer exists there:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
-
- <p>
- Add the modified version that you just made:<br/>
- <b>$ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw</b>
- </p>
-
- <p>
- Now display ROM contents again and see that it exists again:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="test_it">Test it!</h2>
-
- <p>
- <b>
- Now you have a modified ROM. Refer back to <a href="../index.html#flashrom">../index.html#flashrom</a> for information
- on how to flash it. Once you have done that, shut down and then boot up with your new test configuration.
- </b>
- </p>
-
- <p>
- Choose (in GRUB) the menu entry that switches to grubtest.cfg. If it works, then your config is safe and you can continue below.
- </p>
-
- <p>
- <b>
- If it does not work like you want it to, if you are unsure or sceptical in any way,
- then re-do the steps above until you get it right! Do *not* proceed past this point
- unless you are 100% sure that your new configuration is safe (or desirable) to use.
- </b>
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="final_steps">Final steps</h2>
-
- <p>
- Create a copy of grubtest.cfg, called grub.cfg, which is the same except for one difference:
- change the menuentry 'Switch to grub.cfg' to 'Switch to grubtest.cfg' and inside it,
- change all instances of grub.cfg to grubtest.cfg. This is so that the main config still
- links (in the menu) to grubtest.cfg, so that you don't have to manually switch to it, in
- case you ever want to follow this guide again in the future (modifying the already modified config)<br/>
- $ <b>sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e 's:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > grub.cfg</b><br/>
- </p>
-
- <p>
- Delete the grub.cfg that remained inside the ROM:<br/>
- <b>$ ./cbfstool libreboot.rom remove -n grub.cfg</b>
- </p>
-
- <p>
- Display ROM contents and now you see grub.cfg no longer exists there:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
-
- <p>
- Add the modified version that you just made:<br/>
- <b>$ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw</b>
- </p>
-
- <p>
- Now display ROM contents again and see that it exists again:<br/>
- <b>$ ./cbfstool libreboot.rom print</b>
- </p>
-
- <p>
- <b>
- Now you have a modified ROM. Refer back to <a href="../index.html#flashrom">../index.html#flashrom</a> for information
- on how to flash it. Once you have done that, shut down and then boot up with your new configuration.
- </b>
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <h2 id="troubleshooting">Troubleshooting</h2>
-
- <p>
- A user reported that segmentation faults occur with cbfstool
- when using this procedure depending on the size of the grub.cfg being re-insterted.
- In his case, a minimum size of 857 bytes was required. This could (at the time of
- this release) be a bug in cbfstool that should be investigated with the coreboot
- community. If cbfstool segfaults, then keep this in mind. 'strace' (or gdb? clang?)
- could be used for debugging. This was in libreboot 5th release (based on coreboot
- from late 2013), and I'm not sure if the issue perists in the current releases.
- I have not been able to reproduce it. strace (from that user) is here:
- <a href="cbfstool_libreboot5_strace">cbfstool_libreboot5_strace</a>.
- The issue has been reported by a few users, so it does not happen all the time:
- this bug (if it still exists) could (should) be reproduced.
- </p>
-
- <p>
- <a href="#pagetop">Back to top of page.</a>
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/t60_dev/.htaccess b/docs/howtos/t60_dev/.htaccess
deleted file mode 100644
index 75da674..0000000
--- a/docs/howtos/t60_dev/.htaccess
+++ /dev/null
@@ -1,2 +0,0 @@
-Options +Indexes
-IndexOptions FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=*
diff --git a/docs/howtos/t60_dev/0001.JPG b/docs/howtos/t60_dev/0001.JPG
deleted file mode 100644
index 84d2f4f..0000000
--- a/docs/howtos/t60_dev/0001.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0002.JPG b/docs/howtos/t60_dev/0002.JPG
deleted file mode 100644
index 5f8ead5..0000000
--- a/docs/howtos/t60_dev/0002.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0003.JPG b/docs/howtos/t60_dev/0003.JPG
deleted file mode 100644
index 4b0826f..0000000
--- a/docs/howtos/t60_dev/0003.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0004.JPG b/docs/howtos/t60_dev/0004.JPG
deleted file mode 100644
index 42d9086..0000000
--- a/docs/howtos/t60_dev/0004.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0005.JPG b/docs/howtos/t60_dev/0005.JPG
deleted file mode 100644
index 8e9bce3..0000000
--- a/docs/howtos/t60_dev/0005.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0006.JPG b/docs/howtos/t60_dev/0006.JPG
deleted file mode 100644
index 6371b46..0000000
--- a/docs/howtos/t60_dev/0006.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0007.JPG b/docs/howtos/t60_dev/0007.JPG
deleted file mode 100644
index cedc9d9..0000000
--- a/docs/howtos/t60_dev/0007.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0008.JPG b/docs/howtos/t60_dev/0008.JPG
deleted file mode 100644
index bec57a1..0000000
--- a/docs/howtos/t60_dev/0008.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0009.JPG b/docs/howtos/t60_dev/0009.JPG
deleted file mode 100644
index aeeda57..0000000
--- a/docs/howtos/t60_dev/0009.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0010.JPG b/docs/howtos/t60_dev/0010.JPG
deleted file mode 100644
index c776171..0000000
--- a/docs/howtos/t60_dev/0010.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0011.JPG b/docs/howtos/t60_dev/0011.JPG
deleted file mode 100644
index 24cb443..0000000
--- a/docs/howtos/t60_dev/0011.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0012.JPG b/docs/howtos/t60_dev/0012.JPG
deleted file mode 100644
index c719958..0000000
--- a/docs/howtos/t60_dev/0012.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0013.JPG b/docs/howtos/t60_dev/0013.JPG
deleted file mode 100644
index b8ed7ee..0000000
--- a/docs/howtos/t60_dev/0013.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0014.JPG b/docs/howtos/t60_dev/0014.JPG
deleted file mode 100644
index 5160dc3..0000000
--- a/docs/howtos/t60_dev/0014.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0015.JPG b/docs/howtos/t60_dev/0015.JPG
deleted file mode 100644
index 0c1fd18..0000000
--- a/docs/howtos/t60_dev/0015.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0016.JPG b/docs/howtos/t60_dev/0016.JPG
deleted file mode 100644
index c698be2..0000000
--- a/docs/howtos/t60_dev/0016.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0017.JPG b/docs/howtos/t60_dev/0017.JPG
deleted file mode 100644
index 652a66e..0000000
--- a/docs/howtos/t60_dev/0017.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0018.JPG b/docs/howtos/t60_dev/0018.JPG
deleted file mode 100644
index cf43067..0000000
--- a/docs/howtos/t60_dev/0018.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0019.JPG b/docs/howtos/t60_dev/0019.JPG
deleted file mode 100644
index a75f68a..0000000
--- a/docs/howtos/t60_dev/0019.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0020.JPG b/docs/howtos/t60_dev/0020.JPG
deleted file mode 100644
index 0c4f7db..0000000
--- a/docs/howtos/t60_dev/0020.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0021.JPG b/docs/howtos/t60_dev/0021.JPG
deleted file mode 100644
index c7d5757..0000000
--- a/docs/howtos/t60_dev/0021.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0022.JPG b/docs/howtos/t60_dev/0022.JPG
deleted file mode 100644
index 5971da2..0000000
--- a/docs/howtos/t60_dev/0022.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0023.JPG b/docs/howtos/t60_dev/0023.JPG
deleted file mode 100644
index 99f67c3..0000000
--- a/docs/howtos/t60_dev/0023.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0024.JPG b/docs/howtos/t60_dev/0024.JPG
deleted file mode 100644
index f89b537..0000000
--- a/docs/howtos/t60_dev/0024.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0025.JPG b/docs/howtos/t60_dev/0025.JPG
deleted file mode 100644
index d6b180e..0000000
--- a/docs/howtos/t60_dev/0025.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0026.JPG b/docs/howtos/t60_dev/0026.JPG
deleted file mode 100644
index c8f3299..0000000
--- a/docs/howtos/t60_dev/0026.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0027.JPG b/docs/howtos/t60_dev/0027.JPG
deleted file mode 100644
index 10ab8e0..0000000
--- a/docs/howtos/t60_dev/0027.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0028.JPG b/docs/howtos/t60_dev/0028.JPG
deleted file mode 100644
index 64cba1c..0000000
--- a/docs/howtos/t60_dev/0028.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0029.JPG b/docs/howtos/t60_dev/0029.JPG
deleted file mode 100644
index 960ebdd..0000000
--- a/docs/howtos/t60_dev/0029.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0030.JPG b/docs/howtos/t60_dev/0030.JPG
deleted file mode 100644
index 046fd00..0000000
--- a/docs/howtos/t60_dev/0030.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0031.JPG b/docs/howtos/t60_dev/0031.JPG
deleted file mode 100644
index 870f22b..0000000
--- a/docs/howtos/t60_dev/0031.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0032.JPG b/docs/howtos/t60_dev/0032.JPG
deleted file mode 100644
index 70ff44a..0000000
--- a/docs/howtos/t60_dev/0032.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0033.JPG b/docs/howtos/t60_dev/0033.JPG
deleted file mode 100644
index 142ca97..0000000
--- a/docs/howtos/t60_dev/0033.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0034.JPG b/docs/howtos/t60_dev/0034.JPG
deleted file mode 100644
index 907192e..0000000
--- a/docs/howtos/t60_dev/0034.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0035.JPG b/docs/howtos/t60_dev/0035.JPG
deleted file mode 100644
index bf38c89..0000000
--- a/docs/howtos/t60_dev/0035.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0036.JPG b/docs/howtos/t60_dev/0036.JPG
deleted file mode 100644
index a7e5bdf..0000000
--- a/docs/howtos/t60_dev/0036.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0037.JPG b/docs/howtos/t60_dev/0037.JPG
deleted file mode 100644
index ab30c27..0000000
--- a/docs/howtos/t60_dev/0037.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0038.JPG b/docs/howtos/t60_dev/0038.JPG
deleted file mode 100644
index 362c547..0000000
--- a/docs/howtos/t60_dev/0038.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0039.JPG b/docs/howtos/t60_dev/0039.JPG
deleted file mode 100644
index 224f72e..0000000
--- a/docs/howtos/t60_dev/0039.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0040.JPG b/docs/howtos/t60_dev/0040.JPG
deleted file mode 100644
index adcd923..0000000
--- a/docs/howtos/t60_dev/0040.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0041.JPG b/docs/howtos/t60_dev/0041.JPG
deleted file mode 100644
index 2a04682..0000000
--- a/docs/howtos/t60_dev/0041.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0042.JPG b/docs/howtos/t60_dev/0042.JPG
deleted file mode 100644
index b5ed8ec..0000000
--- a/docs/howtos/t60_dev/0042.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0043.JPG b/docs/howtos/t60_dev/0043.JPG
deleted file mode 100644
index 7144a98..0000000
--- a/docs/howtos/t60_dev/0043.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0044.JPG b/docs/howtos/t60_dev/0044.JPG
deleted file mode 100644
index 27a24c6..0000000
--- a/docs/howtos/t60_dev/0044.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0045.JPG b/docs/howtos/t60_dev/0045.JPG
deleted file mode 100644
index 997b498..0000000
--- a/docs/howtos/t60_dev/0045.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0046.JPG b/docs/howtos/t60_dev/0046.JPG
deleted file mode 100644
index 25d6baa..0000000
--- a/docs/howtos/t60_dev/0046.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0047.JPG b/docs/howtos/t60_dev/0047.JPG
deleted file mode 100644
index 6b57bf3..0000000
--- a/docs/howtos/t60_dev/0047.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0048.JPG b/docs/howtos/t60_dev/0048.JPG
deleted file mode 100644
index 7339f07..0000000
--- a/docs/howtos/t60_dev/0048.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0049.JPG b/docs/howtos/t60_dev/0049.JPG
deleted file mode 100644
index cf3a7fd..0000000
--- a/docs/howtos/t60_dev/0049.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0050.JPG b/docs/howtos/t60_dev/0050.JPG
deleted file mode 100644
index 7de4edd..0000000
--- a/docs/howtos/t60_dev/0050.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0051.JPG b/docs/howtos/t60_dev/0051.JPG
deleted file mode 100644
index 87c41b3..0000000
--- a/docs/howtos/t60_dev/0051.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0052.JPG b/docs/howtos/t60_dev/0052.JPG
deleted file mode 100644
index 4a8e443..0000000
--- a/docs/howtos/t60_dev/0052.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0053.JPG b/docs/howtos/t60_dev/0053.JPG
deleted file mode 100644
index e1044fc..0000000
--- a/docs/howtos/t60_dev/0053.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0054.JPG b/docs/howtos/t60_dev/0054.JPG
deleted file mode 100644
index c96c020..0000000
--- a/docs/howtos/t60_dev/0054.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0055.JPG b/docs/howtos/t60_dev/0055.JPG
deleted file mode 100644
index 6da87d5..0000000
--- a/docs/howtos/t60_dev/0055.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0056.JPG b/docs/howtos/t60_dev/0056.JPG
deleted file mode 100644
index 81a6659..0000000
--- a/docs/howtos/t60_dev/0056.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0057.JPG b/docs/howtos/t60_dev/0057.JPG
deleted file mode 100644
index 268fede..0000000
--- a/docs/howtos/t60_dev/0057.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0058.JPG b/docs/howtos/t60_dev/0058.JPG
deleted file mode 100644
index bedfb12..0000000
--- a/docs/howtos/t60_dev/0058.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0059.JPG b/docs/howtos/t60_dev/0059.JPG
deleted file mode 100644
index 422687c..0000000
--- a/docs/howtos/t60_dev/0059.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0060.JPG b/docs/howtos/t60_dev/0060.JPG
deleted file mode 100644
index 8743c0d..0000000
--- a/docs/howtos/t60_dev/0060.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0061.JPG b/docs/howtos/t60_dev/0061.JPG
deleted file mode 100644
index e05f626..0000000
--- a/docs/howtos/t60_dev/0061.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0062.JPG b/docs/howtos/t60_dev/0062.JPG
deleted file mode 100644
index 1fe77a7..0000000
--- a/docs/howtos/t60_dev/0062.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0063.JPG b/docs/howtos/t60_dev/0063.JPG
deleted file mode 100644
index 87b7761..0000000
--- a/docs/howtos/t60_dev/0063.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0064.JPG b/docs/howtos/t60_dev/0064.JPG
deleted file mode 100644
index e80189e..0000000
--- a/docs/howtos/t60_dev/0064.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0065.JPG b/docs/howtos/t60_dev/0065.JPG
deleted file mode 100644
index 4e77a88..0000000
--- a/docs/howtos/t60_dev/0065.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0066.JPG b/docs/howtos/t60_dev/0066.JPG
deleted file mode 100644
index 793c0f8..0000000
--- a/docs/howtos/t60_dev/0066.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0068.JPG b/docs/howtos/t60_dev/0068.JPG
deleted file mode 100644
index 9f9f299..0000000
--- a/docs/howtos/t60_dev/0068.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0069.JPG b/docs/howtos/t60_dev/0069.JPG
deleted file mode 100644
index 98931e6..0000000
--- a/docs/howtos/t60_dev/0069.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0070.JPG b/docs/howtos/t60_dev/0070.JPG
deleted file mode 100644
index 09958c3..0000000
--- a/docs/howtos/t60_dev/0070.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0071.JPG b/docs/howtos/t60_dev/0071.JPG
deleted file mode 100644
index 104d21e..0000000
--- a/docs/howtos/t60_dev/0071.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0072.JPG b/docs/howtos/t60_dev/0072.JPG
deleted file mode 100644
index 66c8e3b..0000000
--- a/docs/howtos/t60_dev/0072.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0073.JPG b/docs/howtos/t60_dev/0073.JPG
deleted file mode 100644
index 5d9b9fa..0000000
--- a/docs/howtos/t60_dev/0073.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/0074.JPG b/docs/howtos/t60_dev/0074.JPG
deleted file mode 100644
index 303264a..0000000
--- a/docs/howtos/t60_dev/0074.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_dev/t60_unbrick.jpg b/docs/howtos/t60_dev/t60_unbrick.jpg
deleted file mode 100644
index 820a9b4..0000000
--- a/docs/howtos/t60_dev/t60_unbrick.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/t60_heatsink.html b/docs/howtos/t60_heatsink.html
deleted file mode 100644
index f10ea60..0000000
--- a/docs/howtos/t60_heatsink.html
+++ /dev/null
@@ -1,133 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Unbricking the ThinkPad T60</title>
-</head>
-
-<body>
-
- <header>
- <h1>Changing heatsink (or CPU) on the ThinkPad T60</h1>
- <aside>Using this guide you can also change/upgrade the CPU.</aside>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <h1 id="hardware_requirements">Hardware requirements</h1>
- <ul>
- <li>rubbing a***hol (misspelling intentional. halal internet) and thermal compound for changing CPU heatsink (procedure involves removing heatsink)</li>
- <li>thermal compound/paste (Arctic Silver 5 is good. Others are also good.)</li>
- </ul>
-
- <h1 id="software_requirements">Software requirements</h1>
- <ul>
- <li>xsensors</li>
- <li>stress</li>
- </ul>
-
- <h1 id="recovery">Disassembly</h1>
-
- <p>
- Remove those screws and remove the HDD:<br/>
- <img src="t60_dev/0001.JPG" alt="" /> <img src="t60_dev/0002.JPG" alt="" />
- </p>
-
- <p>
- Lift off the palm rest:<br/>
- <img src="t60_dev/0003.JPG" alt="" />
- </p>
-
- <p>
- Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:<br/>
- <img src="t60_dev/0004.JPG" alt="" /> <img src="t60_dev/0005.JPG" alt="" /> <img src="t60_dev/0006.JPG" alt="" />
- </p>
-
- <p>
- Gently wedge both sides loose:<br/>
- <img src="t60_dev/0007.JPG" alt="" /> <img src="t60_dev/0008.JPG" alt="" />
- </p>
-
- <p>
- Remove that cable from the position:<br/>
- <img src="t60_dev/0009.JPG" alt="" /> <img src="t60_dev/0010.JPG" alt="" />
- </p>
-
- <p>
- Remove the bezel (sorry forgot to take pics).
- </p>
-
- <p>
- On the CPU (and there is another chip south-east to it, sorry forgot to take pic)
- clean off the old thermal paste (rubbing a1ocheal (misspelling intentional. halal internet)) and apply new (Artic Silver 5 is good, others are good too)
- you should also clean the heatsink the same way<br/>
- <img src="t60_dev/0051.JPG" alt="" />
- </p>
-
- <p>
- This is also an opportunity to change the CPU to another one. For example if you had a Core Duo T2400, you can upgrade it to a better processor
- (higher speed, 64-bit support). A Core 2 Duo T7600 was installed here.
- </p>
-
- <p>
- Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):<br/>
- <img src="t60_dev/0052.JPG" alt="" />
- </p>
-
- <p>
- Reinstall that upper bezel:<br/>
- <img src="t60_dev/0053.JPG" alt="" />
- </p>
-
- <p>
- Do that:<br/>
- <img src="t60_dev/0054.JPG" alt="" /> <img src="t60_dev/0055.JPG" alt="" />
- </p>
-
- <p>
- Attach keyboard:<br/>
- <img src="t60_dev/0056.JPG" alt="" />
- </p>
-
- <p>
- Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:<br/>
- <img src="t60_dev/0058.JPG" alt="" />
- </p>
-
- <p>
- It lives!<br/>
- <img src="t60_dev/0071.JPG" alt="" /> <img src="t60_dev/0072.JPG" alt="" /> <img src="t60_dev/0073.JPG" alt="" />
- </p>
-
- <p>
- Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:<br/>
- <img src="t60_dev/0074.JPG" alt="" />
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/t60_lcd_15.html b/docs/howtos/t60_lcd_15.html
deleted file mode 100644
index 3b382f5..0000000
--- a/docs/howtos/t60_lcd_15.html
+++ /dev/null
@@ -1,94 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Unbricking the ThinkPad T60</title>
-</head>
-
-<body>
-
- <header>
- <h1>Changing the LCD panel on a 15.1" T60</h1>
- <aside>This is for the 15.1" T60. If you have another size then the procedure will differ; for example, on 14.1" you have
- to remove the hinges and the procedure is a bit more involved than on 15.1".</aside>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <h1 id="recovery">Disassembly</h1>
-
- <p>
- Remove those covers and unscrew:<br/>
- <img src="t60_dev/0059.JPG" alt="" /> <img src="t60_dev/0060.JPG" alt="" /> <img src="t60_dev/0061.JPG" alt="" />
- </p>
-
- <p>
- Gently pry off the front bezel.
- </p>
-
- <p>
- Remove inverter board:<br/>
- <img src="t60_dev/0064.JPG" alt="" />
- </p>
-
- <p>
- Disconnect LCD cable:<br/>
- <img src="t60_dev/0065.JPG" alt="" />
- </p>
-
- <p>
- Remove the panel:<br/>
- <img src="t60_dev/0066.JPG" alt="" />
- </p>
-
- <p>
- Move the rails (left and right side) from the old panel to the new one and then attach LCD cable:<br/>
- <img src="t60_dev/0068.JPG" alt="" />
- </p>
-
- <p>
- Insert panel (this one is an LG-Philips LP150E05-A2K1, and there are others. See <a href="../index.html#supported_t60_list">../index.html#supported_t60_list</a>):<br/>
- <img src="t60_dev/0069.JPG" alt="" />
- </p>
-
- <p>
- Insert new inverter board (see <a href="../index.html#supported_t60_list">../index.html#supported_t60_list</a> for what is recommended on your LCD panel):<br/>
- <img src="t60_dev/0070.JPG" alt="" />
- </p>
-
- <p>
- Now re-attach the front bezel and put all the screws in.
- </p>
-
- <p>
- It lives!<br/>
- <img src="t60_dev/0071.JPG" alt="" /> <img src="t60_dev/0072.JPG" alt="" /> <img src="t60_dev/0073.JPG" alt="" />
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/t60_security.html b/docs/howtos/t60_security.html
deleted file mode 100644
index f39c739..0000000
--- a/docs/howtos/t60_security.html
+++ /dev/null
@@ -1,445 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Security on the ThinkPad T60</title>
-</head>
-
-<body>
-
- <header>
- <h1>Security on the ThinkPad T60</h1>
- <aside>Hardware modifications to enhance security on the ThinkPad T60. This tutorial is <b>incomplete</b> at the time of writing.</aside>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <h2>Table of Contents</h2>
- <ul>
- <li><a href="#hardware_requirements">Hardware Requirements</a></li>
- <li><a href="#software_requirements">Software Requirements</a></li>
- <li><a href="#procedure">The procedure</a></li>
- </ul>
-
- <h1 id="hardware_requirements">Hardware requirements</h1>
- <ul>
- <li>A T60</li>
- <li>screwdriver</li>
- <li>(in a later version of this tutorial: soldering iron and scalpel)</li>
- </ul>
-
- <h1 id="software_requirements">Software requirements</h1>
- <ul>
- <li>none (at least in the scope of the article as-is)</li>
- <li>You probably want to encrypt your GNU/Linux install using LUKS</li>
- </ul>
-
- <h1>
- Rationale
- </h1>
- <p>
- Most people think of security on the software side: the hardware is important aswell.
- Hardware security is useful in particular to journalists (or activists in a given movement) who need absolute privacy in their work.
- It is also generally useful to all those that believe security and privacy are inalienable rights.
- Security starts with the hardware; crypto and network security come later.
- </p>
- <p>
- Paradoxically, going this far to increase your security also makes you a bigger target.
- At the same time, it protects you in the case that someone does attack your machine.
- This paradox only exists while few people take adequate steps to protect yourself: it is your <b>duty</b>
- to protect yourself, not only for your benefit but to make strong security <i>normal</i> so
- that those who do need protection (and claim it) are a smaller target against the masses.
- </p>
- <p>
- Even if there are levels of security beyond your ability (technically, financially and so on)
- doing at least <i>something</i> (what you are able to do) is extremely important.
- If you use the internet and your computer without protection, attacking you is cheap (some say it is
- only a few US cents). If everyone (majority of people) use strong security by default,
- it makes attacks more costly and time consuming; in effect, making them disappear.
- </p>
- <p>
- This tutorial deals with reducing the number of devices that have direct memory access that
- could communicate with inputs/outputs that could be used to remotely
- command the machine (or leak data).
- </p>
-
- <h1 id="procedure">Disassembly</h1>
-
- <p>
- Remove those screws and remove the HDD:<br/>
- <img src="t60_dev/0001.JPG" alt="" /> <img src="t60_dev/0002.JPG" alt="" />
- </p>
-
- <p>
- Lift off the palm rest:<br/>
- <img src="t60_dev/0003.JPG" alt="" />
- </p>
-
- <p>
- Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:<br/>
- <img src="t60_dev/0004.JPG" alt="" /> <img src="t60_dev/0005.JPG" alt="" /> <img src="t60_dev/0006.JPG" alt="" />
- </p>
-
- <p>
- Gently wedge both sides loose:<br/>
- <img src="t60_dev/0007.JPG" alt="" /> <img src="t60_dev/0008.JPG" alt="" />
- </p>
-
- <p>
- Remove that cable from the position:<br/>
- <img src="t60_dev/0009.JPG" alt="" /> <img src="t60_dev/0010.JPG" alt="" />
- </p>
-
- <p>
- Now remove that bezel. Remove wifi, nvram battery and speaker connector (also remove 56k modem, on the left of wifi):<br/>
- <img src="t60_dev/0011.JPG" alt="" /><br/>
- Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.<br/>
- <b>Wifi:</b> The ath5k/ath9k cards might not have firmware at all. They might safe but could have
- access to the computer's RAM trough DMA. If people have an intel
- card(most T60's come with Intel wifi by default, until you change it),then that card runs
- a non-free firwamre and has access to the computer's RAM trough DMA! So
- it's risk-level is very high.
- </p>
-
- <p>
- Remove those screws:<br/>
- <img src="t60_dev/0012.JPG" alt="" />
- </p>
-
- <p>
- Disconnect the power jack:<br/>
- <img src="t60_dev/0013.JPG" alt="" />
- </p>
-
- <p>
- Remove nvram battery (we will put it back later):<br/>
- <img src="t60_dev/0014.JPG" alt="" />
- </p>
-
- <p>
- Disconnect cable (for 56k modem) and disconnect the other cable:<br/>
- <img src="t60_dev/0015.JPG" alt="" /> <img src="t60_dev/0016.JPG" alt="" />
- </p>
-
- <p>
- Disconnect speaker cable:<br/>
- <img src="t60_dev/0017.JPG" alt="" />
- </p>
-
- <p>
- Disconnect the other end of the 56k modem cable:<br/>
- <img src="t60_dev/0018.JPG" alt="" />
- </p>
-
- <p>
- Make sure you removed it:<br/>
- <img src="t60_dev/0019.JPG" alt="" />
- </p>
-
- <p>
- Unscrew those:<br/>
- <img src="t60_dev/0020.JPG" alt="" />
- </p>
-
- <p>
- Make sure you removed those:<br/>
- <img src="t60_dev/0021.JPG" alt="" />
- </p>
-
- <p>
- Disconnect LCD cable from board:<br/>
- <img src="t60_dev/0022.JPG" alt="" />
- </p>
-
- <p>
- Remove those screws then remove the LCD assembly:<br/>
- <img src="t60_dev/0023.JPG" alt="" /> <img src="t60_dev/0024.JPG" alt="" /> <img src="t60_dev/0025.JPG" alt="" />
- </p>
-
- <p>
- Once again, make sure you removed those:<br/>
- <img src="t60_dev/0026.JPG" alt="" />
- </p>
-
- <p>
- Remove the shielding containing the motherboard, then flip it over. Remove these screws, placing them on a steady
- surface in the same layout as they were in before you removed them. Also, you should mark each screw hole after removing the
- screw (a permanent marker pen will do), this is so that you have a point of reference when re-assembling the machine:<br/>
- <img src="t60_dev/0027.JPG" alt="" /> <img src="t60_dev/0028.JPG" alt="" /> <img src="t60_dev/0029.JPG" alt="" />
- <img src="t60_dev/0031.JPG" alt="" /> <img src="t60_dev/0032.JPG" alt="" /> <img src="t60_dev/0033.JPG" alt="" />
- </p>
-
- <p>
- Remove microphone (soldering iron not needed. Just wedge it out gently):<br/>
- <img src="t60_dev/0039.JPG" alt="" /><br/>
- <b>Rationale:</b><br/>
- Another reason to remove the microphone: If your computer gets<a href="#ref1">[1]</a> compromised, it can
- record what you say, and use it to receive data from nearby devices if
- they're compromised too. Also, we do not know what the built-in microcode (in the CPU) is doing; it could theoretically
- be programmed to accept remote commands from some speaker somewhere (remote security hole). <b>In other words,
- the machine could already be compromised from the factory.</b>
- </p>
-
- <p>
- Remove infrared:<br/>
- <img src="t60_dev/0040.JPG" alt="" /> <img src="t60_dev/0042.JPG" alt="" />
- </p>
-
- <p>
- Remove cardbus (it's in a socket, no need to disable. Just remove the port itself):<br/>
- <img src="t60_dev/0041.JPG" alt="" /><br/>
- <b>Rationale:</b><br/>
- It has direct memory access and can be used to extract sensitive details (such as LUKS keys). See
- 'GoodBIOS' video linked at the end (speaker is Peter Stuge, a coreboot hacker). The video covers X60
- but the same topics apply to T60.
- </p>
-
- <p>
- Before re-installing the upper chassis, remove the speaker:<br/>
- <img src="t60_dev/0043.JPG" alt="" /> <img src="t60_dev/0044.JPG" alt="" /><br/>
- Reason: combined with the microphone issue, this could be used to leak data.<br/>
- If your computer gets<a href="#ref1">[1]</a> compromised, it can be used to
- transmit data to nearby compromised devices. It's unknown if it can be
- turned into a microphone<a href="#ref2">[2]</a>.<br/>
- Replacement: headphones/speakers (line-out) or external DAC (USB).
- </p>
-
- <p>
- Remove the wwan:<br/>
- <img src="t60_dev/0045.JPG" alt="" /><br/>
- <b>Wwan (3d modem):</b> They run proprietary software and have access to the
- computer's RAM! So it's like AMT but over the GSM network which is
- probably even worse.<br/>
- Replacement: external USB wifi dongle. (or USB wwan/3g dongle; note, this has all the same privacy issues as mobile phones. wwan not recommended).
- </p>
-
- <p>
- This is where the simcard connector is soldered. See notes above about wwan. Remove simcard by removing battery
- and then it's accessible (so, remember to do this when you re-assemble. or you could do it now?)<br/>
- <img src="t60_dev/0046.JPG" alt="" />
- </p>
-
- <p>
- Put those screws back:<br/>
- <img src="t60_dev/0047.JPG" alt="" />
- </p>
-
- <p>
- Put it back into lower chassis:<br/>
- <img src="t60_dev/0048.JPG" alt="" />
- </p>
-
- <p>
- Attach LCD and insert screws (also, attach the lcd cable to the board):<br/>
- <img src="t60_dev/0049.JPG" alt="" />
- </p>
-
- <p>
- Insert those screws:<br/>
- <img src="t60_dev/0050.JPG" alt="" />
- </p>
-
- <p>
- On the CPU (and there is another chip south-east to it, sorry forgot to take pic)
- clean off the old thermal paste (rubbing a1ocheal (misspelling intentional. halal internet)) and apply new (Artic Silver 5 is good, others are good too)
- you should also clean the heatsink the same way<br/>
- <img src="t60_dev/0051.JPG" alt="" />
- </p>
-
- <p>
- Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):<br/>
- <img src="t60_dev/0052.JPG" alt="" />
- </p>
-
- <p>
- Reinstall that upper bezel:<br/>
- <img src="t60_dev/0053.JPG" alt="" />
- </p>
-
- <p>
- Do that:<br/>
- <img src="t60_dev/0054.JPG" alt="" /> <img src="t60_dev/0055.JPG" alt="" />
- </p>
-
- <p>
- Attach keyboard and install nvram battery:<br/>
- <img src="t60_dev/0056.JPG" alt="" /> <img src="t60_dev/0057.JPG" alt="" />
- </p>
-
- <p>
- Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:<br/>
- <img src="t60_dev/0058.JPG" alt="" />
- </p>
-
- <p>
- Remove those covers and unscrew:<br/>
- <img src="t60_dev/0059.JPG" alt="" /> <img src="t60_dev/0060.JPG" alt="" /> <img src="t60_dev/0061.JPG" alt="" />
- </p>
-
- <p>
- Gently pry off the front bezel (sorry, forgot to take pics).
- </p>
-
- <p>
- Remove bluetooth module:<br/>
- <img src="t60_dev/0062.JPG" alt="" /> <img src="t60_dev/0063.JPG" alt="" />
- </p>
-
- <p>
- Re-attach the front bezel and re-insert the screws (sorry, forgot to take pics).
- </p>
-
- <p>
- It lives!<br/>
- <img src="t60_dev/0071.JPG" alt="" /> <img src="t60_dev/0072.JPG" alt="" /> <img src="t60_dev/0073.JPG" alt="" />
- </p>
-
- <p>
- Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:<br/>
- <img src="t60_dev/0074.JPG" alt="" />
- </p>
-
- <h2>
- Not covered yet:
- </h2>
- <ul>
- <li>Disable flashing the ethernet firmware</li>
- <li>Disable SPI flash writes (can be re-enabled by unsoldering two parts)</li>
- <li>Disable use of xrandr/edid on external monitor (cut 2 pins on VGA)</li>
- <li>Disable docking station (might be possible to do it in software, in coreboot upstream as a Kconfig option)</li>
- </ul>
- <p>
- Go to <a href="http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html">http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html</a>
- or directly to the video: <a href="http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm">http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm</a>.
- </p>
- <p>
- A lot of this tutorial is based on that video. Look towards the second half of the video to see how to do the above.
- </p>
-
- <h2>
- Also not covered yet:
- </h2>
- <ul>
- <li>
- Intrusion detection: randomized seal on screws<br/>
- Just put nail polish with lot of glider on the important screws, take
- some good pictures. Keep the pictueres and make sure of their integrity.
- Compare the nail polish with the pictures before powering on the laptop.
- </li>
- <li>
- Tips about preventing/mitigating risk of cold boot attack.
- <ul>
- <li>soldered RAM?</li>
- <li>wipe all RAM at boot/power-off/power-on? (patch in coreboot upstream?)</li>
- <li>ask gnutoo about fallback patches (counts number of boots)</li>
- </ul>
- </li>
- <li>
- General tips/advice and web links showing how to detect physical intrusions.
- </li>
- <li>
- For example: <a href="http://cs.tau.ac.il/~tromer/acoustic/">http://cs.tau.ac.il/~tromer/acoustic/</a>
- </li>
- <li>
- https://gitorious.org/gnutoo-for-coreboot/grub-assemble/source/a61f636797777a742f65f4c9c58032aa6a9b23c3:
- </li>
- </ul>
-
- <h1>
- Extra notes
- </h1>
- <p>
- EC: Cannot be removed but can be mitigated: it contains non-free
- non-loadable code, but it has no access to the computer's RAM.
- It has access to the on-switch of the wifi, bluetooth, modem and some
- other power management features. The issue is that it has access to the
- keyboard, however if the software security howto <b>(not yet written)</b> is followed correctly,
- it won't be able to leak data to a local attacker. It has no network
- access but it may still be able to leak data remotely, but that
- requires someone to be nearby to recover the data with the help of an
- SDR and some directional antennas<a href="#ref3">[3]</a>.
- </p>
- <p>
- <a href="http://www.coreboot.org/Intel_82573_Ethernet_controller">Intel 82573 Ethernet controller</a>
- on the X60 seems safe, according to Denis.
- </p>
-
- <h2>
- Risk level
- </h2>
- <ul>
- <li>Modem (3g/wwan): highest</li>
- <li>Intel wifi: Near highest</li>
- <li>Atheros PCI wifi: unknown, but lower than intel wifi.</li>
- <li>Microphone: only problematic if the computer gets compromised.</li>
- <li>Speakers: only problematic if the computer gets compromised.</li>
- <li>EC: can be mitigated if following the guide on software security.</li>
- </ul>
-
- <h1>
- Further reading material (software security)
- </h1>
- <ul>
- <li><a href="encrypted_trisquel.html">Installing Trisquel GNU/Linux with full disk encryption (including /boot)</a></li>
- <li><a href="encrypted_parabola.html">Installing Parabola GNU/Linux with full disk encryption (including /boot)</a></li>
- <li><a href="dock.html">Notes about DMA access and the docking station</a></li>
- </ul>
-
- <h1>
- References
- </h1>
- <h2 id="ref1">[1] physical access</h2>
- <p>
- Explain that black hats, TAO, and so on might use a 0day to get in,
- and explain that in this case it mitigates what the attacker can do.
- Also the TAO do some evaluation before launching an attack: they take
- the probability of beeing caught into account, along with the kind of
- target. A 0day costs a lot of money, I heard that it was from 100000$
- to 400000$, some other websites had prices 10 times lower but that
- but it was probably a typo. So if people increase their security it
- makes it more risky and more costly to attack people.
- </p>
- <h2 id="ref2">[2] microphone</h2>
- <p>
- It's possible to turn headphones into a microphone, you could try
- yourself, however they don't record loud at all. Also intel cards have
- the capability to change a connector's function, for instance the
- microphone jack can now become a headphone plug, that's called
- retasking. There is some support for it in GNU/Linux but it's not very
- well known.
- </p>
- <h2 id="ref3">[3] Video (CCC)</h2>
- <p>
- 30c3-5356-en-Firmware_Fat_Camp_webm.webm from the 30th CCC. While
- their demo is experimental(their hardware also got damaged during the
- transport), the spies probably already have that since a long time.
- <a href="http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm">http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm</a>
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/t60_unbrick.html b/docs/howtos/t60_unbrick.html
deleted file mode 100644
index 69648e1..0000000
--- a/docs/howtos/t60_unbrick.html
+++ /dev/null
@@ -1,319 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Unbricking the ThinkPad T60</title>
-</head>
-
-<body>
-
- <header>
- <h1>Unbricking the ThinkPad T60</h1>
- <aside>This guide will show you how to recover from a bad flash that prevents your ThinkPad T60 from booting.</aside>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <h2>Table of Contents</h2>
- <ul>
- <li><a href="#hardware_requirements">Hardware Requirements</a></li>
- <li><a href="#software_requirements">Software Requirements</a></li>
- <li>
- Types of brick:
- <ul>
- <li><a href="#bucts_brick">Brick type 1: bucts not reset</a></li>
- <li><a href="#recovery">Brick type 2: bad rom (or user error), machine won't boot</a></li>
- </ul>
- </li>
- </ul>
-
- <h1 id="hardware_requirements">Hardware requirements</h1>
- <ul>
- <li>a 2nd computer (maybe another T60. any computer will do)</li>
- <li>external flashrom-compatible programmer (I'm using the "bus pirate")
- <li>SOIC-8 IC clip (I'm using the Pomona 5250)</li>
- <li>Cable (programmer<>clip) - mine came with the bus pirate.</li>
- <li>USB mini a to b cable (for buspirate<>computer connection).</li>
- <li>rubbing a***hol (misspelling intentional. halal internet) and thermal compound for changing CPU heatsink (procedure involves removing heatsink)</li>
- </ul>
-
- <h1 id="software_requirements">Software requirements</h1>
- <ul>
- <li>GNU/Linux (on the 2nd computer)</li>
- <li>flashrom software (on the 2nd computer): <a href="http://flashrom.org/" target="_blank">http://flashrom.org/</a>
- </ul>
-
- <h1 id="bucts_brick">Brick type 1: bucts not reset.</h1>
- <p>
- You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and
- the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.<br/><br/>
-
- In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:<br/>
- <img src="t60_dev/0006.JPG" alt="" /><br/><br/>
-
- *Those dd commands should be applied to all newly compiled T60 ROM's (the ROM's in libreboot binary archives already have this applied!):<br/>
- dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k<br/>
- dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump<br/>
- dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc<br/>
- (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running,
- using those instructions: <a href="http://www.coreboot.org/Board:lenovo/x60/Installation" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation</a>.
- (it says x60, but instructions for t60 are identical)
- </p>
-
- <h1 id="recovery">bad rom (or user error), machine won't boot</h1>
-
- <p>
- In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from
- booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all.
- </p>
- <p>
- "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides).
- </p>
-
- <p>
- Remove those screws and remove the HDD:<br/>
- <img src="t60_dev/0001.JPG" alt="" /> <img src="t60_dev/0002.JPG" alt="" />
- </p>
-
- <p>
- Lift off the palm rest:<br/>
- <img src="t60_dev/0003.JPG" alt="" />
- </p>
-
- <p>
- Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:<br/>
- <img src="t60_dev/0004.JPG" alt="" /> <img src="t60_dev/0005.JPG" alt="" /> <img src="t60_dev/0006.JPG" alt="" />
- </p>
-
- <p>
- Gently wedge both sides loose:<br/>
- <img src="t60_dev/0007.JPG" alt="" /> <img src="t60_dev/0008.JPG" alt="" />
- </p>
-
- <p>
- Remove that cable from the position:<br/>
- <img src="t60_dev/0009.JPG" alt="" /> <img src="t60_dev/0010.JPG" alt="" />
- </p>
-
- <p>
- Now remove that bezel. Remove wifi, nvram battery and speaker connector (also remove 56k modem, on the left of wifi):<br/>
- <img src="t60_dev/0011.JPG" alt="" />
- </p>
-
- <p>
- Remove those screws:<br/>
- <img src="t60_dev/0012.JPG" alt="" />
- </p>
-
- <p>
- Disconnect the power jack:<br/>
- <img src="t60_dev/0013.JPG" alt="" />
- </p>
-
- <p>
- Remove nvram battery:<br/>
- <img src="t60_dev/0014.JPG" alt="" />
- </p>
-
- <p>
- Disconnect cable (for 56k modem) and disconnect the other cable:<br/>
- <img src="t60_dev/0015.JPG" alt="" /> <img src="t60_dev/0016.JPG" alt="" />
- </p>
-
- <p>
- Disconnect speaker cable:<br/>
- <img src="t60_dev/0017.JPG" alt="" />
- </p>
-
- <p>
- Disconnect the other end of the 56k modem cable:<br/>
- <img src="t60_dev/0018.JPG" alt="" />
- </p>
-
- <p>
- Make sure you removed it:<br/>
- <img src="t60_dev/0019.JPG" alt="" />
- </p>
-
- <p>
- Unscrew those:<br/>
- <img src="t60_dev/0020.JPG" alt="" />
- </p>
-
- <p>
- Make sure you removed those:<br/>
- <img src="t60_dev/0021.JPG" alt="" />
- </p>
-
- <p>
- Disconnect LCD cable from board:<br/>
- <img src="t60_dev/0022.JPG" alt="" />
- </p>
-
- <p>
- Remove those screws then remove the LCD assembly:<br/>
- <img src="t60_dev/0023.JPG" alt="" /> <img src="t60_dev/0024.JPG" alt="" /> <img src="t60_dev/0025.JPG" alt="" />
- </p>
-
- <p>
- Once again, make sure you removed those:<br/>
- <img src="t60_dev/0026.JPG" alt="" />
- </p>
-
- <p>
- Remove the shielding containing the motherboard, then flip it over. Remove these screws, placing them on a steady
- surface in the same layout as they were in before you removed them. Also, you should mark each screw hole after removing the
- screw (a permanent marker pen will do), this is so that you have a point of reference when re-assembling the machine:<br/>
- <img src="t60_dev/0027.JPG" alt="" /> <img src="t60_dev/0028.JPG" alt="" /> <img src="t60_dev/0029.JPG" alt="" />
- <img src="t60_dev/0031.JPG" alt="" /> <img src="t60_dev/0032.JPG" alt="" /> <img src="t60_dev/0033.JPG" alt="" />
- </p>
-
- <p>
- At this point, you should wire up your programmer according to it's documentation. For me, this was (see: "SparkFun cable pin reference"):<br/>
- <a href="http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts" target="_blank">http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts</a>.<br/>
- Correlating with the following information, I was able to wire up my pirate correctly:<br/>
- <a href="http://flashrom.org/Bus_Pirate#Connections" target="_blank">http://flashrom.org/Bus_Pirate#Connections</a><br/>
- And by following that advice:<br/>
- <a href="http://www.coreboot.org/Board:lenovo/x60/Installation#Howto" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation#Howto</a>.<br/>
- (it says X60 but instructions are virtually the same for the T60, with except to physical differences in how to disassemble the machine)<br/>
- Note: that last page says to wire up only those 5 pins (see below) like that: 1, 2, 4, 5, 6.<br/>
- Note: and then, for power it says (on that coreboot.org page) to connect the power jack to the board and connect the
- AC adapter (without powering on the board).<br/>
- Note: I ignored that advice, and wired up all 8 pins. And it worked.<br/>
-
- Here is the pinout (correlate it with your programmer's documentation):<br/>
- <img src="t60_dev/0030.JPG" alt="" />
- </p>
-
- <p>
- Connecting the pomona:<br/>
- <img src="t60_dev/0034.JPG" alt="" />
- </p>
-
- <p>
- Connect programmer to 2nd computer:<br/>
- <img src="t60_dev/0035.JPG" alt="" />
- </p>
-
- <p>
- Programmer has power:<br/>
- <img src="t60_dev/0036.JPG" alt="" />
- </p>
-
- <p>
- Now flash the bricked machine using the 2nd computer. in my case I did:<br/>
- <b>flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -w bin/t60/libreboot_usqwerty.rom</b><br/>
- Note: there are also other ROM images for T60<br/>
- Note: this is using buspirate as the programmer, so it is flashing the T60, not the 2nd computer!<br/>
- Here's my terminal window on the 2nd computer (also the programmer is active):<br/>
- <img src="t60_dev/0037.JPG" alt="" /> <img src="t60_dev/0038.JPG" alt="" /><br/>
- So, you should see the following:<br/>
- --
- <pre>
- flashrom v0.9.5.2-r1517 on Linux 3.2.0-61-generic (i686), built with libpci 3.1.8, GCC 4.6.3, little endian
- flashrom is free software, get the source code at http://www.flashrom.org
-
- Calibrating delay loop... delay loop is unreliable, trying to continue OK.
- Found Macronix flash chip "MX25L1605" (2048 kB, SPI) on buspirate_spi.
- Reading old flash chip contents... done.
- Erasing and writing flash chip... Erase/write done.
- Verifying flash... VERIFIED.
- </pre>
- --<br/>
- At the end it says "VERIFIED", which means that the procedure worked. If you see this, it means
- that you can put your T60 back together. So let's do that now.
- </p>
-
- <p>
- Put those screws back:<br/>
- <img src="t60_dev/0047.JPG" alt="" />
- </p>
-
- <p>
- Put it back into lower chassis:<br/>
- <img src="t60_dev/0048.JPG" alt="" />
- </p>
-
- <p>
- Attach LCD and insert screws (also, attach the lcd cable to the board):<br/>
- <img src="t60_dev/0049.JPG" alt="" />
- </p>
-
- <p>
- Insert those screws:<br/>
- <img src="t60_dev/0050.JPG" alt="" />
- </p>
-
- <p>
- On the CPU (and there is another chip south-east to it, sorry forgot to take pic)
- clean off the old thermal paste (rubbing a1ocheal (misspelling intentional. halal internet)) and apply new (Artic Silver 5 is good, others are good too)
- you should also clean the heatsink the same way<br/>
- <img src="t60_dev/0051.JPG" alt="" />
- </p>
-
- <p>
- Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):<br/>
- <img src="t60_dev/0052.JPG" alt="" />
- </p>
-
- <p>
- Reinstall that upper bezel:<br/>
- <img src="t60_dev/0053.JPG" alt="" />
- </p>
-
- <p>
- Do that:<br/>
- <img src="t60_dev/0054.JPG" alt="" /> <img src="t60_dev/0055.JPG" alt="" />
- </p>
-
- <p>
- Re-attach modem, wifi, (wwan?), and all necessary cables. Sorry, forgot to take pics. Look at previous removal steps to see where they go back to.
- </p>
-
- <p>
- Attach keyboard and install nvram battery:<br/>
- <img src="t60_dev/0056.JPG" alt="" /> <img src="t60_dev/0057.JPG" alt="" />
- </p>
-
- <p>
- Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:<br/>
- <img src="t60_dev/0058.JPG" alt="" />
- </p>
-
- <p>
- It lives!<br/>
- <img src="t60_dev/0071.JPG" alt="" /> <img src="t60_dev/0072.JPG" alt="" /> <img src="t60_dev/0073.JPG" alt="" />
- </p>
-
- <p>
- Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:<br/>
- <img src="t60_dev/0074.JPG" alt="" />
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/x60_heatsink.html b/docs/howtos/x60_heatsink.html
deleted file mode 100644
index 22b55e1..0000000
--- a/docs/howtos/x60_heatsink.html
+++ /dev/null
@@ -1,149 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Switch heatsink on ThinkPad X60</title>
-</head>
-
-<body>
-
- <header>
- <h1>Changing the fan/heatsink on the ThinkPad X60</h1>
- <aside>This guide will teach you how to replace the fan and heatsink on your ThinkPad X60.</aside>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <h2>Table of Contents</h2>
- <ul>
- <li><a href="#hardware_requirements">Hardware Requirements</a></li>
- <li><a href="#software_requirements">Software Requirements</a></li>
- <li><a href="#procedure">The procedure</a></li>
- </ul>
-
- <h1 id="hardware_requirements">Hardware requirements</h1>
- <ul>
- <li>i<b></b>sopr<b></b>opyl <i>alc<b></b>h<i></i>olal</i> (sometimes called rubbing <i>alc<b></b>hole</i>) (cleaning material. DoNotIngest) (typo is intentional, due to fii1illt<a></a>erii1iiing für wörten von Großbritannien und oder nationale iintturnett)</li>
- <li>your new fan and/or heatsink</li>
- <li>CPU thermal compound (some say Arctic Silver 5 or IC Diamond 7 are good, others are also 'ok')</li>
- <li>Something to spread the paste with</li>
- </ul>
-
- <h1 id="software_requirements">Software requirements (for CPU stress testing)</h1>
- <ul>
- <li>xsensors utility</li>
- <li>stress utility</li>
- </ul>
-
- <h1 id="procedure">Disassembly</h1>
- <p>
- Remove those screws:<br/>
- <img src="x60_heatsink/0000.jpg" alt="" />
- </p>
- <p>
- Push the keyboard forward (carefully):<br/>
- <img src="x60_heatsink/0001.jpg" alt="" />
- </p>
- <p>
- Lift the keyboard up and disconnect it from the board:<br/>
- <img src="x60_heatsink/0002.jpg" alt="" />
- </p>
- <p>
- Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:<br/>
- <img src="x60_heatsink/0003.jpg" alt="" />
- </p>
- <p>
- You should now have this:<br/>
- <img src="x60_heatsink/0004.jpg" alt="" />
- </p>
- <p>
- Disconnect the wifi antenna cables, the modem cable and the speaker:<br/>
- <img src="x60_heatsink/0005.jpg" alt="" />
- </p>
- <p>
- Unroute the cables along their path, carefully lifting the tape that holds them in place. Then, disconnect the modem
- cable (other end) and power connection and unroute all the cables so that they dangle by the monitor hinge on the right-hand
- side:<br/>
- <img src="x60_heatsink/0006.jpg" alt="" />
- </p>
- <p>
- Disconnect the monitor from the motherboard, and unroute the grey antenna cable, carefully lifting the tape
- that holds it into place:<br/>
- <img src="x60_heatsink/0008.jpg" alt="" />
- </p>
- <p>
- Carefully lift the remaining tape and unroute the left antenna cable so that it is loose:<br/>
- <img src="x60_heatsink/0009.jpg" alt="" />
- </p>
- <p>
- Remove those screws:<br/>
- <img src="x60_heatsink/0011.jpg" alt="" />
- </p>
- <p>
- Remove those screws:<br/>
- <img src="x60_heatsink/0012.jpg" alt="" />
- </p>
- <p>
- Carefully remove the plate, like so:<br/>
- <img src="x60_heatsink/0013.jpg" alt="" />
- </p>
- <p>
- Remove the SATA connector:<br/>
- <img src="x60_heatsink/0014.jpg" alt="" />
- </p>
- <p>
- Now remove the motherboard (gently) and cast the lcd/chassis aside:<br/>
- <img src="x60_heatsink/0015.jpg" alt="" />
- </p>
- <p>
- Look at that black tape above the heatsink, remove it:<br/>
- <img src="x60_heatsink/0016.jpg" alt="" />
- </p>
- <p>
- Now you have removed it:<br/>
- <img src="x60_heatsink/0017.jpg" alt="" />
- </p>
-
- <p>
- Disconnect the fan and remove all the screws, heatsink will easily come off:<br/>
- <img src="x60_heatsink/0018.jpg" alt="" />
- </p>
-
- <p>
- Remove the old paste with a cloth (from the CPU and heatsink) and then clean both of them with the <i>alc<a></a>h<b></b>oleel</i> (to remove remaining residue. typo is intentional).
- Apply a pea-sized amount of paste to the both chipsets that the heatsink covered and spread it evenly (uniformally).
- Finally reinstall the heatsink, reversing previous steps.
- </p>
-
- <p>
- <b>stress -c 2</b> command can be used to push the CPU to 100%, and <b>xsensors</b> (or <b>watch sensors</b> command) can be used to monitor heat.
- Below 90C is ok.
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/x60_heatsink/0000.jpg b/docs/howtos/x60_heatsink/0000.jpg
deleted file mode 100644
index ce0ec3b..0000000
--- a/docs/howtos/x60_heatsink/0000.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0001.jpg b/docs/howtos/x60_heatsink/0001.jpg
deleted file mode 100644
index 2bbc0ca..0000000
--- a/docs/howtos/x60_heatsink/0001.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0002.jpg b/docs/howtos/x60_heatsink/0002.jpg
deleted file mode 100644
index b55db3b..0000000
--- a/docs/howtos/x60_heatsink/0002.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0003.jpg b/docs/howtos/x60_heatsink/0003.jpg
deleted file mode 100644
index c5799ae..0000000
--- a/docs/howtos/x60_heatsink/0003.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0004.jpg b/docs/howtos/x60_heatsink/0004.jpg
deleted file mode 100644
index cd47840..0000000
--- a/docs/howtos/x60_heatsink/0004.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0005.jpg b/docs/howtos/x60_heatsink/0005.jpg
deleted file mode 100644
index 418c9d2..0000000
--- a/docs/howtos/x60_heatsink/0005.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0006.jpg b/docs/howtos/x60_heatsink/0006.jpg
deleted file mode 100644
index 6d36d93..0000000
--- a/docs/howtos/x60_heatsink/0006.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0007.jpg b/docs/howtos/x60_heatsink/0007.jpg
deleted file mode 100644
index 971ccdf..0000000
--- a/docs/howtos/x60_heatsink/0007.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0008.jpg b/docs/howtos/x60_heatsink/0008.jpg
deleted file mode 100644
index 24e6526..0000000
--- a/docs/howtos/x60_heatsink/0008.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0009.jpg b/docs/howtos/x60_heatsink/0009.jpg
deleted file mode 100644
index d318395..0000000
--- a/docs/howtos/x60_heatsink/0009.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0010.jpg b/docs/howtos/x60_heatsink/0010.jpg
deleted file mode 100644
index 5e6fdc7..0000000
--- a/docs/howtos/x60_heatsink/0010.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0011.jpg b/docs/howtos/x60_heatsink/0011.jpg
deleted file mode 100644
index 101cf6a..0000000
--- a/docs/howtos/x60_heatsink/0011.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0012.jpg b/docs/howtos/x60_heatsink/0012.jpg
deleted file mode 100644
index dbb6669..0000000
--- a/docs/howtos/x60_heatsink/0012.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0013.jpg b/docs/howtos/x60_heatsink/0013.jpg
deleted file mode 100644
index 2d2b9dd..0000000
--- a/docs/howtos/x60_heatsink/0013.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0014.jpg b/docs/howtos/x60_heatsink/0014.jpg
deleted file mode 100644
index 733f997..0000000
--- a/docs/howtos/x60_heatsink/0014.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0015.jpg b/docs/howtos/x60_heatsink/0015.jpg
deleted file mode 100644
index 1e81166..0000000
--- a/docs/howtos/x60_heatsink/0015.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0016.jpg b/docs/howtos/x60_heatsink/0016.jpg
deleted file mode 100644
index ea418a5..0000000
--- a/docs/howtos/x60_heatsink/0016.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0017.jpg b/docs/howtos/x60_heatsink/0017.jpg
deleted file mode 100644
index 8a67482..0000000
--- a/docs/howtos/x60_heatsink/0017.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_heatsink/0018.jpg b/docs/howtos/x60_heatsink/0018.jpg
deleted file mode 100644
index 98c43ac..0000000
--- a/docs/howtos/x60_heatsink/0018.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_lcd_change.html b/docs/howtos/x60_lcd_change.html
deleted file mode 100644
index 3ddeaac..0000000
--- a/docs/howtos/x60_lcd_change.html
+++ /dev/null
@@ -1,54 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Unbricking the ThinkPad T60</title>
-</head>
-
-<body>
-
- <header>
- <h1>Changing the LCD panel on X60</h1>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <p>This tutorial is incomplete, and only pictures for now.</p>
-
- <p>
- <img src="x60_lcd_change/0001.JPG" alt="" />
- <img src="x60_lcd_change/0002.JPG" alt="" />
- <img src="x60_lcd_change/0003.JPG" alt="" />
- <img src="x60_lcd_change/0004.JPG" alt="" />
- <img src="x60_lcd_change/0005.JPG" alt="" />
- <img src="x60_lcd_change/0006.JPG" alt="" />
- <img src="x60_lcd_change/0007.JPG" alt="" />
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/x60_lcd_change/0001.JPG b/docs/howtos/x60_lcd_change/0001.JPG
deleted file mode 100755
index fd066eb..0000000
--- a/docs/howtos/x60_lcd_change/0001.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_lcd_change/0002.JPG b/docs/howtos/x60_lcd_change/0002.JPG
deleted file mode 100755
index 96949f1..0000000
--- a/docs/howtos/x60_lcd_change/0002.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_lcd_change/0003.JPG b/docs/howtos/x60_lcd_change/0003.JPG
deleted file mode 100755
index 90216aa..0000000
--- a/docs/howtos/x60_lcd_change/0003.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_lcd_change/0004.JPG b/docs/howtos/x60_lcd_change/0004.JPG
deleted file mode 100755
index 3b704a4..0000000
--- a/docs/howtos/x60_lcd_change/0004.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_lcd_change/0005.JPG b/docs/howtos/x60_lcd_change/0005.JPG
deleted file mode 100755
index 823bab9..0000000
--- a/docs/howtos/x60_lcd_change/0005.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_lcd_change/0006.JPG b/docs/howtos/x60_lcd_change/0006.JPG
deleted file mode 100755
index 040f2ca..0000000
--- a/docs/howtos/x60_lcd_change/0006.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_lcd_change/0007.JPG b/docs/howtos/x60_lcd_change/0007.JPG
deleted file mode 100755
index 42c2607..0000000
--- a/docs/howtos/x60_lcd_change/0007.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security.html b/docs/howtos/x60_security.html
deleted file mode 100644
index e24ae12..0000000
--- a/docs/howtos/x60_security.html
+++ /dev/null
@@ -1,306 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Security on the ThinkPad X60</title>
-</head>
-
-<body>
-
- <header>
- <h1>Security on the ThinkPad X60</h1>
- <aside>Hardware modifications to enhance security on the ThinkPad X60. This tutorial is <b>incomplete</b> at the time of writing.</aside>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <h2>Table of Contents</h2>
- <ul>
- <li><a href="#hardware_requirements">Hardware Requirements</a></li>
- <li><a href="#software_requirements">Software Requirements</a></li>
- <li><a href="#procedure">The procedure</a></li>
- </ul>
-
- <h1 id="hardware_requirements">Hardware requirements</h1>
- <ul>
- <li>An X60</li>
- <li>screwdriver</li>
- <li>(in a later version of this tutorial: soldering iron and scalpel)</li>
- </ul>
-
- <h1 id="software_requirements">Software requirements</h1>
- <ul>
- <li>none (at least in the scope of the article as-is)</li>
- <li>You probably want to encrypt your GNU/Linux install using LUKS</li>
- </ul>
-
- <h1>
- Rationale
- </h1>
- <p>
- Most people think of security on the software side: the hardware is important aswell.
- Hardware security is useful in particular to journalists (or activists in a given movement) who need absolute privacy in their work.
- It is also generally useful to all those that believe security and privacy are inalienable rights.
- Security starts with the hardware; crypto and network security come later.
- </p>
- <p>
- Paradoxically, going this far to increase your security also makes you a bigger target.
- At the same time, it protects you in the case that someone does attack your machine.
- This paradox only exists while few people take adequate steps to protect yourself: it is your <b>duty</b>
- to protect yourself, not only for your benefit but to make strong security <i>normal</i> so
- that those who do need protection (and claim it) are a smaller target against the masses.
- </p>
- <p>
- Even if there are levels of security beyond your ability (technically, financially and so on)
- doing at least <i>something</i> (what you are able to do) is extremely important.
- If you use the internet and your computer without protection, attacking you is cheap (some say it is
- only a few US cents). If everyone (majority of people) use strong security by default,
- it makes attacks more costly and time consuming; in effect, making them disappear.
- </p>
- <p>
- This tutorial deals with reducing the number of devices that have direct memory access that
- could communicate with inputs/outputs that could be used to remotely
- command the machine (or leak data).
- </p>
-
- <h1 id="procedure">Disassembly</h1>
-
- <p>
- Firstly remove the bluetooth (if your X60 has this):<br/>
- The marked screws are underneath those stickers (marked in those 3 locations at the bottom of the LCD assembly):<br/>
- <img src="x60_security/0000_bluetooth0.jpg" alt="" /><br/>
- Now gently pry off the bottom part of the front bezel, and the bluetooth module is on the left (easily removable):<br/>
- <img src="x60_security/0000_bluetooth.jpg" alt="" /><br/>
- </p>
-
- <p>
- If your model was WWAN, remove the simcard (check anyway):<br/>
- Uncover those 2 screws at the bottom:<br/>
- <img src="x60_security/0000_simcard0.jpg" alt="" /><br/>
- SIM card (not present in the picture) is in the marked location:<br/>
- <img src="x60_security/0000_simcard1.jpg" alt="" /><br/>
- Replacement: USB dongle.
- </p>
-
- <p>
- Now get into the motherboard.
- </p>
-
- <p>
- Remove those screws:<br/>
- <img src="x60_security/0000.jpg" alt="" />
- </p>
- <p>
- Push the keyboard forward (carefully):<br/>
- <img src="x60_security/0001.jpg" alt="" />
- </p>
- <p>
- Lift the keyboard up and disconnect it from the board:<br/>
- <img src="x60_security/0002.jpg" alt="" />
- </p>
- <p>
- Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:<br/>
- <img src="x60_security/0003.jpg" alt="" />
- </p>
- <p>
- You should now have this:<br/>
- <img src="x60_security/0004.jpg" alt="" />
- </p>
-
- <p>
- The following is a summary of what you will remove (already done to this machine):<br/>
- <img src="x60_security/0001_overview.jpg" alt="" /><br/>
- Note: the blue lines represent antenna cables and modem cables. You don't need to remove these, but you can if you want
- (to make it tidier after removing other parts). I removed the antenna wires, the modem jack, the modem cable and
- also (on another model) a device inside the part where the wwan antenna goes (wasn't sure what it was, but I knew it wasn't needed). <b>This is optional</b>
- </p>
-
- <p>
- Remove the microphone (can desolder it, but you can also easily pull it off with you hands). Already removed here:<br/>
- <img src="x60_security/0001_microphone.jpg" alt="" /><br/>
- <b>Rationale:</b><br/>
- Another reason to remove the microphone: If your computer gets<a href="#ref1">[1]</a> compromised, it can
- record what you say, and use it to receive data from nearby devices if
- they're compromised too. Also, we do not know what the built-in microcode (in the CPU) is doing; it could theoretically
- be programmed to accept remote commands from some speaker somewhere (remote security hole). <b>In other words,
- the machine could already be compromised from the factory.</b>
- </p>
-
- <p>
- Remove the modem:<br/>
- <img src="x60_security/0001_modem.jpg" alt="" /><br/>
- (useless, obsolete device)
- </p>
-
- <p>
- Remove the speaker:<br/>
- <img src="x60_security/0001_speaker.jpg" alt="" /><br/>
- Reason: combined with the microphone issue, this could be used to leak data.<br/>
- If your computer gets<a href="#ref1">[1]</a> compromised, it can be used to
- transmit data to nearby compromised devices. It's unknown if it can be
- turned into a microphone<a href="#ref2">[2]</a>.<br/>
- Replacement: headphones/speakers (line-out) or external DAC (USB).
- </p>
-
- <p>
- Remove the wlan (also remove wwan if you have it):<br/>
- <img src="x60_security/0001_wlan_wwan.jpg" alt="" /><br/>
- Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.<br/>
- <b>Wifi:</b> The ath5k/ath9k cards might not have firmware at all. They might safe but could have
- access to the computer's RAM trough DMA. If people have an intel
- card(most X60's come with Intel wifi by default, until you change it),then that card runs
- a non-free firwamre and has access to the computer's RAM trough DMA! So
- it's risk-level is very high.<br/>
- <b>Wwan (3d modem):</b> They run proprietary software and have access to the
- computer's RAM! So it's like AMT but over the GSM network which is
- probably even worse.<br/>
- Replacement: external USB wifi dongle. (or USB wwan/3g dongle; note, this has all the same privacy issues as mobile phones. wwan not recommended).
- </p>
-
- <h2>
- Not covered yet:
- </h2>
- <ul>
- <li>Disable cardbus (has fast/direct memory access)</li>
- <li>Disable firewire (has fast/direct memory access)</li>
- <li>Disable flashing the ethernet firmware</li>
- <li>Disable SPI flash writes (can be re-enabled by unsoldering two parts)</li>
- <li>Disable use of xrandr/edid on external monitor (cut 2 pins on VGA)</li>
- <li>Disable docking station (might be possible to do it in software, in coreboot upstream as a Kconfig option)</li>
- </ul>
- <p>
- Go to <a href="http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html">http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html</a>
- or directly to the video: <a href="http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm">http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm</a>.
- </p>
- <p>
- A lot of this tutorial is based on that video. Look towards the second half of the video to see how to do the above.
- </p>
-
- <h2>
- Also not covered yet:
- </h2>
- <ul>
- <li>
- Intrusion detection: randomized seal on screws<br/>
- Just put nail polish with lot of glider on the important screws, take
- some good pictures. Keep the pictueres and make sure of their integrity.
- Compare the nail polish with the pictures before powering on the laptop.
- </li>
- <li>
- Tips about preventing/mitigating risk of cold boot attack.
- <ul>
- <li>soldered RAM?</li>
- <li>seal RAM door shut (possibly modified lower chassis) so that system has to be disassembled (which has to go through the nail polish)</li>
- <li>wipe all RAM at boot/power-off/power-on? (patch in coreboot upstream?)</li>
- <li>ask gnutoo about fallback patches (counts number of boots)</li>
- </ul>
- </li>
- <li>
- General tips/advice and web links showing how to detect physical intrusions.
- </li>
- <li>
- For example: <a href="http://cs.tau.ac.il/~tromer/acoustic/">http://cs.tau.ac.il/~tromer/acoustic/</a>
- </li>
- <li>
- https://gitorious.org/gnutoo-for-coreboot/grub-assemble/source/a61f636797777a742f65f4c9c58032aa6a9b23c3:
- </li>
- </ul>
-
- <h1>
- Extra notes
- </h1>
- <p>
- EC: Cannot be removed but can be mitigated: it contains non-free
- non-loadable code, but it has no access to the computer's RAM.
- It has access to the on-switch of the wifi, bluetooth, modem and some
- other power management features. The issue is that it has access to the
- keyboard, however if the software security howto <b>(not yet written)</b> is followed correctly,
- it won't be able to leak data to a local attacker. It has no network
- access but it may still be able to leak data remotely, but that
- requires someone to be nearby to recover the data with the help of an
- SDR and some directional antennas<a href="#ref3">[3]</a>.
- </p>
- <p>
- <a href="http://www.coreboot.org/Intel_82573_Ethernet_controller">Intel 82573 Ethernet controller</a>
- on the X60 seems safe, according to Denis.
- </p>
-
- <h2>
- Risk level
- </h2>
- <ul>
- <li>Modem (3g/wwan): highest</li>
- <li>Intel wifi: Near highest</li>
- <li>Atheros PCI wifi: unknown, but lower than intel wifi.</li>
- <li>Microphone: only problematic if the computer gets compromised.</li>
- <li>Speakers: only problematic if the computer gets compromised.</li>
- <li>EC: can be mitigated if following the guide on software security.</li>
- </ul>
-
- <h1>
- Further reading material (software security)
- </h1>
- <ul>
- <li><a href="encrypted_trisquel.html">Installing Trisquel GNU/Linux with full disk encryption (including /boot)</a></li>
- <li><a href="encrypted_parabola.html">Installing Parabola GNU/Linux with full disk encryption (including /boot)</a></li>
- <li><a href="dock.html">Notes about DMA access and the docking station</a></li>
- </ul>
-
- <h1>
- References
- </h1>
- <h2 id="ref1">[1] physical access</h2>
- <p>
- Explain that black hats, TAO, and so on might use a 0day to get in,
- and explain that in this case it mitigates what the attacker can do.
- Also the TAO do some evaluation before launching an attack: they take
- the probability of beeing caught into account, along with the kind of
- target. A 0day costs a lot of money, I heard that it was from 100000$
- to 400000$, some other websites had prices 10 times lower but that
- but it was probably a typo. So if people increase their security it
- makes it more risky and more costly to attack people.
- </p>
- <h2 id="ref2">[2] microphone</h2>
- <p>
- It's possible to turn headphones into a microphone, you could try
- yourself, however they don't record loud at all. Also intel cards have
- the capability to change a connector's function, for instance the
- microphone jack can now become a headphone plug, that's called
- retasking. There is some support for it in GNU/Linux but it's not very
- well known.
- </p>
- <h2 id="ref3">[3] Video (CCC)</h2>
- <p>
- 30c3-5356-en-Firmware_Fat_Camp_webm.webm from the 30th CCC. While
- their demo is experimental(their hardware also got damaged during the
- transport), the spies probably already have that since a long time.
- <a href="http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm">http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm</a>
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/x60_security/0000.jpg b/docs/howtos/x60_security/0000.jpg
deleted file mode 100644
index ce0ec3b..0000000
--- a/docs/howtos/x60_security/0000.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0000_bluetooth.jpg b/docs/howtos/x60_security/0000_bluetooth.jpg
deleted file mode 100644
index 94a255f..0000000
--- a/docs/howtos/x60_security/0000_bluetooth.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0000_bluetooth0.jpg b/docs/howtos/x60_security/0000_bluetooth0.jpg
deleted file mode 100644
index a750b0c..0000000
--- a/docs/howtos/x60_security/0000_bluetooth0.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0000_simcard0.jpg b/docs/howtos/x60_security/0000_simcard0.jpg
deleted file mode 100644
index 40837ea..0000000
--- a/docs/howtos/x60_security/0000_simcard0.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0000_simcard1.jpg b/docs/howtos/x60_security/0000_simcard1.jpg
deleted file mode 100644
index c0a5b35..0000000
--- a/docs/howtos/x60_security/0000_simcard1.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0001.jpg b/docs/howtos/x60_security/0001.jpg
deleted file mode 100644
index 2bbc0ca..0000000
--- a/docs/howtos/x60_security/0001.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0001_microphone.jpg b/docs/howtos/x60_security/0001_microphone.jpg
deleted file mode 100644
index c419060..0000000
--- a/docs/howtos/x60_security/0001_microphone.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0001_modem.jpg b/docs/howtos/x60_security/0001_modem.jpg
deleted file mode 100644
index 6a7a6a0..0000000
--- a/docs/howtos/x60_security/0001_modem.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0001_overview.jpg b/docs/howtos/x60_security/0001_overview.jpg
deleted file mode 100644
index 7268e49..0000000
--- a/docs/howtos/x60_security/0001_overview.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0001_speaker.jpg b/docs/howtos/x60_security/0001_speaker.jpg
deleted file mode 100644
index 28d3ed6..0000000
--- a/docs/howtos/x60_security/0001_speaker.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0001_wlan_wwan.jpg b/docs/howtos/x60_security/0001_wlan_wwan.jpg
deleted file mode 100644
index 0db858d..0000000
--- a/docs/howtos/x60_security/0001_wlan_wwan.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0002.jpg b/docs/howtos/x60_security/0002.jpg
deleted file mode 100644
index b55db3b..0000000
--- a/docs/howtos/x60_security/0002.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0003.jpg b/docs/howtos/x60_security/0003.jpg
deleted file mode 100644
index c5799ae..0000000
--- a/docs/howtos/x60_security/0003.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_security/0004.jpg b/docs/howtos/x60_security/0004.jpg
deleted file mode 100644
index cd47840..0000000
--- a/docs/howtos/x60_security/0004.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick.html b/docs/howtos/x60_unbrick.html
deleted file mode 100644
index 945712d..0000000
--- a/docs/howtos/x60_unbrick.html
+++ /dev/null
@@ -1,310 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Unbricking the ThinkPad X60</title>
-</head>
-
-<body>
-
- <header>
- <h1>Unbricking the ThinkPad X60</h1>
- <aside>This guide will show you how to recover from a bad flash that prevents your ThinkPad X60 from booting.</aside>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <h2>Table of Contents</h2>
- <ul>
- <li><a href="#hardware_requirements">Hardware Requirements</a></li>
- <li><a href="#software_requirements">Software Requirements</a></li>
- <li>
- Types of brick:
- <ul>
- <li><a href="#bucts_brick">Brick type 1: bucts not reset</a></li>
- <li><a href="#recovery">Brick type 2: bad rom (or user error), machine won't boot</a></li>
- </ul>
- </li>
- </ul>
-
- <h1 id="hardware_requirements">Hardware requirements</h1>
- <ul>
- <li>a 2nd computer (maybe another X60. any computer will do)</li>
- <li>external flashrom-compatible programmer (I'm using the "bus pirate")
- <li>SOIC-8 IC clip (I'm using the Pomona 5250)</li>
- <li>Cable (programmer<>clip) - mine came with the bus pirate.</li>
- <li>USB mini a to b cable (for buspirate<>computer connection).</li>
- </ul>
-
- <h1 id="software_requirements">Software requirements</h1>
- <ul>
- <li>GNU/Linux (on the 2nd computer)</li>
- <li>flashrom software (on the 2nd computer): <a href="http://flashrom.org/" target="_blank">http://flashrom.org/</a>
- </ul>
-
- <h1 id="bucts_brick">Brick type 1: bucts not reset.</h1>
- <p>
- You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and
- the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.<br/><br/>
-
- In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:<br/>
- <img src="x60_unbrick/0004.jpg" alt="" /><br/><br/>
-
- *Those dd commands should be applied to all newly compiled X60 ROM's (the ROM's in libreboot binary archives already have this applied!):<br/>
- dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k<br/>
- dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump<br/>
- dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc<br/>
- (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running,
- using those instructions: <a href="http://www.coreboot.org/Board:lenovo/x60/Installation" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation</a>.
- </p>
-
- <h1 id="recovery">bad rom (or user error), machine won't boot</h1>
- <p>
- In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from
- booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all.
- </p>
- <p>
- "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides).
- </p>
- <p>
- Remove those screws:<br/>
- <img src="x60_unbrick/0000.jpg" alt="" />
- </p>
- <p>
- Push the keyboard forward (carefully):<br/>
- <img src="x60_unbrick/0001.jpg" alt="" />
- </p>
- <p>
- Lift the keyboard up and disconnect it from the board:<br/>
- <img src="x60_unbrick/0002.jpg" alt="" />
- </p>
- <p>
- Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:<br/>
- <img src="x60_unbrick/0003.jpg" alt="" />
- </p>
- <p>
- You should now have this:<br/>
- <img src="x60_unbrick/0004.jpg" alt="" />
- </p>
- <p>
- Disconnect the wifi antenna cables, the modem cable and the speaker:<br/>
- <img src="x60_unbrick/0005.jpg" alt="" />
- </p>
- <p>
- Unroute the cables along their path, carefully lifting the tape that holds them in place. Then, disconnect the modem
- cable (other end) and power connection and unroute all the cables so that they dangle by the monitor hinge on the right-hand
- side:<br/>
- <img src="x60_unbrick/0006.jpg" alt="" />
- </p>
- <p>
- Disconnect the monitor from the motherboard, and unroute the grey antenna cable, carefully lifting the tape
- that holds it into place:<br/>
- <img src="x60_unbrick/0008.jpg" alt="" />
- </p>
- <p>
- Carefully lift the remaining tape and unroute the left antenna cable so that it is loose:<br/>
- <img src="x60_unbrick/0009.jpg" alt="" />
- </p>
- <p>
- Remove the screw that is highlighted (do NOT remove the other one; it holds part of the heatsink (other side) into place):<br/>
- <img src="x60_unbrick/0011.jpg" alt="" />
- </p>
- <p>
- Remove those screws:<br/>
- <img src="x60_unbrick/0012.jpg" alt="" />
- </p>
- <p>
- Carefully remove the plate, like so:<br/>
- <img src="x60_unbrick/0013.jpg" alt="" />
- </p>
- <p>
- Remove the SATA connector:<br/>
- <img src="x60_unbrick/0014.jpg" alt="" />
- </p>
- <p>
- Now remove the motherboard (gently) and cast the lcd/chassis aside:<br/>
- <img src="x60_unbrick/0015.jpg" alt="" />
- </p>
- <p>
- Lift back that tape and hold it with something. Highlighted is the SPI flash chip:<br/>
- <img src="x60_unbrick/0016.jpg" alt="" />
- </p>
- <p>
- At this point, you should wire up your programmer according to it's documentation. For me, this was (see: "SparkFun cable pin reference"):<br/>
- <a href="http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts" target="_blank">http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts</a>.<br/>
- Correlating with the following information, I was able to wire up my pirate correctly:<br/>
- <a href="http://flashrom.org/Bus_Pirate#Connections" target="_blank">http://flashrom.org/Bus_Pirate#Connections</a><br/>
- And by following that advice:<br/>
- <a href="http://www.coreboot.org/Board:lenovo/x60/Installation#Howto" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation#Howto</a>.<br/>
- Note: that last page says to wire up only those 5 pins (see below) like that: 1, 2, 4, 5, 6.<br/>
- Note: and then, for power it says (on that coreboot.org page) to connect the power jack to the board and connect the
- AC adapter (without powering on the board).<br/>
- Note: I ignored that advice, and wired up all 8 pins. And it worked.<br/>
-
- Here is the pinout (correlate it with your programmer's documentation):<br/>
- <img src="x60_unbrick/0017.jpg" alt="" />
- </p>
-
- <p>
- My programmer, usb cable and clip:<br/>
- <img src="x60_unbrick/0018.jpg" alt="" /><br/>
- My programmer (bus pirate):<br/>
- <img src="x60_unbrick/0019.jpg" alt="" /><br/>
- My clip (pomona 5250):<br/>
- <img src="x60_unbrick/0020.jpg" alt="" /><br/>
- My USB mini a to b cable:<br/>
- <img src="x60_unbrick/0021.jpg" alt="" /><br/>
- Connecting the pomona:<br/>
- <img src="x60_unbrick/0022.jpg" alt="" /><br/>
- Connecting the USB cable from programmer to 2nd(working/non-bricked) computer, my T60:<br/>
- <img src="x60_unbrick/0024.jpg" alt="" /><br/>
- Programmer is now active:<br/>
- <img src="x60_unbrick/0023.jpg" alt="" /><br/>
- Now I install flashrom on the T60 (running Trisquel GNU/Linux) and do this:<br/>
- <b>flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -w bin/x60/libreboot_usqwerty.rom</b><br/>
- Note: there are also other ROM images for X60<br/>
- Note: this is using buspirate as the programmer, so it is flashing the X60, not the T60!<br/>
- Here's my terminal window on the T60:<br/>
- <img src="x60_unbrick/0025.jpg" alt="" /><br/>
- So, you should see the following:<br/>
- --
- <pre>
- flashrom v0.9.5.2-r1517 on Linux 3.2.0-61-generic (i686), built with libpci 3.1.8, GCC 4.6.3, little endian
- flashrom is free software, get the source code at http://www.flashrom.org
-
- Calibrating delay loop... delay loop is unreliable, trying to continue OK.
- Found Macronix flash chip "MX25L1605" (2048 kB, SPI) on buspirate_spi.
- Reading old flash chip contents... done.
- Erasing and writing flash chip... Erase/write done.
- Verifying flash... VERIFIED.
- </pre>
- --<br/>
- At the end it says "VERIFIED", which means that the procedure worked. If you see this, it means
- that you can put your X60 back together. So let's do that now.
- </p>
- <p>
- Remove the programmer and put it away somewhere. Put back the tape and press firmly over it:<br/>
- <img src="x60_unbrick/0026.jpg" alt="" />
- </p>
- <p>
- Your empty chassis:<br/>
- <img src="x60_unbrick/0027.jpg" alt="" />
- </p>
- <p>
- Put the motherboard back in:<br/>
- <img src="x60_unbrick/0028.jpg" alt="" />
- </p>
- <p>
- Reconnect SATA:<br/>
- <img src="x60_unbrick/0029.jpg" alt="" />
- </p>
- <p>
- Put the plate back and re-insert those screws:<br/>
- <img src="x60_unbrick/0030.jpg" alt="" />
- </p>
- <p>
- Re-route that antenna cable around the fan and apply the tape:<br/>
- <img src="x60_unbrick/0031.jpg" alt="" />
- </p>
- <p>
- Route the cable here and then (not shown, due to error on my part) reconnect the monitor cable to the motherboard
- and re-insert the screws:<br/>
- <img src="x60_unbrick/0032.jpg" alt="" />
- </p>
- <p>
- Re-insert that screw:<br/>
- <img src="x60_unbrick/0033.jpg" alt="" />
- </p>
- <p>
- Route the black antenna cable like so:<br/>
- <img src="x60_unbrick/0034.jpg" alt="" />
- </p>
- <p>
- Tuck it in neatly like so:<br/>
- <img src="x60_unbrick/0035.jpg" alt="" />
- </p>
- <p>
- Route the modem cable like so:<br/>
- <img src="x60_unbrick/0036.jpg" alt="" />
- </p>
- <p>
- Connect modem cable to board and tuck it in neatly like so:<br/>
- <img src="x60_unbrick/0037.jpg" alt="" />
- </p>
- <p>
- Route the power connection and connect it to the board like so:<br/>
- <img src="x60_unbrick/0038.jpg" alt="" />
- </p>
- <p>
- Route the antenna and modem cables neatly like so:<br/>
- <img src="x60_unbrick/0039.jpg" alt="" />
- </p>
- <p>
- Connect the wifi antenna cables. At the start of the tutorial, this machine had an Intel wifi chip. Here you see I've replaced it with an
- Atheros AR5B95 (supports 802.11n and can be used without blobs):<br/>
- <img src="x60_unbrick/0040.jpg" alt="" />
- </p>
- <p>
- Connect the modem cable:<br/>
- <img src="x60_unbrick/0041.jpg" alt="" />
- </p>
- <p>
- Connect the speaker:<br/>
- <img src="x60_unbrick/0042.jpg" alt="" />
- </p>
- <p>
- You should now have this:<br/>
- <img src="x60_unbrick/0043.jpg" alt="" />
- </p>
- <p>
- Re-connect the upper chassis:<br/>
- <img src="x60_unbrick/0044.jpg" alt="" />
- </p>
- <p>
- Re-connect the keyboard:<br/>
- <img src="x60_unbrick/0045.jpg" alt="" />
- </p>
- <p>
- Re-insert the screws that you removed earlier:<br/>
- <img src="x60_unbrick/0046.jpg" alt="" />
- </p>
- <p>
- Power on!<br/>
- <img src="x60_unbrick/0047.jpg" alt="" />
- </p>
- <p>
- Trisquel live USB menu (using GRUB's ISOLINUX parser):<br/>
- <img src="x60_unbrick/0048.jpg" alt="" />
- </p>
- <p>
- Trisquel live desktop:<br/>
- <img src="x60_unbrick/0049.jpg" alt="" />
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
diff --git a/docs/howtos/x60_unbrick/0000.jpg b/docs/howtos/x60_unbrick/0000.jpg
deleted file mode 100644
index ce0ec3b..0000000
--- a/docs/howtos/x60_unbrick/0000.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0001.jpg b/docs/howtos/x60_unbrick/0001.jpg
deleted file mode 100644
index 2bbc0ca..0000000
--- a/docs/howtos/x60_unbrick/0001.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0002.jpg b/docs/howtos/x60_unbrick/0002.jpg
deleted file mode 100644
index b55db3b..0000000
--- a/docs/howtos/x60_unbrick/0002.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0003.jpg b/docs/howtos/x60_unbrick/0003.jpg
deleted file mode 100644
index c5799ae..0000000
--- a/docs/howtos/x60_unbrick/0003.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0004.jpg b/docs/howtos/x60_unbrick/0004.jpg
deleted file mode 100644
index cd47840..0000000
--- a/docs/howtos/x60_unbrick/0004.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0005.jpg b/docs/howtos/x60_unbrick/0005.jpg
deleted file mode 100644
index 418c9d2..0000000
--- a/docs/howtos/x60_unbrick/0005.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0006.jpg b/docs/howtos/x60_unbrick/0006.jpg
deleted file mode 100644
index 6d36d93..0000000
--- a/docs/howtos/x60_unbrick/0006.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0007.jpg b/docs/howtos/x60_unbrick/0007.jpg
deleted file mode 100644
index 971ccdf..0000000
--- a/docs/howtos/x60_unbrick/0007.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0008.jpg b/docs/howtos/x60_unbrick/0008.jpg
deleted file mode 100644
index 24e6526..0000000
--- a/docs/howtos/x60_unbrick/0008.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0009.jpg b/docs/howtos/x60_unbrick/0009.jpg
deleted file mode 100644
index d318395..0000000
--- a/docs/howtos/x60_unbrick/0009.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0010.jpg b/docs/howtos/x60_unbrick/0010.jpg
deleted file mode 100644
index 5e6fdc7..0000000
--- a/docs/howtos/x60_unbrick/0010.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0011.jpg b/docs/howtos/x60_unbrick/0011.jpg
deleted file mode 100644
index edc14c7..0000000
--- a/docs/howtos/x60_unbrick/0011.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0012.jpg b/docs/howtos/x60_unbrick/0012.jpg
deleted file mode 100644
index dbb6669..0000000
--- a/docs/howtos/x60_unbrick/0012.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0013.jpg b/docs/howtos/x60_unbrick/0013.jpg
deleted file mode 100644
index 2d2b9dd..0000000
--- a/docs/howtos/x60_unbrick/0013.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0014.jpg b/docs/howtos/x60_unbrick/0014.jpg
deleted file mode 100644
index 733f997..0000000
--- a/docs/howtos/x60_unbrick/0014.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0015.jpg b/docs/howtos/x60_unbrick/0015.jpg
deleted file mode 100644
index 1e81166..0000000
--- a/docs/howtos/x60_unbrick/0015.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0016.jpg b/docs/howtos/x60_unbrick/0016.jpg
deleted file mode 100644
index f10ca88..0000000
--- a/docs/howtos/x60_unbrick/0016.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0017.jpg b/docs/howtos/x60_unbrick/0017.jpg
deleted file mode 100644
index 69b28c0..0000000
--- a/docs/howtos/x60_unbrick/0017.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0018.jpg b/docs/howtos/x60_unbrick/0018.jpg
deleted file mode 100644
index 7145d9f..0000000
--- a/docs/howtos/x60_unbrick/0018.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0019.jpg b/docs/howtos/x60_unbrick/0019.jpg
deleted file mode 100644
index 959a6ee..0000000
--- a/docs/howtos/x60_unbrick/0019.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0020.jpg b/docs/howtos/x60_unbrick/0020.jpg
deleted file mode 100644
index e6b2536..0000000
--- a/docs/howtos/x60_unbrick/0020.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0021.jpg b/docs/howtos/x60_unbrick/0021.jpg
deleted file mode 100644
index 65bcb60..0000000
--- a/docs/howtos/x60_unbrick/0021.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0022.jpg b/docs/howtos/x60_unbrick/0022.jpg
deleted file mode 100644
index cfcad6d..0000000
--- a/docs/howtos/x60_unbrick/0022.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0023.jpg b/docs/howtos/x60_unbrick/0023.jpg
deleted file mode 100644
index 10824fd..0000000
--- a/docs/howtos/x60_unbrick/0023.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0024.jpg b/docs/howtos/x60_unbrick/0024.jpg
deleted file mode 100644
index 9ce9d45..0000000
--- a/docs/howtos/x60_unbrick/0024.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0025.jpg b/docs/howtos/x60_unbrick/0025.jpg
deleted file mode 100644
index 7b6da73..0000000
--- a/docs/howtos/x60_unbrick/0025.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0026.jpg b/docs/howtos/x60_unbrick/0026.jpg
deleted file mode 100644
index 526c11c..0000000
--- a/docs/howtos/x60_unbrick/0026.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0027.jpg b/docs/howtos/x60_unbrick/0027.jpg
deleted file mode 100644
index 877dc59..0000000
--- a/docs/howtos/x60_unbrick/0027.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0028.jpg b/docs/howtos/x60_unbrick/0028.jpg
deleted file mode 100644
index d22d932..0000000
--- a/docs/howtos/x60_unbrick/0028.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0029.jpg b/docs/howtos/x60_unbrick/0029.jpg
deleted file mode 100644
index 27f9190..0000000
--- a/docs/howtos/x60_unbrick/0029.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0030.jpg b/docs/howtos/x60_unbrick/0030.jpg
deleted file mode 100644
index 813b5c6..0000000
--- a/docs/howtos/x60_unbrick/0030.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0031.jpg b/docs/howtos/x60_unbrick/0031.jpg
deleted file mode 100644
index 49fe541..0000000
--- a/docs/howtos/x60_unbrick/0031.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0032.jpg b/docs/howtos/x60_unbrick/0032.jpg
deleted file mode 100644
index e8625ef..0000000
--- a/docs/howtos/x60_unbrick/0032.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0033.jpg b/docs/howtos/x60_unbrick/0033.jpg
deleted file mode 100644
index 3abfa37..0000000
--- a/docs/howtos/x60_unbrick/0033.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0034.jpg b/docs/howtos/x60_unbrick/0034.jpg
deleted file mode 100644
index c8ab597..0000000
--- a/docs/howtos/x60_unbrick/0034.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0035.jpg b/docs/howtos/x60_unbrick/0035.jpg
deleted file mode 100644
index 03d5482..0000000
--- a/docs/howtos/x60_unbrick/0035.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0036.jpg b/docs/howtos/x60_unbrick/0036.jpg
deleted file mode 100644
index 244c06c..0000000
--- a/docs/howtos/x60_unbrick/0036.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0037.jpg b/docs/howtos/x60_unbrick/0037.jpg
deleted file mode 100644
index f55db4f..0000000
--- a/docs/howtos/x60_unbrick/0037.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0038.jpg b/docs/howtos/x60_unbrick/0038.jpg
deleted file mode 100644
index 0735825..0000000
--- a/docs/howtos/x60_unbrick/0038.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0039.jpg b/docs/howtos/x60_unbrick/0039.jpg
deleted file mode 100644
index dff9ba4..0000000
--- a/docs/howtos/x60_unbrick/0039.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0040.jpg b/docs/howtos/x60_unbrick/0040.jpg
deleted file mode 100644
index 74a9b7f..0000000
--- a/docs/howtos/x60_unbrick/0040.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0041.jpg b/docs/howtos/x60_unbrick/0041.jpg
deleted file mode 100644
index 1b15834..0000000
--- a/docs/howtos/x60_unbrick/0041.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0042.jpg b/docs/howtos/x60_unbrick/0042.jpg
deleted file mode 100644
index 849a260..0000000
--- a/docs/howtos/x60_unbrick/0042.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0043.jpg b/docs/howtos/x60_unbrick/0043.jpg
deleted file mode 100644
index c842695..0000000
--- a/docs/howtos/x60_unbrick/0043.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0044.jpg b/docs/howtos/x60_unbrick/0044.jpg
deleted file mode 100644
index 2b78380..0000000
--- a/docs/howtos/x60_unbrick/0044.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0045.jpg b/docs/howtos/x60_unbrick/0045.jpg
deleted file mode 100644
index d6d8e2d..0000000
--- a/docs/howtos/x60_unbrick/0045.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0046.jpg b/docs/howtos/x60_unbrick/0046.jpg
deleted file mode 100644
index 5eef878..0000000
--- a/docs/howtos/x60_unbrick/0046.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0047.jpg b/docs/howtos/x60_unbrick/0047.jpg
deleted file mode 100644
index 87517e0..0000000
--- a/docs/howtos/x60_unbrick/0047.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0048.jpg b/docs/howtos/x60_unbrick/0048.jpg
deleted file mode 100644
index a701a48..0000000
--- a/docs/howtos/x60_unbrick/0048.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60_unbrick/0049.jpg b/docs/howtos/x60_unbrick/0049.jpg
deleted file mode 100644
index 630ac53..0000000
--- a/docs/howtos/x60_unbrick/0049.jpg
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/.htaccess b/docs/howtos/x60t_unbrick/.htaccess
deleted file mode 100644
index 75da674..0000000
--- a/docs/howtos/x60t_unbrick/.htaccess
+++ /dev/null
@@ -1,2 +0,0 @@
-Options +Indexes
-IndexOptions FancyIndexing FoldersFirst NameWidth=* DescriptionWidth=*
diff --git a/docs/howtos/x60t_unbrick/0000.JPG b/docs/howtos/x60t_unbrick/0000.JPG
deleted file mode 100644
index 4d8de31..0000000
--- a/docs/howtos/x60t_unbrick/0000.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0001.JPG b/docs/howtos/x60t_unbrick/0001.JPG
deleted file mode 100644
index 7783c4f..0000000
--- a/docs/howtos/x60t_unbrick/0001.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0002.JPG b/docs/howtos/x60t_unbrick/0002.JPG
deleted file mode 100644
index ddc6aac..0000000
--- a/docs/howtos/x60t_unbrick/0002.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0003.JPG b/docs/howtos/x60t_unbrick/0003.JPG
deleted file mode 100644
index e1b6586..0000000
--- a/docs/howtos/x60t_unbrick/0003.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0004.JPG b/docs/howtos/x60t_unbrick/0004.JPG
deleted file mode 100644
index b4ae18d..0000000
--- a/docs/howtos/x60t_unbrick/0004.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0005.JPG b/docs/howtos/x60t_unbrick/0005.JPG
deleted file mode 100644
index b7b324b..0000000
--- a/docs/howtos/x60t_unbrick/0005.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0006.JPG b/docs/howtos/x60t_unbrick/0006.JPG
deleted file mode 100644
index 795d02a..0000000
--- a/docs/howtos/x60t_unbrick/0006.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0007.JPG b/docs/howtos/x60t_unbrick/0007.JPG
deleted file mode 100644
index 0ccdbad..0000000
--- a/docs/howtos/x60t_unbrick/0007.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0008.JPG b/docs/howtos/x60t_unbrick/0008.JPG
deleted file mode 100644
index 5312934..0000000
--- a/docs/howtos/x60t_unbrick/0008.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0009.JPG b/docs/howtos/x60t_unbrick/0009.JPG
deleted file mode 100644
index 9d8e7fa..0000000
--- a/docs/howtos/x60t_unbrick/0009.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0010.JPG b/docs/howtos/x60t_unbrick/0010.JPG
deleted file mode 100644
index ea37b18..0000000
--- a/docs/howtos/x60t_unbrick/0010.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60t_unbrick/0011.JPG b/docs/howtos/x60t_unbrick/0011.JPG
deleted file mode 100644
index ebbaa74..0000000
--- a/docs/howtos/x60t_unbrick/0011.JPG
+++ /dev/null
Binary files differ
diff --git a/docs/howtos/x60tablet_unbrick.html b/docs/howtos/x60tablet_unbrick.html
deleted file mode 100644
index da60227..0000000
--- a/docs/howtos/x60tablet_unbrick.html
+++ /dev/null
@@ -1,219 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1">
-
- <style type="text/css">
- body {
- background:#fff;
- color:#000;
- font-family:sans-serif;
- font-size:1em;
- }
- </style>
-
- <title>Libreboot documentation: Unbricking the ThinkPad X60 Tablet</title>
-</head>
-
-<body>
-
- <header>
- <h1>Unbricking the ThinkPad X60</h1>
- <aside>This guide will show you how to recover from a bad flash that prevents your ThinkPad X60 Tablet from booting.</aside>
- </header>
-
- <p>Or go <a href="../index.html">back to main index</a></p>
-
- <h2>Table of Contents</h2>
- <ul>
- <li><a href="#hardware_requirements">Hardware Requirements</a></li>
- <li><a href="#software_requirements">Software Requirements</a></li>
- <li>
- Types of brick:
- <ul>
- <li><a href="#bucts_brick">Brick type 1: bucts not reset</a></li>
- <li><a href="#recovery">Brick type 2: bad rom (or user error), machine won't boot</a></li>
- </ul>
- </li>
- </ul>
-
- <h1 id="hardware_requirements">Hardware requirements</h1>
- <ul>
- <li>a 2nd computer (maybe another X60 Tablet. any computer will do)</li>
- <li>external flashrom-compatible programmer (I'm using the "bus pirate")
- <li>SOIC-8 IC clip (I'm using the Pomona 5250)</li>
- <li>Cable (programmer<>clip) - mine came with the bus pirate.</li>
- <li>USB mini a to b cable (for buspirate<>computer connection).</li>
- </ul>
-
- <h1 id="software_requirements">Software requirements</h1>
- <ul>
- <li>GNU/Linux (on the 2nd computer)</li>
- <li>flashrom software (on the 2nd computer): <a href="http://flashrom.org/" target="_blank">http://flashrom.org/</a>
- </ul>
-
- <h1 id="bucts_brick">Brick type 1: bucts not reset.</h1>
- <p>
- You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and
- the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.<br/><br/>
-
- In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:<br/>
- <img src="x60t_unbrick/0008.JPG" alt="" /><br/><br/>
-
- *Those dd commands should be applied to all newly compiled X60 ROM's (the ROM's in libreboot binary archives already have this applied!):<br/>
- dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k<br/>
- dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump<br/>
- dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc<br/>
- (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running,
- using those instructions: <a href="http://www.coreboot.org/Board:lenovo/x60/Installation" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation</a>.
- </p>
-
- <h1 id="recovery">bad rom (or user error), machine won't boot</h1>
- <p>
- In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from
- booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all.
- </p>
- <p>
- "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides).
- </p>
-
- <p>
- <img src="x60t_unbrick/0000.JPG" alt="" />
- </p>
-
- <p>
- Remove those screws:<br/>
- <img src="x60t_unbrick/0001.JPG" alt="" />
- </p>
-
- <p>
- Remove the HDD:<br/>
- <img src="x60t_unbrick/0002.JPG" alt="" />
- </p>
-
- <p>
- Push keyboard forward to loosen it:<br/>
- <img src="x60t_unbrick/0003.JPG" alt="" />
- </p>
-
- <p>
- Lift:<br/>
- <img src="x60t_unbrick/0004.JPG" alt="" />
- </p>
-
- <p>
- Remove those:<br/>
- <img src="x60t_unbrick/0005.JPG" alt="" />
- </p>
-
- <p>
-
- <img src="x60t_unbrick/0006.JPG" alt="" />
- </p>
-
- <p>
- Also remove that (marked) and unroute the antenna cables:<br/>
- <img src="x60t_unbrick/0007.JPG" alt="" />
- </p>
-
- <p>
- Some X60T's you have to unroute those too:<br/>
- <img src="x60t_unbrick/0010.JPG" alt="" />
- </p>
-
- <p>
- Remove the LCD extend board screws. Also remove those screws (see blue marks) and remove/unroute the cables and remove the metal plate:<br/>
- <img src="x60t_unbrick/0008.JPG" alt="" />
- </p>
-
- <p>
- Remove that screw and then remove the board:<br/>
- <img src="x60t_unbrick/0009.JPG" alt="" />
- </p>
-
- <p>
- At this point, you should wire up your programmer according to it's documentation. For me, this was (see: "SparkFun cable pin reference"):<br/>
- <a href="http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts" target="_blank">http://dangerousprototypes.com/docs/Common_Bus_Pirate_cable_pinouts</a>.<br/>
- Correlating with the following information, I was able to wire up my pirate correctly:<br/>
- <a href="http://flashrom.org/Bus_Pirate#Connections" target="_blank">http://flashrom.org/Bus_Pirate#Connections</a><br/>
- And by following that advice:<br/>
- <a href="http://www.coreboot.org/Board:lenovo/x60/Installation#Howto" target="_blank">http://www.coreboot.org/Board:lenovo/x60/Installation#Howto</a>.<br/>
- Note: that last page says to wire up only those 5 pins (see below) like that: 1, 2, 4, 5, 6.<br/>
- Note: and then, for power it says (on that coreboot.org page) to connect the power jack to the board and connect the
- AC adapter (without powering on the board).<br/>
- Note: I ignored that advice, and wired up all 8 pins. And it worked.<br/>
-
- Here is the pinout (correlate it with your programmer's documentation):<br/>
- <img src="x60t_unbrick/0011.JPG" alt="" /><br/>
- (SPI chip here is on the bottom of the board)
- </p>
-
- <p>
- Bus pirate:<br/>
- <img src="x60_unbrick/0019.jpg" alt="" />
- </p>
-
- <p>
- Pomona 5250:<br/>
- <img src="x60_unbrick/0020.jpg" alt="" />
- </p>
-
- <p>
- Connect pomona:<br/>
- <img src="x60_unbrick/0022.jpg" alt="" />
- </p>
-
- <p>
- Connect pirate to USB on 2nd computer:<br/>
- <img src="x60_unbrick/0024.jpg" alt="" />
- </p>
-
- <p>
- Pirate is active:<br/>
- <img src="x60_unbrick/0023.jpg" alt="" />
- </p>
-
- <p>
- <img src="x60_unbrick/0025.jpg" alt="" />
- </p>
-
- <p>
- On the 2nd machine, I did: <b>flashrom -p buspirate_spi:dev=/dev/ttyUSB0 -w bin/x60t/libreboot_ukqwerty.rom</b>
- </p>
-
- <pre>
- flashrom v0.9.5.2-r1517 on Linux 3.2.0-61-generic (i686), built with libpci 3.1.8, GCC 4.6.3, little endian
- flashrom is free software, get the source code at http://www.flashrom.org
-
- Calibrating delay loop... delay loop is unreliable, trying to continue OK.
- Found Macronix flash chip "MX25L1605" (2048 kB, SPI) on buspirate_spi.
- Reading old flash chip contents... done.
- Erasing and writing flash chip... Erase/write done.
- Verifying flash... VERIFIED.
- </pre>
-
- <p>
- At the end it says "VERIFIED", which means that the procedure worked. If you see this, it means that you can put your X60T back together. So let's do that now.
- </p>
-
- <p>
- Reverse the steps to re-assemble your machine.
- </p>
-
-<hr/>
-
- <p>
- Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions.
- A copy of the license can be found at <a href="../license.txt">../license.txt</a>.
- </p>
-
- <p>
- This document is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information.
- </p>
-
-</body>
-</html>
--
cgit v0.9.1