From 4c3d46238022f0c9955ae7e8b10c9f1716dd871a Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Wed, 04 Feb 2015 04:14:49 -0500 Subject: Documentation: implement theme, drastically improve readability --- (limited to 'docs') diff --git a/docs/archive_old.html b/docs/archive_old.html index 0fb7581..6c95061 100644 --- a/docs/archive_old.html +++ b/docs/archive_old.html @@ -11,1242 +11,1274 @@ Libreboot release information (old) -
+ +
+

Libreboot release information (old)

- -
- -
-

- This page is *obsolete*, provided for historical purposes. -

+

+ Current release information can be found at release.html. +

+ +
+

+ This page is *obsolete*, provided for historical purposes. +

+
+
- -

GnuPG public key (signing key)

- -

- pub  4096R/656F212E 2014-07-04 Libreboot Releases (signing key) <releases@libreboot.org>
- Fingerprint=C923 4BA3 200C F688 9CC0  764D 6E97 D575 656F 212E -

-

- Download the key: libreboot.asc. -

-

- You should also be able to find it on a key server. Note: the above key is not for email. It is only for verifying the release archives. -

- -

Releases

- -

- "Release" means that a new coreboot git revision with substantially different code has been adapted for libreboot. -

-

- "Revision" means a modification to an existing release, where the result is insubstantially different from what preceded it. -

-

- The 1st, 2nd, 3rd and 4th releases were really just older revisions of the 5th release. - For historical reasons (and to avoid confusion), these are still called 'releases' instead of correcting the mistake. -

- -
- -

Release 20150124

-

- Release date: January 24th, 2015. -

+
-

Binaries (right-click save as, or use wget)

- -

Source code (right-click save as, or use wget)

- +

GnuPG public key (signing key)

- Installation instructions can be found at install/index.html#flashrom. - Building instructions (for source code) can be found at git/index.html#build. + pub  4096R/656F212E 2014-07-04 Libreboot Releases (signing key) <releases@libreboot.org>
+ Fingerprint=C923 4BA3 200C F688 9CC0  764D 6E97 D575 656F 212E

- -

Machines supported in this release:

- - -

- Changes for this release (latest changes first, earliest changes last) -

- - -
- -

Release 20141015

- -

Binaries (right-click save as, or use wget)

- -

Source code (right-click save as, or use wget)

- -

- Installation instructions can be found at install/index.html#flashrom. - Building instructions (for source code) can be found at git/index.html#build. + Download the key: libreboot.asc.

- -

Machines supported in this release:

- - -

- Changes for this release (latest changes first, earliest changes last) -

- - - -
- -

6th release (pre-release, 7th beta)

- - - -

Binaries (for flashing) (right-click save as, or use wget)

- -

Source code (for hacking) (right-click save as, or use wget)

- - -

Machines still supported (compared to previous release):

- -

New machines supported in this release:

- -

Machines no longer supported (compared to previous release):

- - -

- Revisions for 7th beta (2014 September 11th) -

- - -

- Revisions for 6th beta (2014 September 3rd) -

- - -

- Corrections to 5th beta (2014 August 2014) -

- - -

- Revisions for 5th beta (2014 August 11th) -

- - -

- Revisions for 4th beta (2014 July 29th) -

- - -

- Revisions for 3rd beta (2014 July 20th) -

- - -

- Revisions for 2nd beta (2014 July 16th) -

- - -

- Revisions for 1st beta (2014 July 11th) -

- - -

Back to top of page.

- -
- -

5th release

- - - -

Officially supported

- - -

Binaries (for flashing)

- - -

Source code (for hacking)

-

- (gluglug.org.uk/X60/release/4/X60_source.tar.gz and gluglug.org.uk/X60/release/4/X60_binary.tar.gz were the old links, - but they no longer exist) + You should also be able to find it on a key server. Note: the above key is not for email. It is only for verifying the release archives.

-

Development notes

- - -

Revision notes (2014 March 9th):

- - -

Revision notes (2014 June 5th):

- - -

Revision notes (2014 June 11th):

- - -

Revision notes (2014 June 22nd)

- - -

Revision (2014 June 22nd - extra)

- - -

Revision (2014 June 22nd - extra)

- - -

Back to top of page.

- -
- -

4th release

- - - -

Officially supported

- - -

Binaries (for flashing)

- +
+ +
-

Source code (for hacking)

+

Releases

+

+ "Release" means that a new coreboot git revision with substantially different code has been adapted for libreboot. +

+

+ "Revision" means a modification to an existing release, where the result is insubstantially different from what preceded it. +

+

+ The 1st, 2nd, 3rd and 4th releases were really just older revisions of the 5th release. + For historical reasons (and to avoid confusion), these are still called 'releases' instead of correcting the mistake. +

+ +
+ +
-

Development notes

- +

Release 20150124

+

- The "Parse" options read ./isolinux/isolinux.cfg on a CD or USB, - and automatically converts it to a grub config and switches to the boot menu of that distro. - This makes booting ISOs *much* easier than before. + Release date: January 24th, 2015.

-

Back to top of page.

+

Binaries (right-click save as, or use wget)

+ +

Source code (right-click save as, or use wget)

+ + +

+ Installation instructions can be found at install/index.html#flashrom. + Building instructions (for source code) can be found at git/index.html#build. +

+ +

Machines supported in this release:

+ + +

+ Changes for this release (latest changes first, earliest changes last) +

+ + +
-
+
+ +

Release 20141015

+ +

Binaries (right-click save as, or use wget)

+ +

Source code (right-click save as, or use wget)

+ + +

+ Installation instructions can be found at install/index.html#flashrom. + Building instructions (for source code) can be found at git/index.html#build. +

+ +

Machines supported in this release:

+ + +

+ Changes for this release (latest changes first, earliest changes last) +

+ + +

Back to top of page.

+ +
-

3rd release

+
- +

6th release (pre-release, 7th beta)

-

Supported:

-

Binaries (for flashing)

- +

Binaries (for flashing) (right-click save as, or use wget)

+ +

Source code (for hacking) (right-click save as, or use wget)

+ + +

Machines still supported (compared to previous release):

+ +

New machines supported in this release:

+ +

Machines no longer supported (compared to previous release):

+ + +

+ Revisions for 7th beta (2014 September 11th) +

+ + +

+ Revisions for 6th beta (2014 September 3rd) +

+ + +

+ Corrections to 5th beta (2014 August 2014) +

+ + +

+ Revisions for 5th beta (2014 August 11th) +

+ + +

+ Revisions for 4th beta (2014 July 29th) +

+ + +

+ Revisions for 3rd beta (2014 July 20th) +

+ + +

+ Revisions for 2nd beta (2014 July 16th) +

+ + +

+ Revisions for 1st beta (2014 July 11th) +

+ + +

Back to top of page.

+ +
+ +
-

Source code (for hacking)

- +

5th release

-

Development notes

-

Back to top of page.

- -
+

Officially supported

+ + +

Binaries (for flashing)

+ + +

Source code (for hacking)

+ +

+ (gluglug.org.uk/X60/release/4/X60_source.tar.gz and gluglug.org.uk/X60/release/4/X60_binary.tar.gz were the old links, + but they no longer exist) +

+ +

Development notes

+ + +

Revision notes (2014 March 9th):

+ + +

Revision notes (2014 June 5th):

+ + +

Revision notes (2014 June 11th):

+ + +

Revision notes (2014 June 22nd)

+ + +

Revision (2014 June 22nd - extra)

+ + +

Revision (2014 June 22nd - extra)

+ + +

Back to top of page.

+ +
-

2nd release

+
- +

4th release

-

Supported:

-

Binaries (for flashing)

- +

Officially supported

+ + +

Binaries (for flashing)

+ + +

Source code (for hacking)

+ + +

Development notes

+ +

+ The "Parse" options read ./isolinux/isolinux.cfg on a CD or USB, + and automatically converts it to a grub config and switches to the boot menu of that distro. + This makes booting ISOs *much* easier than before. +

+ +

Back to top of page.

+ +
-

Source code (for hacking)

- +
+ +

3rd release

-

Development notes

-

Back to top of page.

- -
+

Supported:

+ + +

Binaries (for flashing)

+ + +

Source code (for hacking)

+ + +

Development notes

+ + +

Back to top of page.

+ +
-

1st release

+
- +

2nd release

-

Supported:

-

Binaries (for flashing)

- +

Supported:

+ + +

Binaries (for flashing)

+ + +

Source code (for hacking)

+ + +

Development notes

+ + +

Back to top of page.

+ +
-

Source code (for hacking)

- +
+ +

1st release

-

Development notes

-

Back to top of page.

+

Supported:

+ + +

Binaries (for flashing)

+ + +

Source code (for hacking)

+ + +

Development notes

+ + +

Back to top of page.

+ +
-
+
-

- Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
- This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at license.txt. -

+

+ Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at license.txt. +

-

- This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See license.txt for more information. -

+

+ This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See license.txt for more information. +

+ +
diff --git a/docs/css/main.css b/docs/css/main.css index 11a0773..66a0503 100644 --- a/docs/css/main.css +++ b/docs/css/main.css @@ -2,7 +2,7 @@ Main CSS stylesheet for libreboot.org (documentation section) - Copyright (C) 2014 Francis Rowe + Copyright (C) 2014, 2015 Francis Rowe This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,13 +19,31 @@ */ body { - background:#fff; - color:#000; - font-family:100% sans-serif; - font-size:0.875em; + background:#dfdfdf; + color:#2B2B2B; + font-family:Lato,sans-serif; + font-size:0.92em; + font-weight:400; + padding:0px; + margin:0px; } -p, aside { +div.section { + background:#FFF; + border-radius:0.5em; + box-shadow: 0px 0px 5px 0px rgba(50, 50, 50, 0.75); + padding:1em; + margin:1em; +} +p, aside, li { margin: 0.33em 0px 0.6em; + text-align:justify; +} +a { + color:#2B2BAA; + font-size:1.1em; +} +a:hover { + text-decoration:none; } h1,h2,h3 { margin-bottom:0.2em; @@ -34,13 +52,25 @@ h1,h2,h3 { img { max-width:100%; height:auto; + border:solid 0.5em #fff; + border-radius:0.25em; + box-shadow: 0px 0px 5px 0px rgba(50, 50, 50, 0.75); + margin:0px; + padding:0px; + margin-right:1em; + margin-bottom:1em; } + p.lenovobios { font-weight:bold; color:#f00; font-style:italic; font-size:1.2em; } p.lenovobios:hover { color: #000; } -div.important, pre { - background-color:#ccc; +div.important, pre, div.subsection { + padding:1em; + margin-bottom:1em; + background-color:#ece0e2; + border-radius:0.25em; + box-shadow: 0px 0px 5px 0px rgba(50, 50, 50, 0.75); } diff --git a/docs/future/index.html b/docs/future/index.html index 6f05022..450e85a 100644 --- a/docs/future/index.html +++ b/docs/future/index.html @@ -16,199 +16,333 @@ -
-

Development notes

- -
- -

- Or go back to main document index. -

+
-
+

Development notes

+

+ These are development notes, for future use. For old (obselete) notes, see old.html. +

+

+ Or go back to main document index. +

+ +
-

Contents

- + -
+
+ +

standard test

+

+ These logs are usually obtained when testing changes related to graphics on i945 (X60 and T60). +

+
    +
  • + Make a copy of these files: +
      +
    • /var/log/dmesg
    • +
    • /var/log/kern.log
    • +
    • /var/log/Xorg.0.log
    • +
    • /proc/ioports
    • +
    • /proc/iomem
    • +
    • /sys/class/drm/card0/error
    • +
    +
  • +
  • + Record these outputs: +
      +
    • sudo intel_reg_dumper
    • +
    • uname -r
    • +
    • lspci -vvvvnnnnxxxx
    • +
    • sudo modprobe msr
    • +
    • sudo inteltool -a
    • +
    • sudo cbmem -c
    • +
    +
  • +
  • + Try some 3D games with latest kernel. +
  • +
-

standard test

-

- These logs are usually obtained when testing changes related to graphics on i945 (X60 and T60). -

-
+ +
+ +

T60 cpu microcode

+ +

+ TODO: T60: find (for rare buggy CPUs that are unstable without microcode updates) if there is a workaround (patched kernel, special parameter, etc) So far, only 1 processor has been found to have issues. See microcode errata sheets http://download.intel.com/design/mobile/SPECUPDT/31407918.pdf and http://download.intel.com/design/mobile/SPECUPDT/30922214.pdf and then look at the debugging results collected in t7200q directory (q means quirk). +

+ +

+ Every other T7200 tested so far has worked without microcode updates. +

+ +

Back to top of page.

+ +
+ +
+ +

i945 VRAM size

+ +

+ Apparently, only 8MB VRAM is available on i945 GPUs (though it could do 64MB):
+ phcoder: No. Hardware default is 8 MiB. When I wanted to make it configurable, I saw that docs mention only one other alternative: 1MiB. Later isn't event enough for 1024x768 at 24bpp without any acceleration or double buffering. It's possible that there are undocumented values. Which options do you have in vendor BIOS? + How to find out how much vram you have:
+ phcoder: TOM - BSM
+ phcoder: check what vendor BIOS offers as options
+ fchmmr: I thought it could do 64MB usually
+ phcoder: not accorging to doc.
+ phcoder: see mobile-945-express-chipset-datasheet page 93
+ phcoder: see also src/northbridge/intel/i945/{early_init,northbridge,gma}.c
+ fchmmr: "011 = DVMT (UMA) mode, 8 MB of memory pre-allocated for
+ fchmmr: frame buffer."
+ fchmmr: "Others - reserved"
+ phcoder: the easiest way is a loop at this position which tries different values and reads (and prints) BSM with them
+ stefanct: fchmmr: he suggest that you change the value and look how BSM reacts to that
+ stefanct: as he pointed out earlier vram size = TOM - BSM
+ stefanct: different values of GMS
+ stefanct: phcoder: hm... this could be a hint. look at the text description of TOLUD at page 103
+ stefanct: it mentions 64 MB in the text about BSM as well
+ stefanct: table 18...
+ phcoder: stefanct: I have a guess which value make is 64 but I will not tell to avoid skewing test results
+ stefanct: phcoder: sure... i assumed you were not sure if it supports it at all. testing it properly is of course a good idea :)
+ stefanct: test the various possible (but reserved) values of GMS and see what the resulting VRAM size is
+ fchmmr: so, TOM - BSM +

+

+ Back to top of page. +

+ +
+ +
+ +

LCD panels on i945 - fix incompatible panels

+ +

+ Fix T60 issues (see incompatible panels listed at ../hcl/index.html#supported_t60_list). +

+ +

+ Run that tool (resources/utilities/i945gpu/intel-regs.py) as root on machines with the offending panels in: +

    -
  • /var/log/dmesg
  • -
  • /var/log/kern.log
  • -
  • /var/log/Xorg.0.log
  • -
  • /proc/ioports
  • -
  • /proc/iomem
  • -
  • /sys/class/drm/card0/error
  • +
  • Coreboot (or libreboot, whatever) with VBIOS (disable native graphics also)
  • +
  • (Factory BIOS also?)
- -
  • - Record these outputs: + +

    + This shows values in devicetree.cb and src/northbridge/intel/i945/gma.c, the idea is that you run it on factory bios or vbios + and that it will (might) show different values: then you try those in the native graphics (in libreboot). +

    + +

    + Other values/registers might also need to be added to the script for these tests. +

    + +

    + check if intel_bios_reader from intel-gpu-tools reports the same value (BIOS has a hardcoded value) for PWM modulation frequency. + This file can read the VBIOS (64K dump). +

    + +

    + Check other tools in intel-gpu-tools aswell, compare outputs. Possibly add more information to intel-regs.py output (submit changes to mtjm). + Do oprom trace / replay (http://www.coreboot.org/User:GNUtoo#How_to_get_rid_of_the_vbios_of_the_x60_.5BNew_Version.5D) +

    + +

    + Study how EDID works and how gma.c handles it. +

    + +

    + Original getregs.py script can be found at http://hg.mtjm.eu/scripts/file/tip/intel-regs.py + written by Michał Masłowski. +

    + +

    + About fixing remaining LCD panels on 5345:
    + 'polarity' is mentioned in coreboot log (cbmem -c). compare output (with working and non-working panel). (and see the other notes in docs/future/index.html)
    + phcoder says: hint for T60: it might be that failing panels are 8bpc
    + fchmmr: what does 8bpc mean? And what do you think the other (non-failing) panel are?
    + phcoder: 6bpc. bits per colour. May also be reffered as 18-bit vs 24-bit panels
    + phcoder: just collect EDIDs from failing and working panels
    + phcoder gave me this for collecting EDID data: + http://www.o2genum.com/2013/08/lp156wh2-tlaa-lcd-panel-edid.html +

    + +

    Back to top of page.

    + +
  • + +
    + +

    i945 gfx: X60/T60 VBT implementation (experimental: testing)

    + +

    + intel_bios_dumper in intel-gpu-tools seems interesting. +

    +

    + Use 'drm.debug=0x06' kernel parameter when booting in grub! +

    +

    + Before each test run, boot a live USB and delete the old logs in /var/log (kernel log, xorg log, dmesg and so on). +

    +

    + Load (from the ROM) the runningvga.bin for each LCD panel on each machine; do not execute it, only load it! (coreboot will have to be modified). + Rename the ROM appropriately, based on the machine name and the panel name. coreboot_nativegfx_5868_plusrunningvga_t60_14_LTD141ECMB.rom, + for instance. Keep a copy for later use. +

    + +

    You are supposed to:

      -
    • sudo intel_reg_dumper
    • -
    • uname -r
    • -
    • lspci -vvvvnnnnxxxx
    • -
    • sudo modprobe msr
    • -
    • sudo inteltool -a
    • -
    • sudo cbmem -c
    • +
    • enable native graphics in menuconfig
    • +
    • include the self-modified VGA ROM (load, but not execute) - for reverse engineering the correct VBT tables.
    - -
  • - Try some 3D games with latest kernel. -
  • - - -

    Back to top of page.

    - -
    - -

    T60 cpu microcode

    - -

    - TODO: T60: find (for rare buggy CPUs that are unstable without microcode updates) if there is a workaround (patched kernel, special parameter, etc) So far, only 1 processor has been found to have issues. See microcode errata sheets http://download.intel.com/design/mobile/SPECUPDT/31407918.pdf and http://download.intel.com/design/mobile/SPECUPDT/30922214.pdf and then look at the debugging results collected in t7200q directory (q means quirk). -

    - -

    - Every other T7200 tested so far has worked without microcode updates. -

    - -

    Back to top of page.

    - -
    - -

    i945 VRAM size

    -

    - Apparently, only 8MB VRAM is available on i945 GPUs (though it could do 64MB):
    - phcoder: No. Hardware default is 8 MiB. When I wanted to make it configurable, I saw that docs mention only one other alternative: 1MiB. Later isn't event enough for 1024x768 at 24bpp without any acceleration or double buffering. It's possible that there are undocumented values. Which options do you have in vendor BIOS? - How to find out how much vram you have:
    - phcoder: TOM - BSM
    - phcoder: check what vendor BIOS offers as options
    - fchmmr: I thought it could do 64MB usually
    - phcoder: not accorging to doc.
    - phcoder: see mobile-945-express-chipset-datasheet page 93
    - phcoder: see also src/northbridge/intel/i945/{early_init,northbridge,gma}.c
    - fchmmr: "011 = DVMT (UMA) mode, 8 MB of memory pre-allocated for
    - fchmmr: frame buffer."
    - fchmmr: "Others - reserved"
    - phcoder: the easiest way is a loop at this position which tries different values and reads (and prints) BSM with them
    - stefanct: fchmmr: he suggest that you change the value and look how BSM reacts to that
    - stefanct: as he pointed out earlier vram size = TOM - BSM
    - stefanct: different values of GMS
    - stefanct: phcoder: hm... this could be a hint. look at the text description of TOLUD at page 103
    - stefanct: it mentions 64 MB in the text about BSM as well
    - stefanct: table 18...
    - phcoder: stefanct: I have a guess which value make is 64 but I will not tell to avoid skewing test results
    - stefanct: phcoder: sure... i assumed you were not sure if it supports it at all. testing it properly is of course a good idea :)
    - stefanct: test the various possible (but reserved) values of GMS and see what the resulting VRAM size is
    - fchmmr: so, TOM - BSM -

    -

    - Back to top of page. -

    - -
    - -

    LCD panels on i945 - fix incompatible panels

    - -

    - Fix T60 issues (see incompatible panels listed at ../hcl/index.html#supported_t60_list). -

    +

    + With each boot, make notes about what you see and get logs using the standard test. + You will need the files from #intelvbttool_results for each machine. +

    -

    - Run that tool (resources/utilities/i945gpu/intel-regs.py) as root on machines with the offending panels in: -

    -
      -
    • Coreboot (or libreboot, whatever) with VBIOS (disable native graphics also)
    • -
    • (Factory BIOS also?)
    • -
    - -

    - This shows values in devicetree.cb and src/northbridge/intel/i945/gma.c, the idea is that you run it on factory bios or vbios - and that it will (might) show different values: then you try those in the native graphics (in libreboot). -

    + Results (# means untested): +
      +
    • + X60/X60s: +
        +
      • TMD-Toshiba LTD121ECHB: #
      • +
      • CMO N121X5-L06: #
      • +
      • Samsung LTN121XJ-L07: #
      • +
      • BOE-Hydis HT121X01-101: #
      • +
      +
    • +
    • + X60T XGA: +
        +
      • BOE-Hydis HV121X03-100: #
      • +
      +
    • +
    • + X60T SXGA+: +
        +
      • BOE-Hydis HV121P01-100: #
      • +
      +
    • +
    • + T60 14" XGA: +
        +
      • Samsung LTN141XA-L01: #
      • +
      • CMO N141XC: #
      • +
      • BOE-Hydis HT14X14: #
      • +
      • TMD-Toshiba LTD141ECMB: #
      • +
      +
    • +
    • + T60 14" SXGA+ +
        +
      • TMD-Toshiba LTD141EN9B: #
      • +
      • Samsung LTN141P4-L02: #
      • +
      • Boe-Hydis HT14P12: #
      • +
      +
    • +
    • + T60 15" XGA +
        +
      • Samsung LTN150XG-L08: #
      • +
      • LG-Philips LP150X09: #
      • +
      • 13N7068 (IDtech): #
      • +
      • 13N7069 (CMO): #
      • + +
      +
    • +
    • + T60 15" SXGA+ +
        +
      • LG-Philips LP150E05-A2K1: #
      • +
      • BOE-Hydis HV150P01-100: #
      • +
      +
    • +
    • + T60 15" UXGA +
        +
      • BOE-Hydis HV150UX1-100: #
      • +
      • IDTech N150U3-L01: #
      • +
      • BOE-Hydis HV150UX1-102: #
      • +
      +
    • +
    • + T50 15" QXGA +
        +
      • IDtech IAQX10N: #
      • +
      • IDtech IAQX10S: #
      • +
      +
    • +
    -

    - Other values/registers might also need to be added to the script for these tests. -

    +

    Back to top of page

    + +
    -

    - check if intel_bios_reader from intel-gpu-tools reports the same value (BIOS has a hardcoded value) for PWM modulation frequency. - This file can read the VBIOS (64K dump). -

    +
    -

    - Check other tools in intel-gpu-tools aswell, compare outputs. Possibly add more information to intel-regs.py output (submit changes to mtjm). - Do oprom trace / replay (http://www.coreboot.org/User:GNUtoo#How_to_get_rid_of_the_vbios_of_the_x60_.5BNew_Version.5D) -

    +

    intelvbttool test results (VGA ROM dumps)

    +

    + The VBIOS on i945 (intel gpu) platforms is self-modifying; that is, + its contents change when you run it. intelvbttool takes a dump of + the currently running vbios, and parses it. +

    -

    - Study how EDID works and how gma.c handles it. -

    - -

    - Original getregs.py script can be found at http://hg.mtjm.eu/scripts/file/tip/intel-regs.py - written by Michał Masłowski. -

    +

    + The idea is that we can extract the VBT tables using this knowledge, on the X60, X60 Tablet and T60 (Intel GPU). +

    -

    - About fixing remaining LCD panels on 5345:
    - 'polarity' is mentioned in coreboot log (cbmem -c). compare output (with working and non-working panel). (and see the other notes in docs/future/index.html)
    - phcoder says: hint for T60: it might be that failing panels are 8bpc
    - fchmmr: what does 8bpc mean? And what do you think the other (non-failing) panel are?
    - phcoder: 6bpc. bits per colour. May also be reffered as 18-bit vs 24-bit panels
    - phcoder: just collect EDIDs from failing and working panels
    - phcoder gave me this for collecting EDID data: - http://www.o2genum.com/2013/08/lp156wh2-tlaa-lcd-panel-edid.html -

    +

    + Here is an example of how VBT was implemented on the ThinkPad X230: + http://review.coreboot.org/#/c/5396. +

    -

    Back to top of page.

    +

    + You'll need to build a T60 ROM with SeaBIOS and the VGA ROM (for Intel GPU). An X60 ROM is also needed (same configuration, using the VGA ROM for X60). +

    -
    +

    + T60 has DVI on its dock, make sure that the dock is attached when getting this output. +

    -

    i945 gfx: X60/T60 VBT implementation (experimental: testing)

    +

    + Get intelvbttool here: http://review.coreboot.org/#/c/5842 (util/intelvbttool). +

    -

    - intel_bios_dumper in intel-gpu-tools seems interesting. -

    -

    - Use 'drm.debug=0x06' kernel parameter when booting in grub! -

    -

    - Before each test run, boot a live USB and delete the old logs in /var/log (kernel log, xorg log, dmesg and so on). -

    -

    - Load (from the ROM) the runningvga.bin for each LCD panel on each machine; do not execute it, only load it! (coreboot will have to be modified). - Rename the ROM appropriately, based on the machine name and the panel name. coreboot_nativegfx_5868_plusrunningvga_t60_14_LTD141ECMB.rom, - for instance. Keep a copy for later use. -

    +

    + Now dump a copy of the running VGA BIOS: + $ sudo dd if=/dev/mem bs=64k of=runningvga.bin skip=12 count=1
    + Then do (and record the output):
    + $ ./intelvbttool runningvga.bin > intelvbttool_out +

    -

    You are supposed to:

    -
      -
    • enable native graphics in menuconfig
    • -
    • include the self-modified VGA ROM (load, but not execute) - for reverse engineering the correct VBT tables.
    • -
    +

    + Backup both files (runningvga.bin and intelvbttool_out), renaming them to match the machine and LCD panel used. + ../misc/index.html#get_edid_panelname will show you how to get the name (model) of the LCD panel used. +

    -

    - With each boot, make notes about what you see and get logs using the standard test. - You will need the files from #intelvbttool_results for each machine. -

    +

    Test results (# means untested and all had docks, unless noted).

    - Results (# means untested):
    • X60/X60s: @@ -216,23 +350,23 @@
    • TMD-Toshiba LTD121ECHB: #
    • CMO N121X5-L06: #
    • Samsung LTN121XJ-L07: #
    • -
    • BOE-Hydis HT121X01-101: #
    • +
    • BOE-Hydis HT121X01-101: #
  • - X60T XGA: + X60T XGA (1024x768):
    • BOE-Hydis HV121X03-100: #
  • - X60T SXGA+: + X60T SXGA+ (1400x1050):
    • BOE-Hydis HV121P01-100: #
  • - T60 14" XGA: + T60 14" XGA (1024x768):
    • Samsung LTN141XA-L01: #
    • CMO N141XC: #
    • @@ -241,7 +375,7 @@
  • - T60 14" SXGA+ + T60 14" SXGA+ (1400x1050):
    • TMD-Toshiba LTD141EN9B: #
    • Samsung LTN141P4-L02: #
    • @@ -249,24 +383,23 @@
  • - T60 15" XGA + T60 15" XGA (1024x768):
    • Samsung LTN150XG-L08: #
    • LG-Philips LP150X09: #
    • 13N7068 (IDtech): #
    • 13N7069 (CMO): #
    • -
  • - T60 15" SXGA+ + T60 15" SXGA+ (1400x1050):
    • LG-Philips LP150E05-A2K1: #
    • BOE-Hydis HV150P01-100: #
  • - T60 15" UXGA + T60 15" UXGA (1600x1200):
    • BOE-Hydis HV150UX1-100: #
    • IDTech N150U3-L01: #
    • @@ -274,7 +407,7 @@
  • - T50 15" QXGA + T60 15" QXGA (2048x1536):
    • IDtech IAQX10N: #
    • IDtech IAQX10S: #
    • @@ -282,175 +415,69 @@
    -

    Back to top of page

    - -
    - -

    intelvbttool test results (VGA ROM dumps)

    -

    - The VBIOS on i945 (intel gpu) platforms is self-modifying; that is, - its contents change when you run it. intelvbttool takes a dump of - the currently running vbios, and parses it. -

    - -

    - The idea is that we can extract the VBT tables using this knowledge, on the X60, X60 Tablet and T60 (Intel GPU). -

    - -

    - Here is an example of how VBT was implemented on the ThinkPad X230: - http://review.coreboot.org/#/c/5396. -

    +

    Back to top of page.

    + +
  • + +
    + +

    Fallback patches

    -

    - You'll need to build a T60 ROM with SeaBIOS and the VGA ROM (for Intel GPU). An X60 ROM is also needed (same configuration, using the VGA ROM for X60). -

    + + +

    Back to top of page.

    + +
    + +
    -

    - T60 has DVI on its dock, make sure that the dock is attached when getting this output. -

    +

    Other - unlisted (low priority)

    + +
      +
    • + PTE errors still exist on i945 with 6718 (which is merged). http://review.coreboot.org/#/c/6718/ +
        +
      • dmesg
      • +
      • kern.log
      • +
      • This doesn't seem to cause any issues for general use.
      • +
      +
    • +
    • + Implement INT 10H support in i945 native graphics. (this will be a lot of work. SeaBIOS has code for some geode boards, to get a general idea). +
    • +
    • + T60 15" QXGA (2048x1536): fixed issue where GRUB wouldn't show any graphics. (Not many people have this panel) +
        +
      • It might be the same issue I ran into with Paul on the X60 (not enough memory being allocated) since the same code works on T60 SXGA+ and UXGA, where GRUB actually display graphics.
      • +
      +
    • +
    + +

    Back to top of page.

    + +
    -

    - Get intelvbttool here: http://review.coreboot.org/#/c/5842 (util/intelvbttool). -

    +

    - Now dump a copy of the running VGA BIOS: - $ sudo dd if=/dev/mem bs=64k of=runningvga.bin skip=12 count=1
    - Then do (and record the output):
    - $ ./intelvbttool runningvga.bin > intelvbttool_out + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    - Backup both files (runningvga.bin and intelvbttool_out), renaming them to match the machine and LCD panel used. - ../misc/index.html#get_edid_panelname will show you how to get the name (model) of the LCD panel used. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -

    Test results (# means untested and all had docks, unless noted).

    - -
      -
    • - X60/X60s: -
        -
      • TMD-Toshiba LTD121ECHB: #
      • -
      • CMO N121X5-L06: #
      • -
      • Samsung LTN121XJ-L07: #
      • -
      • BOE-Hydis HT121X01-101: #
      • -
      -
    • -
    • - X60T XGA (1024x768): -
        -
      • BOE-Hydis HV121X03-100: #
      • -
      -
    • -
    • - X60T SXGA+ (1400x1050): -
        -
      • BOE-Hydis HV121P01-100: #
      • -
      -
    • -
    • - T60 14" XGA (1024x768): -
        -
      • Samsung LTN141XA-L01: #
      • -
      • CMO N141XC: #
      • -
      • BOE-Hydis HT14X14: #
      • -
      • TMD-Toshiba LTD141ECMB: #
      • -
      -
    • -
    • - T60 14" SXGA+ (1400x1050): -
        -
      • TMD-Toshiba LTD141EN9B: #
      • -
      • Samsung LTN141P4-L02: #
      • -
      • Boe-Hydis HT14P12: #
      • -
      -
    • -
    • - T60 15" XGA (1024x768): -
        -
      • Samsung LTN150XG-L08: #
      • -
      • LG-Philips LP150X09: #
      • -
      • 13N7068 (IDtech): #
      • -
      • 13N7069 (CMO): #
      • -
      -
    • -
    • - T60 15" SXGA+ (1400x1050): -
        -
      • LG-Philips LP150E05-A2K1: #
      • -
      • BOE-Hydis HV150P01-100: #
      • -
      -
    • -
    • - T60 15" UXGA (1600x1200): -
        -
      • BOE-Hydis HV150UX1-100: #
      • -
      • IDTech N150U3-L01: #
      • -
      • BOE-Hydis HV150UX1-102: #
      • -
      -
    • -
    • - T60 15" QXGA (2048x1536): -
        -
      • IDtech IAQX10N: #
      • -
      • IDtech IAQX10S: #
      • -
      -
    • -
    - -

    Back to top of page.

    - -
    - -

    Fallback patches

    - - -
    - -

    Other - unlisted (low priority)

    - -
      -
    • - PTE errors still exist on i945 with 6718 (which is merged). http://review.coreboot.org/#/c/6718/ -
        -
      • dmesg
      • -
      • kern.log
      • -
      • This doesn't seem to cause any issues for general use.
      • -
      -
    • -
    • - Implement INT 10H support in i945 native graphics. (this will be a lot of work. SeaBIOS has code for some geode boards, to get a general idea). -
    • -
    • - T60 15" QXGA (2048x1536): fixed issue where GRUB wouldn't show any graphics. (Not many people have this panel) -
        -
      • It might be the same issue I ran into with Paul on the X60 (not enough memory being allocated) since the same code works on T60 SXGA+ and UXGA, where GRUB actually display graphics.
      • -
      -
    • -
    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +
    diff --git a/docs/future/old.html b/docs/future/old.html index eeaa96e..0f77a0a 100644 --- a/docs/future/old.html +++ b/docs/future/old.html @@ -16,256 +16,272 @@ -
    -

    Development notes (old/obsolete notes)

    - -
    - -

    - These are old (obsolete) notes that mare kept because they might become useful again in the future. -

    - -
    - -

    Contents

    - +
    -
    +

    Development notes (old/obsolete notes)

    +

    + For current notes, see index.html. +

    -

    X60 native graphics initialization (with backlight controls)

    +

    + These are old (obsolete) notes that mare kept because they might become useful again in the future. +

    + +
    -

    - - This is now obsolete. A better way was found (included in libreboot): http://review.coreboot.org/#/c/6731/ - -

    + + +
    + +

    X60 native graphics initialization (with backlight controls)

    -

    - Also check #5320_kernel312fix (to fix 3D on kernel 3.12/higher) -

    -

    - The fix below was done on 5320/6 (from review.coreboot.org) but should work just fine on later versions of 5320. -

    -

    - Native gpu init + backlight controls! (Fn keys). Also confirmed on X60 Tablet (1024x768) and X60 Tablet (1400x1050) -

    -

    - Add backlight controls: in src/mainboard/lenovo/x60/devicetree.cb, change gpu_backlight to 0x879F879E -

    -

    - That's all! This has also been backported into libreboot 5th release (line 1233 in src/mainboard/lenovo/x60/i915io.c). GNUtoo (Denis Carikli) - told me about the register BLC_PWM_CTL and that you could set it to control backlight. I read that address using devmem2 while running the VBIOS:
    - # devmem2 0xe4361254 w -

    -

    - The change is also included in libreboot 6. -

    -

    - When doing this, it gave back that value. The same trick was used to get backlight controls for T60 (see #t60_native_notes). -

    +

    + + This is now obsolete. A better way was found (included in libreboot): http://review.coreboot.org/#/c/6731/ + +

    -

    Further notes

    - Reading 0xe4361254 (address) in Lenovo BIOS always yields FFFFFFFF, even when writing to it (and writing to it doesn't affect brightness controls). - 'mtjm' on IRC found that the buttons (Fn keys) control /sys/class/backlight/acpi_video0 which has no affect on 61254 (BLC_PWM_CTL). He says - intel_backlight has different values and uses the register. devmem2 works, needs checking lspci -vv for where the memory is mapped, - which is different than on coreboot; mtjm found that it was 0xec061254 on his machine (X60 Tablet), and the register value is different too. - This is relevant, because we still don't know how backlight controls are actually handled. We got it working by accident. We need to know more.. + Also check #5320_kernel312fix (to fix 3D on kernel 3.12/higher)

    - Intel-gpu-tools may prove useful for further debugging: http://cgit.freedesktop.org/xorg/app/intel-gpu-tools/ + The fix below was done on 5320/6 (from review.coreboot.org) but should work just fine on later versions of 5320.

    - mtjm says 0xe4300000 is an MMIO region of the gpu (lspci -vv shows it), 0x61254 (BLC_PWM_CTL) is a documented register. Searching the kernel driver for backlight - shows that in intel_panel.c this register is used (there is an XXX comment about finding the right value, where recent kernels get it from. + Native gpu init + backlight controls! (Fn keys). Also confirmed on X60 Tablet (1024x768) and X60 Tablet (1400x1050)

    - What we want to do is calculate a good value, instead of setting it in devicetree.cb. mtjm says about backlight physics: - it has a light source , uses pulse width modulation (PWM) to turn it on/off, dimming is done by spending less time on. - Note: this may not be correct; he says his understanding is based on how the Lenote yeeloong works. + Add backlight controls: in src/mainboard/lenovo/x60/devicetree.cb, change gpu_backlight to 0x879F879E

    - mtjm goes on to say, that the register specifies the frequency used for PWM in its depending on the GPU core frequency, so it - might be possible to calculate it without hardcoded laptop-specific values. Therefore, I am supposed to find out the 'display core frequency' - (mtjm says there might be a register for it; also, it might be in 5320 or the replay code) and the PWM modulation frequency. - https://en.wikipedia.org/wiki/Backlight#Flicker_due_to_backlight_dimming + That's all! This has also been backported into libreboot 5th release (line 1233 in src/mainboard/lenovo/x60/i915io.c). GNUtoo (Denis Carikli) + told me about the register BLC_PWM_CTL and that you could set it to control backlight. I read that address using devmem2 while running the VBIOS:
    + # devmem2 0xe4361254 w

    - phcoder (Vladimir Serbinenko) who is author of 5320 (review.coreboot.org) talks about 'duty cycle limit' and 'flickering frequency'. + The change is also included in libreboot 6. +

    +

    + When doing this, it gave back that value. The same trick was used to get backlight controls for T60 (see #t60_native_notes).

    -

    Back to top of page

    - -
    +

    Further notes

    +

    + Reading 0xe4361254 (address) in Lenovo BIOS always yields FFFFFFFF, even when writing to it (and writing to it doesn't affect brightness controls). + 'mtjm' on IRC found that the buttons (Fn keys) control /sys/class/backlight/acpi_video0 which has no affect on 61254 (BLC_PWM_CTL). He says + intel_backlight has different values and uses the register. devmem2 works, needs checking lspci -vv for where the memory is mapped, + which is different than on coreboot; mtjm found that it was 0xec061254 on his machine (X60 Tablet), and the register value is different too. + This is relevant, because we still don't know how backlight controls are actually handled. We got it working by accident. We need to know more.. +

    +

    + Intel-gpu-tools may prove useful for further debugging: http://cgit.freedesktop.org/xorg/app/intel-gpu-tools/ +

    +

    + mtjm says 0xe4300000 is an MMIO region of the gpu (lspci -vv shows it), 0x61254 (BLC_PWM_CTL) is a documented register. Searching the kernel driver for backlight + shows that in intel_panel.c this register is used (there is an XXX comment about finding the right value, where recent kernels get it from. +

    +

    + What we want to do is calculate a good value, instead of setting it in devicetree.cb. mtjm says about backlight physics: + it has a light source , uses pulse width modulation (PWM) to turn it on/off, dimming is done by spending less time on. + Note: this may not be correct; he says his understanding is based on how the Lenote yeeloong works. +

    +

    + mtjm goes on to say, that the register specifies the frequency used for PWM in its depending on the GPU core frequency, so it + might be possible to calculate it without hardcoded laptop-specific values. Therefore, I am supposed to find out the 'display core frequency' + (mtjm says there might be a register for it; also, it might be in 5320 or the replay code) and the PWM modulation frequency. + https://en.wikipedia.org/wiki/Backlight#Flicker_due_to_backlight_dimming +

    +

    + phcoder (Vladimir Serbinenko) who is author of 5320 (review.coreboot.org) talks about 'duty cycle limit' and 'flickering frequency'. +

    + +

    Back to top of page

    + +
    + +
    + +

    T60 native graphics initialization (with backlight controls)

    -

    T60 native graphics initialization (with backlight controls)

    +

    + + This is now obsolete. A better way was found (included in libreboot): http://review.coreboot.org/#/c/6731/ + +

    +

    + Also check #5320_kernel312fix (to fix 3D on kernel 3.12/higher) +

    +

    + The fix below was done on an earlier version of 5345 changeset (review.coreboot.org), but should work on the current version. it is included in libreboot 6 +

    +

    + Add backlight controls: in src/mainboard/lenovo/t60/devicetree.cb, change gpu_backlight to 0x58BF58BE +

    +

    + Hold on! Check ../misc/index.html#get_edid_panelname to know what LCD panel you have. This is important for the next step! +

    -

    - - This is now obsolete. A better way was found (included in libreboot): http://review.coreboot.org/#/c/6731/ - -

    -

    - Also check #5320_kernel312fix (to fix 3D on kernel 3.12/higher) -

    -

    - The fix below was done on an earlier version of 5345 changeset (review.coreboot.org), but should work on the current version. it is included in libreboot 6 -

    -

    - Add backlight controls: in src/mainboard/lenovo/t60/devicetree.cb, change gpu_backlight to 0x58BF58BE -

    -

    - Hold on! Check ../misc/index.html#get_edid_panelname to know what LCD panel you have. This is important for the next step! -

    +

    Supported panels

    +

    + ../hcl/index.html#supported_t60_list. +

    -

    Supported panels

    - ../hcl/index.html#supported_t60_list. + See index.html#lcd_i945_incompatibility.

    + +

    Back to top of page

    + +
    -

    - See index.html#lcd_i945_incompatibility. -

    - -

    Back to top of page

    - -
    +
    -

    i945: 3D fix (based on 5927) for kernel 3.12+ on 5320

    +

    i945: 3D fix (based on 5927) for kernel 3.12+ on 5320

    -

    - - This is now obsolete. Merged in coreboot: http://review.coreboot.org/#/c/5927/ - -

    +

    + + This is now obsolete. Merged in coreboot: http://review.coreboot.org/#/c/5927/ + +

    -

    This needs to be rewritten (or better organized, or deleted?). This is also now included in libreboot 6 (using the proper way, not the 7c0000 method which was a hack)

    +

    This needs to be rewritten (or better organized, or deleted?). This is also now included in libreboot 6 (using the proper way, not the 7c0000 method which was a hack)

    -

    - This was done on 5320/6 so far. The fix below is for 5320/6 which is now obsolete. This needs to be re-done for the latest version - of 5320. The fix below is (in practise) only for reference, therefore. -

    +

    + This was done on 5320/6 so far. The fix below is for 5320/6 which is now obsolete. This needs to be re-done for the latest version + of 5320. The fix below is (in practise) only for reference, therefore. +

    -

    - See #x60_cb5927_testing for the original (and current) fix, for the replay code. Now we want - to implement that on top of http://review.coreboot.org/#/c/5320 - which is the current code for native graphics initialization on i945. -

    +

    + See #x60_cb5927_testing for the original (and current) fix, for the replay code. Now we want + to implement that on top of http://review.coreboot.org/#/c/5320 + which is the current code for native graphics initialization on i945. +

    -

    - src/northbridge/intel/i945/gma.c (using the 7c0000 hack) on 5320: 5320_7c0000_gma.c (rename it to gma.c, - replacing the current one). -

    +

    + src/northbridge/intel/i945/gma.c (using the 7c0000 hack) on 5320: 5320_7c0000_gma.c (rename it to gma.c, + replacing the current one). +

    -

    - The above is a hack (as is the original). A better (more correct) method is implemented in later versions of 5927, so - that should also be adapted for 5320. For now, you can use the above fix. -

    +

    + The above is a hack (as is the original). A better (more correct) method is implemented in later versions of 5927, so + that should also be adapted for 5320. For now, you can use the above fix. +

    -

    - The correct way to do it is to set gtt address to (end of stolen memory - gtt size), which is what later versions of 5927 do (successfully). -

    +

    + The correct way to do it is to set gtt address to (end of stolen memory - gtt size), which is what later versions of 5927 do (successfully). +

    -

    - Here is some debugging output using intel_gpu_tools v1.2-1 (from trisquel repositories) using tool "intel_gtt": -

    +

    + Here is some debugging output using intel_gpu_tools v1.2-1 (from trisquel repositories) using tool "intel_gtt": +

    - + + +

    Back to top of page

    + +
    + +
    + +

    i945/X60: Coreboot 5927 testing (3D fix for kernel 3.12+ on replay code)

    -

    Back to top of page

    +

    + + This is now obsolete. Merged in coreboot: http://review.coreboot.org/#/c/5927/ + +

    -
    +

    The latest version as-is (5927/11) has not been tested by me yet. Always boot with 'drm.debug=0x06' kernel parameter when testing this.

    -

    i945/X60: Coreboot 5927 testing (3D fix for kernel 3.12+ on replay code)

    +

    + This is the fix for 3D on kernel 3.12 and higher on i945 (ThinkPad X60 in this case). This is for the replay code. + Libreboot 5th release has a version of this backported already (based on 5927/3 using the '7c0000' hack). +

    -

    - - This is now obsolete. Merged in coreboot: http://review.coreboot.org/#/c/5927/ - -

    +

    + + The replay code is obsolete (see 5320 changeset on review.coreboot.org for better version + which supports more machines/screens, and then 5345 for T60). Information here for reference since that is where the fix was first applied. + +

    -

    The latest version as-is (5927/11) has not been tested by me yet. Always boot with 'drm.debug=0x06' kernel parameter when testing this.

    +

    + Read the information on http://review.coreboot.org/#/c/5927/. +

    -

    - This is the fix for 3D on kernel 3.12 and higher on i945 (ThinkPad X60 in this case). This is for the replay code. - Libreboot 5th release has a version of this backported already (based on 5927/3 using the '7c0000' hack). -

    +

    + For historical purposes, here is a collection of IRC logs that once existed on this page, related to the issue: + kernel312_irc. +

    -

    - - The replay code is obsolete (see 5320 changeset on review.coreboot.org for better version - which supports more machines/screens, and then 5345 for T60). Information here for reference since that is where the fix was first applied. - -

    +

    + PGETBL_CTL differs between VBIOS (-) and native graphics init (+).
    -

    - Read the information on http://review.coreboot.org/#/c/5927/. -

    + - PGETBL_CTL: 0x3ffc0001
    + + PGETBL_CTL: 0x3f800001 +

    +

    GTT (graphics translation table) size is PGETBL_save, max 256 KiB. BSM (Base of Stolen Memory) is given by the bios.

    + + + +

    Back to top of page

    + +
    + +
    +

    - For historical purposes, here is a collection of IRC logs that once existed on this page, related to the issue: - kernel312_irc. + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    - PGETBL_CTL differs between VBIOS (-) and native graphics init (+).
    - - - PGETBL_CTL: 0x3ffc0001
    - + PGETBL_CTL: 0x3f800001 + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -

    GTT (graphics translation table) size is PGETBL_save, max 256 KiB. BSM (Base of Stolen Memory) is given by the bios.

    - - - -

    Back to top of page

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/git/index.html b/docs/git/index.html index 1239ada..cc61384 100644 --- a/docs/git/index.html +++ b/docs/git/index.html @@ -8,645 +8,681 @@ @import url('../css/main.css'); - Developing libreboot + Building libreboot from source -

    Developing libreboot

    -

    - This section relates to building libreboot from source, and - working with the git repository. -

    -

    - Or Back to main index. -

    - - -
    - -

    Install build dependencies

    - -

    - Before doing anything, you need the dependencies first. This is true if - you want to build libreboot from source, with either libreboot_src.tar.xz or git. - If you are using libreboot_bin.tar.xz (binary archive) then you can ignore this, because - ROM images and statically compiled executables for the utilities are included. -

    +
    +

    Building libreboot from source

    +

    + This section relates to building libreboot from source, and + working with the git repository. +

    +

    + Or Back to main index. +

    +
    -

    - For all other GNU/Linux distributions, you may have to adapt these scripts. By all means send patches! -

    - -

    Back to top of page

    - -
    - -

    Get the full source code from metadata (git clone)

    - -

    - If you downloaded libreboot from git, then there are some steps to download and patch - the source code for all relevant dependencies. The archive in the git repository used to be - available as a tarball called 'libreboot_meta.tar.gz'. It contains 'metadata' (scripts) - which define how the source was created (where it came from). -

    - -

    - You can use the scripts included to download everything. -

    - -

    - First, install the build dependencies. -

    - -

    - Since libreboot makes extensive use of git, you need to configure git properly. If you have not yet configured - git, then the minimum requirement is:
    - $ git config --global user.name "Your Name"
    - $ git config --global user.email your@emailaddress.com
    - This is what will also appear in git logs if you ever commit your own changes to a given repository. For - more information, see http://git-scm.com/doc. -

    - -

    - Another nice config for you (optional, but recommended):
    - $ git config --global core.editor nano
    - $ git config --global color.status auto
    - $ git config --global color.branch auto
    - $ git config --global color.interactive auto
    - $ git config --global color.diff auto -

    - -

    - After that, run the get script:
    - $ ./getall -

    - -

    - What this did was download everything (grub, coreboot, memtest86+, bucts, flashrom) - at the versions last tested for this release, and patch them. Read the script - in a text editor to learn more. -

    - -

    - To build the ROM images, see #build. -

    - -

    Back to top of page.

    - -
    - -

    How to build "bucts" (for LenovoBIOS X60/X60S/X60T/T60)

    - -

    - This is for Lenovo BIOS users on the ThinkPad X60/X60S, X60 Tablet and T60. If you have coreboot or libreboot running already, ignore this. -

    - -

    - Bucts is needed when flashing in software the X60/X60S/X60T/T60 ROM while Lenovo BIOS is running; - external flashing will be safe regardless. - Each ROM contains identical data inside the two final 64K region in the file. - This corresponds to the final two 64K regions in the flash chip. Lenovo BIOS will prevent you from writing the - final one, so running "bucts 1" will set the machine to boot from the other block instead (which - is writeable along with everything beneath it when using a patched flashrom. see #build_flashrom). - After shutting down and booting up after the first flash, - the final 64K block is writeable so you flash the ROM again with an unpatched flashrom and run "bucts 0" to - make the machine boot from the normal (highest) block again. -

    - -

    - BUC.TS utility is included in libreboot_src.tar.xz and libreboot_bin.tar.xz.
    - If you downloaded from git, follow #build_meta before you proceed. -

    - -

    - "BUC" means "Backup Control" (it's a register) and "TS" means "Top Swap" - (it's a status bit). Hence "bucts" (BUC.TS). TS 1 and TS 0 corresponds to bucts 1 and bucts 0. -

    - -

    - If you have the binary release archive, you'll find executables under ./bucts/. Otherwise if you need to build from source, continue reading. -

    - -

    - First, install the build dependencies. -

    +
    -

    - To build bucts, do this in the main directory:
    - $ ./builddeps-bucts -

    +

    Install build dependencies

    -

    - The "builddeps" script in libreboot_src also makes use of builddeps-bucts. -

    +

    + Before doing anything, you need the dependencies first. This is true if + you want to build libreboot from source, with either libreboot_src.tar.xz or git. + If you are using libreboot_bin.tar.xz (binary archive) then you can ignore this, because + ROM images and statically compiled executables for the utilities are included. +

    +
      +
    • deps-trisquel script installs dependencies for Trisquel 6 (also tested in Trisquel 7).
    • +
    -

    Back to top of page.

    +

    + For all other GNU/Linux distributions, you may have to adapt these scripts. By all means send patches! +

    -
    +

    Back to top of page

    + +
    -

    How to build "flashrom"

    +
    -

    - Flashrom is the utility for flashing/dumping ROM images. This is what you will use to install libreboot. -

    +

    Get the full source code from metadata (git clone)

    -

    - Flashrom source code is included in libreboot_src.tar.gz and libreboot_bin.tar.gz.
    - If you downloaded from git, follow #build_meta before you proceed. -

    - -

    - If you are using the binary release archive, then there are already binaries included - under ./flashrom/. The flashing scripts will try to choose the correct one for you. Otherwise - if you wish to re-build flashrom from source, continue reading. -

    +

    + If you downloaded libreboot from git, then there are some steps to download and patch + the source code for all relevant dependencies. The archive in the git repository used to be + available as a tarball called 'libreboot_meta.tar.gz'. It contains 'metadata' (scripts) + which define how the source was created (where it came from). +

    -

    - First, install the build dependencies. -

    +

    + You can use the scripts included to download everything. +

    -

    - To build it, do that in the main directory:
    - $ ./builddeps-flashrom -

    +

    + First, install the build dependencies. +

    + +

    + Since libreboot makes extensive use of git, you need to configure git properly. If you have not yet configured + git, then the minimum requirement is:
    + $ git config --global user.name "Your Name"
    + $ git config --global user.email your@emailaddress.com
    + This is what will also appear in git logs if you ever commit your own changes to a given repository. For + more information, see http://git-scm.com/doc. +

    + +

    + Another nice config for you (optional, but recommended):
    + $ git config --global core.editor nano
    + $ git config --global color.status auto
    + $ git config --global color.branch auto
    + $ git config --global color.interactive auto
    + $ git config --global color.diff auto +

    -

    - After you've done that, under ./flashrom/ you will find the following executables: -

    -
      -
    • - flashrom -
        -
      • For flashing while coreboot or libreboot is running.
      • -
      -
    • -
    • - flashrom_lenovobios_sst -
        -
      • This is patched for flashing while Lenovo BIOS is running on an X60 or T60 with the SST25VF016B (SST) flash chip.
      • -
      -
    • -
    • - flashrom_lenovobios_macronix -
        -
      • This is patched for flashing while Lenovo BIOS is running on an X60 or T60 with the MX25L1605D (Macronix) flash chip.
      • -
      -
    • -
    +

    + After that, run the get script:
    + $ ./getall +

    -

    - The "builddeps" script in libreboot_src also makes use of builddeps-flashrom. -

    +

    + What this did was download everything (grub, coreboot, memtest86+, bucts, flashrom) + at the versions last tested for this release, and patch them. Read the script + in a text editor to learn more. +

    -

    Back to top of page.

    +

    + To build the ROM images, see #build. +

    -
    +

    Back to top of page.

    + +
    -

    Configuring libreboot

    +
    -

    - Before building a ROM in libreboot (or coreboot, for that matter), you need to configure it. - This is done using the following inside the source tree:
    - $ cd coreboot/
    - $ make menuconfig -

    +

    How to build "bucts" (for LenovoBIOS X60/X60S/X60T/T60)

    -

    - If you've already built a kernel before, you know how to use this interface. -

    +

    + This is for Lenovo BIOS users on the ThinkPad X60/X60S, X60 Tablet and T60. If you have coreboot or libreboot running already, ignore this. +

    -

    - Configurations are then saved as files called ".config". Copies of each configuration used - for each machine type by the libreboot build scripts are stored in resources/libreboot/config/ -

    +

    + Bucts is needed when flashing in software the X60/X60S/X60T/T60 ROM while Lenovo BIOS is running; + external flashing will be safe regardless. + Each ROM contains identical data inside the two final 64K region in the file. + This corresponds to the final two 64K regions in the flash chip. Lenovo BIOS will prevent you from writing the + final one, so running "bucts 1" will set the machine to boot from the other block instead (which + is writeable along with everything beneath it when using a patched flashrom. see #build_flashrom). + After shutting down and booting up after the first flash, + the final 64K block is writeable so you flash the ROM again with an unpatched flashrom and run "bucts 0" to + make the machine boot from the normal (highest) block again. +

    -

    - dmidecode -

    - There is certain information that can be useful to enter in particular: + BUC.TS utility is included in libreboot_src.tar.xz and libreboot_bin.tar.xz.
    + If you downloaded from git, follow #build_meta before you proceed.

    -
      -
    • Local version string
    • -
    • SMBIOS Serial Number
    • -
    • SMBIOS Manufacturer
    • -
    • SMBIOS Version
    • -
    • SMBIOS Product name
    • -
    +

    - This information can be obtained using:
    - $ sudo dmidecode
    - # dmidecode + "BUC" means "Backup Control" (it's a register) and "TS" means "Top Swap" + (it's a status bit). Hence "bucts" (BUC.TS). TS 1 and TS 0 corresponds to bucts 1 and bucts 0.

    +

    - Specifically, it's good practise to enter the same information for libreboot that you found when running this - with the original BIOS or firmware. libreboot has already done this for you. This information is for reference, - in the hope that it will be useful. + If you have the binary release archive, you'll find executables under ./bucts/. Otherwise if you need to build from source, continue reading.

    -

    - ThinkPad X60, X60S and X60 Tablet configuration (file: resources/libreboot/config/x60/config) -

    -
      -
    • General setup / Expert mode = enable
    • -
    • Mainboard / Mainboard vendor = Lenovo
    • -
    • Mainboard / Mainboard model = ThinkPad X60 / X60s / X60t
    • -
    • Mainboard / ROM chip size = 2048 KB (2 MB)
    • -
    • Chipset / Include CPU microcode in CBFS = Do not include microcode updates
    • -
    • Devices / Use native graphics initialization = enable
    • -
    • - Display / Keep VESA framebuffer = disable (disable for text-mode graphics, enable for coreboot vesa framebuffer) -
        -
      • Libreboot provides this with text-mode enabled by default, but it automatically patches a copy of the config at build time - to enable coreboot framebuffer for a separate set of ROM images, in each machine.
      • -
      -
    • -
    • Generic Drivers / Digitizer = Autodetect
    • -
    • Generic Drivers / USB 2.0 EHCI debug dongle support = Enable
    • -
    • Generic Drivers / Enable early (pre-RAM) usbdebug = Enable
    • -
    • Generic Drivers / Type of dongle = BeagleBone Black
    • -
    • Generic Drivers / Digitizer = Present
    • -
    • Console / Send console output to a CBMEM buffer = enable
    • -
    • Console / USB dongle log output = enable
    • -
    • Payload / Add a payload = An ELF executable payload
    • -
    • Payload / Payload path and filename = grub.elf
    • -

    - Now go back into Devices: + First, install the build dependencies.

    -
      -
    • Devices / Run VGA Option ROMs = disable
    • -
    • Devices / Run Option ROMs on PCI devices = disable
    • -
    +

    - The resulting .config file was saved as resources/libreboot/config/x60/config and is used by the build - scripts for this machine. + To build bucts, do this in the main directory:
    + $ ./builddeps-bucts

    +

    - This configuration is used on all variants: X60, X60S and X60 Tablet. + The "builddeps" script in libreboot_src also makes use of builddeps-bucts.

    -

    - ThinkPad T60 configuration (file: resources/libreboot/config/t60/config) -

    -
      -
    • General setup / Expert mode = enable
    • -
    • General setup / Local version string = 79ETE7WW (2.27 )
    • -
    • Mainboard / Mainboard vendor = Lenovo
    • -
    • Mainboard / Mainboard model = ThinkPad T60 / T60p
    • -
    • Mainboard / ROM chip size = 2048 KB (2 MB)
    • -
    • System tables / SMBIOS Serial Number = L3DKE06
    • -
    • System tables / SMBIOS Version Number = ThinkPad T60
    • -
    • System tables / SMBIOS Manufacturer = LENOVO
    • -
    • System tables / SMBIOS Product name = 1951FEG
    • -
    • Chipset / Include CPU microcode in CBFS = Do not include microcode updates
    • -
    • Devices / Use native graphics initialization = enable
    • -
    • - Display / Keep VESA framebuffer = disable (disable for text-mode graphics, enable for coreboot vesa framebuffer) -
        -
      • Libreboot provides this with text-mode enabled by default, but it automatically patches a copy of the config at build time - to enable coreboot framebuffer for a separate set of ROM images, in each machine.
      • -
      -
    • -
    • Generic Drivers / USB 2.0 EHCI debug dongle support = Enable
    • -
    • Generic Drivers / Enable early (pre-RAM) usbdebug = Enable
    • -
    • Generic Drivers / Type of dongle = BeagleBone Black
    • -
    • Console / Send console output to a CBMEM buffer = enable
    • -
    • Console / USB dongle log output = enable
    • -
    • Payload / Add a payload = An ELF executable payload
    • -
    • Payload / Payload path and filename = grub.elf
    • -
    +

    Back to top of page.

    + +
    + +
    + +

    How to build "flashrom"

    +

    - Go back into Devices: + Flashrom is the utility for flashing/dumping ROM images. This is what you will use to install libreboot.

    -
      -
    • Devices / Run VGA Option ROMs = disable
    • -
    • Devices / Run Option ROMs on PCI devices = disable
    • -
    -

    - The resulting .config file was saved as resources/libreboot/config/t60/config and is used by the build - scripts for this machine. -

    +

    - It is believed that the motherboards on 14.1" and 15.1" T60s are the same, so the same configuration is used - on both the 14.1" and 15.1" T60s. + Flashrom source code is included in libreboot_src.tar.gz and libreboot_bin.tar.gz.
    + If you downloaded from git, follow #build_meta before you proceed.

    -

    - ThinkPad X200 configuration (file: resources/libreboot/config/x200_4mb/config and resources/libreboot/config/x200_8mb/config) -

    - These are saved as two configs, because there are 2 size flash chips: 4MB or 8MB. + If you are using the binary release archive, then there are already binaries included + under ./flashrom/. The flashing scripts will try to choose the correct one for you. Otherwise + if you wish to re-build flashrom from source, continue reading.

    -
      -
    • General / Expert mode = enable
    • -
    • Mainboard / Mainboard vendor = Lenovo
    • -
    • Mainboard / Mainboard model = ThinkPad X200
    • -
    • Mainboard / ROM chip size = 4096 KB (4 MB) or 8192 KB (8 MB) depending on flash chip size
    • -
    • Chipset / Include CPU microcode in CBFS = Do not include microcode updates
    • -
    • Chipset / Size of CBFS filesystem in ROM = byte size 0x7FD000 (for 8MB flash chip) or 3FD000 (for 4MB flash chip)
    • -
    • Devices / Use native graphics initialization = enable
    • -
    • - Display / Keep VESA framebuffer = disable (disable for text-mode graphics, enable for coreboot vesa framebuffer) -
        -
      • Libreboot provides this with text-mode enabled by default, but it automatically patches a copy of the config at build time - to enable coreboot framebuffer for a separate set of ROM images, in each machine.
      • -
      -
    • -
    • Generic Drivers / USB 2.0 EHCI debug dongle support = Enable
    • -
    • Generic Drivers / Enable early (pre-RAM) usbdebug = Enable
    • -
    • Generic Drivers / Type of dongle = BeagleBone Black
    • -
    • Console / Send console output to a CBMEM buffer = enable
    • -
    • Console / USB dongle log output = enable
    • -
    • Payload / Add a payload = An ELF executable payload
    • -
    • Payload / Payload path and filename = grub.elf
    • -
    +

    - Go back and disable option ROMs: + First, install the build dependencies.

    -
      -
    • Devices / Run VGA Option ROMs = disable
    • -
    • Devices / Run Option ROMs on PCI devices = disable
    • -
    +

    - The resulting .config file was saved as resources/libreboot/config/x200_8mb/config and - resources/libreboot/config/x200_4mb/config and is used by the build - scripts for this machine. + To build it, do that in the main directory:
    + $ ./builddeps-flashrom

    -

    - MacBook2,1 configuration (file: resources/libreboot/config/macbook21/config) -

    +

    + After you've done that, under ./flashrom/ you will find the following executables: +

      -
    • General / Expert mode = enable
    • -
    • General / Local version string = "    MB21.88Z.00A5.B07.0706270922" (without the quotes)
    • -
    • Mainboard / Mainboard vendor = Apple
    • -
    • Mainboard / Mainboard model = Macbook2,1 ICH7 TESTING
    • -
    • Mainboard / ROM chip size = 2048 KB (2 MB)
    • -
    • System tables / SMBIOS Serial Number = W8724XXXXXX
    • -
    • System tables / SMBIOS Version Number = 1.0
    • -
    • System tables / SMBIOS Manufacturer = Apple Inc.
    • -
    • System tables / SMBIOS Product Name = MacBook2,1
    • -
    • Chipset / Include CPU microcode in CBFS = Do not include microcode updates
    • -
    • Devices / Use native graphics initialization = enable
    • - Display / Keep VESA framebuffer = disable (disable for text-mode graphics, enable for coreboot vesa framebuffer) + flashrom
        -
      • Libreboot provides this with text-mode enabled by default, but it automatically patches a copy of the config at build time - to enable coreboot framebuffer for a separate set of ROM images, in each machine.
      • +
      • For flashing while coreboot or libreboot is running.
    • -
    • Generic Drivers / USB 2.0 EHCI debug dongle support = Enable
    • -
    • Generic Drivers / Enable early (pre-RAM) usbdebug = Enable
    • -
    • Generic Drivers / Type of dongle = BeagleBone Black
    • -
    • Console / Send console output to a CBMEM buffer = enable
    • -
    • Console / USB dongle log output = enable
    • -
    • Payload / Add a payload = An ELF executable payload
    • -
    • Payload / Payload path and filename = grub.elf
    • -
    -

    - Go back and disable option ROMs: -

    -
      -
    • Devices / Run VGA Option ROMs = disable
    • -
    • Devices / Run Option ROMs on PCI devices = disable
    • -
    -

    - The resulting .config file was saved as resources/libreboot/config/macbook21/config and is used by the build - scripts for this machine. This config is also used for the MacBook1,1. -

    - -

    - QEMU (x86 i440fx/piix4) configuration (file: resources/libreboot/config/qemu_i440fx_piix4/config) -

    -
      -
    • General / Expert mode = enable
    • -
    • Mainboard / Mainboard vendor = Emulation
    • -
    • Mainboard / Mainboard model = QEMU x86 i440fx/piix4 (aka qemu -M pc)
    • -
    • Mainboard / ROM chip size = 8192 KB (8 MB)
    • -
    • Devices / Use native graphics initialization = enable (should already be enabled)
    • - Display / Keep VESA framebuffer = enable (disable for text-mode graphics, enable for coreboot vesa framebuffer) + flashrom_lenovobios_sst
        -
      • Libreboot provides this with framebuffer enabled by default, but it automatically patches a copy of the config at build time - to enable coreboot text-mode for a separate set of ROM images, in each machine.
      • +
      • This is patched for flashing while Lenovo BIOS is running on an X60 or T60 with the SST25VF016B (SST) flash chip.
    • -
    • Console / Send console output to a CBMEM buffer = enable
    • -
    • Payload / Add a payload = An ELF executable payload
    • -
    • Payload / Payload path and filename = grub.elf
    • -
    -

    - Go back and disable option ROMs: -

    -
      -
    • Devices / Run VGA Option ROMs = disable
    • -
    • Devices / Run Option ROMs on PCI devices = disable
    • -
    -

    - The resulting .config file was saved as resources/libreboot/config/qemu_i440fx_piix4/config and is used by the build - scripts for this machine. -

    - -

    - QEMU (x86 q35/ich9) configuration (file: resources/libreboot/config/qemu_q35_ich9/config) -

    -
      -
    • General / Expert mode = enable
    • -
    • Mainboard / Mainboard vendor = Emulation
    • -
    • Mainboard / Mainboard model = QEMU x86 q35/ich9 (aka qemu -M q35)
    • -
    • Mainboard / ROM chip size = 8192 KB (8 MB)
    • -
    • Devices / Use native graphics initialization = enable (should already be enabled)
    • - Display / Keep VESA framebuffer = enable (disable for text-mode graphics, enable for coreboot vesa framebuffer) + flashrom_lenovobios_macronix
        -
      • Libreboot provides this with framebuffer enabled by default, but it automatically patches a copy of the config at build time - to enable coreboot text-mode for a separate set of ROM images, in each machine.
      • +
      • This is patched for flashing while Lenovo BIOS is running on an X60 or T60 with the MX25L1605D (Macronix) flash chip.
    • -
    • Console / Send console output to a CBMEM buffer = enable
    • -
    • Payload / Add a payload = An ELF executable payload
    • -
    • Payload / Payload path and filename = grub.elf
    • -
    -

    - Go back and disable option ROMs: -

    -
      -
    • Devices / Run VGA Option ROMs = disable
    • -
    • Devices / Run Option ROMs on PCI devices = disable
    +

    - The resulting .config file was saved as resources/libreboot/config/qemu_q35_ich9/config and is used by the build - scripts for this machine. + The "builddeps" script in libreboot_src also makes use of builddeps-flashrom.

    -

    Back to top of page.

    - -
    +

    Back to top of page.

    + +
    -

    How to build the ROM images!

    +
    -

    You don't need to do much, as there are scripts already written for you that can build everything automatically.

    +

    Configuring libreboot

    -

    - You can build libreboot from source on a 32-bit (i686) or 64-bit (x86_64) system. Recommended (if possible): x86_64. - On a ThinkPad T60, you can replace the CPU (Core 2 Duo T5600, T7200 or T7600. T5600 recommended) for 64-bit support. - On an X60s, you can replace the board with one that has a Core 2 Duo L7400 (you could also use an X60 Tablet board with the same CPU). - On an X60, you can replace the board with one that has a Core 2 Duo T5600 or T7200 (T5600 is recommended). All MacBook2,1 laptops - are 64-bit, as are all ThinkPad X200, X200S and X200 Tablet laptops. Warning: MacBook1,1 laptops are all 32-bit only. -

    +

    + Before building a ROM in libreboot (or coreboot, for that matter), you need to configure it. + This is done using the following inside the source tree:
    + $ cd coreboot/
    + $ make menuconfig +

    -

    - First, install the build dependencies. -

    -

    - If you downloaded libreboot from git, refer to #build_meta. -

    +

    + If you've already built a kernel before, you know how to use this interface. +

    -

    If running for the first time, run this:
    - $ ./buildall (also performs the "./build" step below)
    - Or if you only want to build dependencies (crossgcc, grub and so on):
    - $ ./builddeps

    +

    + Configurations are then saved as files called ".config". Copies of each configuration used + for each machine type by the libreboot build scripts are stored in resources/libreboot/config/ +

    -

    If you've already run ./builddeps and/or ./buildall before, you don't need to run them again. - Just run that from now on to build the ROM images:
    - $ ./build

    +
    +

    + dmidecode +

    +

    + There is certain information that can be useful to enter in particular: +

    +
      +
    • Local version string
    • +
    • SMBIOS Serial Number
    • +
    • SMBIOS Manufacturer
    • +
    • SMBIOS Version
    • +
    • SMBIOS Product name
    • +
    +

    + This information can be obtained using:
    + $ sudo dmidecode
    + # dmidecode +

    +

    + Specifically, it's good practise to enter the same information for libreboot that you found when running this + with the original BIOS or firmware. libreboot has already done this for you. This information is for reference, + in the hope that it will be useful. +

    +
    + +
    +

    + ThinkPad X60, X60S and X60 Tablet configuration (file: resources/libreboot/config/x60/config) +

    +
      +
    • General setup / Expert mode = enable
    • +
    • Mainboard / Mainboard vendor = Lenovo
    • +
    • Mainboard / Mainboard model = ThinkPad X60 / X60s / X60t
    • +
    • Mainboard / ROM chip size = 2048 KB (2 MB)
    • +
    • Chipset / Include CPU microcode in CBFS = Do not include microcode updates
    • +
    • Devices / Use native graphics initialization = enable
    • +
    • + Display / Keep VESA framebuffer = disable (disable for text-mode graphics, enable for coreboot vesa framebuffer) +
        +
      • Libreboot provides this with text-mode enabled by default, but it automatically patches a copy of the config at build time + to enable coreboot framebuffer for a separate set of ROM images, in each machine.
      • +
      +
    • +
    • Generic Drivers / Digitizer = Autodetect
    • +
    • Generic Drivers / USB 2.0 EHCI debug dongle support = Enable
    • +
    • Generic Drivers / Enable early (pre-RAM) usbdebug = Enable
    • +
    • Generic Drivers / Type of dongle = BeagleBone Black
    • +
    • Generic Drivers / Digitizer = Present
    • +
    • Console / Send console output to a CBMEM buffer = enable
    • +
    • Console / USB dongle log output = enable
    • +
    • Payload / Add a payload = An ELF executable payload
    • +
    • Payload / Payload path and filename = grub.elf
    • +
    +

    + Now go back into Devices: +

    +
      +
    • Devices / Run VGA Option ROMs = disable
    • +
    • Devices / Run Option ROMs on PCI devices = disable
    • +
    +

    + The resulting .config file was saved as resources/libreboot/config/x60/config and is used by the build + scripts for this machine. +

    +

    + This configuration is used on all variants: X60, X60S and X60 Tablet. +

    +
    + +
    +

    + ThinkPad T60 configuration (file: resources/libreboot/config/t60/config) +

    +
      +
    • General setup / Expert mode = enable
    • +
    • General setup / Local version string = 79ETE7WW (2.27 )
    • +
    • Mainboard / Mainboard vendor = Lenovo
    • +
    • Mainboard / Mainboard model = ThinkPad T60 / T60p
    • +
    • Mainboard / ROM chip size = 2048 KB (2 MB)
    • +
    • System tables / SMBIOS Serial Number = L3DKE06
    • +
    • System tables / SMBIOS Version Number = ThinkPad T60
    • +
    • System tables / SMBIOS Manufacturer = LENOVO
    • +
    • System tables / SMBIOS Product name = 1951FEG
    • +
    • Chipset / Include CPU microcode in CBFS = Do not include microcode updates
    • +
    • Devices / Use native graphics initialization = enable
    • +
    • + Display / Keep VESA framebuffer = disable (disable for text-mode graphics, enable for coreboot vesa framebuffer) +
        +
      • Libreboot provides this with text-mode enabled by default, but it automatically patches a copy of the config at build time + to enable coreboot framebuffer for a separate set of ROM images, in each machine.
      • +
      +
    • +
    • Generic Drivers / USB 2.0 EHCI debug dongle support = Enable
    • +
    • Generic Drivers / Enable early (pre-RAM) usbdebug = Enable
    • +
    • Generic Drivers / Type of dongle = BeagleBone Black
    • +
    • Console / Send console output to a CBMEM buffer = enable
    • +
    • Console / USB dongle log output = enable
    • +
    • Payload / Add a payload = An ELF executable payload
    • +
    • Payload / Payload path and filename = grub.elf
    • +
    +

    + Go back into Devices: +

    +
      +
    • Devices / Run VGA Option ROMs = disable
    • +
    • Devices / Run Option ROMs on PCI devices = disable
    • +
    +

    + The resulting .config file was saved as resources/libreboot/config/t60/config and is used by the build + scripts for this machine. +

    +

    + It is believed that the motherboards on 14.1" and 15.1" T60s are the same, so the same configuration is used + on both the 14.1" and 15.1" T60s. +

    +
    + +
    +

    + ThinkPad X200 configuration (file: resources/libreboot/config/x200_4mb/config and resources/libreboot/config/x200_8mb/config) +

    +

    + These are saved as two configs, because there are 2 size flash chips: 4MB or 8MB. +

    +
      +
    • General / Expert mode = enable
    • +
    • Mainboard / Mainboard vendor = Lenovo
    • +
    • Mainboard / Mainboard model = ThinkPad X200
    • +
    • Mainboard / ROM chip size = 4096 KB (4 MB) or 8192 KB (8 MB) depending on flash chip size
    • +
    • Chipset / Include CPU microcode in CBFS = Do not include microcode updates
    • +
    • Chipset / Size of CBFS filesystem in ROM = byte size 0x7FD000 (for 8MB flash chip) or 3FD000 (for 4MB flash chip)
    • +
    • Devices / Use native graphics initialization = enable
    • +
    • + Display / Keep VESA framebuffer = disable (disable for text-mode graphics, enable for coreboot vesa framebuffer) +
        +
      • Libreboot provides this with text-mode enabled by default, but it automatically patches a copy of the config at build time + to enable coreboot framebuffer for a separate set of ROM images, in each machine.
      • +
      +
    • +
    • Generic Drivers / USB 2.0 EHCI debug dongle support = Enable
    • +
    • Generic Drivers / Enable early (pre-RAM) usbdebug = Enable
    • +
    • Generic Drivers / Type of dongle = BeagleBone Black
    • +
    • Console / Send console output to a CBMEM buffer = enable
    • +
    • Console / USB dongle log output = enable
    • +
    • Payload / Add a payload = An ELF executable payload
    • +
    • Payload / Payload path and filename = grub.elf
    • +
    +

    + Go back and disable option ROMs: +

    +
      +
    • Devices / Run VGA Option ROMs = disable
    • +
    • Devices / Run Option ROMs on PCI devices = disable
    • +
    +

    + The resulting .config file was saved as resources/libreboot/config/x200_8mb/config and + resources/libreboot/config/x200_4mb/config and is used by the build + scripts for this machine. +

    +
    + +
    +

    + MacBook2,1 configuration (file: resources/libreboot/config/macbook21/config) +

    +
      +
    • General / Expert mode = enable
    • +
    • General / Local version string = "    MB21.88Z.00A5.B07.0706270922" (without the quotes)
    • +
    • Mainboard / Mainboard vendor = Apple
    • +
    • Mainboard / Mainboard model = Macbook2,1 ICH7 TESTING
    • +
    • Mainboard / ROM chip size = 2048 KB (2 MB)
    • +
    • System tables / SMBIOS Serial Number = W8724XXXXXX
    • +
    • System tables / SMBIOS Version Number = 1.0
    • +
    • System tables / SMBIOS Manufacturer = Apple Inc.
    • +
    • System tables / SMBIOS Product Name = MacBook2,1
    • +
    • Chipset / Include CPU microcode in CBFS = Do not include microcode updates
    • +
    • Devices / Use native graphics initialization = enable
    • +
    • + Display / Keep VESA framebuffer = disable (disable for text-mode graphics, enable for coreboot vesa framebuffer) +
        +
      • Libreboot provides this with text-mode enabled by default, but it automatically patches a copy of the config at build time + to enable coreboot framebuffer for a separate set of ROM images, in each machine.
      • +
      +
    • +
    • Generic Drivers / USB 2.0 EHCI debug dongle support = Enable
    • +
    • Generic Drivers / Enable early (pre-RAM) usbdebug = Enable
    • +
    • Generic Drivers / Type of dongle = BeagleBone Black
    • +
    • Console / Send console output to a CBMEM buffer = enable
    • +
    • Console / USB dongle log output = enable
    • +
    • Payload / Add a payload = An ELF executable payload
    • +
    • Payload / Payload path and filename = grub.elf
    • +
    +

    + Go back and disable option ROMs: +

    +
      +
    • Devices / Run VGA Option ROMs = disable
    • +
    • Devices / Run Option ROMs on PCI devices = disable
    • +
    +

    + The resulting .config file was saved as resources/libreboot/config/macbook21/config and is used by the build + scripts for this machine. This config is also used for the MacBook1,1. +

    +
    + +
    +

    + QEMU (x86 i440fx/piix4) configuration (file: resources/libreboot/config/qemu_i440fx_piix4/config) +

    +
      +
    • General / Expert mode = enable
    • +
    • Mainboard / Mainboard vendor = Emulation
    • +
    • Mainboard / Mainboard model = QEMU x86 i440fx/piix4 (aka qemu -M pc)
    • +
    • Mainboard / ROM chip size = 8192 KB (8 MB)
    • +
    • Devices / Use native graphics initialization = enable (should already be enabled)
    • +
    • + Display / Keep VESA framebuffer = enable (disable for text-mode graphics, enable for coreboot vesa framebuffer) +
        +
      • Libreboot provides this with framebuffer enabled by default, but it automatically patches a copy of the config at build time + to enable coreboot text-mode for a separate set of ROM images, in each machine.
      • +
      +
    • +
    • Console / Send console output to a CBMEM buffer = enable
    • +
    • Payload / Add a payload = An ELF executable payload
    • +
    • Payload / Payload path and filename = grub.elf
    • +
    +

    + Go back and disable option ROMs: +

    +
      +
    • Devices / Run VGA Option ROMs = disable
    • +
    • Devices / Run Option ROMs on PCI devices = disable
    • +
    +

    + The resulting .config file was saved as resources/libreboot/config/qemu_i440fx_piix4/config and is used by the build + scripts for this machine. +

    +
    + +
    +

    + QEMU (x86 q35/ich9) configuration (file: resources/libreboot/config/qemu_q35_ich9/config) +

    +
      +
    • General / Expert mode = enable
    • +
    • Mainboard / Mainboard vendor = Emulation
    • +
    • Mainboard / Mainboard model = QEMU x86 q35/ich9 (aka qemu -M q35)
    • +
    • Mainboard / ROM chip size = 8192 KB (8 MB)
    • +
    • Devices / Use native graphics initialization = enable (should already be enabled)
    • +
    • + Display / Keep VESA framebuffer = enable (disable for text-mode graphics, enable for coreboot vesa framebuffer) +
        +
      • Libreboot provides this with framebuffer enabled by default, but it automatically patches a copy of the config at build time + to enable coreboot text-mode for a separate set of ROM images, in each machine.
      • +
      +
    • +
    • Console / Send console output to a CBMEM buffer = enable
    • +
    • Payload / Add a payload = An ELF executable payload
    • +
    • Payload / Payload path and filename = grub.elf
    • +
    +

    + Go back and disable option ROMs: +

    +
      +
    • Devices / Run VGA Option ROMs = disable
    • +
    • Devices / Run Option ROMs on PCI devices = disable
    • +
    +

    + The resulting .config file was saved as resources/libreboot/config/qemu_q35_ich9/config and is used by the build + scripts for this machine. +

    +
    -

    To un-build (clean) the build dependencies that you built before, do the following:
    - This also deletes the ROM images under ./bin/:
    - $ ./cleandeps

    +

    Back to top of page.

    + +
    -

    Note: after running 'cleandeps', you will need to run 'builddeps' or 'buildall' again before you can use 'build'.

    +
    -

    After 'build' or 'buildall' has finished, you'll find the ROM images for each machine under ./bin/

    +

    How to build the ROM images!

    -

    Preparing release archives (optional)

    +

    You don't need to do much, as there are scripts already written for you that can build everything automatically.

    - Run that script:
    - $ ./build-release + You can build libreboot from source on a 32-bit (i686) or 64-bit (x86_64) system. Recommended (if possible): x86_64. + On a ThinkPad T60, you can replace the CPU (Core 2 Duo T5600, T7200 or T7600. T5600 recommended) for 64-bit support. + On an X60s, you can replace the board with one that has a Core 2 Duo L7400 (you could also use an X60 Tablet board with the same CPU). + On an X60, you can replace the board with one that has a Core 2 Duo T5600 or T7200 (T5600 is recommended). All MacBook2,1 laptops + are 64-bit, as are all ThinkPad X200, X200S and X200 Tablet laptops. Warning: MacBook1,1 laptops are all 32-bit only.

    - If you are building on an i686 host, this will include statically linked 32-bit binaries in the binary release archive that you created, - for: nvramtool, cbfstool, bucts, flashrom, ich9deblob, cbmem. + First, install the build dependencies.

    -

    - If you are building on an x86_64 host, this will include statically linked 32- and 64-bit binaries for cbmem, ich9deblob, cbfstool and nvramtool, while flashrom - and bucts will be included only as 64-bit statically linked binaries. To include a statically linked flashrom and bucts for i686, you - will need to build them on a chroot, a virtual machine or a real 32-bit system. You can find the build dependencies for these packages listed in deps-* + If you downloaded libreboot from git, refer to #build_meta.

    + +

    If running for the first time, run this:
    + $ ./buildall (also performs the "./build" step below)
    + Or if you only want to build dependencies (crossgcc, grub and so on):
    + $ ./builddeps

    + +

    If you've already run ./builddeps and/or ./buildall before, you don't need to run them again. + Just run that from now on to build the ROM images:
    + $ ./build

    + +

    To un-build (clean) the build dependencies that you built before, do the following:
    + This also deletes the ROM images under ./bin/:
    + $ ./cleandeps

    + +

    Note: after running 'cleandeps', you will need to run 'builddeps' or 'buildall' again before you can use 'build'.

    + +

    After 'build' or 'buildall' has finished, you'll find the ROM images for each machine under ./bin/

    + +
    + +

    Preparing release archives (optional)

    + +

    + Run that script:
    + $ ./build-release +

    + +

    + If you are building on an i686 host, this will include statically linked 32-bit binaries in the binary release archive that you created, + for: nvramtool, cbfstool, bucts, flashrom, ich9deblob, cbmem. +

    + +

    + If you are building on an x86_64 host, this will include statically linked 32- and 64-bit binaries for cbmem, ich9deblob, cbfstool and nvramtool, while flashrom + and bucts will be included only as 64-bit statically linked binaries. To include a statically linked flashrom and bucts for i686, you + will need to build them on a chroot, a virtual machine or a real 32-bit system. You can find the build dependencies for these packages listed in deps-* +

    + +

    + armv7l binaries (tested on a BeagleBone Black) are also included in libreboot_bin, for: +

    +
      +
    • cbfstool
    • +
    • ich9gen
    • +
    • ich9deblob
    • +
    • flashrom
    • +
    + +

    + If you are building 32-bit binaries on a live system or chroot (for flashrom/bucts), you can use the following to statically link them:
    + $ ./builddeps-flashrom static
    + $ ./builddeps-bucts static +

    + +

    + The same as above applies for ARM (except, building bucts on ARM is pointless, and for flashrom + you only need the normal executable since the lenovobios_sst and _macronix executables are meant + to run on an X60/T60 while lenovo bios is present, working around the security restrictions). +

    + +

    + The script mkextbuild will generate a small source tarball called tobuild.tar.xz that + contains everything you need (including source) with which to build flashrom/bucts on these hosts. + The build-release script will have already executed this script for you, so the archive should + already exist. +

    + +

    + You'll find that the files libreboot_bin.tar.xz and libreboot_src.tar.xz have been created. +

    +
    + +

    Back to top of page

    + +
    + +
    + +

    How to add SeaBIOS to the ROM images

    +

    - armv7l binaries (tested on a BeagleBone Black) are also included in libreboot_bin, for: + SeaBIOS isn't really needed since libreboot uses the GRUB payload which + is much better (for several reasons), so it is no longer included in the ROM + images by default. Instead, you can add it afterwards.

    -
      -
    • cbfstool
    • -
    • ich9gen
    • -
    • ich9deblob
    • -
    • flashrom
    • -

    - If you are building 32-bit binaries on a live system or chroot (for flashrom/bucts), you can use the following to statically link them:
    - $ ./builddeps-flashrom static
    - $ ./builddeps-bucts static + In the supplied binary archives, or in your own (if you did 'build-release') you can add SeaBIOS + to the ROM images, along with SeaVGABIOS which is a free/libre Video BIOS implementation that wraps + around the 'native graphics initializitation' code in coreboot, for boards that have support for it.

    - +

    - The same as above applies for ARM (except, building bucts on ARM is pointless, and for flashrom - you only need the normal executable since the lenovobios_sst and _macronix executables are meant - to run on an X60/T60 while lenovo bios is present, working around the security restrictions). + First, install the build dependencies.

    - +

    - The script mkextbuild will generate a small source tarball called tobuild.tar.xz that - contains everything you need (including source) with which to build flashrom/bucts on these hosts. - The build-release script will have already executed this script for you, so the archive should - already exist. + Binaries for cbfstool are provided (built from libreboot_src) statically linked under cbfstool/ and the addseabios + script (see below) will try to automatically select the right one to use.

    - You'll find that the files libreboot_bin.tar.xz and libreboot_src.tar.xz have been created. + Now:
    + $ ./addseabios

    -

    Back to top of page

    - -
    - -

    How to add SeaBIOS to the ROM images

    - -

    - SeaBIOS isn't really needed since libreboot uses the GRUB payload which - is much better (for several reasons), so it is no longer included in the ROM - images by default. Instead, you can add it afterwards. -

    - -

    - In the supplied binary archives, or in your own (if you did 'build-release') you can add SeaBIOS - to the ROM images, along with SeaVGABIOS which is a free/libre Video BIOS implementation that wraps - around the 'native graphics initializitation' code in coreboot, for boards that have support for it. -

    +

    + SeaBIOS and SeaVGABIOS (which the build scripts created, and the build-release script put - compiled - + inside the binary archive) have now been added to all of the ROM images under ./bin/. A GRUB menuentry will show + up when you boot your machine, allowing you to use SeaBIOS. +

    -

    - First, install the build dependencies. -

    +

    Back to top of page

    + +
    -

    - Binaries for cbfstool are provided (built from libreboot_src) statically linked under cbfstool/ and the addseabios - script (see below) will try to automatically select the right one to use. -

    +

    - Now:
    - $ ./addseabios + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    - SeaBIOS and SeaVGABIOS (which the build scripts created, and the build-release script put - compiled - - inside the binary archive) have now been added to all of the ROM images under ./bin/. A GRUB menuentry will show - up when you boot your machine, allowing you to use SeaBIOS. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -

    Back to top of page

    - -
    - -

    - Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/gnulinux/configuring_parabola.html b/docs/gnulinux/configuring_parabola.html index 0c8e92a..7f69cf7 100644 --- a/docs/gnulinux/configuring_parabola.html +++ b/docs/gnulinux/configuring_parabola.html @@ -12,143 +12,169 @@ -
    +

    Configuring Parabola (post-install)

    - -
    - -
    - -

    Table of Contents

    - - -
    - -

    - While not strictly related to the libreboot project, this guide - is intended to be useful for those interested in installing - Parabola on their libreboot machine. -

    - -

    - It details configuration steps that I took after installing the base system, - as a follow up to encrypted_parabola.html. - This guide is likely to become obsolete at a later date (due to the volatile - 'rolling-release' model that Arch/Parabola both use), but attempts will be made to maintain it. -

    - -

    - - This guide was valid on 2014-09-21. If you see any changes that should to be made at the present date, please get in touch - with the libreboot project! - -

    - -

    - You do not necessarily have to follow this guide word-for-word; parabola is extremely flexible. - The aim here is to provide a common setup that most users will be happy with. While Parabola - can seem daunting at first glance (especially for new GNU/Linux users), with a simple guide it can provide - all the same usability as Trisquel, without hiding any details from the user. -

    - -

    - Paradoxically, as you get more advanced Parabola can actually become easier to use - when you want to set up your machine in a special way compared to what most distributions provide. - You will find over time that other distributions tend to get in your way. -

    - -

    - - This guide assumes that you already have Parabola installed. If you have not yet installed Parabola, - then this guide is highly recommended! - -

    - -

    - A lot of the steps in this guide will refer to the Arch wiki. Arch is the upstream distribution that Parabola uses. - Most of this guide will also tell you to read wiki articles, other pages, manuals, and so on. In general it tries - to cherry pick the most useful information but nonetheless you are encouraged to learn as much as possible. - It might take you a few days to fully install your system how you like, depending on how much you need to read. Patience is key, - especially for new users. -

    - -

    - The Arch wiki will sometimes use bad language, such as calling the whole system Linux, using the term open-source (or closed-source), - and it will sometimes recommend the use of proprietary software. You need to be careful about this when reading anything on the - Arch wiki. -

    - -

    - Some of these steps require internet access. I'll go into networking later but for now, I just connected - my machine to a switch and did:
    - # systemctl start dhcpcd.service
    - You can stop it later by running:
    - # systemctl stop dhcpcd.service
    - For most people this should be enough, but if you don't have DHCP on your network then you should setup your network connection first:
    - Setup network connection in Parabola -

    - -
    - -

    Configure pacman

    +

    + Post-installation configuration steps for Parabola GNU/Linux-libre. Parabola is extremely flexible; this is just an example. +

    +

    + Back to previous index +

    + + + + +
    + +

    + While not strictly related to the libreboot project, this guide + is intended to be useful for those interested in installing + Parabola on their libreboot machine. +

    + +

    + It details configuration steps that I took after installing the base system, + as a follow up to encrypted_parabola.html. + This guide is likely to become obsolete at a later date (due to the volatile + 'rolling-release' model that Arch/Parabola both use), but attempts will be made to maintain it. +

    + +

    + + This guide was valid on 2014-09-21. If you see any changes that should to be made at the present date, please get in touch + with the libreboot project! + +

    + +
    + +
    + +

    + You do not necessarily have to follow this guide word-for-word; parabola is extremely flexible. + The aim here is to provide a common setup that most users will be happy with. While Parabola + can seem daunting at first glance (especially for new GNU/Linux users), with a simple guide it can provide + all the same usability as Trisquel, without hiding any details from the user. +

    + +

    + Paradoxically, as you get more advanced Parabola can actually become easier to use + when you want to set up your machine in a special way compared to what most distributions provide. + You will find over time that other distributions tend to get in your way. +

    + +
    + +
    + +

    + + This guide assumes that you already have Parabola installed. If you have not yet installed Parabola, + then this guide is highly recommended! + +

    +

    - pacman (package manager) is the name of the package management system in Arch, which Parabola - (as a deblobbed parallel effort) also uses. Like with 'apt-get' on debian-based systems like Trisquel, - this can be used to add/remove and update the software on your computer. + A lot of the steps in this guide will refer to the Arch wiki. Arch is the upstream distribution that Parabola uses. + Most of this guide will also tell you to read wiki articles, other pages, manuals, and so on. In general it tries + to cherry pick the most useful information but nonetheless you are encouraged to learn as much as possible. + It might take you a few days to fully install your system how you like, depending on how much you need to read. Patience is key, + especially for new users.

    +

    - Based on https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman - and from reading https://wiki.archlinux.org/index.php/Pacman (make sure to read and understand this, - it's very important) and - https://wiki.parabolagnulinux.org/Official_Repositories + The Arch wiki will sometimes use bad language, such as calling the whole system Linux, using the term open-source (or closed-source), + and it will sometimes recommend the use of proprietary software. You need to be careful about this when reading anything on the + Arch wiki.

    + +
    + +
    +

    - Back to top of page. + Some of these steps require internet access. I'll go into networking later but for now, I just connected + my machine to a switch and did:
    + # systemctl start dhcpcd.service
    + You can stop it later by running:
    + # systemctl stop dhcpcd.service
    + For most people this should be enough, but if you don't have DHCP on your network then you should setup your network connection first:
    + Setup network connection in Parabola

    -

    Updating Parabola

    + +
    + +
    + +

    Configure pacman

    +

    + pacman (package manager) is the name of the package management system in Arch, which Parabola + (as a deblobbed parallel effort) also uses. Like with 'apt-get' on debian-based systems like Trisquel, + this can be used to add/remove and update the software on your computer. +

    +

    + Based on https://wiki.parabolagnulinux.org/Installation_Guide#Configure_pacman + and from reading https://wiki.archlinux.org/index.php/Pacman (make sure to read and understand this, + it's very important) and + https://wiki.parabolagnulinux.org/Official_Repositories +

    +

    + Back to top of page. +

    + +
    + +
    + +

    Updating Parabola

    In the end, I didn't change my configuration for pacman. When you are updating, resync with the latest package names/versions:
    # pacman -Syy
    @@ -191,7 +217,12 @@

    Back to top of page.

    -

    Maintaining Parabola

    + +
    + +
    + +

    Maintaining Parabola

    Parabola is a very simple distro, in the sense that you are in full control and everything is made transparent to you. One consequence is @@ -202,7 +233,7 @@

    Back to top of page.

    -

    Cleaning the package cache

    +

    Cleaning the package cache

    The following is very important as you continue to use, update and maintain your Parabola system:
    @@ -229,7 +260,7 @@

    Back to top of page.

    -

    pacman command equivalents

    +

    pacman command equivalents

    The following table lists other distro package manager commands, and their equivalent in pacman:
    https://wiki.archlinux.org/index.php/Pacman_Rosetta @@ -237,8 +268,12 @@

    Back to top of page.

    + +
    -

    your-freedom

    +
    + +

    your-freedom

    your-freedom is a package specific to Parabola, and it is installed by default. What it does is conflict with packages from Arch that are known to be non-free (proprietary) software. When migrating from Arch (there is a guide on the Parabola @@ -249,526 +284,565 @@

    Back to top of page.

    + +
    -
    +
    -

    Add a user

    -

    - Based on https://wiki.archlinux.org/index.php/Users_and_Groups. -

    -

    - It is important (for security reasons) to create and use a non-root (non-admin) user account for everyday use. The default 'root' account is intended - only for critical administrative work, since it has complete access to the entire operating system. -

    -

    - Read the entire document linked to above, and then continue. -

    -

    - Add your user:
    - # useradd -m -G wheel -s /bin/bash yourusername
    - Set a password:
    - # passwd yourusername -

    - -

    Back to top of page

    - -
    - -

    systemd

    -

    - This is the name of the system used for managing services in Parabola. It is a good idea to become familiar with it. - Read https://wiki.archlinux.org/index.php/systemd - and https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage - to gain a full understanding. This is very important! Make sure to read them. -

    -

    - An example of a 'service' could be a webserver (such as lighttpd), or sshd (openssh), dhcp, etc. There are countless others. -

    -

    - https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530 explains - the background behind the decision by Arch (Parabola's upstream supplier) to use systemd. -

    - -

    - The manpage should also help:
    - # man systemd
    - The section on 'unit types' is especially useful. -

    - -

    - According to the wiki, systemd 'journal' keeps logs of a size up to 10% of the total size your / partition takes up. - on a 60GB root this would mean 6GB. That's not exactly practical, and can have performance implications later when the - log gets too big. Based on instructions from the wiki, I will reduce the total size of the journal to 50MiB (the wiki - recommends 50MiB). -

    -

    - Open /etc/systemd/journald.conf and find the line that says:
    - #SystemMaxUse=
    - Change it to say:
    - SystemMaxUse=50M -

    -

    - The wiki also recommended a method for forwarding journal output to TTY 12 (accessible by pressing ctrl+alt+f12, - and you use ctrl+alt+[F1-F12] to switch between terminals). I decided not to enable it. -

    -

    - Restart journald:
    - # systemctl restart systemd-journald -

    - -

    - The wiki recommends that if the journal gets too large, you can also simply delete (rm -rf) everything inside /var/log/journald/* - but recommends backing it up. This shouldn't be necessary, since you already set the size limit above and systemd will automatically - start to delete older records when the journal size reaches it's limit (according to systemd developers). -

    - -

    - Finally, the wiki mentions 'temporary' files and the utility for managing them.
    - # man systemd-tmpfiles
    - The command for 'clean' is:
    - # systemd-tmpfiles --clean
    - According to the manpage, this "cleans all files and directories with an age parameter". - According to the Arch wiki, this reads information in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/ - to know what actions to perform. Therefore, it is a good idea to read what's stored in these locations - to get a better understanding. -

    -

    - I looked in /etc/tmpfiles.d/ and found that it was empty on my system. However, /usr/lib/tmpfiles.d/ contained some files. - The first one was etc.conf, containing information and a reference to this manpage:
    - # man tmpfiles.d
    - Read that manpage, and then continue studying all the files. -

    -

    - The systemd developers tell me that it isn't usually necessary to touch the systemd-tmpfiles utility manually at all. -

    - -

    Back to top of page

    - -
    - -

    Interesting repositories

    -

    - Parabola wiki at https://wiki.parabolagnulinux.org/Repositories#kernels - mentions about a repository called [kernels] for custom kernels that aren't in the default base. It might be worth looking into what is available - there, depending on your use case. -

    -

    - I enabled it on my system, to see what was in it. Edit /etc/pacman.conf and below the 'extra' section add:
    - - [kernels]
    - Include = /etc/pacman.d/mirrorlist -
    -

    -

    - Now sync with the repository:
    - # pacman -Syy -

    -

    - List all available packages in this repository:
    - # pacman -Sl kernels -

    -

    - In the end, I decided not to install anything from it but I kept the repository enabled regardless. -

    -

    Back to top of page.

    - -
    - -

    Setup a network connection in Parabola

    -

    - Read https://wiki.archlinux.org/index.php/Configuring_Network. -

    -

    - Back to top of page. -

    -

    Set the hostname

    -

    - This should be the same as the hostname that you set in /etc/hostname when installing Parabola. You can also do it with systemd (do so now, if you like):
    - # hostnamectl set-hostname yourhostname
    - This writes the specified hostname to /etc/hostname. More information can be found in these manpages:
    - # man hostname
    - # info hostname
    - # man hostnamectl -

    -

    - Add the same hostname to /etc/hosts, on each line. Example:
    - - 127.0.0.1 localhost.localdomain localhost myhostname
    - ::1 localhost.localdomain localhost myhostname -
    -

    -

    - You'll note that I set both lines; the 2nd line is for IPv6. More and more ISPs are providing this now (mine does) - so it's good to be forward-thinking here. -

    -

    - The hostname utility is part of the inetutils package and is in core/, installed by default (as part of base). -

    -

    - Back to top of page. -

    -

    Network Status

    -

    - According to the Arch wiki, udev should already detect the ethernet chipset - and load the driver for it automatically at boot time. You can check this in the "Ethernet controller" section - when running this command:
    - # lspci -v -

    -

    - Look at the remaining sections 'Kernel driver in use' and 'Kernel modules'. In my case it was as follows:
    - - Kernel driver in use: e1000e
    - Kernel modules: e1000e -
    -

    -

    - Check that the driver was loaded by issuing dmesg | grep module_name. In my case, I did:
    - # dmesg | grep e1000e -

    -

    Network device names

    +

    Add a user

    - According to https://wiki.archlinux.org/index.php/Configuring_Network#Device_names, - it is important to note that the old interface names like eth0, wlan0, wwan0 and so on no longer apply. Instead, systemd - creates device names starting with en (for enternet), wl (for wifi) and ww (for wwan) with a fixed identifier that systemd automatically generates. - An example device name for your ethernet chipset would be enp0s25, where it is never supposed to change. + Based on https://wiki.archlinux.org/index.php/Users_and_Groups.

    - If you want to enable the old names (eth0, wlan0, wwan0, etc), the Arch wiki recommends - adding net.ifnames=0 to your kernel parameters (in libreboot context, this would be accomplished by following the - instructions in grub_cbfs.html). + It is important (for security reasons) to create and use a non-root (non-admin) user account for everyday use. The default 'root' account is intended + only for critical administrative work, since it has complete access to the entire operating system.

    - For background information, - read Predictable Network Interface Names + Read the entire document linked to above, and then continue.

    - Show device names:
    - # ls /sys/class/net -

    -

    - Changing the device names is possible (I chose not to do it):
    - https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name -

    -

    - Back to top of page. -

    -

    Network setup

    -

    - I actually chose to ignore most of Networking section on the wiki. Instead, I plan to set up LXDE desktop with the graphical - network-manager client. Here is a list of network managers:
    - https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers. - If you need to, set a static IP address (temporarily) using the networking guide and the Arch wiki, or start the dhcpcd service in systemd. - NetworkManager will be setup later, after installing LXDE. -

    -

    - Back to top of page. + Add your user:
    + # useradd -m -G wheel -s /bin/bash yourusername
    + Set a password:
    + # passwd yourusername

    -
    +

    Back to top of page

    + +
    -

    System Maintenance

    -

    - Read https://wiki.archlinux.org/index.php/System_maintenance before continuing. - Also read https://wiki.archlinux.org/index.php/Enhance_system_stability. - This is important, so make sure to read them! -

    -

    - Install smartmontools (it can be used to check smart data. HDDs use non-free firmware inside, but it's transparent to you - but the smart data comes from it. Therefore, don't rely on it too much):
    - # pacman -S smartmontools
    - Read https://wiki.archlinux.org/index.php/S.M.A.R.T. to learn how to use it. -

    -

    - Back to top of page. -

    - -
    - -

    Configuring the desktop

    -

    - Based on steps from - General Recommendations on the Arch wiki. - The plan is to use LXDE and LXDM/LightDM, along with everything else that you would expect on other distributions that provide LXDE - by default. -

    -

    - Back to top of page. -

    +
    -

    Installing Xorg

    -

    - Based on https://wiki.archlinux.org/index.php/Xorg. -

    -

    - Firstly, install it!
    - # pacman -S xorg-server
    - I also recommend installing this (contains lots of useful tools, including xrandr):
    - # pacman -S xorg-server-utils -

    -

    - Install the driver. For me this was xf86-video-intel on the ThinkPad X60. T60 and macbook11/21 should be the same.
    - # pacman -S xf86-video-intel
    - For other systems you can try:
    - # pacman -Ss xf86-video- | less
    - Combined with looking at your lspci output, you can determine which driver is needed. - By default, Xorg will revert to xf86-video-vesa which is a generic driver and doesn't provide true hardware acceleration. -

    -

    - Other drivers (not just video) can be found by looking at the xorg-drivers group:
    - # pacman -Sg xorg-drivers
    -

    +

    systemd

    - Mostly you will rely on a display manager, but in case you ever want to start X without one:
    - # pacman -S xorg-xinit + This is the name of the system used for managing services in Parabola. It is a good idea to become familiar with it. + Read https://wiki.archlinux.org/index.php/systemd + and https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage + to gain a full understanding. This is very important! Make sure to read them.

    - <optional>
    -    Arch wiki recommends installing these, for testing that X works:
    -    # pacman -S xorg-twm xorg-xclock xterm
    -    Refer to https://wiki.archlinux.org/index.php/Xinitrc. - and test X:
    -    # startx
    -    When you are satisfied, type exit in xterm, inside the X session.
    -    Uninstall them (clutter. eww): # pacman -S xorg-xinit xorg-twm xorg-xclock xterm
    - </optional> + An example of a 'service' could be a webserver (such as lighttpd), or sshd (openssh), dhcp, etc. There are countless others.

    - Back to top of page. + https://bbs.archlinux.org/viewtopic.php?pid=1149530#p1149530 explains + the background behind the decision by Arch (Parabola's upstream supplier) to use systemd.

    -

    Xorg keyboard layout

    -

    - Refer to https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg. -

    -

    - Xorg uses a different configuration method for keyboard layouts, so you will notice that the layout you - set in /etc/vconsole.conf earlier might not actually be the same in X. -

    -

    - To see what layout you currently use, try this on a terminal emulator in X:
    - # setxkbmap -print -verbose 10 -

    -

    - In my case, I wanted to use the Dvorak (UK) keyboard which is quite different from Xorg's default Qwerty (US) layout. -

    -

    - I'll just say it now: XkbModel can be pc105 in this case (ThinkPad X60, with a 105-key UK keyboard). - If you use an American keyboard (typically 104 keys) you will want to use pc104. -

    -

    - XkbLayout in my case would be gb, and XkbVariant would be dvorak. -

    -

    - The Arch wiki recommends two different methods for setting the keyboard layout:
    - https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files and
    - https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl. -

    -

    - In my case, I chose to use the configuration file method:
    - Create the file /etc/X11/xorg.conf.d/10-keyboard.conf and put this inside:
    - - Section "InputClass"
    -         Identifier "system-keyboard"
    -         MatchIsKeyboard "on"
    -         Option "XkbLayout" "gb"
    -         Option "XkbModel" "pc105"
    -         Option "XkbVariant" "dvorak"
    - EndSection -
    -

    -

    - For you, the steps above may differ if you have a different layout. If you use a US Qwerty keyboard, then - you don't even need to do anything (though it might help, for the sake of being explicit). -

    - Back to top of page. + The manpage should also help:
    + # man systemd
    + The section on 'unit types' is especially useful.

    -

    Install LXDE

    -

    - Desktop choice isn't that important to me, so for simplicity I decided to use LXDE. It's lightweight - and does everything that I need. - If you would like to try something different, refer to - https://wiki.archlinux.org/index.php/Desktop_environment -

    - Refer to https://wiki.archlinux.org/index.php/LXDE. + According to the wiki, systemd 'journal' keeps logs of a size up to 10% of the total size your / partition takes up. + on a 60GB root this would mean 6GB. That's not exactly practical, and can have performance implications later when the + log gets too big. Based on instructions from the wiki, I will reduce the total size of the journal to 50MiB (the wiki + recommends 50MiB).

    - Install it, choosing 'all' when asked for the default package list:
    - # pacman -S lxde obconf + Open /etc/systemd/journald.conf and find the line that says:
    + #SystemMaxUse=
    + Change it to say:
    + SystemMaxUse=50M

    - I didn't want the following, so I removed them:
    - # pacman -R lxmusic lxtask + The wiki also recommended a method for forwarding journal output to TTY 12 (accessible by pressing ctrl+alt+f12, + and you use ctrl+alt+[F1-F12] to switch between terminals). I decided not to enable it.

    - I also lazily installed all fonts:
    - # pacman -S $(pacman -Ssq ttf-) + Restart journald:
    + # systemctl restart systemd-journald

    +

    - LXDE comes with a terminal. You probably want a browser to go with that; I choose GNU IceCat, part of the GNU project:
    - # pacman -S icecat
    - And a mail client:
    - # pacman -S icedove + The wiki recommends that if the journal gets too large, you can also simply delete (rm -rf) everything inside /var/log/journald/* + but recommends backing it up. This shouldn't be necessary, since you already set the size limit above and systemd will automatically + start to delete older records when the journal size reaches it's limit (according to systemd developers).

    +

    - In IceCat, go to Preferences :: Advanced and disable GNU IceCat Health Report. + Finally, the wiki mentions 'temporary' files and the utility for managing them.
    + # man systemd-tmpfiles
    + The command for 'clean' is:
    + # systemd-tmpfiles --clean
    + According to the manpage, this "cleans all files and directories with an age parameter". + According to the Arch wiki, this reads information in /etc/tmpfiles.d/ and /usr/lib/tmpfiles.d/ + to know what actions to perform. Therefore, it is a good idea to read what's stored in these locations + to get a better understanding.

    - I also like to install these:
    - # pacman -S xsensors stress htop + I looked in /etc/tmpfiles.d/ and found that it was empty on my system. However, /usr/lib/tmpfiles.d/ contained some files. + The first one was etc.conf, containing information and a reference to this manpage:
    + # man tmpfiles.d
    + Read that manpage, and then continue studying all the files.

    - Enable LXDM (the default display manager, providing a graphical login):
    - # systemctl enable lxdm.service
    - It will start when you boot up the machine. To start it now, do:
    - # systemctl start lxdm.service + The systemd developers tell me that it isn't usually necessary to touch the systemd-tmpfiles utility manually at all.

    + +

    Back to top of page

    + +
    + +
    + +

    Interesting repositories

    - Log in with your standard (non-root) user that you created earlier. - It is advisable to also create an xinitrc rule in case you ever want to start lxde without lxdm. - Read https://wiki.archlinux.org/index.php/Xinitrc. + Parabola wiki at https://wiki.parabolagnulinux.org/Repositories#kernels + mentions about a repository called [kernels] for custom kernels that aren't in the default base. It might be worth looking into what is available + there, depending on your use case.

    - Open LXterminal:
    - $ cp /etc/skel/.xinitrc ~
    - Open .xinitrc and add the following plus a line break at the bottom of the file.
    + I enabled it on my system, to see what was in it. Edit /etc/pacman.conf and below the 'extra' section add:
    - # Probably not needed. The same locale info that we set before
    - # Based on advice from the LXDE wiki - export LC_ALL=en_GB.UTF-8
    - export LANGUAGE=en_GB.UTF-8
    - export LANG=en_GB.UTF-8
    -
    - # Start lxde desktop
    - exec startlxde
    + [kernels]
    + Include = /etc/pacman.d/mirrorlist
    - Now make sure that it is executable:
    - $ chmod +x .xinitrc

    - Back to top of page. + Now sync with the repository:
    + # pacman -Syy

    - -

    LXDE - clock

    - In Digital Clock Settings (right click the clock) I set the Clock Format to %Y/%m/%d %H:%M:%S + List all available packages in this repository:
    + # pacman -Sl kernels

    - Back to top of page. + In the end, I decided not to install anything from it but I kept the repository enabled regardless.

    +

    Back to top of page.

    + +
    -

    LXDE - font

    -

    - NOTE TO SELF: come back to this later. -

    -

    - Back to top of page. -

    +
    -

    LXDE - screenlock

    -

    - Arch wiki recommends to use xscreensaver:
    - # pacman -S xscreensaver -

    +

    Setup a network connection in Parabola

    - Under Preferences :: Screensaver in the LXDE menu, I chose Mode: Blank Screen Only, - setting Blank After, Cycle After and Lock Screen After (checked) to 10 minutes. -

    -

    - You can now lock the screen with Logout :: Lock Screen in the LXDE menu. + Read https://wiki.archlinux.org/index.php/Configuring_Network.

    Back to top of page.

    +

    Set the hostname

    +

    + This should be the same as the hostname that you set in /etc/hostname when installing Parabola. You can also do it with systemd (do so now, if you like):
    + # hostnamectl set-hostname yourhostname
    + This writes the specified hostname to /etc/hostname. More information can be found in these manpages:
    + # man hostname
    + # info hostname
    + # man hostnamectl +

    +

    + Add the same hostname to /etc/hosts, on each line. Example:
    + + 127.0.0.1 localhost.localdomain localhost myhostname
    + ::1 localhost.localdomain localhost myhostname +
    +

    +

    + You'll note that I set both lines; the 2nd line is for IPv6. More and more ISPs are providing this now (mine does) + so it's good to be forward-thinking here. +

    +

    + The hostname utility is part of the inetutils package and is in core/, installed by default (as part of base). +

    +

    + Back to top of page. +

    +

    Network Status

    +

    + According to the Arch wiki, udev should already detect the ethernet chipset + and load the driver for it automatically at boot time. You can check this in the "Ethernet controller" section + when running this command:
    + # lspci -v +

    +

    + Look at the remaining sections 'Kernel driver in use' and 'Kernel modules'. In my case it was as follows:
    + + Kernel driver in use: e1000e
    + Kernel modules: e1000e +
    +

    +

    + Check that the driver was loaded by issuing dmesg | grep module_name. In my case, I did:
    + # dmesg | grep e1000e +

    +

    Network device names

    +

    + According to https://wiki.archlinux.org/index.php/Configuring_Network#Device_names, + it is important to note that the old interface names like eth0, wlan0, wwan0 and so on no longer apply. Instead, systemd + creates device names starting with en (for enternet), wl (for wifi) and ww (for wwan) with a fixed identifier that systemd automatically generates. + An example device name for your ethernet chipset would be enp0s25, where it is never supposed to change. +

    +

    + If you want to enable the old names (eth0, wlan0, wwan0, etc), the Arch wiki recommends + adding net.ifnames=0 to your kernel parameters (in libreboot context, this would be accomplished by following the + instructions in grub_cbfs.html). +

    +

    + For background information, + read Predictable Network Interface Names +

    +

    + Show device names:
    + # ls /sys/class/net +

    +

    + Changing the device names is possible (I chose not to do it):
    + https://wiki.archlinux.org/index.php/Configuring_Network#Change_device_name +

    +

    + Back to top of page. +

    +

    Network setup

    +

    + I actually chose to ignore most of Networking section on the wiki. Instead, I plan to set up LXDE desktop with the graphical + network-manager client. Here is a list of network managers:
    + https://wiki.archlinux.org/index.php/List_of_applications/Internet#Network_managers. + If you need to, set a static IP address (temporarily) using the networking guide and the Arch wiki, or start the dhcpcd service in systemd. + NetworkManager will be setup later, after installing LXDE. +

    +

    + Back to top of page. +

    + +
    -

    LXDE - automounting

    -

    - Refer to https://wiki.archlinux.org/index.php/File_manager_functionality. -

    -

    - I chose to ignore this for now. NOTE TO SELF: come back to this later. -

    -

    - Back to top of page. -

    -

    LXDE - disable suspend

    -

    - When closing the laptop lid, the machine suspends. This is annoying at least to me. - NOTE TO SELF: disable it, then document the steps here. -

    +
    + +

    System Maintenance

    - Back to top of page. + Read https://wiki.archlinux.org/index.php/System_maintenance before continuing. + Also read https://wiki.archlinux.org/index.php/Enhance_system_stability. + This is important, so make sure to read them!

    -

    LXDE - battery monitor

    - Right click lxde panel and Add/Remove Panel Items. Click Add and select Battery Monitor, then click Add. - Close and then right-click the applet and go to Battery Monitor Settings, check the box that says Show Extended Information. - Now click Close. When you hover the cursor over it, it'll show information about the battery. + Install smartmontools (it can be used to check smart data. HDDs use non-free firmware inside, but it's transparent to you + but the smart data comes from it. Therefore, don't rely on it too much):
    + # pacman -S smartmontools
    + Read https://wiki.archlinux.org/index.php/S.M.A.R.T. to learn how to use it.

    Back to top of page.

    -

    LXDE - Network Manager

    -

    - Refer to https://wiki.archlinux.org/index.php/LXDE#Network_Management. - Then I read: https://wiki.archlinux.org/index.php/NetworkManager. -

    -

    - Install Network Manager:
    - # pacman -S networkmanager -

    -

    - You will also want the graphical applet:
    - # pacman -S network-manager-applet
    - Arch wiki says that an autostart rule will be written at /etc/xdg/autostart/nm-applet.desktop -

    -

    - I want to be able to use a VPN at some point, so the wiki tells me to do:
    - # pacman -S networkmanager-openvpn -

    -

    - LXDE uses openbox, so I refer to:
    - https://wiki.archlinux.org/index.php/NetworkManager#Openbox. -

    -

    - It tells me for the applet I need:
    - # pacman -S xfce4-notifyd gnome-icon-theme
    - Also, for storing authentication details (wifi) I need:
    - # pacman -S gnome-keyring -

    -

    - I wanted to quickly enable networkmanager:
    - # systemctl stop dhcpcd
    - # systemctl start NetworkManager
    - Enable NetworkManager at boot time:
    - # systemctl enable NetworkManager -

    -

    - Restart LXDE (log out, and then log back in). -

    + +
    + +
    + +

    Configuring the desktop

    - I added the volume control applet to the panel (right click panel, and add a new applet). - I also later changed the icons to use the gnome icon theme, in lxappearance. + Based on steps from + General Recommendations on the Arch wiki. + The plan is to use LXDE and LXDM/LightDM, along with everything else that you would expect on other distributions that provide LXDE + by default.

    Back to top of page.

    -
    +
    +

    Installing Xorg

    +

    + Based on https://wiki.archlinux.org/index.php/Xorg. +

    +

    + Firstly, install it!
    + # pacman -S xorg-server
    + I also recommend installing this (contains lots of useful tools, including xrandr):
    + # pacman -S xorg-server-utils +

    +

    + Install the driver. For me this was xf86-video-intel on the ThinkPad X60. T60 and macbook11/21 should be the same.
    + # pacman -S xf86-video-intel
    + For other systems you can try:
    + # pacman -Ss xf86-video- | less
    + Combined with looking at your lspci output, you can determine which driver is needed. + By default, Xorg will revert to xf86-video-vesa which is a generic driver and doesn't provide true hardware acceleration. +

    +

    + Other drivers (not just video) can be found by looking at the xorg-drivers group:
    + # pacman -Sg xorg-drivers
    +

    +

    + Mostly you will rely on a display manager, but in case you ever want to start X without one:
    + # pacman -S xorg-xinit +

    +

    + <optional>
    +    Arch wiki recommends installing these, for testing that X works:
    +    # pacman -S xorg-twm xorg-xclock xterm
    +    Refer to https://wiki.archlinux.org/index.php/Xinitrc. + and test X:
    +    # startx
    +    When you are satisfied, type exit in xterm, inside the X session.
    +    Uninstall them (clutter. eww): # pacman -S xorg-xinit xorg-twm xorg-xclock xterm
    + </optional> +

    +

    + Back to top of page. +

    +
    + +
    +

    Xorg keyboard layout

    +

    + Refer to https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg. +

    +

    + Xorg uses a different configuration method for keyboard layouts, so you will notice that the layout you + set in /etc/vconsole.conf earlier might not actually be the same in X. +

    +

    + To see what layout you currently use, try this on a terminal emulator in X:
    + # setxkbmap -print -verbose 10 +

    +

    + In my case, I wanted to use the Dvorak (UK) keyboard which is quite different from Xorg's default Qwerty (US) layout. +

    +

    + I'll just say it now: XkbModel can be pc105 in this case (ThinkPad X60, with a 105-key UK keyboard). + If you use an American keyboard (typically 104 keys) you will want to use pc104. +

    +

    + XkbLayout in my case would be gb, and XkbVariant would be dvorak. +

    +

    + The Arch wiki recommends two different methods for setting the keyboard layout:
    + https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_X_configuration_files and
    + https://wiki.archlinux.org/index.php/Keyboard_configuration_in_Xorg#Using_localectl. +

    +

    + In my case, I chose to use the configuration file method:
    + Create the file /etc/X11/xorg.conf.d/10-keyboard.conf and put this inside:
    + + Section "InputClass"
    +         Identifier "system-keyboard"
    +         MatchIsKeyboard "on"
    +         Option "XkbLayout" "gb"
    +         Option "XkbModel" "pc105"
    +         Option "XkbVariant" "dvorak"
    + EndSection +
    +

    +

    + For you, the steps above may differ if you have a different layout. If you use a US Qwerty keyboard, then + you don't even need to do anything (though it might help, for the sake of being explicit). +

    +

    + Back to top of page. +

    +
    + +
    +

    Install LXDE

    +

    + Desktop choice isn't that important to me, so for simplicity I decided to use LXDE. It's lightweight + and does everything that I need. + If you would like to try something different, refer to + https://wiki.archlinux.org/index.php/Desktop_environment +

    +

    + Refer to https://wiki.archlinux.org/index.php/LXDE. +

    +

    + Install it, choosing 'all' when asked for the default package list:
    + # pacman -S lxde obconf +

    +

    + I didn't want the following, so I removed them:
    + # pacman -R lxmusic lxtask +

    +

    + I also lazily installed all fonts:
    + # pacman -S $(pacman -Ssq ttf-) +

    +

    + LXDE comes with a terminal. You probably want a browser to go with that; I choose GNU IceCat, part of the GNU project:
    + # pacman -S icecat
    + And a mail client:
    + # pacman -S icedove +

    +

    + In IceCat, go to Preferences :: Advanced and disable GNU IceCat Health Report. +

    +

    + I also like to install these:
    + # pacman -S xsensors stress htop +

    +

    + Enable LXDM (the default display manager, providing a graphical login):
    + # systemctl enable lxdm.service
    + It will start when you boot up the machine. To start it now, do:
    + # systemctl start lxdm.service +

    +

    + Log in with your standard (non-root) user that you created earlier. + It is advisable to also create an xinitrc rule in case you ever want to start lxde without lxdm. + Read https://wiki.archlinux.org/index.php/Xinitrc. +

    +

    + Open LXterminal:
    + $ cp /etc/skel/.xinitrc ~
    + Open .xinitrc and add the following plus a line break at the bottom of the file.
    + + # Probably not needed. The same locale info that we set before
    + # Based on advice from the LXDE wiki + export LC_ALL=en_GB.UTF-8
    + export LANGUAGE=en_GB.UTF-8
    + export LANG=en_GB.UTF-8
    +
    + # Start lxde desktop
    + exec startlxde
    +
    + Now make sure that it is executable:
    + $ chmod +x .xinitrc +

    +

    + Back to top of page. +

    +
    + +
    +

    LXDE - clock

    +

    + In Digital Clock Settings (right click the clock) I set the Clock Format to %Y/%m/%d %H:%M:%S +

    +

    + Back to top of page. +

    +
    + +
    +

    LXDE - font

    +

    + NOTE TO SELF: come back to this later. +

    +

    + Back to top of page. +

    +
    + +
    +

    LXDE - screenlock

    +

    + Arch wiki recommends to use xscreensaver:
    + # pacman -S xscreensaver +

    +

    + Under Preferences :: Screensaver in the LXDE menu, I chose Mode: Blank Screen Only, + setting Blank After, Cycle After and Lock Screen After (checked) to 10 minutes. +

    +

    + You can now lock the screen with Logout :: Lock Screen in the LXDE menu. +

    +

    + Back to top of page. +

    +
    + +
    +

    LXDE - automounting

    +

    + Refer to https://wiki.archlinux.org/index.php/File_manager_functionality. +

    +

    + I chose to ignore this for now. NOTE TO SELF: come back to this later. +

    +

    + Back to top of page. +

    +
    + +
    +

    LXDE - disable suspend

    +

    + When closing the laptop lid, the machine suspends. This is annoying at least to me. + NOTE TO SELF: disable it, then document the steps here. +

    +

    + Back to top of page. +

    +
    + +
    +

    LXDE - battery monitor

    +

    + Right click lxde panel and Add/Remove Panel Items. Click Add and select Battery Monitor, then click Add. + Close and then right-click the applet and go to Battery Monitor Settings, check the box that says Show Extended Information. + Now click Close. When you hover the cursor over it, it'll show information about the battery. +

    +

    + Back to top of page. +

    +
    + +
    +

    LXDE - Network Manager

    +

    + Refer to https://wiki.archlinux.org/index.php/LXDE#Network_Management. + Then I read: https://wiki.archlinux.org/index.php/NetworkManager. +

    +

    + Install Network Manager:
    + # pacman -S networkmanager +

    +

    + You will also want the graphical applet:
    + # pacman -S network-manager-applet
    + Arch wiki says that an autostart rule will be written at /etc/xdg/autostart/nm-applet.desktop +

    +

    + I want to be able to use a VPN at some point, so the wiki tells me to do:
    + # pacman -S networkmanager-openvpn +

    +

    + LXDE uses openbox, so I refer to:
    + https://wiki.archlinux.org/index.php/NetworkManager#Openbox. +

    +

    + It tells me for the applet I need:
    + # pacman -S xfce4-notifyd gnome-icon-theme
    + Also, for storing authentication details (wifi) I need:
    + # pacman -S gnome-keyring +

    +

    + I wanted to quickly enable networkmanager:
    + # systemctl stop dhcpcd
    + # systemctl start NetworkManager
    + Enable NetworkManager at boot time:
    + # systemctl enable NetworkManager +

    +

    + Restart LXDE (log out, and then log back in). +

    +

    + I added the volume control applet to the panel (right click panel, and add a new applet). + I also later changed the icons to use the gnome icon theme, in lxappearance. +

    +

    + Back to top of page. +

    +
    + +
    + +
    -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/gnulinux/encrypted_parabola.html b/docs/gnulinux/encrypted_parabola.html index a48e489..85cb6ce 100644 --- a/docs/gnulinux/encrypted_parabola.html +++ b/docs/gnulinux/encrypted_parabola.html @@ -12,262 +12,293 @@ -
    +

    Installing Parabola GNU/Linux with full disk encryption (including /boot)

    - -
    - -

    - Libreboot uses the GRUB payload - by default, which means that the GRUB configuration file - (where your GRUB menu comes from) is stored directly alongside libreboot - and it's GRUB payload executable, inside - the flash chip. In context, this means that installing distributions and managing them - is handled slightly differently compared to traditional BIOS systems. -

    - -

    - On most systems, the /boot partition has to be left unencrypted while the others are encrypted. - This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware - can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a - payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical - access to the machine. -

    - -

    - Boot Parabola's install environment. How to boot a GNU/Linux installer. -

    - -

    - For this guide I used the 2013 09 01 image to boot the live installer and install the system. -

    - -

    - Parabola is much more flexible than Trisquel, but also more involved to set up. -

    - -

    - Firstly if you use an SSD, beware there are issues with TRIM (not enabled through luks) and security issues if you do enable it. - See this page - for more info. -

    - -

    - If you are using an SSD for this, make sure it's brand-new (or barely used). Or, otherwise, be sure that it never previously - contained plaintext copies of your data. -

    - -

    - Wipe the MBR (if you use MBR):
    - # lsblk
    - Your HDD is probably /dev/sda: - # dd if=/dev/zero of=/dev/sda bs=446 count=1; sync
    - Never use SeaBIOS! The MBR section can easily be changed with malicious code, which SeaBIOS will blindly execute. - This guide is for libreboot with GRUB-as-payload only. -

    - -

    - Securely wipe the drive:
    - # dd if=/dev/urandom of=/dev/sda; sync
    - NOTE: If you have an SSD, only do this the first time. If it was already LUKS-encrypted before, - use the info below to wipe the LUKS header. Also, check online for your SSD what the recommended - erase block size is. For example if it was 2MiB:
    - # dd if=/dev/urandom of=/dev/sda bs=2M; sync -

    -

    - If your drive was already LUKS encrypted (maybe you are re-installing your distro) then - it is already 'wiped'. You should just wipe the LUKS header. - https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/ - showed me how to do this. It recommends doing the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:
    - # head -c 3145728 /dev/urandom > /dev/sda; sync
    - (wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk). -

    -

    - - If you do plan to use an SSD, make sure to read - https://wiki.archlinux.org/index.php/Solid_State_Drives
    - Edit /etc/fstab later on when chrooted into your install. Also, read the whole article and keep all points in mind, adapting - them for this guide. -
    -

    - -

    - This guide will go through the installation steps taken at the time of writing, which may or may not change due to - the volatile nature of Parabola (it changes all the time). In general most of it should remain the same. If you spot mistakes, - please say so! This guide will be ported to the Parabola wiki at a later date. For up to date Parabola install guide, go to - the Parabola wiki. This guide essentially cherry picks the useful information (valid at the time of writing: 2014-09-15). -

    - -

    - Change keyboard layout -

    -

    - Parabola live shell assumes US Qwerty. If you have something different, use:
    - # loadkeys LAYOUT
    - For me, LAYOUT would have been dvorak-uk. -

    +

    + Libreboot uses the GRUB payload + by default, which means that the GRUB configuration file + (where your GRUB menu comes from) is stored directly alongside libreboot + and it's GRUB payload executable, inside + the flash chip. In context, this means that installing distributions and managing them + is handled slightly differently compared to traditional BIOS systems. +

    -

    Getting started

    -

    - The beginning is based on https://wiki.parabolagnulinux.org/Installation_Guide. - Then I referred to https://wiki.archlinux.org/index.php/Partitioning at first. -

    +

    + On most systems, the /boot partition has to be left unencrypted while the others are encrypted. + This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware + can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a + payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical + access to the machine. +

    +

    + Back to previous index +

    + -

    dm-mod

    +
    +

    - device-mapper will be used - a lot. Make sure that the kernel module is loaded:
    - # modprobe dm-mod + Boot Parabola's install environment. How to boot a GNU/Linux installer.

    -

    Create LUKS partition

    -

    - I am using MBR partitioning, so I use cfdisk:
    - # cfdisk /dev/sda -

    -

    - I create a single large sda1 filling the whole drive, leaving it as the default type 'Linux' (83). -

    - Now I refer to https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning:
    - I am then directed to https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption. + For this guide I used the 2013 09 01 image to boot the live installer and install the system.

    +

    - Parabola forces you to RTFM. -

    -

    - It tells me to run:
    - # cryptsetup benchmark (for making sure the list below is populated)
    - Then:
    - # cat /proc/crypto
    - This gives me crypto options that I can use. It also provides a representation of the best way to set up LUKS (in this case, security is a priority; speed, a distant second). - To gain a better understanding, I am also reading:
    - # man cryptsetup -

    -

    - Following that page, based on my requirements, I do the following based on https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode. - Reading through, it seems like Serpent (encryption) and Whirlpool (hash) is the best option. -

    -

    - I am initializing LUKS with the following:
    - # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random --verify-passphrase luksFormat /dev/sda1 - -- choose a secure passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The password - length should be as long as you are able to handle without writing it down or storing it anywhere. Ideally, 100 characters or more. - It might take you a while to memorize a long passphrase before beginning this step. + This guide will go through the installation steps taken at the time of writing, which may or may not change due to + the volatile nature of Parabola (it changes all the time). In general most of it should remain the same. If you spot mistakes, + please say so! This guide will be ported to the Parabola wiki at a later date. For up to date Parabola install guide, go to + the Parabola wiki. This guide essentially cherry picks the useful information (valid at the time of writing: 2014-09-15).

    + +
    -

    Create LVM

    -

    - Now I refer to https://wiki.archlinux.org/index.php/LVM. -

    +
    +

    - Open the LUKS partition:
    - # cryptsetup open --type luks /dev/sda1 lvm
    - (it will be available at /dev/mapper/lvm)
    - I'm told that the above is old syntax, which is what I did anyway. You could also try:
    - # cryptsetup luksOpen /dev/sda1 lvm -

    -

    - Create LVM partition:
    - # pvcreate /dev/mapper/lvm
    - Show that you just created it:
    - # pvdisplay -

    -

    - Now I create the volume group, inside of which the logical volumes will be created:
    - # vgcreate matrix /dev/mapper/lvm (volume group name is 'matrix')
    - Show that you created it:
    - # vgdisplay -

    -

    - Now create the logical volumes:
    - # lvcreate -L 2G matrix -n swapvol (2G swap partition, named swapvol)
    - # lvcreate -l +100%FREE matrix -n rootvol (single large partition in the rest of the space, named rootvol)
    - You can also be flexible here, for example you can specify a /boot, a /, a /home, a /var, a /usr, etc. For example, - if you will be running a web/mail server then you want /var in its own partition (so that if it fills up with logs, it won't crash your system). - For a home/laptop system (typical use case), a root and a swap will do (really). -

    -

    - Verify that the logical volumes were created, using the following command:
    - # lvdisplay + Firstly if you use an SSD, beware there are issues with TRIM (not enabled through luks) and security issues if you do enable it. + See this page + for more info.

    -

    Create / and swap partitions

    - For the swapvol LV I use:
    - # mkswap /dev/mapper/matrix-swapvol -

    -

    - For the rootvol LV I use:
    - # mkfs.ext4 /dev/mapper/matrix-rootvol + If you are using an SSD for this, make sure it's brand-new (or barely used). Or, otherwise, be sure that it never previously + contained plaintext copies of your data.

    -

    Continue with Parabola installation

    -

    - Mount the root (/) partition:
    - # mount /dev/matrix/rootvol /mnt
    -

    -

    - This guide is really about GRUB, Parabola and cryptomount. I have to show how to install Parabola - so that the guide can continue. -

    - Now I am following the rest of https://wiki.parabolagnulinux.org/Installation_Guide. - I also cross referenced https://wiki.archlinux.org/index.php/Installation_guide. -

    -

    - Create /home and /boot on rootvol mountpoint:
    - # mkdir /mnt/home
    - # mkdir /mnt/boot -

    -

    - The wiki says to enable the swap so that it can be detected by 'genfstab':
    - # swapon /dev/matrix/swapvol -

    -

    - DHCP was already working for me, so I had internet during the install. Therefore, I ignore the 'Connect to the Internet' section of the install guide. - I also ignore wifi, since I can set that up after the install. For now, I am just using ethernet. - Otherwise, refer to https://wiki.archlinux.org/index.php/Configuring_Network. - You can test to see if internet is already working by pinging a few domains. + Wipe the MBR (if you use MBR):
    + # lsblk
    + Your HDD is probably /dev/sda: + # dd if=/dev/zero of=/dev/sda bs=446 count=1; sync
    + Never use SeaBIOS! The MBR section can easily be changed with malicious code, which SeaBIOS will blindly execute. + This guide is for libreboot with GRUB-as-payload only.

    - I commented out all lines except the Server line for the UK Parabola server (main server) in /etc/pacman.d/mirrorlist and then did:
    - # pacman -Syy
    - # pacman -Syu
    - # pacman -Sy pacman (and then I did the other 2 steps above, again)
    - In my case I did the steps in the next paragraph, and followed the steps in this paragraph again. + Securely wipe the drive:
    + # dd if=/dev/urandom of=/dev/sda; sync
    + NOTE: If you have an SSD, only do this the first time. If it was already LUKS-encrypted before, + use the info below to wipe the LUKS header. Also, check online for your SSD what the recommended + erase block size is. For example if it was 2MiB:
    + # dd if=/dev/urandom of=/dev/sda bs=2M; sync

    - <troubleshooting>
    -    The following is based on 'Verification of package signatures' in the Parabola install guide.
    -    Check there first to see if steps differ by now.
    -    Now you have to update the default Parabola keyring. This is used for signing and verifying packages:
    -    # pacman -Sy parabola-keyring
    -    It says that if you get GPG errors, then it's probably an expired key and, therefore, you should do:
    -    # pacman-key --populate parabola
    -    # pacman-key --refresh-keys
    -    # pacman -Sy parabola-keyring
    -    To be honest, you should do the above anyway. Parabola has a lot of maintainers, and a lot of keys. Really!
    -    Also, it says that if the clock is set incorrectly then you have to manually set the correct time
    -    (if keys are listed as expired because of it):
    -    # date MMDDhhmm[[CC]YY][.ss]
    -    I also had to install:
    -    # pacman -S archlinux-keyring
    -    # pacman-key --populate archlinux
    -    In my case I saw some conflicting files reported in pacman, stopping me from using it.
    -    I deleted the files that it mentioned - and then it worked. Specifically, I had this error:
    -    licenses: /usr/share/licenses/common/MPS exists in filesystem
    -    I rm -rf'd the file and then pacman worked. I'm told that the following would have also made it work:
    -    # pacman -Sf licenses
    - </troubleshooting>
    + If your drive was already LUKS encrypted (maybe you are re-installing your distro) then + it is already 'wiped'. You should just wipe the LUKS header. + https://www.lisenet.com/2013/luks-add-keys-backup-and-restore-volume-header/ + showed me how to do this. It recommends doing the first 3MiB. Now, that guide is recommending putting zero there. I'm doing to use urandom. Do this:
    + # head -c 3145728 /dev/urandom > /dev/sda; sync
    + (wiping the LUKS header is important, since it has hashed passphrases and so on. It's 'secure', but 'potentially' a risk).

    - I also like to install other packages (base-devel, compilers and so on) and wpa_supplicant/dialog are needed for wireless after the install:
    - # pacstrap /mnt base base-devel wpa_supplicant dialog + + If you do plan to use an SSD, make sure to read + https://wiki.archlinux.org/index.php/Solid_State_Drives
    + Edit /etc/fstab later on when chrooted into your install. Also, read the whole article and keep all points in mind, adapting + them for this guide. +

    + +
    + +
    + +

    + Change keyboard layout +

    +

    + Parabola live shell assumes US Qwerty. If you have something different, use:
    + # loadkeys LAYOUT
    + For me, LAYOUT would have been dvorak-uk. +

    + +
    + +
    + +

    Getting started

    +

    + The beginning is based on https://wiki.parabolagnulinux.org/Installation_Guide. + Then I referred to https://wiki.archlinux.org/index.php/Partitioning at first. +

    + +
    + +
    + +

    dm-mod

    +

    + device-mapper will be used - a lot. Make sure that the kernel module is loaded:
    + # modprobe dm-mod +

    + +

    Create LUKS partition

    +

    + I am using MBR partitioning, so I use cfdisk:
    + # cfdisk /dev/sda +

    +

    + I create a single large sda1 filling the whole drive, leaving it as the default type 'Linux' (83). +

    +

    + Now I refer to https://wiki.archlinux.org/index.php/Dm-crypt/Drive_preparation#Partitioning:
    + I am then directed to https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption. +

    +

    + Parabola forces you to RTFM. +

    +

    + It tells me to run:
    + # cryptsetup benchmark (for making sure the list below is populated)
    + Then:
    + # cat /proc/crypto
    + This gives me crypto options that I can use. It also provides a representation of the best way to set up LUKS (in this case, security is a priority; speed, a distant second). + To gain a better understanding, I am also reading:
    + # man cryptsetup +

    +

    + Following that page, based on my requirements, I do the following based on https://wiki.archlinux.org/index.php/Dm-crypt/Device_encryption#Encryption_options_for_LUKS_mode. + Reading through, it seems like Serpent (encryption) and Whirlpool (hash) is the best option. +

    +

    + I am initializing LUKS with the following:
    + # cryptsetup -v --cipher serpent-xts-plain64 --key-size 512 --hash whirlpool --use-random --verify-passphrase luksFormat /dev/sda1 + -- choose a secure passphrase here. Ideally lots of lowercase/uppercase numbers, letters, symbols etc all in a random pattern. The password + length should be as long as you are able to handle without writing it down or storing it anywhere. Ideally, 100 characters or more. + It might take you a while to memorize a long passphrase before beginning this step. +

    + +
    -

    Configure the system

    +
    + +

    Create LVM

    +

    + Now I refer to https://wiki.archlinux.org/index.php/LVM. +

    +

    + Open the LUKS partition:
    + # cryptsetup open --type luks /dev/sda1 lvm
    + (it will be available at /dev/mapper/lvm)
    + I'm told that the above is old syntax, which is what I did anyway. You could also try:
    + # cryptsetup luksOpen /dev/sda1 lvm +

    +

    + Create LVM partition:
    + # pvcreate /dev/mapper/lvm
    + Show that you just created it:
    + # pvdisplay +

    +

    + Now I create the volume group, inside of which the logical volumes will be created:
    + # vgcreate matrix /dev/mapper/lvm (volume group name is 'matrix')
    + Show that you created it:
    + # vgdisplay +

    +

    + Now create the logical volumes:
    + # lvcreate -L 2G matrix -n swapvol (2G swap partition, named swapvol)
    + # lvcreate -l +100%FREE matrix -n rootvol (single large partition in the rest of the space, named rootvol)
    + You can also be flexible here, for example you can specify a /boot, a /, a /home, a /var, a /usr, etc. For example, + if you will be running a web/mail server then you want /var in its own partition (so that if it fills up with logs, it won't crash your system). + For a home/laptop system (typical use case), a root and a swap will do (really). +

    +

    + Verify that the logical volumes were created, using the following command:
    + # lvdisplay +

    + +
    + +
    + +

    Create / and swap partitions

    +

    + For the swapvol LV I use:
    + # mkswap /dev/mapper/matrix-swapvol +

    +

    + For the rootvol LV I use:
    + # mkfs.ext4 /dev/mapper/matrix-rootvol +

    + +
    + +
    + +

    Continue with Parabola installation

    +

    + Mount the root (/) partition:
    + # mount /dev/matrix/rootvol /mnt
    +

    +

    + This guide is really about GRUB, Parabola and cryptomount. I have to show how to install Parabola + so that the guide can continue. +

    +

    + Now I am following the rest of https://wiki.parabolagnulinux.org/Installation_Guide. + I also cross referenced https://wiki.archlinux.org/index.php/Installation_guide. +

    +

    + Create /home and /boot on rootvol mountpoint:
    + # mkdir /mnt/home
    + # mkdir /mnt/boot +

    +

    + The wiki says to enable the swap so that it can be detected by 'genfstab':
    + # swapon /dev/matrix/swapvol +

    +

    + DHCP was already working for me, so I had internet during the install. Therefore, I ignore the 'Connect to the Internet' section of the install guide. + I also ignore wifi, since I can set that up after the install. For now, I am just using ethernet. + Otherwise, refer to https://wiki.archlinux.org/index.php/Configuring_Network. + You can test to see if internet is already working by pinging a few domains. +

    + +

    + I commented out all lines except the Server line for the UK Parabola server (main server) in /etc/pacman.d/mirrorlist and then did:
    + # pacman -Syy
    + # pacman -Syu
    + # pacman -Sy pacman (and then I did the other 2 steps above, again)
    + In my case I did the steps in the next paragraph, and followed the steps in this paragraph again. +

    +

    + <troubleshooting>
    +    The following is based on 'Verification of package signatures' in the Parabola install guide.
    +    Check there first to see if steps differ by now.
    +    Now you have to update the default Parabola keyring. This is used for signing and verifying packages:
    +    # pacman -Sy parabola-keyring
    +    It says that if you get GPG errors, then it's probably an expired key and, therefore, you should do:
    +    # pacman-key --populate parabola
    +    # pacman-key --refresh-keys
    +    # pacman -Sy parabola-keyring
    +    To be honest, you should do the above anyway. Parabola has a lot of maintainers, and a lot of keys. Really!
    +    Also, it says that if the clock is set incorrectly then you have to manually set the correct time
    +    (if keys are listed as expired because of it):
    +    # date MMDDhhmm[[CC]YY][.ss]
    +    I also had to install:
    +    # pacman -S archlinux-keyring
    +    # pacman-key --populate archlinux
    +    In my case I saw some conflicting files reported in pacman, stopping me from using it.
    +    I deleted the files that it mentioned + and then it worked. Specifically, I had this error:
    +    licenses: /usr/share/licenses/common/MPS exists in filesystem
    +    I rm -rf'd the file and then pacman worked. I'm told that the following would have also made it work:
    +    # pacman -Sf licenses
    + </troubleshooting>
    +

    +

    + I also like to install other packages (base-devel, compilers and so on) and wpa_supplicant/dialog are needed for wireless after the install:
    + # pacstrap /mnt base base-devel wpa_supplicant dialog +

    + +
    + +
    + +

    Configure the system

    From the Parabola installation guide (Arch's one was identical):
    # genfstab -p /mnt >> /mnt/etc/fstab @@ -359,8 +390,12 @@ # mkinitcpio -p linux-libre-grsec + +

    -

    Set a root password

    +
    + +

    Set a root password

    At the time of writing, Parabola used SHA512 by default for it's password hashing.

    @@ -374,8 +409,12 @@ # passwd root
    Make sure to set a secure password! Also, it must never be the same as your LUKS password.

    + +
    + +
    -

    Extra security tweaks

    +

    Extra security tweaks

    Based on https://wiki.archlinux.org/index.php/Security.

    @@ -397,8 +436,12 @@ Configure sudo - not covered here. Will be covered post-installation in another tutorial, at a later date. If this is a single-user system, you don't really need sudo.

    + +
    + +
    -

    Unmount, reboot!

    +

    Unmount, reboot!

    Exit from chroot:
    # exit @@ -421,8 +464,12 @@ # shutdown -h now
    Then boot up again.

    + +
    -

    Booting from GRUB

    +
    + +

    Booting from GRUB

    Initially you will have to boot manually. Press C to get to the GRUB command line. The underlined parts are optional (using those 2 underlines will boot lts kernel instead of normal). @@ -437,132 +484,144 @@

    You could also make it load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img

    + +
    -
    +
    + +

    Modify grub.cfg inside the ROM

    -

    Modify grub.cfg inside the ROM

    +

    + Now you need to modify the ROM, so that Parabola can boot automatically with this configuration. + grub_cbfs.html shows you how. Follow that guide, using the configuration details below. +

    +

    + Inside the 'Load Operating System' menu entry, change the contents to:
    + + cryptomount -a (ahci0,msdos1)
    + set root='lvm/matrix-rootvol'
    + linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
    + initrd /boot/initramfs-linux-libre-lts.img +
    +

    -

    - Now you need to modify the ROM, so that Parabola can boot automatically with this configuration. - grub_cbfs.html shows you how. Follow that guide, using the configuration details below. -

    -

    - Inside the 'Load Operating System' menu entry, change the contents to:
    - - cryptomount -a (ahci0,msdos1)
    - set root='lvm/matrix-rootvol'
    - linux /boot/vmlinuz-linux-libre-lts root=/dev/matrix/rootvol cryptdevice=/dev/sda1:root
    - initrd /boot/initramfs-linux-libre-lts.img -
    -

    +

    + Note: the underlined parts above (-lts) can also be removed, to boot the latest kernel instead of LTS (long-term support) kernels. + You could also copy the menu entry and in one have -lts, and without in the other menuentry. + You could also create a menu entry to load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img +

    -

    - Note: the underlined parts above (-lts) can also be removed, to boot the latest kernel instead of LTS (long-term support) kernels. - You could also copy the menu entry and in one have -lts, and without in the other menuentry. - You could also create a menu entry to load /boot/vmlinuz-linux-libre-grsec and /boot/initramfs-linux-libre-grsec.img -

    +

    + Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default. +

    -

    - Personally, I opted to have the entry for linux-libre-grsec at the top, so that it would load by default. -

    +

    + Above the 'Load Operating System' menu entry you should also add a GRUB password, like so: +

    +
    set superusers="root"
    +	password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
    +	
    -

    - Above the 'Load Operating System' menu entry you should also add a GRUB password, like so: -

    -
    set superusers="root"
    -password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
    -
    +

    + Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root. + Change root on both of those 2 lines to whatever you want. +

    -

    - Note that the above entry specifies user 'root'; this is just a username for GRUB. You don't even need to use root. - Change root on both of those 2 lines to whatever you want. -

    +

    + Start dhcp on ethernet:
    + # systemctl start dhcpcd.service + This is just for the step below. I won't cover network configuration here. That is for another Parabola article. +

    -

    - Start dhcp on ethernet:
    - # systemctl start dhcpcd.service - This is just for the step below. I won't cover network configuration here. That is for another Parabola article. -

    +

    + The password hash (it's password, by the way) after 'password_pbkdf2 root' should be changed and is created by the grub-mkpasswd-pbkdf2 utility, which you need to install or otherwise compile, + like so:
    + # pacman -S grub +

    + +

    + GRUB isn't needed for booting, since it's already included as a payload in libreboot. This is only so that the utility needed becomes available. Get your hash + by entering your chosen password at the prompt, when running this command:
    + # grub-mkpasswd-pbkdf2 +

    -

    - The password hash (it's password, by the way) after 'password_pbkdf2 root' should be changed and is created by the grub-mkpasswd-pbkdf2 utility, which you need to install or otherwise compile, - like so:
    - # pacman -S grub -

    - -

    - GRUB isn't needed for booting, since it's already included as a payload in libreboot. This is only so that the utility needed becomes available. Get your hash - by entering your chosen password at the prompt, when running this command:
    - # grub-mkpasswd-pbkdf2 -

    +

    + It will output the hash for the password that you entered. Make sure to specify a password that is different from both your LUKS *and* your root/user password. + Use it to replace the default hash mentioned above. +

    -

    - It will output the hash for the password that you entered. Make sure to specify a password that is different from both your LUKS *and* your root/user password. - Use it to replace the default hash mentioned above. -

    +

    + With this setup, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal. + This protects your system from an attacker simply booting a live usb distro and re-flashing the boot firmware. +

    -

    - With this setup, you will have to enter a password at boot time, in GRUB, before being able to use any of the menu entries or switch to the terminal. - This protects your system from an attacker simply booting a live usb distro and re-flashing the boot firmware. -

    +

    + You probably only need base-devel (compilers and so on) to build and use cbfstool. It was already installed if you followed this tutorial, but here it is:
    + # pacman -S base-devel +

    -

    - You probably only need base-devel (compilers and so on) to build and use cbfstool. It was already installed if you followed this tutorial, but here it is:
    - # pacman -S base-devel -

    +

    + For flashing the modified ROM, I just used flashrom from the Parabola repo's:
    + # pacman -S flashrom
    + I also installed dmidecode:
    + # pacman -S dmidecode +

    -

    - For flashing the modified ROM, I just used flashrom from the Parabola repo's:
    - # pacman -S flashrom
    - I also installed dmidecode:
    - # pacman -S dmidecode -

    +

    + When done, deleted GRUB (remember, we only needed it for the grub-mkpasswd-pbkdf2 utility; + GRUB is already part of libreboot, flashed alongside it as a payload):
    + # pacman -R grub +

    + +
    + +

    - When done, deleted GRUB (remember, we only needed it for the grub-mkpasswd-pbkdf2 utility; - GRUB is already part of libreboot, flashed alongside it as a payload):
    - # pacman -R grub + If you followed all that correctly, you should now have a fully encrypted Parabola installation. + This is a very barebones Parabola install (the default one). Refer to the wiki for how to do the rest + (desktop, etc).

    + +
    -
    +
    -

    - If you followed all that correctly, you should now have a fully encrypted Parabola installation. - This is a very barebones Parabola install (the default one). Refer to the wiki for how to do the rest - (desktop, etc). -

    +

    Further security tips

    +

    + https://wiki.archlinux.org/index.php/Security.
    + https://wiki.parabolagnulinux.org/User:GNUtoo/laptop +

    + +
    -
    +
    -

    Further security tips

    -

    - https://wiki.archlinux.org/index.php/Security.
    - https://wiki.parabolagnulinux.org/User:GNUtoo/laptop -

    +

    Follow-up tutorial: configuring Parabola

    +

    + configuring_parabola.html shows my own notes post-installation. Using these, you can get a basic + system similar to the one that I chose for myself. You can also cherry pick useful notes and come up with your own system. + Parabola is user-centric, which means that you are in control. For more information, read The Arch Way + (Parabola also follows it). +

    + +
    -
    +
    -

    Follow-up tutorial: configuring Parabola

    - configuring_parabola.html shows my own notes post-installation. Using these, you can get a basic - system similar to the one that I chose for myself. You can also cherry pick useful notes and come up with your own system. - Parabola is user-centric, which means that you are in control. For more information, read The Arch Way - (Parabola also follows it). + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/gnulinux/encrypted_trisquel.html b/docs/gnulinux/encrypted_trisquel.html index 8e369a4..c24d5f1 100644 --- a/docs/gnulinux/encrypted_trisquel.html +++ b/docs/gnulinux/encrypted_trisquel.html @@ -12,280 +12,325 @@ -
    +

    Installing Trisquel GNU/Linux with full disk encryption (including /boot)

    - -
    - -

    - Libreboot uses the GRUB payload - by default, which means that the GRUB configuration file - (where your GRUB menu comes from) is stored directly alongside libreboot - and its GRUB payload executable, inside - the flash chip. In context, this means that installing distributions and managing them - is handled slightly differently compared to traditional BIOS systems. -

    - -

    - On most systems, the /boot partition has to be left unencrypted while the others are encrypted. - This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware - can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a - payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical - access to the machine. -

    - -

    - This works in Trisquel 7, and probably Trisquel 6. Boot the 'net installer' (Install Trisquel in Text Mode). How to boot a GNU/Linux installer. -

    - -

    - Set a strong user password (ideally above 40 characters, of lowercase/uppercase, numbers and symbols). -

    - -

    - when the installer asks you to set up - encryption (ecryptfs) for your home directory, select 'Yes' if you want to: LUKS is already secure and performs well. Having ecryptfs on top of it - will add noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and not recommended. - Choose 'no'. -

    - -

    - - Your user password should be different from the LUKS password which you will set later on. - Your LUKS password should, like the user password, be secure. - -

    - -

    Partitioning

    - -

    Choose 'Manual' partitioning:

    -
      -
    • Select drive and create new partition table
    • -
    • - Single large partition. The following are mostly defaults: -
        -
      • Use as: physical volume for encryption
      • -
      • Encryption: aes
      • -
      • key size: 256
      • -
      • IV algorithm: xts-plain64
      • -
      • Encryption key: passphrase
      • -
      • erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)
      • -
      -
    • -
    • - Select 'configure encrypted volumes' -
        -
      • Create encrypted volumes
      • -
      • Select your partition
      • -
      • Finish
      • -
      • Really erase: Yes
      • -
      • (erase will take a long time. be patient)
      • -
      • (if your old system was encrypted, just let this run for about a minute to - make sure that the LUKS header is wiped out)
      • -
      -
    • -
    • - Select encrypted space: -
        -
      • use as: physical volume for LVM
      • -
      • Choose 'done setting up the partition'
      • -
      -
    • -
    • - Configure the logical volume manager: -
        -
      • Keep settings: Yes
      • -
      -
    • -
    • - Create volume group: -
        -
      • Name: grubcrypt (you can use whatever you want here, this is just an example)
      • -
      • Select crypto partition
      • -
      -
    • -
    • - Create logical volume -
        -
      • select grubcrypt (or whatever you named it before)
      • -
      • name: trisquel (you can use whatever you want here, this is just an example)
      • -
      • size: default, minus 2048 MB
      • -
      -
    • -
    • - Create logical volume -
        -
      • select grubcrypt (or whatever you named it before)
      • -
      • name: swap (you can use whatever you want here, this is just an example)
      • -
      • size: press enter
      • -
      -
    • -
    - -

    Further partitioning

    - -

    - Now you are back at the main partitioning screen. You will simply set mountpoints and filesystems to use. -

    -
      -
    • - LVM LV trisquel -
        -
      • use as: ext4
      • -
      • mount point: /
      • -
      • done setting up partition
      • -
      -
    • -
    • - LVM LV swap -
        -
      • use as: swap area
      • -
      • done setting up partition
      • -
      -
    • -
    • Now you select 'Finished partitioning and write changes to disk'.
    • -
    - -

    Kernel

    - -

    - Installation will ask what kernel you want to use. linux-generic is fine. -

    - -

    Tasksel

    - -

    - Choose "Trisquel Desktop Environment" if you want GNOME, - "Trisquel-mini Desktop Environment" if you - want LXDE or "Triskel Desktop Environment" if you want KDE. - If you want to have no desktop (just a basic shell) - when you boot or if you want to create your own custom setup, then choose nothing here (don't select anything). - You might also want to choose some of the other package groups; it's up to you. -

    - -

    Postfix configuration

    - -

    - If asked, choose "No Configuration" here (or maybe you want to select something else. It's up to you.) -

    - -

    Install the GRUB boot loader to the master boot record

    - -

    - Choose 'Yes'. It will fail, but don't worry. Then at the main menu, choose 'Continue without a bootloader'. - You could also choose 'No'. Choice is irrelevant here. -

    - -

    - You do not need to install GRUB at all, since in libreboot you are using the GRUB payload (for libreboot) to boot your system directly. -

    - -

    Clock UTC

    - -

    - Just say 'Yes'. -

    - -

    - Booting your system -

    - -

    - At this point, you will have finished the installation. At your GRUB payload, press C to get to the command line. -

    - +

    + Libreboot uses the GRUB payload + by default, which means that the GRUB configuration file + (where your GRUB menu comes from) is stored directly alongside libreboot + and its GRUB payload executable, inside + the flash chip. In context, this means that installing distributions and managing them + is handled slightly differently compared to traditional BIOS systems. +

    + +

    + On most systems, the /boot partition has to be left unencrypted while the others are encrypted. + This is so that GRUB, and therefore the kernel, can be loaded and executed since the firmware + can't open a LUKS volume. Not so with libreboot! Since GRUB is already included directly as a + payload, even /boot can be encrypted. This protects /boot from tampering by someone with physical + access to the machine. +

    +

    + This works in Trisquel 7, and probably Trisquel 6. Boot the 'net installer' (Install Trisquel in Text Mode). + How to boot a GNU/Linux installer. +

    +

    Back to previous index

    + + +
    +

    - Do that:
    - grub> cryptomount -a (ahci0,msdos1)
    - grub> set root='lvm/grubcrypt-trisquel'
    - grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
    - grub> initrd /initrd.img
    - grub> boot -

    - -

    - ecryptfs -

    - -

    - If you didn't encrypt your home directory, then you can safely ignore this section. -

    - -

    - Immediately after logging in, do that:
    - $ sudo ecryptfs-unwrap-passphrase -

    - -

    - This will be needed in the future if you ever need to recover your home directory from another system, so write it down and keep the note - somewhere secret. Ideally, you should memorize it and then burn the note (or not even write it down, and memorize it still)> -

    - -

    - Modify grub.cfg (CBFS) -

    - -

    - Now you need to set it up so that the system will automatically boot, without having to type a bunch of commands. -

    - -

    - Modify your grub.cfg (in the firmware) using this tutorial; - just change the default menu entry 'Load Operating System' to say this inside: + Set a strong user password (ideally above 40 characters, of lowercase/uppercase, numbers and symbols).

    - cryptomount -a (ahci0,msdos1)
    - set root='lvm/grubcrypt-trisquel'
    - linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
    - initrd /initrd.img + when the installer asks you to set up + encryption (ecryptfs) for your home directory, select 'Yes' if you want to: LUKS is already secure and performs well. Having ecryptfs on top of it + will add noticeable performance penalty, for little security gain in most use cases. This is therefore optional, and not recommended. + Choose 'no'.

    - Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see - GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. This should be different than your LUKS passphrase and user password. + + Your user password should be different from the LUKS password which you will set later on. + Your LUKS password should, like the user password, be secure. +

    + +
    + +
    + +

    Partitioning

    + +

    Choose 'Manual' partitioning:

    +
      +
    • Select drive and create new partition table
    • +
    • + Single large partition. The following are mostly defaults: +
        +
      • Use as: physical volume for encryption
      • +
      • Encryption: aes
      • +
      • key size: 256
      • +
      • IV algorithm: xts-plain64
      • +
      • Encryption key: passphrase
      • +
      • erase data: Yes (only choose 'No' if it's a new drive that doesn't contain your private data)
      • +
      +
    • +
    • + Select 'configure encrypted volumes' +
        +
      • Create encrypted volumes
      • +
      • Select your partition
      • +
      • Finish
      • +
      • Really erase: Yes
      • +
      • (erase will take a long time. be patient)
      • +
      • (if your old system was encrypted, just let this run for about a minute to + make sure that the LUKS header is wiped out)
      • +
      +
    • +
    • + Select encrypted space: +
        +
      • use as: physical volume for LVM
      • +
      • Choose 'done setting up the partition'
      • +
      +
    • +
    • + Configure the logical volume manager: +
        +
      • Keep settings: Yes
      • +
      +
    • +
    • + Create volume group: +
        +
      • Name: grubcrypt (you can use whatever you want here, this is just an example)
      • +
      • Select crypto partition
      • +
      +
    • +
    • + Create logical volume +
        +
      • select grubcrypt (or whatever you named it before)
      • +
      • name: trisquel (you can use whatever you want here, this is just an example)
      • +
      • size: default, minus 2048 MB
      • +
      +
    • +
    • + Create logical volume +
        +
      • select grubcrypt (or whatever you named it before)
      • +
      • name: swap (you can use whatever you want here, this is just an example)
      • +
      • size: press enter
      • +
      +
    • +
    + +
    + +
    + +

    Further partitioning

    + +

    + Now you are back at the main partitioning screen. You will simply set mountpoints and filesystems to use. +

    +
      +
    • + LVM LV trisquel +
        +
      • use as: ext4
      • +
      • mount point: /
      • +
      • done setting up partition
      • +
      +
    • +
    • + LVM LV swap +
        +
      • use as: swap area
      • +
      • done setting up partition
      • +
      +
    • +
    • Now you select 'Finished partitioning and write changes to disk'.
    • +
    + +
    + +
    + +

    Kernel

    + +

    + Installation will ask what kernel you want to use. linux-generic is fine. +

    + +
    + +
    + +

    Tasksel

    + +

    + Choose "Trisquel Desktop Environment" if you want GNOME, + "Trisquel-mini Desktop Environment" if you + want LXDE or "Triskel Desktop Environment" if you want KDE. + If you want to have no desktop (just a basic shell) + when you boot or if you want to create your own custom setup, then choose nothing here (don't select anything). + You might also want to choose some of the other package groups; it's up to you. +

    + +
    + +
    + +

    Postfix configuration

    + +

    + If asked, choose "No Configuration" here (or maybe you want to select something else. It's up to you.) +

    + +
    + +
    + +

    Install the GRUB boot loader to the master boot record

    + +

    + Choose 'Yes'. It will fail, but don't worry. Then at the main menu, choose 'Continue without a bootloader'. + You could also choose 'No'. Choice is irrelevant here. +

    + +

    + You do not need to install GRUB at all, since in libreboot you are using the GRUB payload (for libreboot) to boot your system directly. +

    + +
    + +
    + +

    Clock UTC

    + +

    + Just say 'Yes'. +

    + +
    + +
    + +

    + Booting your system +

    + +

    + At this point, you will have finished the installation. At your GRUB payload, press C to get to the command line. +

    + +

    + Do that:
    + grub> cryptomount -a (ahci0,msdos1)
    + grub> set root='lvm/grubcrypt-trisquel'
    + grub> linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
    + grub> initrd /initrd.img
    + grub> boot +

    + +
    + +
    + +

    + ecryptfs +

    + +

    + If you didn't encrypt your home directory, then you can safely ignore this section. +

    + +

    + Immediately after logging in, do that:
    + $ sudo ecryptfs-unwrap-passphrase +

    + +

    + This will be needed in the future if you ever need to recover your home directory from another system, so write it down and keep the note + somewhere secret. Ideally, you should memorize it and then burn the note (or not even write it down, and memorize it still)> +

    + +
    + +
    + +

    + Modify grub.cfg (CBFS) +

    + +

    + Now you need to set it up so that the system will automatically boot, without having to type a bunch of commands. +

    + +

    + Modify your grub.cfg (in the firmware) using this tutorial; + just change the default menu entry 'Load Operating System' to say this inside: +

    + +

    + cryptomount -a (ahci0,msdos1)
    + set root='lvm/grubcrypt-trisquel'
    + linux /vmlinuz root=/dev/mapper/grubcrypt-trisquel cryptdevice=/dev/mapper/grubcrypt-trisquel:root
    + initrd /initrd.img +

    + +

    + Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see + GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. This should be different than your LUKS passphrase and user password. +

    + +

    + The GRUB utility can be used like so:
    + $ grub-mkpasswd-pbkdf2 +

    + +

    + Give it a password (remember, it has to be secure) and it'll output something like:
    + grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711 +

    + +

    + Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):
    +

    +
    +set superusers="root"
    +password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
    +			
    -

    - The GRUB utility can be used like so:
    - $ grub-mkpasswd-pbkdf2 -

    +

    + Obviously, replace it with the correct hash that you actually got for the password that you entered. Meaning, not the hash that you see above! +

    -

    - Give it a password (remember, it has to be secure) and it'll output something like:
    - grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711 -

    +

    + After this, you will have a modified ROM with the menu entry for cryptomount, and the entry before that for the GRUB password. Flash the modified ROM + using this tutorial. +

    + +
    -

    - Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):
    -

    -
    -set superusers="root"
    -password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
    -		
    +

    - Obviously, replace it with the correct hash that you actually got for the password that you entered. Meaning, not the hash that you see above! + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    - After this, you will have a modified ROM with the menu entry for cryptomount, and the entry before that for the GRUB password. Flash the modified ROM - using this tutorial. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/gnulinux/grub_boot_installer.html b/docs/gnulinux/grub_boot_installer.html index 8a5a8f8..3a99d00 100644 --- a/docs/gnulinux/grub_boot_installer.html +++ b/docs/gnulinux/grub_boot_installer.html @@ -12,144 +12,168 @@ -
    +

    Boot a GNU/Linux installer on USB

    - -
    - -

    Prepare the USB drive (in GNU/Linux)

    - -

    - Connect the USB drive. Check dmesg:
    - $ dmesg
    - - Check lsblk to confirm which drive it is:
    - $ lsblk -

    - -

    - Check that it wasn't automatically mounted. If it was, unmount it. For example:
    - $ sudo umount /dev/sdb*
    - # umount /dev/sdb* -

    +

    + Back to previous index +

    + -

    - dmesg told you what device it is. Overwrite the drive, writing your distro ISO to it with dd. For example:
    - $ sudo dd if=gnulinux.iso of=/dev/sdb bs=8M; sync
    - # dd if=gnulinux.iso of=/dev/sdb bs=8M; sync -

    +
    -

    GNU Guix System Distribution?

    +

    Prepare the USB drive (in GNU/Linux)

    -

    - Guix USB installers use the GRUB bootloader, unlike most GNU/Linux installers which will likely use ISOLINUX. -

    -

    - To boot the Guix live USB install, select Search for GRUB configuration (grub.cfg) outside of CBFS from - the GRUB payload menu. After you have done that, a new menuentry will appear at the very bottom with text like - Load Config from (usb0); select that, and it should boot. -

    -

    - Once you have installed Guix onto the main storage device, check - grub_cbfs.html#libreboot_grub_config_ondisk for hints on how - to boot it. -

    +

    + Connect the USB drive. Check dmesg:
    + $ dmesg
    -

    Booting ISOLINUX images

    + Check lsblk to confirm which drive it is:
    + $ lsblk +

    -

    - Boot it in GRUB using the Parse ISOLINUX config (USB) option. +

    + Check that it wasn't automatically mounted. If it was, unmount it. For example:
    + $ sudo umount /dev/sdb*
    + # umount /dev/sdb* +

    - A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual - ISOLINUX menu provided by that distro. -

    +

    + dmesg told you what device it is. Overwrite the drive, writing your distro ISO to it with dd. For example:
    + $ sudo dd if=gnulinux.iso of=/dev/sdb bs=8M; sync
    + # dd if=gnulinux.iso of=/dev/sdb bs=8M; sync +

    + +
    -

    Booting manually

    - -

    - If the ISOLINUX parser or Search for GRUB configuration options won't work, then press C to get to the GRUB command line.
    - grub> ls
    - - Get the device from above output, eg (usb0). Example:
    - grub> cat (usb0)/isolinux/isolinux.cfg
    +

    + +

    GNU Guix System Distribution?

    - Either this will show the ISOLINUX menuentries for that ISO, or link to other .cfg files, for example /isolinux/foo.cfg.
    +

    + Guix USB installers use the GRUB bootloader, unlike most GNU/Linux installers which will likely use ISOLINUX. +

    +

    + To boot the Guix live USB install, select Search for GRUB configuration (grub.cfg) outside of CBFS from + the GRUB payload menu. After you have done that, a new menuentry will appear at the very bottom with text like + Load Config from (usb0); select that, and it should boot. +

    +

    + Once you have installed Guix onto the main storage device, check + grub_cbfs.html#libreboot_grub_config_ondisk for hints on how + to boot it. +

    + +
    - If it did that, then you do:
    - grub> cat (usb0)/isolinux/foo.cfg
    +
    + +

    Booting ISOLINUX images

    - And so on, until you find the correct menuentries for ISOLINUX. -

    +

    + Boot it in GRUB using the Parse ISOLINUX config (USB) option. -

    - Now look at the ISOLINUX menuentry. It'll look like:
    - - kernel /path/to/kernel
    - append PARAMETERS initrd=/path/to/initrd MAYBE_MORE_PARAMETERS
    -
    - - GRUB works the same way, but in it's own way. Example GRUB commands:
    - grub> linux (usb0)/path/to/kernel PARAMETERS MAYBE_MORE_PARAMETERS
    - grub> initrd (usb0)/path/to/initrd
    - grub> boot
    - - Of course this will vary from distro to distro. If you did all that correctly, it should now be booting the ISO - the way you specified. -

    + A new menu should appear in GRUB, showing the boot options for that distro; this is a GRUB menu, converted from the usual + ISOLINUX menu provided by that distro. +

    + +
    + +
    + +

    Booting manually

    -

    Troubleshooting

    +

    + If the ISOLINUX parser or Search for GRUB configuration options won't work, then press C to get to the GRUB command line.
    + grub> ls
    -

    - Most of these issues occur when using libreboot with coreboot's 'text mode' instead of the coreboot framebuffer. - This mode is useful for booting payloads like memtest86+ which expect text-mode, but for GNU/Linux distributions - it can be problematic when they are trying to switch to a framebuffer because it doesn't exist. -

    + Get the device from above output, eg (usb0). Example:
    + grub> cat (usb0)/isolinux/isolinux.cfg
    -

    - In most cases, you should use the vesafb ROM's. Example filename: libreboot_ukdvorak_vesafb.rom. -

    + Either this will show the ISOLINUX menuentries for that ISO, or link to other .cfg files, for example /isolinux/foo.cfg.
    -

    parabola won't boot in text-mode

    + If it did that, then you do:
    + grub> cat (usb0)/isolinux/foo.cfg
    -

    - Use one of the ROM images with vesafb in the filename (uses coreboot framebuffer instead of text-mode). + And so on, until you find the correct menuentries for ISOLINUX.

    -

    debian-installer (trisquel net install) graphical corruption in text-mode

    - When using the ROM images that use coreboot's "text mode" instead of the coreboot framebuffer, - booting the Trisquel net installer results in graphical corruption because it is trying to switch to a framebuffer which doesn't - exist. Use that kernel parameter on the 'linux' line when booting it:
    - vga=normal fb=false + Now look at the ISOLINUX menuentry. It'll look like:
    + + kernel /path/to/kernel
    + append PARAMETERS initrd=/path/to/initrd MAYBE_MORE_PARAMETERS
    +
    + + GRUB works the same way, but in it's own way. Example GRUB commands:
    + grub> linux (usb0)/path/to/kernel PARAMETERS MAYBE_MORE_PARAMETERS
    + grub> initrd (usb0)/path/to/initrd
    + grub> boot
    + + Of course this will vary from distro to distro. If you did all that correctly, it should now be booting the ISO + the way you specified.

    + +
    -

    - Tested in Trisquel 6 (and 7). This forces debian-installer to start in text-mode, instead of trying to switch to a framebuffer. -

    +
    + +

    Troubleshooting

    - If selecting text-mode from a GRUB menu created using the ISOLINUX parser, you can press E on the menu entry to add this. - Or, if you are booting manually (from GRUB terminal) then just add the parameters. + Most of these issues occur when using libreboot with coreboot's 'text mode' instead of the coreboot framebuffer. + This mode is useful for booting payloads like memtest86+ which expect text-mode, but for GNU/Linux distributions + it can be problematic when they are trying to switch to a framebuffer because it doesn't exist.

    - This workaround was found on the page: https://www.debian.org/releases/stable/i386/ch05s04.html. - It should also work for gNewSense, Debian and any other apt-get distro that provides debian-installer (text mode) net install method. + In most cases, you should use the vesafb ROM's. Example filename: libreboot_ukdvorak_vesafb.rom.

    -
    +

    parabola won't boot in text-mode

    + +

    + Use one of the ROM images with vesafb in the filename (uses coreboot framebuffer instead of text-mode). +

    + +

    debian-installer (trisquel net install) graphical corruption in text-mode

    +

    + When using the ROM images that use coreboot's "text mode" instead of the coreboot framebuffer, + booting the Trisquel net installer results in graphical corruption because it is trying to switch to a framebuffer which doesn't + exist. Use that kernel parameter on the 'linux' line when booting it:
    + vga=normal fb=false +

    + +

    + Tested in Trisquel 6 (and 7). This forces debian-installer to start in text-mode, instead of trying to switch to a framebuffer. +

    -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + If selecting text-mode from a GRUB menu created using the ISOLINUX parser, you can press E on the menu entry to add this. + Or, if you are booting manually (from GRUB terminal) then just add the parameters. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This workaround was found on the page: https://www.debian.org/releases/stable/i386/ch05s04.html. + It should also work for gNewSense, Debian and any other apt-get distro that provides debian-installer (text mode) net install method. +

    + +
    + +
    + +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/gnulinux/grub_cbfs.html b/docs/gnulinux/grub_cbfs.html index c22d71d..73cce0c 100644 --- a/docs/gnulinux/grub_cbfs.html +++ b/docs/gnulinux/grub_cbfs.html @@ -12,444 +12,467 @@ -
    +

    How to change your default GRUB menu

    - -
    - -

    - Libreboot uses the GRUB payload - by default, which means that the GRUB configuration file - (where your GRUB menu comes from) is stored directly alongside libreboot - and it's GRUB payload executable, inside - the flash chip. In context, this means that installing distributions and managing them - is handled slightly differently compared to traditional BIOS systems. -

    - -

    - A libreboot (or coreboot) ROM image is not simply "flat"; there is an actual - filesystem inside called CBFS (coreboot filesystem). A utility called 'cbfstool' - allows you to change the contents of the ROM image. In this case, libreboot is configured - such that the 'grub.cfg' and 'grubtest.cfg' files exists directly inside CBFS instead of - inside the GRUB payload 'memdisk' (which is itself stored in CBFS). -

    -

    - You can either modify - the GRUB configuration stored in the flash chip, or you can modify a GRUB configuration - file on the main storage which the libreboot GRUB payload will automatically search for. -

    - -

    - Here is an excellent writeup about CBFS (coreboot filesystem): - http://lennartb.home.xs4all.nl/coreboot/col5.html. -

    - -
    - -

    Table of Contents

    - - - -
    - -

    Getting started

    +

    + Libreboot uses the GRUB payload + by default, which means that the GRUB configuration file + (where your GRUB menu comes from) is stored directly alongside libreboot + and it's GRUB payload executable, inside + the flash chip. In context, this means that installing distributions and managing them + is handled slightly differently compared to traditional BIOS systems. +

    +

    + A libreboot (or coreboot) ROM image is not simply "flat"; there is an actual + filesystem inside called CBFS (coreboot filesystem). A utility called 'cbfstool' + allows you to change the contents of the ROM image. In this case, libreboot is configured + such that the 'grub.cfg' and 'grubtest.cfg' files exists directly inside CBFS instead of + inside the GRUB payload 'memdisk' (which is itself stored in CBFS). +

    +

    + You can either modify + the GRUB configuration stored in the flash chip, or you can modify a GRUB configuration + file on the main storage which the libreboot GRUB payload will automatically search for. +

    +

    + Here is an excellent writeup about CBFS (coreboot filesystem): + http://lennartb.home.xs4all.nl/coreboot/col5.html. +

    +

    + Back to previous index +

    + -

    - Download the latest release from - http://libreboot.org/ -
    If you downloaded from git, refer to - ../git/index.html#build_meta before continuing. -

    + -

    - Install the build dependencies. -

    +
    -

    - Back to top of page. -

    +

    Getting started

    -
    - -

    Don't want to flash a new ROM image?

    +

    + Download the latest release from + http://libreboot.org/ +
    If you downloaded from git, refer to + ../git/index.html#build_meta before continuing. +

    -

    - There are several advantages to modifying the GRUB configuration stored in CBFS, but - this also means that you have to flash a new libreboot ROM image on your machine (some users - feel intimidated by this, to say the least). - Doing so can be risky if not handled correctly, because it can result in a bricked - machine (recovery is easy if you have the equipment - for it, but most people don't). If you aren't up to that then don't worry; it is possible - to use a custom GRUB menu without flashing a new image, by loading a GRUB configuration - from a partition on the main storage instead. -

    +

    + Install the build dependencies. +

    -

    - By default, GRUB in libreboot is configured to scan all partitions on the main storage - for /boot/grub/libreboot_grub.cfg or /grub/libreboot_grub.cfg(for systems where /boot - is on a dedicated partition), and then use it automatically. -

    -

    - Simply create your custom GRUB configuration and save it to /boot/grub/libreboot_grub.cfg - on the running system. The next time you boot, GRUB (in libreboot) will automatically switch to - this configuration file. This means that you do not have to re-flash, recompile or otherwise - modify libreboot at all! -

    +

    + Back to top of page. +

    + +
    -

    - Ideally, your distribution should automatically generate a libreboot_grub.cfg file that is written - specifically under the assumption that it will be read and used on a libreboot system that uses - GRUB as a payload. If your distribution does not do this, then you can try to add that feature - yourself or politely ask someone involved with or otherwise knowledgeable about the distribution - to do it for you. The libreboot_grub.cfg could either contain the full configuration, or it could - chainload another GRUB ELF executable (built to be used as a coreboot payload) that is located in - a partition on the main storage. -

    +
    -

    - If you want to adapt a copy of the existing libreboot GRUB configuration and use that for the libreboot_grub.cfg file, then - follow #build_cbfstool, #which_rom and - #extract_grubtest to get the grubtest.cfg. - Rename grubtest.cfg to libreboot_grub.cfg and save it to /boot/grub/ - on the running system where it is intended to be used. Modify the file at that location however you see fit, - and then stop reading this guide (the rest of this page is irrelevant to you); in libreboot_grub.cfg on disk, - if you are adapting it based on grub.cfg from CBFS then remove the check for libreboot_grub.cfg otherwise it will loop.. -

    - -

    - Back to top of page. -

    - -
    +

    Don't want to flash a new ROM image?

    -

    Build 'cbfstool' from source

    - -

    - If you are working with libreboot_src, then you can run make command in - libreboot_src/coreboot/util/cbfstool to build the cbfstool and rmodtool - executable. -

    -

    - Alternatively if you are working with libreboot_bin, you will find binaries under ./cbfstool/ -

    +

    + There are several advantages to modifying the GRUB configuration stored in CBFS, but + this also means that you have to flash a new libreboot ROM image on your machine (some users + feel intimidated by this, to say the least). + Doing so can be risky if not handled correctly, because it can result in a bricked + machine (recovery is easy if you have the equipment + for it, but most people don't). If you aren't up to that then don't worry; it is possible + to use a custom GRUB menu without flashing a new image, by loading a GRUB configuration + from a partition on the main storage instead. +

    -

    - Back to top of page. -

    +

    + By default, GRUB in libreboot is configured to scan all partitions on the main storage + for /boot/grub/libreboot_grub.cfg or /grub/libreboot_grub.cfg(for systems where /boot + is on a dedicated partition), and then use it automatically. +

    +

    + Simply create your custom GRUB configuration and save it to /boot/grub/libreboot_grub.cfg + on the running system. The next time you boot, GRUB (in libreboot) will automatically switch to + this configuration file. This means that you do not have to re-flash, recompile or otherwise + modify libreboot at all! +

    -
    +

    + Ideally, your distribution should automatically generate a libreboot_grub.cfg file that is written + specifically under the assumption that it will be read and used on a libreboot system that uses + GRUB as a payload. If your distribution does not do this, then you can try to add that feature + yourself or politely ask someone involved with or otherwise knowledgeable about the distribution + to do it for you. The libreboot_grub.cfg could either contain the full configuration, or it could + chainload another GRUB ELF executable (built to be used as a coreboot payload) that is located in + a partition on the main storage. +

    + +

    + If you want to adapt a copy of the existing libreboot GRUB configuration and use that for the libreboot_grub.cfg file, then + follow #build_cbfstool, #which_rom and + #extract_grubtest to get the grubtest.cfg. + Rename grubtest.cfg to libreboot_grub.cfg and save it to /boot/grub/ + on the running system where it is intended to be used. Modify the file at that location however you see fit, + and then stop reading this guide (the rest of this page is irrelevant to you); in libreboot_grub.cfg on disk, + if you are adapting it based on grub.cfg from CBFS then remove the check for libreboot_grub.cfg otherwise it will loop.. +

    -

    Which ROM image should I use?

    +

    + Back to top of page. +

    + +
    -

    - You can work directly with one of the ROM images already included in the libreboot ROM archives. For the purpose of - this tutorial it is assumed that your ROM image file is named libreboot.rom, so please make sure to adapt. -

    +
    -

    - If you want to re-use the ROM that you currently have flashed (and running) then see - ../git/index.html#build_flashrom - and then run:
    - $ sudo ./flashrom -p internal -r libreboot.rom
    - Notice that this is using "-r" (read) instead of "-w" (write). - This will create a dump (copy) of your current firmware and name it libreboot.rom. - You need to take ownership of the file. For example:
    - $ sudo chown yourusername:yourusername libreboot.rom
    - # chown yourusername:yourusername libreboot.rom -

    +

    Build 'cbfstool' from source

    -

    - If you currently have flashed a ROM image from an older version, it is recommended to update first: - basically, modify one of the latest ROM images and then flash it. -

    +

    + If you are working with libreboot_src, then you can run make command in + libreboot_src/coreboot/util/cbfstool to build the cbfstool and rmodtool + executable. +

    +

    + Alternatively if you are working with libreboot_bin, you will find binaries under ./cbfstool/ +

    -

    - Back to top of page. -

    +

    + Back to top of page. +

    + +
    -
    +
    -

    Extract grubtest.cfg from the ROM image

    +

    Which ROM image should I use?

    -

    - Display contents of ROM:
    - $ ./cbfstool libreboot.rom print -

    +

    + You can work directly with one of the ROM images already included in the libreboot ROM archives. For the purpose of + this tutorial it is assumed that your ROM image file is named libreboot.rom, so please make sure to adapt. +

    -

    - The libreboot.rom file contains your grub.cfg and grubtest.cfg files. - You should extract, modify and re-insert the copy first. grub.cfg will load first, - but it has a menu entry for switching to the copy (grubtest.cfg). - This reduces your chance of making a mistake that could make your machine unbootable (or very hard to boot). -

    +

    + If you want to re-use the ROM that you currently have flashed (and running) then see + ../git/index.html#build_flashrom + and then run:
    + $ sudo ./flashrom -p internal -r libreboot.rom
    + Notice that this is using "-r" (read) instead of "-w" (write). + This will create a dump (copy) of your current firmware and name it libreboot.rom. + You need to take ownership of the file. For example:
    + $ sudo chown yourusername:yourusername libreboot.rom
    + # chown yourusername:yourusername libreboot.rom +

    -

    - Extract grubtest.cfg from the ROM image:
    - $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg -

    +

    + If you currently have flashed a ROM image from an older version, it is recommended to update first: + basically, modify one of the latest ROM images and then flash it. +

    -

    - Now you have a grubtest.cfg in cbfstool directory. Edit it however you wish. -

    +

    + Back to top of page. +

    + +
    -

    - Back to top of page. -

    +
    -
    +

    Extract grubtest.cfg from the ROM image

    -
    +

    + Display contents of ROM:
    + $ ./cbfstool libreboot.rom print +

    -

    Example modifications for grubtest.cfg

    +

    + The libreboot.rom file contains your grub.cfg and grubtest.cfg files. + You should extract, modify and re-insert the copy first. grub.cfg will load first, + but it has a menu entry for switching to the copy (grubtest.cfg). + This reduces your chance of making a mistake that could make your machine unbootable (or very hard to boot). +

    - These are some common examples of ways in which the grubtest.cfg file can be modified. + Extract grubtest.cfg from the ROM image:
    + $ ./cbfstool libreboot.rom extract -n grubtest.cfg -f grubtest.cfg

    -

    Trisquel GNU/Linux-libre

    +

    + Now you have a grubtest.cfg in cbfstool directory. Edit it however you wish. +

    -

    - As an example, on my test system in /boot/grub/grub.cfg (on the HDD/SSD) I see for the main menu entry: -

    -
      -
    • linux /boot/vmlinuz-3.15.1-gnu.nonpae root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro crashkernel=384M-2G:64M,2G-:128M quiet splash $vt_handoff
    • -
    • initrd /boot/initrd.img-3.15.1-gnu.nonpae
    • -
    +

    + Back to top of page. +

    + +
    -

    - ro, quiet, splash, crashkernel=384M-2G:64M,2G-:128M and - $vt_handoff can be safely ignored. -

    +
    -

    - I use this to get my partition layout:
    - $ lsblk -

    +
    -

    - In my case, I have no /boot partition, instead /boot is on the same partition as / on sda1. - Yours might be different. In GRUB terms, sda means ahci0. 1 means msdos1, or gpt1, depending - on whether I am using MBR or GPT partitioning. Thus, /dev/sda1 is GRUB is (ahci0,msdos1) or - (ahci0,gpt1). In my case, I use MBR partitioning so it's (ahci0,msdos1). - 'msdos' is a GRUB name simply because this partitioning type is traditionally used by MS-DOS. - It doesn't mean that you have a proprietary OS. -

    +

    Example modifications for grubtest.cfg

    - Trisquel doesn't keep the filenames of kernels consistent, instead it keeps old kernels and - new kernel updates are provided with the version in the filename. This can make GRUB payload - a bit tricky. Fortunately, there are symlinks /vmlinuz and /initrd.img - so if your /boot and / are on the same partition, you can set GRUB to boot from that. - These are also updated automatically when installing kernel updates from your distributions - apt-get repositories. - - Note: when using jxself kernel releases, - these are not updated at all and you have to update them manually. - + These are some common examples of ways in which the grubtest.cfg file can be modified.

    -

    - For the GRUB payload grubtest.cfg (in the 'Load Operating System' menu entry), we therefore have (in this example):
    - set root='ahci0,msdos1'
    - linux /vmlinuz root=UUID=3a008e14-4871-497b-95e5-fb180f277951
    - initrd /initrd.img -

    +

    Trisquel GNU/Linux-libre

    + +

    + As an example, on my test system in /boot/grub/grub.cfg (on the HDD/SSD) I see for the main menu entry: +

    +
      +
    • linux /boot/vmlinuz-3.15.1-gnu.nonpae root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro crashkernel=384M-2G:64M,2G-:128M quiet splash $vt_handoff
    • +
    • initrd /boot/initrd.img-3.15.1-gnu.nonpae
    • +
    + +

    + ro, quiet, splash, crashkernel=384M-2G:64M,2G-:128M and + $vt_handoff can be safely ignored. +

    + +

    + I use this to get my partition layout:
    + $ lsblk +

    + +

    + In my case, I have no /boot partition, instead /boot is on the same partition as / on sda1. + Yours might be different. In GRUB terms, sda means ahci0. 1 means msdos1, or gpt1, depending + on whether I am using MBR or GPT partitioning. Thus, /dev/sda1 is GRUB is (ahci0,msdos1) or + (ahci0,gpt1). In my case, I use MBR partitioning so it's (ahci0,msdos1). + 'msdos' is a GRUB name simply because this partitioning type is traditionally used by MS-DOS. + It doesn't mean that you have a proprietary OS. +

    + +

    + Trisquel doesn't keep the filenames of kernels consistent, instead it keeps old kernels and + new kernel updates are provided with the version in the filename. This can make GRUB payload + a bit tricky. Fortunately, there are symlinks /vmlinuz and /initrd.img + so if your /boot and / are on the same partition, you can set GRUB to boot from that. + These are also updated automatically when installing kernel updates from your distributions + apt-get repositories. + + Note: when using jxself kernel releases, + these are not updated at all and you have to update them manually. + +

    + +

    + For the GRUB payload grubtest.cfg (in the 'Load Operating System' menu entry), we therefore have (in this example):
    + set root='ahci0,msdos1'
    + linux /vmlinuz root=UUID=3a008e14-4871-497b-95e5-fb180f277951
    + initrd /initrd.img +

    + +

    + Optionally, you can convert the UUID to its real device name, for example /dev/sda1 in this case. + sdX naming isn't very reliable, though, which is why UUID is used for most distributions. +

    + +

    + Alternatively, if your /boot is on a separate partition then you cannot rely on the /vmlinuz and /initrd.img symlinks. + Instead, go into /boot and create your own symlinks (update them manually when you install a new kernel update).
    + $ sudo -s
    + # cd /boot/
    + # rm -rf vmlinuz initrd.img
    + # ln -s kernel ksym
    + # ln -s initrd isym
    + # exit +

    + +

    + Replace the underlined kernel and initrd filenames above with the actual filenames, of course. +

    + +

    + Then your grubtest.cfg menu entry (for payload) becomes like that, for example if / was on sda2 and /boot was on sda1:
    + set root='ahci0,msdos1'
    + linux /ksym root=/dev/sda2
    + initrd /isym +

    + +

    + There are lots of possible variations so please try to adapt. +

    + +

    Parabola GNU/Linux-libre

    + +

    + You can basically adapt the above. Note however that Parabola does not keep old kernels still installed, and the file names + are always consistent, so you don't need to boot from symlinks, you can just use the real thing directly. +

    + +
    -

    - Optionally, you can convert the UUID to its real device name, for example /dev/sda1 in this case. - sdX naming isn't very reliable, though, which is why UUID is used for most distributions. -

    +

    + Back to top of page. +

    + +
    -

    - Alternatively, if your /boot is on a separate partition then you cannot rely on the /vmlinuz and /initrd.img symlinks. - Instead, go into /boot and create your own symlinks (update them manually when you install a new kernel update).
    - $ sudo -s
    - # cd /boot/
    - # rm -rf vmlinuz initrd.img
    - # ln -s kernel ksym
    - # ln -s initrd isym
    - # exit -

    +
    -

    - Replace the underlined kernel and initrd filenames above with the actual filenames, of course. -

    +

    Re-insert the modified grubtest.cfg into the ROM image

    -

    - Then your grubtest.cfg menu entry (for payload) becomes like that, for example if / was on sda2 and /boot was on sda1:
    - set root='ahci0,msdos1'
    - linux /ksym root=/dev/sda2
    - initrd /isym -

    +

    + Delete the grubtest.cfg that remained inside the ROM:
    + $ ./cbfstool libreboot.rom remove -n grubtest.cfg +

    -

    - There are lots of possible variations so please try to adapt. -

    +

    + Display ROM contents and now you see grubtest.cfg no longer exists there:
    + $ ./cbfstool libreboot.rom print +

    -

    Parabola GNU/Linux-libre

    +

    + Add the modified version that you just made:
    + $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw +

    -

    - You can basically adapt the above. Note however that Parabola does not keep old kernels still installed, and the file names - are always consistent, so you don't need to boot from symlinks, you can just use the real thing directly. -

    +

    + Now display ROM contents again and see that it exists again:
    + $ ./cbfstool libreboot.rom print +

    +

    + Back to top of page. +

    +
    -

    - Back to top of page. -

    +
    -
    - -

    Re-insert the modified grubtest.cfg into the ROM image

    - -

    - Delete the grubtest.cfg that remained inside the ROM:
    - $ ./cbfstool libreboot.rom remove -n grubtest.cfg -

    - -

    - Display ROM contents and now you see grubtest.cfg no longer exists there:
    - $ ./cbfstool libreboot.rom print -

    +

    Test it!

    -

    - Add the modified version that you just made:
    - $ ./cbfstool libreboot.rom add -n grubtest.cfg -f grubtest.cfg -t raw -

    - -

    - Now display ROM contents again and see that it exists again:
    - $ ./cbfstool libreboot.rom print -

    - -

    - Back to top of page. -

    +

    + + Now you have a modified ROM. Refer back to ../install/index.html#flashrom for information + on how to flash it. Once you have done that, shut down and then boot up with your new test configuration. + +

    -
    +

    + Choose (in GRUB) the menu entry that switches to grubtest.cfg. If it works, then your config is safe and you can continue below. +

    -

    Test it!

    +

    + + If it does not work like you want it to, if you are unsure or sceptical in any way, + then re-do the steps above until you get it right! Do *not* proceed past this point + unless you are 100% sure that your new configuration is safe (or desirable) to use. + +

    -

    - - Now you have a modified ROM. Refer back to ../install/index.html#flashrom for information - on how to flash it. Once you have done that, shut down and then boot up with your new test configuration. - -

    +

    + Back to top of page. +

    + +
    -

    - Choose (in GRUB) the menu entry that switches to grubtest.cfg. If it works, then your config is safe and you can continue below. -

    +
    -

    - - If it does not work like you want it to, if you are unsure or sceptical in any way, - then re-do the steps above until you get it right! Do *not* proceed past this point - unless you are 100% sure that your new configuration is safe (or desirable) to use. - -

    +

    Final steps

    -

    - Back to top of page. -

    +

    + Create a copy of grubtest.cfg, called grub.cfg, which is the same except for one difference: + change the menuentry 'Switch to grub.cfg' to 'Switch to grubtest.cfg' and inside it, + change all instances of grub.cfg to grubtest.cfg. This is so that the main config still + links (in the menu) to grubtest.cfg, so that you don't have to manually switch to it, in + case you ever want to follow this guide again in the future (modifying the already modified config)
    + $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e 's:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > grub.cfg
    +

    -
    +

    + Delete the grub.cfg that remained inside the ROM:
    + $ ./cbfstool libreboot.rom remove -n grub.cfg +

    -

    Final steps

    +

    + Display ROM contents and now you see grub.cfg no longer exists there:
    + $ ./cbfstool libreboot.rom print +

    -

    - Create a copy of grubtest.cfg, called grub.cfg, which is the same except for one difference: - change the menuentry 'Switch to grub.cfg' to 'Switch to grubtest.cfg' and inside it, - change all instances of grub.cfg to grubtest.cfg. This is so that the main config still - links (in the menu) to grubtest.cfg, so that you don't have to manually switch to it, in - case you ever want to follow this guide again in the future (modifying the already modified config)
    - $ sed -e 's:(cbfsdisk)/grub.cfg:(cbfsdisk)/grubtest.cfg:g' -e 's:Switch to grub.cfg:Switch to grubtest.cfg:g' < grubtest.cfg > grub.cfg
    -

    +

    + Add the modified version that you just made:
    + $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw +

    -

    - Delete the grub.cfg that remained inside the ROM:
    - $ ./cbfstool libreboot.rom remove -n grub.cfg -

    +

    + Now display ROM contents again and see that it exists again:
    + $ ./cbfstool libreboot.rom print +

    -

    - Display ROM contents and now you see grub.cfg no longer exists there:
    - $ ./cbfstool libreboot.rom print -

    +

    + + Now you have a modified ROM. Refer back to ../install/index.html#flashrom for information + on how to flash it. Once you have done that, shut down and then boot up with your new configuration. + +

    -

    - Add the modified version that you just made:
    - $ ./cbfstool libreboot.rom add -n grub.cfg -f grub.cfg -t raw -

    +

    + Back to top of page. +

    + +
    -

    - Now display ROM contents again and see that it exists again:
    - $ ./cbfstool libreboot.rom print -

    +
    -

    - - Now you have a modified ROM. Refer back to ../install/index.html#flashrom for information - on how to flash it. Once you have done that, shut down and then boot up with your new configuration. - -

    +

    Troubleshooting

    -

    - Back to top of page. -

    +

    + A user reported that segmentation faults occur with cbfstool + when using this procedure depending on the size of the grub.cfg being re-insterted. + In his case, a minimum size of 857 bytes was required. This could (at the time of + this release) be a bug in cbfstool that should be investigated with the coreboot + community. If cbfstool segfaults, then keep this in mind. 'strace' (or gdb? clang?) + could be used for debugging. This was in libreboot 5th release (based on coreboot + from late 2013), and I'm not sure if the issue persists in the current releases. + I have not been able to reproduce it. strace (from that user) is here: + cbfstool_libreboot5_strace. + The issue has been reported by a few users, so it does not happen all the time: + this bug (if it still exists) could (should) be reproduced. +

    -
    +

    + Back to top of page. +

    + +
    -

    Troubleshooting

    +

    - A user reported that segmentation faults occur with cbfstool - when using this procedure depending on the size of the grub.cfg being re-insterted. - In his case, a minimum size of 857 bytes was required. This could (at the time of - this release) be a bug in cbfstool that should be investigated with the coreboot - community. If cbfstool segfaults, then keep this in mind. 'strace' (or gdb? clang?) - could be used for debugging. This was in libreboot 5th release (based on coreboot - from late 2013), and I'm not sure if the issue persists in the current releases. - I have not been able to reproduce it. strace (from that user) is here: - cbfstool_libreboot5_strace. - The issue has been reported by a few users, so it does not happen all the time: - this bug (if it still exists) could (should) be reproduced. + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    - Back to top of page. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -
    - -

    - Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/gnulinux/index.html b/docs/gnulinux/index.html index c384575..e58639d 100644 --- a/docs/gnulinux/index.html +++ b/docs/gnulinux/index.html @@ -13,39 +13,45 @@ -

    GNU/Linux distributions

    +
    + +

    GNU/Linux distributions

    +

    + This section relates to dealing with GNU/Linux distributions: preparing bootable USB drives, + changing the default GRUB menu and so on. +

    +

    + Back to previous index. +

    + + +
    + +
    +

    - This section relates to dealing with GNU/Linux distributions: preparing bootable USB drives, - changing the default GRUB menu and so on. + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    +

    - Or Back to main index. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/grub/index.html b/docs/grub/index.html index e4dd8dc..8233376 100644 --- a/docs/grub/index.html +++ b/docs/grub/index.html @@ -13,111 +13,127 @@ -

    GRUB payload

    -

    - This section relates to the GRUB payload used in libreboot. -

    -

    - Or Back to main index. -

    - +
    +

    GRUB payload

    +

    + This section relates to the GRUB payload used in libreboot. +

    +

    + Or Back to main index. +

    + +
    -
    +
    -

    Setting font in GRUB (for reference)

    +

    Setting font in GRUB (for reference)

    -

    You don't need to do this unless you would like to change the default font yourself. - (this is just for reference. It has already been done for you)

    +

    You don't need to do this unless you would like to change the default font yourself. + (this is just for reference. It has already been done for you)

    -

    The old font used was Unifont, and this had some missing characters: for instance, the border showed ??? characters instead of lines.

    +

    The old font used was Unifont, and this had some missing characters: for instance, the border showed ??? characters instead of lines.

    -

    I tried DeJavu Sans Mono from this website: - dejavu-fonts.org

    +

    I tried DeJavu Sans Mono from this website: + dejavu-fonts.org

    -

    Specifically, the version that I chose was the latest at the time of writing (Saturday 21 June 2014): - this one

    +

    Specifically, the version that I chose was the latest at the time of writing (Saturday 21 June 2014): + this one

    -

    This is a free font that is also contained in GNU/Linux distributions like Trisquel or Parabola.

    +

    This is a free font that is also contained in GNU/Linux distributions like Trisquel or Parabola.

    -

    $ cd libreboot_src/grub
    - compile grub ('build' script has the info on how to do this)
    - come back out into libreboot_src/resources/grub:
    - $ cd ../libreboot_src/resources/grub/font

    +

    $ cd libreboot_src/grub
    + compile grub ('build' script has the info on how to do this)
    + come back out into libreboot_src/resources/grub:
    + $ cd ../libreboot_src/resources/grub/font

    -

    I took Dejavu Sans Mono from dejavu (included in this version of libreboot) and did:
    - $ ../../../grub/grub-mkfont -o dejavusansmono.pf2 ../../../dejavu-fonts-ttf-2.34/ttf/DejaVuSansMono.ttf

    +

    I took Dejavu Sans Mono from dejavu (included in this version of libreboot) and did:
    + $ ../../../grub/grub-mkfont -o dejavusansmono.pf2 ../../../dejavu-fonts-ttf-2.34/ttf/DejaVuSansMono.ttf

    -

    I then added the instructions to 'build' script to include resources/grub/dejavusansmono.pf2 in all of the ROM images in root of cbfs.
    - I then added that instructions to the grub.cfg files (to load the font):
    - loadfont (cbfsdisk)/dejavusansmono.pf2

    +

    I then added the instructions to 'build' script to include resources/grub/dejavusansmono.pf2 in all of the ROM images in root of cbfs.
    + I then added that instructions to the grub.cfg files (to load the font):
    + loadfont (cbfsdisk)/dejavusansmono.pf2

    -

    Back to top of page

    +

    Back to top of page

    + +
    + +
    -
    +

    GRUB keyboard layouts (for reference)

    -

    GRUB keyboard layouts (for reference)

    +
    + +

    Custom keyboard layout in GRUB (for reference)

    -

    Custom keyboard layout in GRUB (for reference)

    +

    + Keymaps are stored in resources/utilities/grub-assemble/keymap/. +

    -

    - Keymaps are stored in resources/utilities/grub-assemble/keymap/. -

    +

    + Example (French Azerty):
    + $ ckbcomp fr > frazerty

    + Go in grub directory:
    + cat frazerty | ./grub/grub-mklayout -o frazerty.gkb +

    -

    - Example (French Azerty):
    - $ ckbcomp fr > frazerty

    - Go in grub directory:
    - cat frazerty | ./grub/grub-mklayout -o frazerty.gkb -

    +

    + You must make sure that the files are named keymap and keymap.gkb (where 'keymap' can be whatever you want). +

    -

    - You must make sure that the files are named keymap and keymap.gkb (where 'keymap' can be whatever you want). -

    +

    + Then from the above example, you would put frazerty in resources/utilities/grub-assemble/keymap/original/ and + the frazerty.gkb file goes under resources/utilities/grub-assemble/keymap/ +

    -

    - Then from the above example, you would put frazerty in resources/utilities/grub-assemble/keymap/original/ and - the frazerty.gkb file goes under resources/utilities/grub-assemble/keymap/ -

    +

    + The scripts build and buildrom-withgrub will automatically see this, and automatically build + ROM images with your custom layout (given the name) and include them under bin. Example: libreboot_frazerty.rom. +

    -

    - The scripts build and buildrom-withgrub will automatically see this, and automatically build - ROM images with your custom layout (given the name) and include them under bin. Example: libreboot_frazerty.rom. -

    +

    Back to top of page

    + +
    + +
    -

    Back to top of page

    +

    UK Dvorak keyboard layout in GRUB (for reference)

    -

    UK Dvorak keyboard layout in GRUB (for reference)

    +

    + ukdvorak had to be created manually, based on usdvorak. diff them (under resources/utilities/grub-assemble/keymap/original) + to see how ukdvorak file was created +

    -

    - ukdvorak had to be created manually, based on usdvorak. diff them (under resources/utilities/grub-assemble/keymap/original) - to see how ukdvorak file was created -

    - -

    $ cat ukdvorak | ./grub/grub-mklayout -o ukdvorak.gkb

    +

    $ cat ukdvorak | ./grub/grub-mklayout -o ukdvorak.gkb

    -

    Back to top of page

    +

    Back to top of page

    + +
    + +
    -
    +
    -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/hardware/index.html b/docs/hardware/index.html index 4ad8b68..9c53f0a 100644 --- a/docs/hardware/index.html +++ b/docs/hardware/index.html @@ -13,34 +13,38 @@ -

    Hardware maintenance

    +
    +

    Hardware maintenance

    +

    + This section relates to hardware maintenance on supported targets. +

    +

    + Back to previous index. +

    + +
    + +
    +

    - This section relates to hardware maintenance on supported targets. + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    +

    - Or Back to main index. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/hardware/t60_heatsink.html b/docs/hardware/t60_heatsink.html index 4795002..1f0fd3b 100644 --- a/docs/hardware/t60_heatsink.html +++ b/docs/hardware/t60_heatsink.html @@ -8,121 +8,132 @@ @import url('../css/main.css'); - Libreboot documentation: Unbricking the ThinkPad T60 + Changing the heatsink or CPU on a ThinkPad T60 -
    +

    Changing heatsink (or CPU) on the ThinkPad T60

    - -
    - -

    Or go back to main index

    - -

    Hardware requirements

    -
      -
    • rubbing alcohol or isopropyl alcohol, and thermal compound for changing CPU heatsink (procedure involves removing heatsink)
    • -
    • thermal compound/paste (Arctic Silver 5 is good. Others are also good.)
    • -
    - -

    Software requirements

    -
      -
    • xsensors
    • -
    • stress
    • -
    - -

    Disassembly

    - -

    - Remove those screws and remove the HDD:
    - -

    - -

    - Lift off the palm rest:
    - -

    - -

    - Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:
    - -

    - -

    - Gently wedge both sides loose:
    - -

    - -

    - Remove that cable from the position:
    - -

    - -

    - Remove the bezel (sorry forgot to take pics). -

    - -

    - On the CPU (and there is another chip south-east to it, sorry forgot to take pic) - clean off the old thermal paste (with the alcohol) and apply new (Artic Silver 5 is good, others are good too) - you should also clean the heatsink the same way
    - -

    - -

    - This is also an opportunity to change the CPU to another one. For example if you had a Core Duo T2400, you can upgrade it to a better processor - (higher speed, 64-bit support). A Core 2 Duo T7600 was installed here. -

    - -

    - Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):
    - -

    - -

    - Reinstall that upper bezel:
    - -

    +

    + Using this guide you can also change/upgrade the CPU. +

    +

    Back to previous index

    +
    + +
    +

    Hardware requirements

    +
      +
    • rubbing alcohol or isopropyl alcohol, and thermal compound for changing CPU heatsink (procedure involves removing heatsink)
    • +
    • thermal compound/paste (Arctic Silver 5 is good. Others are also good.)
    • +
    +
    + +
    +

    Software requirements

    +
      +
    • xsensors
    • +
    • stress
    • +
    +
    + +
    + +

    Disassembly

    + +

    + Remove those screws and remove the HDD:
    + +

    + +

    + Lift off the palm rest:
    + +

    + +

    + Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:
    + +

    + +

    + Gently wedge both sides loose:
    + +

    + +

    + Remove that cable from the position:
    + +

    + +

    + Remove the bezel (sorry forgot to take pics). +

    + +

    + On the CPU (and there is another chip south-east to it, sorry forgot to take pic) + clean off the old thermal paste (with the alcohol) and apply new (Artic Silver 5 is good, others are good too) + you should also clean the heatsink the same way
    + +

    + +

    + This is also an opportunity to change the CPU to another one. For example if you had a Core Duo T2400, you can upgrade it to a better processor + (higher speed, 64-bit support). A Core 2 Duo T7600 was installed here. +

    + +

    + Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):
    + +

    + +

    + Reinstall that upper bezel:
    + +

    + +

    + Do that:
    + +

    + +

    + Attach keyboard:
    + +

    + +

    + Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:
    + +

    + +

    + It lives!
    + +

    + +

    + Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:
    + +

    + +
    + +

    - Do that:
    - + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    - Attach keyboard:
    - + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -

    - Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:
    - -

    - -

    - It lives!
    - -

    - -

    - Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:
    - -

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/hardware/t60_lcd_15.html b/docs/hardware/t60_lcd_15.html index b1293c1..e2acfc3 100644 --- a/docs/hardware/t60_lcd_15.html +++ b/docs/hardware/t60_lcd_15.html @@ -13,77 +13,84 @@ -
    +

    Changing the LCD panel on a 15.1" T60

    - -
    - -

    Or go back to main index

    - -

    Disassembly

    - -

    - Remove those covers and unscrew:
    - -

    - -

    - Gently pry off the front bezel. -

    -

    - Remove inverter board:
    - + This is for the 15.1" T60. If you have another size then the procedure will differ; for example, on 14.1" you have + to remove the hinges and the procedure is a bit more involved than on 15.1".

    +

    Back to previous index

    + + +
    + +

    Disassembly

    + +

    + Remove those covers and unscrew:
    + +

    + +

    + Gently pry off the front bezel. +

    + +

    + Remove inverter board:
    + +

    + +

    + Disconnect LCD cable:
    + +

    + +

    + Remove the panel:
    + +

    + +

    + Move the rails (left and right side) from the old panel to the new one and then attach LCD cable:
    + +

    + +

    + Insert panel (this one is an LG-Philips LP150E05-A2K1, and there are others. See ../hcl/index.html#supported_t60_list):
    + +

    + +

    + Insert new inverter board (see ../hcl/index.html#supported_t60_list for what is recommended on your LCD panel):
    + +

    + +

    + Now re-attach the front bezel and put all the screws in. +

    + +

    + It lives!
    + +

    + +
    + +

    - Disconnect LCD cable:
    - + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    - Remove the panel:
    - + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -

    - Move the rails (left and right side) from the old panel to the new one and then attach LCD cable:
    - -

    - -

    - Insert panel (this one is an LG-Philips LP150E05-A2K1, and there are others. See ../hcl/index.html#supported_t60_list):
    - -

    - -

    - Insert new inverter board (see ../hcl/index.html#supported_t60_list for what is recommended on your LCD panel):
    - -

    - -

    - Now re-attach the front bezel and put all the screws in. -

    - -

    - It lives!
    - -

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/hardware/x60_heatsink.html b/docs/hardware/x60_heatsink.html index a591e75..178af56 100644 --- a/docs/hardware/x60_heatsink.html +++ b/docs/hardware/x60_heatsink.html @@ -13,132 +13,141 @@ -
    +

    Changing the fan/heatsink on the ThinkPad X60

    - -
    - -

    Or go back to main index

    - -

    Table of Contents

    - - -

    Hardware requirements

    -
      -
    • isopropyl alcohol (sometimes called rubbing alcohol)
    • -
    • your new fan and/or heatsink
    • -
    • CPU thermal compound (some say Arctic Silver 5 or IC Diamond 7 are good, others are also 'ok')
    • -
    • Something to spread the paste with
    • -
    - -

    Software requirements (for CPU stress testing)

    -
      -
    • xsensors utility
    • -
    • stress utility
    • -
    - -

    Disassembly

    -

    - Remove those screws:
    - -

    -

    - Push the keyboard forward (carefully):
    - -

    -

    - Lift the keyboard up and disconnect it from the board:
    - -

    -

    - Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:
    - -

    -

    - You should now have this:
    - -

    -

    - Disconnect the wifi antenna cables, the modem cable and the speaker:
    - -

    -

    - Unroute the cables along their path, carefully lifting the tape that holds them in place. Then, disconnect the modem - cable (other end) and power connection and unroute all the cables so that they dangle by the monitor hinge on the right-hand - side:
    - -

    -

    - Disconnect the monitor from the motherboard, and unroute the grey antenna cable, carefully lifting the tape - that holds it into place:
    - -

    -

    - Carefully lift the remaining tape and unroute the left antenna cable so that it is loose:
    - -

    -

    - Remove those screws:
    - -

    -

    - Remove those screws:
    - -

    -

    - Carefully remove the plate, like so:
    - -

    -

    - Remove the SATA connector:
    - -

    -

    - Now remove the motherboard (gently) and cast the lcd/chassis aside:
    - -

    -

    - Look at that black tape above the heatsink, remove it:
    - -

    -

    - Now you have removed it:
    - -

    - -

    - Disconnect the fan and remove all the screws, heatsink will easily come off:
    - -

    - -

    - Remove the old paste with a cloth (from the CPU and heatsink) and then clean both of them with the alcohol (to remove remaining residue of the paste). - Apply a pea-sized amount of paste to the both chipsets that the heatsink covered and spread it evenly (uniformally). - Finally reinstall the heatsink, reversing previous steps. -

    - -

    - stress -c 2 command can be used to push the CPU to 100%, and xsensors (or watch sensors command) can be used to monitor heat. - Below 90C is ok. -

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This guide will teach you how to replace the fan and heatsink on your ThinkPad X60. +

    +

    Back to main index

    + + +
    +

    Table of Contents

    + +
    + +
    +

    Hardware requirements

    +
      +
    • isopropyl alcohol (sometimes called rubbing alcohol)
    • +
    • your new fan and/or heatsink
    • +
    • CPU thermal compound (some say Arctic Silver 5 or IC Diamond 7 are good, others are also 'ok')
    • +
    • Something to spread the paste with
    • +
    +
    + +
    +

    Software requirements (for CPU stress testing)

    +
      +
    • xsensors utility
    • +
    • stress utility
    • +
    +
    + +
    +

    Disassembly

    +

    + Remove those screws:
    + +

    +

    + Push the keyboard forward (carefully):
    + +

    +

    + Lift the keyboard up and disconnect it from the board:
    + +

    +

    + Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:
    + +

    +

    + You should now have this:
    + +

    +

    + Disconnect the wifi antenna cables, the modem cable and the speaker:
    + +

    +

    + Unroute the cables along their path, carefully lifting the tape that holds them in place. Then, disconnect the modem + cable (other end) and power connection and unroute all the cables so that they dangle by the monitor hinge on the right-hand + side:
    + +

    +

    + Disconnect the monitor from the motherboard, and unroute the grey antenna cable, carefully lifting the tape + that holds it into place:
    + +

    +

    + Carefully lift the remaining tape and unroute the left antenna cable so that it is loose:
    + +

    +

    + Remove those screws:
    + +

    +

    + Remove those screws:
    + +

    +

    + Carefully remove the plate, like so:
    + +

    +

    + Remove the SATA connector:
    + +

    +

    + Now remove the motherboard (gently) and cast the lcd/chassis aside:
    + +

    +

    + Look at that black tape above the heatsink, remove it:
    + +

    +

    + Now you have removed it:
    + +

    + +

    + Disconnect the fan and remove all the screws, heatsink will easily come off:
    + +

    + +

    + Remove the old paste with a cloth (from the CPU and heatsink) and then clean both of them with the alcohol (to remove remaining residue of the paste). + Apply a pea-sized amount of paste to the both chipsets that the heatsink covered and spread it evenly (uniformally). + Finally reinstall the heatsink, reversing previous steps. +

    + +

    + stress -c 2 command can be used to push the CPU to 100%, and xsensors (or watch sensors command) can be used to monitor heat. + Below 90C is ok. +

    +
    + +
    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    +
    diff --git a/docs/hardware/x60_keyboard.html b/docs/hardware/x60_keyboard.html index 20b905d..13e8273 100644 --- a/docs/hardware/x60_keyboard.html +++ b/docs/hardware/x60_keyboard.html @@ -13,37 +13,43 @@ -
    +

    Thinkpad X60/X60s/X60t: Change keyboard

    - -
    +

    + Use this guide to replace the keyboard on your ThinkPad X60. Also works for X60s and X60 Tablet. +

    +

    Back to previous index

    + -

    Or go back to main index

    +
    +

    Just follow these steps, and then reverse

    -

    Just follow these steps, and then reverse

    +

    +
    +
    +
    +
    + +

    + +
    + +

    -
    -
    -
    -
    - + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/hardware/x60_lcd_change.html b/docs/hardware/x60_lcd_change.html index 261814a..bb2c361 100644 --- a/docs/hardware/x60_lcd_change.html +++ b/docs/hardware/x60_lcd_change.html @@ -13,37 +13,39 @@ -
    +

    Changing the LCD panel on X60

    -
    - -

    Or go back to main index

    - -

    This tutorial is incomplete, and only pictures for now.

    - -

    - - - - - - - -

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    This tutorial is incomplete, and only pictures for now.

    +

    Back to previous index

    + + +
    +

    + + + + + + + +

    +
    + +
    + +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/hcl/index.html b/docs/hcl/index.html index 29a587a..6aec1c7 100644 --- a/docs/hcl/index.html +++ b/docs/hcl/index.html @@ -13,156 +13,164 @@ -

    Hardware compatibility list

    -

    - This sections relates to known hardware compatibility in libreboot. -

    -

    - Or back to main index. -

    - - -
    - -

    List of supported hardware

    - -

    - Libreboot supports the following machines in this release: -

    + -

    - 'Supported' means that the build scripts know how to build ROM images for these machines, - and that the machines have been tested (confirmed working). There may be exceptions; - in other words, this is a list of 'officially' supported machines. -

    +
    -

    - It is also possible to build ROM images (from source) for other machines (and virtual machines, e.g. QEMU). -

    +

    List of supported hardware

    -

    Back to top of page

    +

    + Libreboot supports the following machines in this release: +

    + -
    +

    + 'Supported' means that the build scripts know how to build ROM images for these machines, + and that the machines have been tested (confirmed working). There may be exceptions; + in other words, this is a list of 'officially' supported machines. +

    -

    Recommended wifi chipsets

    -

    - The following are known to work well: -

    - +

    + It is also possible to build ROM images (from source) for other machines (and virtual machines, e.g. QEMU). +

    -

    Back to top of page

    +

    Back to top of page

    + +
    -
    +
    -

    List of supported ThinkPad X60s

    + +

    + The following are known to work well: +

    + -

    - Native gpu initialization ('native graphics') which replaces the proprietary VGA Option ROM - ('Video BIOS' or 'VBIOS'), - all known LCD panels are currently compatible: -

    +

    Back to top of page

    + +
    -

    - To find what LCD panel you have, see: ../misc/index.html#get_edid_panelname. -

    +
    -
      -
    • TMD-Toshiba LTD121ECHB: #
    • -
    • CMO N121X5-L06: #
    • -
    • Samsung LTN121XJ-L07: #
    • -
    • BOE-Hydis HT121X01-101: #
    • -
    +

    List of supported ThinkPad X60s

    -

    - You can remove an X61/X61s motherboard from the chassis and install an X60/X60s motherboard in it's place (for flashing libreboot). The chassis is mostly identical - and the motherboards are the same shape/size. -

    +

    + Native gpu initialization ('native graphics') which replaces the proprietary VGA Option ROM + ('Video BIOS' or 'VBIOS'), + all known LCD panels are currently compatible: +

    -

    - The X60 typically comes with an Intel wifi chipset which does not work at all without proprietary firmware, and while Lenovo BIOS is running - the machine will refuse to boot if you replace the card. Fortunately it is very easily replaced; - just remove the card and install another one after libreboot is installed. See #recommended_wifi for replacements. -

    +

    + To find what LCD panel you have, see: ../misc/index.html#get_edid_panelname. +

    -

    Back to top of page.

    +
      +
    • TMD-Toshiba LTD121ECHB: #
    • +
    • CMO N121X5-L06: #
    • +
    • Samsung LTN121XJ-L07: #
    • +
    • BOE-Hydis HT121X01-101: #
    • +
    -
    +

    + You can remove an X61/X61s motherboard from the chassis and install an X60/X60s motherboard in it's place (for flashing libreboot). The chassis is mostly identical + and the motherboards are the same shape/size. +

    -

    List of supported ThinkPad X60 Tablets

    +

    + The X60 typically comes with an Intel wifi chipset which does not work at all without proprietary firmware, and while Lenovo BIOS is running + the machine will refuse to boot if you replace the card. Fortunately it is very easily replaced; + just remove the card and install another one after libreboot is installed. See #recommended_wifi for replacements. +

    -

    - Native gpu initialization ('native graphics') which replaces the proprietary VGA Option ROM - ('Video BIOS' or 'VBIOS'). -

    +

    Back to top of page.

    + +
    -

    - To find what LCD panel you have, see: ../misc/index.html#get_edid_panelname. -

    +
    -

    - There are 5 known LCD panels for the X60 Tablet: -

    -
      -
    • - X60T XGA (1024x768): -
        -
      • BOE-Hydis HV121X03-100 (works)
      • -
      • Samsung LTN121XP01 (does not work. blank screen)
      • -
      • BOE-Hydis HT12X21-351 (does not work. blank screen)
      • -
      -
    • -
    • - X60T SXGA+ (1400x1050): -
        -
      • BOE-Hydis HV121P01-100 (works)
      • -
      • BOE-Hydis HV121P01-101 (works)
      • -
      -
    • -
    +

    List of supported ThinkPad X60 Tablets

    -

    - Most X60Ts only have digitizer (pen), but some have finger (touch) aswell as pen; finger/multitouch doesn't work, only digitizer (pen) does. -

    +

    + Native gpu initialization ('native graphics') which replaces the proprietary VGA Option ROM + ('Video BIOS' or 'VBIOS'). +

    -

    - You can remove an X61/X61s motherboard from the chassis and install an X60/X60s motherboard in its place (for flashing libreboot). The chassis is mostly identical - and the motherboards are the same shape/size. It is unknown if the same applies between the X60 Tablet and the X61 Tablet. -

    +

    + To find what LCD panel you have, see: ../misc/index.html#get_edid_panelname. +

    -

    - The X60 Tablet typically comes with an Intel wifi chipset which does not work at all without proprietary firmware, and while Lenovo BIOS is running - the machine will refuse to boot if you replace the card. Fortunately it is very easily replaced; - just remove the card and install another one after libreboot is installed. See #recommended_wifi for replacements. -

    +

    + There are 5 known LCD panels for the X60 Tablet: +

    +
      +
    • + X60T XGA (1024x768): +
        +
      • BOE-Hydis HV121X03-100 (works)
      • +
      • Samsung LTN121XP01 (does not work. blank screen)
      • +
      • BOE-Hydis HT12X21-351 (does not work. blank screen)
      • +
      +
    • +
    • + X60T SXGA+ (1400x1050): +
        +
      • BOE-Hydis HV121P01-100 (works)
      • +
      • BOE-Hydis HV121P01-101 (works)
      • +
      +
    • +
    -

    - A user with a X60T that has digitizer+finger support, reported that they could get finger input working. They - used linuxwacom at git tag 0.25.99.2 and had the following in their xorg.conf: -

    +

    + Most X60Ts only have digitizer (pen), but some have finger (touch) aswell as pen; finger/multitouch doesn't work, only digitizer (pen) does. +

    + +

    + You can remove an X61/X61s motherboard from the chassis and install an X60/X60s motherboard in its place (for flashing libreboot). The chassis is mostly identical + and the motherboards are the same shape/size. It is unknown if the same applies between the X60 Tablet and the X61 Tablet. +

    + +

    + The X60 Tablet typically comes with an Intel wifi chipset which does not work at all without proprietary firmware, and while Lenovo BIOS is running + the machine will refuse to boot if you replace the card. Fortunately it is very easily replaced; + just remove the card and install another one after libreboot is installed. See #recommended_wifi for replacements. +

    + +

    + A user with a X60T that has digitizer+finger support, reported that they could get finger input working. They + used linuxwacom at git tag 0.25.99.2 and had the following in their xorg.conf: +

     # Now, for some reason (probably a bug in linuxwacom),
    @@ -173,33 +181,33 @@
     # tested with linuxwacom git 42a42b2a8636abc9e105559e5dea467163499de7
     
     Section "Monitor"
    -    Identifier             "<default monitor>"
    -    DisplaySize     245 184
    +	 Identifier             "<default monitor>"
    +	 DisplaySize     245 184
     EndSection
     
     Section "Screen"
    -    Identifier "Default Screen Section"
    -    Monitor    "<default monitor<"
    +	 Identifier "Default Screen Section"
    +	 Monitor    "<default monitor<"
     EndSection
     
     Section "InputDevice"
    -    Identifier  "WTouch"
    -    Driver      "wacom"
    -    Option      "Device" "/dev/ttyS0"
    +	 Identifier  "WTouch"
    +	 Driver      "wacom"
    +	 Option      "Device" "/dev/ttyS0"
     #    Option      "DebugLevel" "12"
    -    Option      "BaudRate" "38400"
    -    Option      "Type" "touch"
    -    Option      "Touch" "on"
    -    Option      "Gesture" "on"
    -    Option      "ForceDevice" "ISDV4"
    +	 Option      "BaudRate" "38400"
    +	 Option      "Type" "touch"
    +	 Option      "Touch" "on"
    +	 Option      "Gesture" "on"
    +	 Option      "ForceDevice" "ISDV4"
     #    Option      "KeepShape" "on"
    -    Option      "Mode" "Absolute"
    -    Option      "RawSample" "2"
    +	 Option      "Mode" "Absolute"
    +	 Option      "RawSample" "2"
     #    Option      "TPCButton" "off"
    -    Option      "TopX" "17"
    -    Option      "TopY" "53"
    -    Option      "BottomX" "961"
    -    Option      "BottomY" "985"
    +	 Option      "TopX" "17"
    +	 Option      "TopY" "53"
    +	 Option      "BottomX" "961"
    +	 Option      "BottomY" "985"
     EndSection
     
     Section "ServerLayout"
    @@ -210,310 +218,332 @@ EndSection
     
     
    -

    Back to top of page.

    - -
    - -

    Supported T60 list

    - -

    - Native gpu initialization ('native graphics') which replaces the proprietary VGA Option ROM - ('Video BIOS' or 'VBIOS'). -

    +

    Back to top of page.

    + +
    -

    - To find what LCD panel you have, see: ../misc/index.html#get_edid_panelname. -

    +
    -

    - - Some T60s have ATI GPUs, and all T60P laptops have ATI GPUs These are incompatible! See #t60_ati_intel for how to remedy this. - -

    +

    Supported T60 list

    -

    - How to dump the EDID:
    - -

    +

    + Native gpu initialization ('native graphics') which replaces the proprietary VGA Option ROM + ('Video BIOS' or 'VBIOS'). +

    -

    - Tested LCD panels: working(compatible) -

    -
      -
    • TMD-Toshiba LTD141EN9B (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the inverter board)
    • -
    • Samsung LTN141P4-L02 (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the inverter board)
    • -
    • LG-Philips LP150E05-A2K1 (15.1" 1400x1050) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • -
    • Samsung LTN150P4-L01 (15.1" 1400x1050) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board) (not a T60 screen afaik, but it works)
    • -
    • BOE-Hydis HV150UX1-100 (15.1" 1600x1200) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • -
    +

    + To find what LCD panel you have, see: ../misc/index.html#get_edid_panelname. +

    -
    +

    + + Some T60s have ATI GPUs, and all T60P laptops have ATI GPUs These are incompatible! See #t60_ati_intel for how to remedy this. + +

    - Tested LCD panels: not working yet (incompatible; see ../future/index.html#lcd_i945_incompatibility) + How to dump the EDID:
    +

    -
      -
    • Samsung LTN141XA-L01 (14.1" 1024x768)
    • -
    • LG-Philips LP150X09 (15.1" 1024x768)
    • -
    • Samsung LTN150XG (15.1" 1024x768) - EDID dump (taken using sudo i2cdump -y 5 0x50)
    • -
    • LG-Philips LP150E06-A5K4 (15.1" 1400x1050) (also, not an official T60 screen)
    • -
    • Samsung LTN154X3-L0A (15.4" 1280x800)
    • -
    • IDtech IAQX10N (15.1" 2048x1536) (no display in GRUB, display in GNU/Linux is temperamental) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • -

    - The following LCD panels are UNTESTED. If you have one of these panels - then please submit a report!: + Tested LCD panels: working(compatible)

      -
    • CMO(IDtech?) N141XC (14.1" 1024x768)
    • -
    • BOE-Hydis HT14X14 (14.1" 1024x768)
    • -
    • TMD-Toshiba LTD141ECMB (14.1" 1024x768)
    • -
    • Boe-Hydis HT14P12 (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the inverter board)
    • -
    • CMO (IDtech?) 13N7068 (15.1" 1024x768)
    • -
    • CMO (IDtech?) 13N7069 (15.1" 1024x768)
    • -
    • BOE-Hydis HV150P01-100 (15.1" 1400x1050) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • -
    • IDtech N150U3-L01 (15.1" 1600x1200) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • -
    • BOE-Hydis HV150UX1-102 (15.1" 1600x1200) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • -
    • IDtech IAQX10S (15.1" 2048x1536) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • -
    • Samsung LTN154P2-L05 (42X4641 42T0329) (15.4" 1680x1050)
    • -
    • LG-Philips LP154W02-TL10 (13N7020 42T0423) (15.4" 1680x1050)
    • -
    • LG-Philips LP154WU1-TLB1 (42T0361) (15.4" 1920x1200) (for T61p but it might work in T60. Unknown!)
    • -
    • Samsung LTN154U2-L05 (42T0408 42T0574) (15.4" 1920x1200) (for T61p but it might work in T60. Unknown!)
    • +
    • TMD-Toshiba LTD141EN9B (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the inverter board)
    • +
    • Samsung LTN141P4-L02 (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the inverter board)
    • +
    • LG-Philips LP150E05-A2K1 (15.1" 1400x1050) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • +
    • Samsung LTN150P4-L01 (15.1" 1400x1050) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board) (not a T60 screen afaik, but it works)
    • +
    • BOE-Hydis HV150UX1-100 (15.1" 1600x1200) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    -

    - It is unknown whether the 1680x1050 (15.4") and 1920x1200 (15.4") panels use a different inverter board than the 1280x800 panels. -

    +
    -

    - The T60 typically comes with an Intel wifi chipset which does not work at all without proprietary firmware, and while Lenovo BIOS is running - the machine will refuse to boot if you replace the card. Fortunately it is very easily replaced; - just remove the card and install another one after libreboot is installed. See #recommended_wifi for replacements. -

    +

    + Tested LCD panels: not working yet (incompatible; see ../future/index.html#lcd_i945_incompatibility) +

    +
      +
    • Samsung LTN141XA-L01 (14.1" 1024x768)
    • +
    • LG-Philips LP150X09 (15.1" 1024x768)
    • +
    • Samsung LTN150XG (15.1" 1024x768) - EDID dump (taken using sudo i2cdump -y 5 0x50)
    • +
    • LG-Philips LP150E06-A5K4 (15.1" 1400x1050) (also, not an official T60 screen)
    • +
    • Samsung LTN154X3-L0A (15.4" 1280x800)
    • +
    • IDtech IAQX10N (15.1" 2048x1536) (no display in GRUB, display in GNU/Linux is temperamental) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • +
    -
    +
    + +
    -

    Back to top of page.

    +

    + The following LCD panels are UNTESTED. If you have one of these panels + then please submit a report!: +

    +
      +
    • CMO(IDtech?) N141XC (14.1" 1024x768)
    • +
    • BOE-Hydis HT14X14 (14.1" 1024x768)
    • +
    • TMD-Toshiba LTD141ECMB (14.1" 1024x768)
    • +
    • Boe-Hydis HT14P12 (14.1" 1400x1050) (FRU P/N 41W1478 recommended for the inverter board)
    • +
    • CMO (IDtech?) 13N7068 (15.1" 1024x768)
    • +
    • CMO (IDtech?) 13N7069 (15.1" 1024x768)
    • +
    • BOE-Hydis HV150P01-100 (15.1" 1400x1050) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • +
    • IDtech N150U3-L01 (15.1" 1600x1200) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • +
    • BOE-Hydis HV150UX1-102 (15.1" 1600x1200) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • +
    • IDtech IAQX10S (15.1" 2048x1536) (P/N 42T0078 FRU 42T0079 or P/N 41W1338 recommended for the inverter board)
    • +
    • Samsung LTN154P2-L05 (42X4641 42T0329) (15.4" 1680x1050)
    • +
    • LG-Philips LP154W02-TL10 (13N7020 42T0423) (15.4" 1680x1050)
    • +
    • LG-Philips LP154WU1-TLB1 (42T0361) (15.4" 1920x1200) (for T61p but it might work in T60. Unknown!)
    • +
    • Samsung LTN154U2-L05 (42T0408 42T0574) (15.4" 1920x1200) (for T61p but it might work in T60. Unknown!)
    • +
    -
    +

    + It is unknown whether the 1680x1050 (15.4") and 1920x1200 (15.4") panels use a different inverter board than the 1280x800 panels. +

    -

    ThinkPad T60 (ATI GPU) and ThinkPad T60 (Intel GPU) differences.

    +

    + The T60 typically comes with an Intel wifi chipset which does not work at all without proprietary firmware, and while Lenovo BIOS is running + the machine will refuse to boot if you replace the card. Fortunately it is very easily replaced; + just remove the card and install another one after libreboot is installed. See #recommended_wifi for replacements. +

    -

    - If your T60 is a 14.1" or 15.1" model with an ATI GPU, it won't work with libreboot by default but - you can replace the motherboard with another T60 motherboard that has an Intel GPU, and then libreboot should work. -

    +
    -

    - As far as I know, 14.1" (Intel GPU) and 15.1" (Intel GPU) T60 motherboards are the same, where - 'spacers' are used on the 15.1" T60. In any case, it makes sense to find one that is guaranteed to fit in your chassis. -

    +

    Back to top of page.

    + +
    -

    - There is also a 15.4" T60 with Intel GPU. -

    +
    -

    - Note: the T60p laptops all have ATI graphics. - The T60p laptops cannot be used with libreboot under any circumstances. -

    +

    ThinkPad T60 (ATI GPU) and ThinkPad T60 (Intel GPU) differences.

    -

    - The following T60 motherboard (see area highlighted in white) shows an empty space where the ATI GPU would be (this particular motherboard has an Intel GPU):
    - -

    +

    + If your T60 is a 14.1" or 15.1" model with an ATI GPU, it won't work with libreboot by default but + you can replace the motherboard with another T60 motherboard that has an Intel GPU, and then libreboot should work. +

    -

    - The reason that the ATI GPU on T60 is unsupported is due to the VBIOS (Video BIOS) which is non-free. - The VBIOS for the Intel GPU on X60/T60 has been reverse engineered, and replaced with Free Software and - so will work in libreboot. -

    +

    + As far as I know, 14.1" (Intel GPU) and 15.1" (Intel GPU) T60 motherboards are the same, where + 'spacers' are used on the 15.1" T60. In any case, it makes sense to find one that is guaranteed to fit in your chassis. +

    -

    - The 'Video BIOS' is what initializes graphics. -

    +

    + There is also a 15.4" T60 with Intel GPU. +

    -

    - See: https://en.wikipedia.org/wiki/Video_BIOS.
    - In fact, lack of free VBIOS in general is a big problem in coreboot, and is one reason (among others) why many ports for coreboot are - unsuitable for libreboot's purpose. -

    +

    + Note: the T60p laptops all have ATI graphics. + The T60p laptops cannot be used with libreboot under any circumstances. +

    -

    - Theoretically, the ThinkPad T60 with ATI GPU can work with libreboot and have ROM images compiled for it, however - in practise it would not be usable as a laptop because there would be no visual display at all. That being said, - such a configuration is acceptable for use in a 'headless' server setup (with serial and/or ssh console as the display). -

    +

    + The following T60 motherboard (see area highlighted in white) shows an empty space where the ATI GPU would be (this particular motherboard has an Intel GPU):

    + +

    -

    Back to top of page.

    +

    + The reason that the ATI GPU on T60 is unsupported is due to the VBIOS (Video BIOS) which is non-free. + The VBIOS for the Intel GPU on X60/T60 has been reverse engineered, and replaced with Free Software and + so will work in libreboot. +

    -
    +

    + The 'Video BIOS' is what initializes graphics. +

    -

    Information about the macbook1,1

    +

    + See: https://en.wikipedia.org/wiki/Video_BIOS.
    + In fact, lack of free VBIOS in general is a big problem in coreboot, and is one reason (among others) why many ports for coreboot are + unsuitable for libreboot's purpose. +

    -

    - There is an Apple laptop called the macbook1,1 from 2006 which uses the same i945 chipset as the ThinkPad X60/T60. - A developer ported the MacBook2,1 to coreboot, the ROM images also work on the macbook1,1. -

    +

    + Theoretically, the ThinkPad T60 with ATI GPU can work with libreboot and have ROM images compiled for it, however + in practise it would not be usable as a laptop because there would be no visual display at all. That being said, + such a configuration is acceptable for use in a 'headless' server setup (with serial and/or ssh console as the display). +

    -

    - You can refer to #macbook21 for most of this. Macbook2,1 laptops come with Core 2 Duo processors - which support 64-bit operating systems (and 32-bit). The MacBook1,1 uses Core Duo processors (supports 32-bit OS but not 64-bit), - and it is believed that this is the only difference. -

    +

    Back to top of page.

    + +
    -

    - It is believed that all models are compatible, listed here: -

    - +
    + +

    Information about the macbook1,1

    -

    - Compatible models -

    - Specifically (Order No. / Model No. / CPU): + There is an Apple laptop called the macbook1,1 from 2006 which uses the same i945 chipset as the ThinkPad X60/T60. + A developer ported the MacBook2,1 to coreboot, the ROM images also work on the macbook1,1. +

    + +

    + You can refer to #macbook21 for most of this. Macbook2,1 laptops come with Core 2 Duo processors + which support 64-bit operating systems (and 32-bit). The MacBook1,1 uses Core Duo processors (supports 32-bit OS but not 64-bit), + and it is believed that this is the only difference. +

    + +

    + It is believed that all models are compatible, listed here:

    + +
    +

    + Compatible models +

    +

    + Specifically (Order No. / Model No. / CPU): +

    +
      +
    • MA255LL/A / A1181 (EMC 2092) / Core Duo T2500 (tested - working)
    • +
    • MA254LL/A / A1181 (EMC 2092) / Core Duo T2400 (untested)
    • +
    • MA472LL/A / A1181 (EMC 2092) / Core Duo T2500 (untested)
    • +
    +
    -

    - Also of interest: ../git/index.html#config_macbook21. -

    - -

    - Unbricking: this page shows disassembly guides and mono's page (see #macbook21) - shows the location of the SPI flash chip on the motherboard. How to remove the motherboard. -

    +

    + Also of interest: ../git/index.html#config_macbook21. +

    -

    - No method is yet known for flashing in GNU/Linux while the Apple firmware is running. You will need to disassemble the machine and flash externally. - Reading from flash seems to work. For external flashing, refer to ../install/bbb_setup.html. -

    +

    + Unbricking: this page shows disassembly guides and mono's page (see #macbook21) + shows the location of the SPI flash chip on the motherboard. How to remove the motherboard. +

    -

    Back to top of page.

    +

    + No method is yet known for flashing in GNU/Linux while the Apple firmware is running. You will need to disassemble the machine and flash externally. + Reading from flash seems to work. For external flashing, refer to ../install/bbb_setup.html. +

    -
    +

    Back to top of page.

    + +
    -

    Information about the macbook2,1

    +
    -

    - There is an Apple laptop called the macbook2,1 from late 2006 or early 2007 that uses the same i945 chipset - as the ThinkPad X60 and ThinkPad T60. A developer ported coreboot to his macbook2,1, and now libreboot can run on it. -

    -

    - Mono Moosbart is the person who wrote the port for macbook2,1. Referenced below are copies (up to date at the time of writing, 20140630) - of the pages he wrote when porting coreboot to the macbook2,1. They are included here in case the main site goes down for - whatever reason, since they include a lot of useful information. -

    -

    - Backups created using wget:
    - $ wget -m -p -E -k -K -np http://macbook.donderklumpen.de/
    - $ wget -m -p -E -k -K -np http://macbook.donderklumpen.de/coreboot/
    - Use -e robots=off if using this trick for other sites and the site restricts using robots.txt -

    +

    Information about the macbook2,1

    -

    - Links to wget backups (and the backups themselves) of Mono's pages (see above) removed temporarily. Mono has given me permission to distribute them, but I need to ask - him to tell me what license these works fall under first. Otherwise, the above URLs should be fine. NOTE TO SELF: REMOVE THIS WHEN DONE -

    +

    + There is an Apple laptop called the macbook2,1 from late 2006 or early 2007 that uses the same i945 chipset + as the ThinkPad X60 and ThinkPad T60. A developer ported coreboot to his macbook2,1, and now libreboot can run on it. +

    +

    + Mono Moosbart is the person who wrote the port for macbook2,1. Referenced below are copies (up to date at the time of writing, 20140630) + of the pages he wrote when porting coreboot to the macbook2,1. They are included here in case the main site goes down for + whatever reason, since they include a lot of useful information. +

    +

    + Backups created using wget:
    + $ wget -m -p -E -k -K -np http://macbook.donderklumpen.de/
    + $ wget -m -p -E -k -K -np http://macbook.donderklumpen.de/coreboot/
    + Use -e robots=off if using this trick for other sites and the site restricts using robots.txt +

    -

    - Installing GNU/Linux distributions (on Apple EFI firmware) -

    -

    - How to boot an ISO: burn it to a CD (like you would normally) and hold down the Alt/Control key while booting. - The bootloader will detect the GNU/Linux CD as 'Windows' (because Apple doesn't think GNU/Linux exists). Install it like you normally would. - When you boot up again, hold Alt/Control once more. The installation (on the HDD) will once again be seen as 'Windows'. (it's not actually Windows, - but Apple likes to think that Apple and Microsoft are all that exist.) - Now to install libreboot, follow ../install/index.html#flashrom_macbook21. + Links to wget backups (and the backups themselves) of Mono's pages (see above) removed temporarily. Mono has given me permission to distribute them, but I need to ask + him to tell me what license these works fall under first. Otherwise, the above URLs should be fine. NOTE TO SELF: REMOVE THIS WHEN DONE

    -

    - Information about coreboot -

    - +
    +

    + Installing GNU/Linux distributions (on Apple EFI firmware) +

    + +

    + How to boot an ISO: burn it to a CD (like you would normally) and hold down the Alt/Control key while booting. + The bootloader will detect the GNU/Linux CD as 'Windows' (because Apple doesn't think GNU/Linux exists). Install it like you normally would. + When you boot up again, hold Alt/Control once more. The installation (on the HDD) will once again be seen as 'Windows'. (it's not actually Windows, + but Apple likes to think that Apple and Microsoft are all that exist.) + Now to install libreboot, follow ../install/index.html#flashrom_macbook21. +

    +
    + +
    +

    + Information about coreboot +

    + +
    -

    - coreboot wiki page -

    - +
    +

    + coreboot wiki page +

    + +
    + +
    +

    + Compatible models +

    +

    + It is believed that all models are compatible, listed here: +

    + +

    + Specifically (Order No. / Model No. / CPU): +

    +
      +
    • MA699LL/A / A1181 (EMC 2121) / Intel Core 2 Duo T5600 (tested - working)
    • +
    • MA701LL/A / A1181 (EMC 2121) / Intel Core 2 Duo T7200 (tested - working)
    • +
    • MB061LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7200 (untested)
    • +
    • MA700LL/A / A1181 (EMC 2121) / Intel Core 2 Duo T7200 (tested - working)
    • +
    • MB063LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7400 (untested)
    • +
    • MB062LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7400 (tested - working)
    • +
    +
    -

    - Compatible models -

    - It is believed that all models are compatible, listed here: + Also of interest: ../git/index.html#config_macbook21.

    - +

    - Specifically (Order No. / Model No. / CPU): + Unbricking: this page shows disassembly guides and mono's page (see above) + shows the location of the SPI flash chip on the motherboard. How to remove the motherboard.

    -
      -
    • MA699LL/A / A1181 (EMC 2121) / Intel Core 2 Duo T5600 (tested - working)
    • -
    • MA701LL/A / A1181 (EMC 2121) / Intel Core 2 Duo T7200 (tested - working)
    • -
    • MB061LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7200 (untested)
    • -
    • MA700LL/A / A1181 (EMC 2121) / Intel Core 2 Duo T7200 (tested - working)
    • -
    • MB063LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7400 (untested)
    • -
    • MB062LL/A / A1181 (EMC 2139) / Intel Core 2 Duo T7400 (tested - working)
    • -
    - -

    - Also of interest: ../git/index.html#config_macbook21. -

    - -

    - Unbricking: this page shows disassembly guides and mono's page (see above) - shows the location of the SPI flash chip on the motherboard. How to remove the motherboard. -

    -

    - For external flashing, refer to ../install/bbb_setup.html. -

    +

    + For external flashing, refer to ../install/bbb_setup.html. +

    -

    - You need to replace OS X with GNU/Linux before flashing libreboot. (OSX won't run at all in libreboot). -

    +

    + You need to replace OS X with GNU/Linux before flashing libreboot. (OSX won't run at all in libreboot). +

    -

    - There are some issues with this machine (compared to other computers that libreboot supports): -

    +

    + There are some issues with this machine (compared to other computers that libreboot supports): +

    -

    - This is an apple laptop, so it comes with OS X: it has an Apple keyboard, which means that certain keys you expect are missing: - insert, del, home, end, pgup, pgdown. There is also one mouse button only. Battery life is poor compared to X60/T60 (for now). - It also has other issues: for example, the Apple logo on the back is a hole, exposing the backlight, which means that it glows. You should cover it up. -

    +

    + This is an apple laptop, so it comes with OS X: it has an Apple keyboard, which means that certain keys you expect are missing: + insert, del, home, end, pgup, pgdown. There is also one mouse button only. Battery life is poor compared to X60/T60 (for now). + It also has other issues: for example, the Apple logo on the back is a hole, exposing the backlight, which means that it glows. You should cover it up. +

    -

    - The machine does get a bit hotter compared to when running the original firmware. It is certainly hotter - than an X60/T60. The heat issues have been partially fixed by the following patch (now merged in libreboot): - http://review.coreboot.org/#/c/7923/. -

    +

    + The machine does get a bit hotter compared to when running the original firmware. It is certainly hotter + than an X60/T60. The heat issues have been partially fixed by the following patch (now merged in libreboot): + http://review.coreboot.org/#/c/7923/. +

    -

    - - The MacBook2,1 comes with a webcam, which does not work without proprietary software. Also, webcams are a security risk; cover it up! Or remove it. - -

    +

    + + The MacBook2,1 comes with a webcam, which does not work without proprietary software. Also, webcams are a security risk; cover it up! Or remove it. + +

    -

    - A user reported that they could get better response from the touchpad with the following in their xorg.conf: -

    +

    + A user reported that they could get better response from the touchpad with the following in their xorg.conf: +

     Section "InputClass"
    @@ -558,21 +588,25 @@ Section "InputClass"
     EndSection
     
    -

    Back to top of page.

    +

    Back to top of page.

    + +
    -
    +
    -

    - Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/hcl/x200.html b/docs/hcl/x200.html index 3aa1963..0435efc 100644 --- a/docs/hcl/x200.html +++ b/docs/hcl/x200.html @@ -13,38 +13,39 @@ -

    ThinkPad X200

    -

    - Or back to main index. -

    - -

    - It is believed that all X200 laptops are compatible. X200S and X200 Tablet will - also work, depending on the configuration. -

    -

    - It *might* be possible to put an X200 motherboard in an X201 chassis, though this is currently untested - by the libreboot project. The same may also apply between X200S and X201S; again, this is untested. - It's most likely true. -

    - -

    - There are two possible flash chip sizes for the X200: 4MiB (32Mbit) or 8MiB (64Mbit). - This can be identified by the type of flash chip below the palmrest: 4MiB is SOIC-8, 8MiB - is SOIC-16. -

    - -

    - The X200 laptops come with the ME (and sometimes AMT in addition) before flashing libreboot. Libreboot disables and removes it - by using a modified descriptor: see x200_remove_me.html (contains notes, plus - instructions) -

    - -

    - Flashing instructions can be found at ../install/index.html#flashrom -

    +
    +

    ThinkPad X200

    + +

    + It is believed that all X200 laptops are compatible. X200S and X200 Tablet will + also work, depending on the configuration. +

    +

    + It *might* be possible to put an X200 motherboard in an X201 chassis, though this is currently untested + by the libreboot project. The same may also apply between X200S and X201S; again, this is untested. + It's most likely true. +

    + +

    + There are two possible flash chip sizes for the X200: 4MiB (32Mbit) or 8MiB (64Mbit). + This can be identified by the type of flash chip below the palmrest: 4MiB is SOIC-8, 8MiB + is SOIC-16. +

    + +

    + The X200 laptops come with the ME (and sometimes AMT in addition) before flashing libreboot. Libreboot disables and removes it + by using a modified descriptor: see x200_remove_me.html (contains notes, plus + instructions) +

    -
    +

    + Flashing instructions can be found at ../install/index.html#flashrom +

    + +

    + Back to previous index. +

    +
    @@ -68,22 +69,22 @@ non-descriptor mode would wipe it out).

    -

    Hardware virtualization (vt-x)

    -

    - The X200, when run without CPU microcode updates in coreboot, currently kernel panics - if running QEMU with vt-x enabled on 2 cores for the guest. With a single core enabled - for the guest, the guest panics (but the host is fine). Working around this in QEMU - might be possible; if not, software virtualization should work fine (it's just slower). -

    -

    - The following errata datasheet from Intel might help with investigation: - http://download.intel.com/design/mobile/specupdt/320121.pdf -

    +
    +

    Hardware virtualization (vt-x)

    +

    + The X200, when run without CPU microcode updates in coreboot, currently kernel panics + if running QEMU with vt-x enabled on 2 cores for the guest. With a single core enabled + for the guest, the guest panics (but the host is fine). Working around this in QEMU + might be possible; if not, software virtualization should work fine (it's just slower). +

    +

    + The following errata datasheet from Intel might help with investigation: + http://download.intel.com/design/mobile/specupdt/320121.pdf +

    +
    -
    -

    X200S and X200 Tablet.

    @@ -140,140 +141,146 @@ src or git).

    -

    Proper GS45 raminit

    -

    - A new northbridge gs45 should be added to coreboot, based on gm45, - and a new port x200st (X200S and X200T) should be added based on - the x200 port. -

    -

    - This port would have proper raminit. Alternatively, gs45 (if - raminit is taken to be the only issue with it) can be part of - gm45 northbridge support (and X200S/Tablet being part of the X200 - port) with conditional checks in the raminit that make raminit - work differently (as required) for GS45. nico_h and pgeorgi/patrickg - in the coreboot IRC channel should know more about raminit on gm45 - and likely gs45. -

    -

    - pgeorgi recommends to run SerialICE on the factory BIOS (for X200S), - comparing it with X200 (factory BIOS) and X200 (gm45 raminit code - in coreboot), to see what the differences are. Then tweak raminit - code based on that. -

    +
    +

    Proper GS45 raminit

    +

    + A new northbridge gs45 should be added to coreboot, based on gm45, + and a new port x200st (X200S and X200T) should be added based on + the x200 port. +

    +

    + This port would have proper raminit. Alternatively, gs45 (if + raminit is taken to be the only issue with it) can be part of + gm45 northbridge support (and X200S/Tablet being part of the X200 + port) with conditional checks in the raminit that make raminit + work differently (as required) for GS45. nico_h and pgeorgi/patrickg + in the coreboot IRC channel should know more about raminit on gm45 + and likely gs45. +

    +

    + pgeorgi recommends to run SerialICE on the factory BIOS (for X200S), + comparing it with X200 (factory BIOS) and X200 (gm45 raminit code + in coreboot), to see what the differences are. Then tweak raminit + code based on that. +

    +
    + +
    -
    - -

    LCD compatibility list

    -

    - Unless otherwise noted (italic styling, underlined), these are CCFL 1280x800 screens with TN panels inside. - Please do advise if you spot mistakes here. -

    -

    - Use the instructions at ../misc/index.html#get_edid_panelname - to get the name of your panel, then check it against the list below. If your panel is untested, then by all means - try it! (and get in touch with the libreboot project to advise whether or not it worked). -

    -

    - AUO = AU Optronics. List of panels below based on - http://www.thinkwiki.org/wiki/TFT_display -

    -

    - Tested LCD panels (confirmed working): -

    -
      -
    • X200/X200S: LG-Philips LP121WX3-TLC1 (sgsit on IRC has this panel) (LED backlight)
    • -
    • X200/X200S: Samsung LTN121AT03 (phcoder on IRC has this panel)
    • -
    • X200/X200S: AUO B121EW03 V.6 (fchmmr on IRC has this panel)
    • -
    • X200S: TMD-Toshiba LTD121EQ3B (1440x900 resolution) (LED backlight) (sgsit on IRC has this panel)
    • -
    -

    - Untested LCD panels (status unknown): -

    -
      -
    • X200 Tablet: TMD-Toshiba LTD121KX6B (LED backlight)
    • -
    • X200/X200S: TMD-Toshiba LTD121EWVB
    • -
    • X200/X200S: AOU B121EW09 V.2 (LED backlight)
    • -
    • X200/X200S: FRU 42T0715 (no manufacturer/model given) (LED backlight)
    • -
    • X200/X200S: LG-Philips LP121WX3-TLA1 (LED backlight)
    • -
    • X200/X200S: 42T0713 FRU (no model/manufacturer given) (LED backlight)
    • -
    -

    - Back to top of page. -

    - -

    - AFFS/IPS panels -

    -

    X200

    -

    - Adapted from https://github.com/bibanon/Coreboot-ThinkPads/wiki/ThinkPad-X200 -

    -

    - Look at wikipedia for difference between TN and IPS panels. IPS have much better colour/contrast than - a regular TN, and will typically have good viewing angles. -

    -

    - These seem to be from the X200 tablet. You need to find one without the glass touchscreen protection on it - (might be able to remove it, though). It also must not have a digitizer on it (again, might be possible to - just simply remove the digitizer). -

    -
      -
    • BOE-Hydis HV121WX4-120, HV121WX4-110 or HV121WX4-100 - cheap-ish, might be hard to find
    • -
    • Samsung LTN121AP02-001 - common to find, cheap
    • -
    -

    - If your X200 has an LED backlit panel in it, then you also need to get an inverter and harness cable - that is compatible with the CCFL panels. To see which panel type you have, see - #led_howtotell. If you need the inverter/cable, here are part numbers: - 44C9909 for CCFL LVDS cable with bluetooth and camera connections, and 42W8009 or 42W8010 for the - inverter. -

    -

    - There are glossy and matte versions of these. Matte means anti-glare, which is what you want (in this authors opinion). -

    -

    - Refer to the HMM (hardware maintenance manual) for how to replace the screen. -

    -

    Sources:

    - -

    X200S

    -

    - http://forum.thinkpads.com/viewtopic.php?p=618928#p618928 - explains that the X200S screens/assemblies are thinner. You need to replace the whole lid with one from a normal X200/X201. -

    +

    LCD compatibility list

    +

    + Unless otherwise noted (italic styling, underlined), these are CCFL 1280x800 screens with TN panels inside. + Please do advise if you spot mistakes here. +

    +

    + Use the instructions at ../misc/index.html#get_edid_panelname + to get the name of your panel, then check it against the list below. If your panel is untested, then by all means + try it! (and get in touch with the libreboot project to advise whether or not it worked). +

    +

    + AUO = AU Optronics. List of panels below based on + http://www.thinkwiki.org/wiki/TFT_display +

    +

    + Tested LCD panels (confirmed working): +

    +
      +
    • X200/X200S: LG-Philips LP121WX3-TLC1 (sgsit on IRC has this panel) (LED backlight)
    • +
    • X200/X200S: Samsung LTN121AT03 (phcoder on IRC has this panel)
    • +
    • X200/X200S: AUO B121EW03 V.6 (fchmmr on IRC has this panel)
    • +
    • X200S: TMD-Toshiba LTD121EQ3B (1440x900 resolution) (LED backlight) (sgsit on IRC has this panel)
    • +
    +

    + Untested LCD panels (status unknown): +

    +
      +
    • X200 Tablet: TMD-Toshiba LTD121KX6B (LED backlight)
    • +
    • X200/X200S: TMD-Toshiba LTD121EWVB
    • +
    • X200/X200S: AOU B121EW09 V.2 (LED backlight)
    • +
    • X200/X200S: FRU 42T0715 (no manufacturer/model given) (LED backlight)
    • +
    • X200/X200S: LG-Philips LP121WX3-TLA1 (LED backlight)
    • +
    • X200/X200S: 42T0713 FRU (no model/manufacturer given) (LED backlight)
    • +
    +

    + Back to top of page. +

    +
    +

    + AFFS/IPS panels +

    +

    X200

    +

    + Adapted from https://github.com/bibanon/Coreboot-ThinkPads/wiki/ThinkPad-X200 +

    +

    + Look at wikipedia for difference between TN and IPS panels. IPS have much better colour/contrast than + a regular TN, and will typically have good viewing angles. +

    +

    + These seem to be from the X200 tablet. You need to find one without the glass touchscreen protection on it + (might be able to remove it, though). It also must not have a digitizer on it (again, might be possible to + just simply remove the digitizer). +

    +
      +
    • BOE-Hydis HV121WX4-120, HV121WX4-110 or HV121WX4-100 - cheap-ish, might be hard to find
    • +
    • Samsung LTN121AP02-001 - common to find, cheap
    • +
    +

    + If your X200 has an LED backlit panel in it, then you also need to get an inverter and harness cable + that is compatible with the CCFL panels. To see which panel type you have, see + #led_howtotell. If you need the inverter/cable, here are part numbers: + 44C9909 for CCFL LVDS cable with bluetooth and camera connections, and 42W8009 or 42W8010 for the + inverter. +

    +

    + There are glossy and matte versions of these. Matte means anti-glare, which is what you want (in this authors opinion). +

    +

    + Refer to the HMM (hardware maintenance manual) for how to replace the screen. +

    +

    Sources:

    + +
    +
    +

    X200S

    +

    + http://forum.thinkpads.com/viewtopic.php?p=618928#p618928 + explains that the X200S screens/assemblies are thinner. You need to replace the whole lid with one from a normal X200/X201. +

    +
    +

    Back to top of page.

    - -
    - -

    How to tell if it has an LED or CCFL?

    - -

    - Some X200s have a CCFL backlight and some have an LED backlight, in their LCD panel. This - also means that the inverters will vary, so you must be careful if ever replacing either - the panel and/or inverter. (a CCFL inverter is high-voltage and will destroy an LED backlit panel). -

    -

    - CCFLs contain mercury. An X200 with a CCFL backlight will (unless it has been changed to an LED, - with the correct inverter. Check with your supplier!) the following: "This product - contains Lithium Ion Battery, Lithium Battery and a lamp which contains mercury; dispose according to - local, state or federal laws" (one with an LED backlit panel will say something different). -

    -

    - Back to top of page. -

    + +
    -
    +
    +

    How to tell if it has an LED or CCFL?

    + +

    + Some X200s have a CCFL backlight and some have an LED backlight, in their LCD panel. This + also means that the inverters will vary, so you must be careful if ever replacing either + the panel and/or inverter. (a CCFL inverter is high-voltage and will destroy an LED backlit panel). +

    +

    + CCFLs contain mercury. An X200 with a CCFL backlight will (unless it has been changed to an LED, + with the correct inverter. Check with your supplier!) the following: "This product + contains Lithium Ion Battery, Lithium Battery and a lamp which contains mercury; dispose according to + local, state or federal laws" (one with an LED backlit panel will say something different). +

    +

    + Back to top of page. +

    +
    @@ -299,8 +306,6 @@
    -
    -

    Unsorted notes

    @@ -315,19 +320,21 @@
    -
    +
    -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/hcl/x200_remove_me.html b/docs/hcl/x200_remove_me.html index 48468c6..ae0a83f 100644 --- a/docs/hcl/x200_remove_me.html +++ b/docs/hcl/x200_remove_me.html @@ -13,181 +13,189 @@ -

    ThinkPad X200: remove the ME (manageability engine)

    -

    - This sections relates to disabling and removing the ME (Intel Management Engine) - on the ThinkPad X200. -

    -

    - The ME is a blob that typically must be left inside the flash chip (in the ME region, as outlined - by the default descriptor). On the X200, it is possible to remove it without any ill effects. All - other parts of coreboot on the X200 can be blob-free, so removing the ME was the last obstacle to - get X200 support in libreboot (the machine can also work without the microcode blobs). -

    -

    - The ME is removed and disabled in libreboot by modifying the descriptor. More info about - this can be found in the ich9deblob/ich9gen source code in resources/utilities/ich9deblob/ - in libreboot, or more generally on this page. -

    -

    - Or back to main X200 compatibility page (x200.html). -

    +
    + +

    ThinkPad X200: remove the ME (manageability engine)

    +

    + This sections relates to disabling and removing the ME (Intel Management Engine) + on the ThinkPad X200. +

    +

    + The ME is a blob that typically must be left inside the flash chip (in the ME region, as outlined + by the default descriptor). On the X200, it is possible to remove it without any ill effects. All + other parts of coreboot on the X200 can be blob-free, so removing the ME was the last obstacle to + get X200 support in libreboot (the machine can also work without the microcode blobs). +

    +

    + The ME is removed and disabled in libreboot by modifying the descriptor. More info about + this can be found in the ich9deblob/ich9gen source code in resources/utilities/ich9deblob/ + in libreboot, or more generally on this page. +

    +

    + Back to main X200 compatibility page (x200.html). +

    + +
    -
    +
    -

    ICH9 gen utility

    - -

    - This is no longer strictly necessary. Libreboot ROM images for X200 now - contain the 12KiB descriptor+gbe generated from ich9gen, by default. -

    - -

    - It is no longer necessary to use ich9deblob to generate - a deblobbed descriptor+gbe image for the X200. ich9gen is a small utility within - ich9deblob that can generate them from scratch, without a factory.bin dump. -

    - -

    - Run:
    - $ ./ich9gen -

    - -

    - It is also possible to generate a descriptor+gbe image with your own MAC address - inside (with the Gbe checksum updated to match). Run:
    - $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX
    - (replace the XX chars with the hexadecimal chars in the MAC address that you want) -

    - -

    - You can find out your MAC address from ip addr or ifconfig in GNU/Linux. - Alternatively, if you are running libreboot already (with the correct MAC address in your - ROM), dump it (flashrom -r) and read the first 6 bytes from position 0x1000 (or 0x2000) in a hex editor - (or, rename it to factory.rom and run it in ich9deblob: in the newly created mkgbe.c - will be the individual bytes of your MAC address). If you are currently running the stock firmware - and haven't installed libreboot yet, you can also run that through ich9deblob to get the mac address. -

    - -

    - An even simpler way to get the MAC address would be to read what's on the little sticker on - the underside. (on the X200, this would be near the VGA port). -

    +

    ICH9 gen utility

    -

    - A bash script is also included in libreboot which will change the mac address (using ich9gen) - on all X200 ROM images. For instance:
    - $ ./ich9macchange XX:XX:XX:XX:XX:XX -

    +

    + This is no longer strictly necessary. Libreboot ROM images for X200 now + contain the 12KiB descriptor+gbe generated from ich9gen, by default. +

    -

    - Two new files will be created: -

    -
      -
    • ich9fdgbe_4m.bin: this is for X200 laptops with the 4MB flash chip.
    • -
    • ich9fdgbe_8m.bin: this is for X200 laptops with the 8MB flash chip.
    • -
    +

    + It is no longer necessary to use ich9deblob to generate + a deblobbed descriptor+gbe image for the X200. ich9gen is a small utility within + ich9deblob that can generate them from scratch, without a factory.bin dump. +

    -

    - ich9gen executables can be found under ./ich9deblob/ statically compiled in - libreboot_bin. If you are using src or git, build ich9gen from source with:
    - $ ./builddeps-ich9deblob
    - The executable will appear under resources/utilities/ich9deblob/ -

    - -

    - Assuming that your X200 libreboot image is named libreboot.rom, copy - the file to where libreboot.rom is located - and then run, for instance:
    - $ dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc
    - or:
    - $ dd if=ich9fdgbe_4m.bin of=libreboot.rom bs=1 count=12k conv=notrunc -

    - -

    - Your X200 libreboot.rom image is now ready to be flashed on the machine. Refer back to - ../install/index.html#flashrom - for how to flash it. -

    +

    + Run:
    + $ ./ich9gen +

    + +

    + It is also possible to generate a descriptor+gbe image with your own MAC address + inside (with the Gbe checksum updated to match). Run:
    + $ ./ich9gen --macaddress XX:XX:XX:XX:XX:XX
    + (replace the XX chars with the hexadecimal chars in the MAC address that you want) +

    + +

    + You can find out your MAC address from ip addr or ifconfig in GNU/Linux. + Alternatively, if you are running libreboot already (with the correct MAC address in your + ROM), dump it (flashrom -r) and read the first 6 bytes from position 0x1000 (or 0x2000) in a hex editor + (or, rename it to factory.rom and run it in ich9deblob: in the newly created mkgbe.c + will be the individual bytes of your MAC address). If you are currently running the stock firmware + and haven't installed libreboot yet, you can also run that through ich9deblob to get the mac address. +

    + +

    + An even simpler way to get the MAC address would be to read what's on the little sticker on + the underside. (on the X200, this would be near the VGA port). +

    + +

    + A bash script is also included in libreboot which will change the mac address (using ich9gen) + on all X200 ROM images. For instance:
    + $ ./ich9macchange XX:XX:XX:XX:XX:XX +

    + +

    + Two new files will be created: +

    +
      +
    • ich9fdgbe_4m.bin: this is for X200 laptops with the 4MB flash chip.
    • +
    • ich9fdgbe_8m.bin: this is for X200 laptops with the 8MB flash chip.
    • +
    + +

    + ich9gen executables can be found under ./ich9deblob/ statically compiled in + libreboot_bin. If you are using src or git, build ich9gen from source with:
    + $ ./builddeps-ich9deblob
    + The executable will appear under resources/utilities/ich9deblob/ +

    + +

    + Assuming that your X200 libreboot image is named libreboot.rom, copy + the file to where libreboot.rom is located + and then run, for instance:
    + $ dd if=ich9fdgbe_8m.bin of=libreboot.rom bs=1 count=12k conv=notrunc
    + or:
    + $ dd if=ich9fdgbe_4m.bin of=libreboot.rom bs=1 count=12k conv=notrunc +

    + +

    + Your X200 libreboot.rom image is now ready to be flashed on the machine. Refer back to + ../install/index.html#flashrom + for how to flash it. +

    + +
    -
    +
    -

    ICH9 deblob utility

    - -

    - This is no longer strictly necessary. Libreboot ROM images for X200 now - contain the 12KiB descriptor+gbe generated from ich9gen, by default. -

    +

    ICH9 deblob utility

    -

    - This was the tool originally used to disable the ME on X200. ich9gen now supersedes it; - ich9gen is better because it does not rely on dumping the factory.rom image (whereas, ich9deblob does). -

    - -

    - This is what you will use to generate the deblobbed descriptor+gbe regions for your libreboot ROM image. -

    -

    - If you are working with libreboot_src (or git), you can find the source under resources/utilities/ich9deblob/ - and will already be compiled if you ran ./builddeps or ./builddeps-ich9deblob from the main directory (./), - otherwise you can build it like so:
    - $ ./builddeps-ich9deblob
    - An executable file named ich9deblob will now appear under resources/utilities/ich9deblob/ -

    -

    - If you are working with libreboot_bin release archive, you can find the utility included, statically compiled - (for i686 and x86_64 on GNU/Linux) under ./ich9deblob/. -

    - -

    - Place the factory.rom from your X200 - (can be obtained using the guide at ../install/x200_external.html) in - the directory where you have your ich9deblob executable, then run the tool:
    - $ ./ich9deblob -

    -

    - A 12kiB file named deblobbed_descriptor.bin will now appear. Keep this and the factory.rom stored in a safe location! - The first 4KiB contains the descriptor data region for your machine, and the next 8KiB contains the gbe region (config data for your - gigabit NIC). These 2 regions could actually be separate files, but they are joined into 1 file in this case. -

    - -

    - Assuming that your X200 libreboot image is named libreboot.rom, copy - the deblobbed_descriptor.bin file to where libreboot.rom is located - and then run:
    - $ dd if=deblobbed_descriptor.bin of=libreboot.rom bs=1 count=12k conv=notrunc -

    - -

    - The utility will also generate 4 additional files: -

    -
      -
    • mkdescriptor.c
    • -
    • mkdescriptor.h
    • -
    • mkgbe.c
    • -
    • mkgbe.h
    • -
    -

    - These are C source files that can re-generate the very same Gbe and Descriptor structs - (from ich9deblob/ich9gen). To use these, place them in src/ich9gen/ in ich9deblob, then re-build. - The newly built ich9gen executable will be able to re-create the very same 12KiB file from scratch, - based on the C structs, this time without the need for a factory.rom dump! -

    +

    + This is no longer strictly necessary. Libreboot ROM images for X200 now + contain the 12KiB descriptor+gbe generated from ich9gen, by default. +

    + +

    + This was the tool originally used to disable the ME on X200. ich9gen now supersedes it; + ich9gen is better because it does not rely on dumping the factory.rom image (whereas, ich9deblob does). +

    -

    - You should now have a libreboot.rom image containing the correct 4K descriptor and 8K gbe regions, which - will then be safe to flash. Refer back to ../install/index.html#flashrom - for how to flash it. -

    +

    + This is what you will use to generate the deblobbed descriptor+gbe regions for your libreboot ROM image. +

    +

    + If you are working with libreboot_src (or git), you can find the source under resources/utilities/ich9deblob/ + and will already be compiled if you ran ./builddeps or ./builddeps-ich9deblob from the main directory (./), + otherwise you can build it like so:
    + $ ./builddeps-ich9deblob
    + An executable file named ich9deblob will now appear under resources/utilities/ich9deblob/ +

    +

    + If you are working with libreboot_bin release archive, you can find the utility included, statically compiled + (for i686 and x86_64 on GNU/Linux) under ./ich9deblob/. +

    + +

    + Place the factory.rom from your X200 + (can be obtained using the guide at ../install/x200_external.html) in + the directory where you have your ich9deblob executable, then run the tool:
    + $ ./ich9deblob +

    +

    + A 12kiB file named deblobbed_descriptor.bin will now appear. Keep this and the factory.rom stored in a safe location! + The first 4KiB contains the descriptor data region for your machine, and the next 8KiB contains the gbe region (config data for your + gigabit NIC). These 2 regions could actually be separate files, but they are joined into 1 file in this case. +

    + +

    + Assuming that your X200 libreboot image is named libreboot.rom, copy + the deblobbed_descriptor.bin file to where libreboot.rom is located + and then run:
    + $ dd if=deblobbed_descriptor.bin of=libreboot.rom bs=1 count=12k conv=notrunc +

    + +

    + The utility will also generate 4 additional files: +

    +
      +
    • mkdescriptor.c
    • +
    • mkdescriptor.h
    • +
    • mkgbe.c
    • +
    • mkgbe.h
    • +
    +

    + These are C source files that can re-generate the very same Gbe and Descriptor structs + (from ich9deblob/ich9gen). To use these, place them in src/ich9gen/ in ich9deblob, then re-build. + The newly built ich9gen executable will be able to re-create the very same 12KiB file from scratch, + based on the C structs, this time without the need for a factory.rom dump! +

    + +

    + You should now have a libreboot.rom image containing the correct 4K descriptor and 8K gbe regions, which + will then be safe to flash. Refer back to ../install/index.html#flashrom + for how to flash it. +

    + +
    -
    +

    The sections below are adapted from (mostly) IRC logs related to early development getting the ME removed on the X200. They are useful for background information. This could not have been done without sgsit's help.

    -
    +

    Early notes

    @@ -216,9 +224,11 @@
    -
    +
    + +
    -
    +

    Flash chips

    @@ -243,11 +253,11 @@
    -
    +
    -
    +
    -

    Early development notes

    +

    Early development notes

     
    @@ -312,35 +322,33 @@ Flash Erase Size = 0x1000
     
     
    -

    - It's a utility called 'Flash Image Tool' for ME 4.x that was used for this. You drag a complete - image into in and the utility decomposes the various components, allowing you to set soft straps. -

    -

    - This tool is proprietary, for Windows only, but was used to deblob the X200. End justified means, and - the utility is no longer needed since the ich9deblob utility (documented on this page) can now be - used to create deblobbed descriptors. -

    - -
    +

    + It's a utility called 'Flash Image Tool' for ME 4.x that was used for this. You drag a complete + image into in and the utility decomposes the various components, allowing you to set soft straps. +

    +

    + This tool is proprietary, for Windows only, but was used to deblob the X200. End justified means, and + the utility is no longer needed since the ich9deblob utility (documented on this page) can now be + used to create deblobbed descriptors. +

    -
    +
    -
    +
    -

    - GBE (gigabit ethernet) region in SPI flash -

    +

    + GBE (gigabit ethernet) region in SPI flash +

    -

    - Of the 8K, about 95% is 0xFF. - The data is the gbe region is fully documented in this public datasheet: - http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf -

    +

    + Of the 8K, about 95% is 0xFF. + The data is the gbe region is fully documented in this public datasheet: + http://www.intel.co.uk/content/dam/doc/application-note/i-o-controller-hub-9m-82567lf-lm-v-nvm-map-appl-note.pdf +

    -

    - The only actual content found was: -

    +

    + The only actual content found was: +

     
    @@ -358,17 +366,19 @@ DD  CC  18  00  11  20  17  00  DD  DD  18  00  12  20  17  00
     
     
    -

    - The first part is the MAC address set to all 0x1F. It's repeated haly way through - the 8K area, and the rest is all 0xFF. This is all documented in the datasheet. -

    +

    + The first part is the MAC address set to all 0x1F. It's repeated haly way through + the 8K area, and the rest is all 0xFF. This is all documented in the datasheet. +

    -

    - The GBe region starts at 0x20A000 bytes from the *end* of a factory image and is 0x2000 bytes long. - In libreboot (deblobbed) the descriptor is set to put gbe directly after the initial 4K flash descriptor. - So the first 4K of the ROM is the descriptor, and then the next 8K is the gbe region. -

    +

    + The GBe region starts at 0x20A000 bytes from the *end* of a factory image and is 0x2000 bytes long. + In libreboot (deblobbed) the descriptor is set to put gbe directly after the initial 4K flash descriptor. + So the first 4K of the ROM is the descriptor, and then the next 8K is the gbe region. +

    +
    +

    GBE region: change MAC address

    @@ -399,116 +409,117 @@ DD CC 18 00 11 20 17 00 DD DD 18 00 12 20 17 00 and that has to add up to 0xBABA. In other words, the checksum is 0xBABA minus the total of the first 0x3E 16bit numbers (unsigned), ignoring any overflow. - +

    -
    +
    -
    +
    -

    Flash descriptor region

    +

    Flash descriptor region

    -

    - http://www.intel.co.uk/content/dam/doc/datasheet/io-controller-hub-9-datasheet.pdf - from page 850 onwards. This explains everything that is in the flash descriptor, which can be used to understand what libreboot - is doing about modifying it. -

    +

    + http://www.intel.co.uk/content/dam/doc/datasheet/io-controller-hub-9-datasheet.pdf + from page 850 onwards. This explains everything that is in the flash descriptor, which can be used to understand what libreboot + is doing about modifying it. +

    -

    - How to deblob: -

    -
      -
    • patch the number of regions present in the descriptor from 5 - 3
    • -
    • originally descriptor + bios + me + gbe + platform
    • -
    • modified = descriptor + bios + gbe
    • -
    • the next stage is to patch the part of the descriptor which defines the start and end point of each section
    • -
    • then cut out the gbe region and insert it just after the region
    • -
    • all this can be substantiated with public docs (ICH9 datasheet)
    • -
    • the final part is flipping 2 bits. Halting the ME via 1 MCH soft strap and 1 ICH soft strap
    • -
    • the part of the descriptor described there gives the base address and length of each region (bits 12:24 of each address)
    • -
    • to disable a region, you set the base address to 0xFFF and the length to 0
    • -
    • and you change the number of regions from 4 (zero based) to 2
    • -
    +

    + How to deblob: +

    +
      +
    • patch the number of regions present in the descriptor from 5 - 3
    • +
    • originally descriptor + bios + me + gbe + platform
    • +
    • modified = descriptor + bios + gbe
    • +
    • the next stage is to patch the part of the descriptor which defines the start and end point of each section
    • +
    • then cut out the gbe region and insert it just after the region
    • +
    • all this can be substantiated with public docs (ICH9 datasheet)
    • +
    • the final part is flipping 2 bits. Halting the ME via 1 MCH soft strap and 1 ICH soft strap
    • +
    • the part of the descriptor described there gives the base address and length of each region (bits 12:24 of each address)
    • +
    • to disable a region, you set the base address to 0xFFF and the length to 0
    • +
    • and you change the number of regions from 4 (zero based) to 2
    • +
    -

    - There's an interesting parameter called 'ME Alternate disable', which allows the ME to only handle hardware errata in the southbridge, - but disables any other functionality. This is similar to the 'ignition' in the 5 series and higher but using the standard firmware - instead of a small 128K version. Useless for libreboot, though. -

    +

    + There's an interesting parameter called 'ME Alternate disable', which allows the ME to only handle hardware errata in the southbridge, + but disables any other functionality. This is similar to the 'ignition' in the 5 series and higher but using the standard firmware + instead of a small 128K version. Useless for libreboot, though. +

    -

    - To deblob the x200, you chop out the platform and ME regions and correct the addresses in flReg1-4. - Then you set meDisable to 1 in ICHSTRAP0 and MCHSTRAP0. -

    +

    + To deblob the x200, you chop out the platform and ME regions and correct the addresses in flReg1-4. + Then you set meDisable to 1 in ICHSTRAP0 and MCHSTRAP0. +

    -

    How to patch the descriptor from the factory.rom dump

    -
      -
    • map the first 4k into the struct (minus the gbe region)
    • -
    • set NR in FLMAP0 to 2 (from 4)
    • -
    • adjust BASE and LIMIT in flReg1,2,3,4 to reflect the new location of each region (or remove them in the case of Platform and ME)
    • -
    • set meDisable to 1/true in ICHSTRAP0 and MCHSTRAP0
    • -
    • extract the 8k GBe region and append that to the end of the 4k descriptor
    • -
    • output the 12k concatenated chunk
    • -
    • Then it can be dd'd into the first 12K part of a coreboot image.
    • -
    • the GBe region always starts 0x20A000 bytes from the end of the ROM
    • -
    +

    How to patch the descriptor from the factory.rom dump

    +
      +
    • map the first 4k into the struct (minus the gbe region)
    • +
    • set NR in FLMAP0 to 2 (from 4)
    • +
    • adjust BASE and LIMIT in flReg1,2,3,4 to reflect the new location of each region (or remove them in the case of Platform and ME)
    • +
    • set meDisable to 1/true in ICHSTRAP0 and MCHSTRAP0
    • +
    • extract the 8k GBe region and append that to the end of the 4k descriptor
    • +
    • output the 12k concatenated chunk
    • +
    • Then it can be dd'd into the first 12K part of a coreboot image.
    • +
    • the GBe region always starts 0x20A000 bytes from the end of the ROM
    • +
    -

    - This means that libreboot's descriptor region will simply define the following regions: -

    -
      -
    • descriptor (4K)
    • -
    • gbe (8K)
    • -
    • bios (rest of flash chip. CBFS also set to occupy this whole size)
    • -
    +

    + This means that libreboot's descriptor region will simply define the following regions: +

    +
      +
    • descriptor (4K)
    • +
    • gbe (8K)
    • +
    • bios (rest of flash chip. CBFS also set to occupy this whole size)
    • +
    -

    - The data in the descriptor region is little endian, and it represents bits 24:12 of the address - (bits 12-24, written this way since bit 24 is nearer to left than bit 12 in the binary representation). -

    -

    - So, x << 12 = address -

    -

    - If it's in descriptor mode, then the first 4 bytes will be 5A A5 F0 0F. -

    +

    + The data in the descriptor region is little endian, and it represents bits 24:12 of the address + (bits 12-24, written this way since bit 24 is nearer to left than bit 12 in the binary representation). +

    +

    + So, x << 12 = address +

    +

    + If it's in descriptor mode, then the first 4 bytes will be 5A A5 F0 0F. +

    -
    +
    -
    -
    +
    -

    platform data partition in boot flash (factory.rom / lenovo bios)

    +

    platform data partition in boot flash (factory.rom / lenovo bios)

    -

    - Basically useless for libreboot, since it appears to be a blob. - Removing it didn't cause any issues in libreboot. -

    -

    - This is a 32K region from the factory image. It could be data - (non-functional) that the original Lenovo BIOS used, but we don't know. -

    - -

    - It has only a 448 byte fragment different from 0x00 or 0xFF. -

    +

    + Basically useless for libreboot, since it appears to be a blob. + Removing it didn't cause any issues in libreboot. +

    +

    + This is a 32K region from the factory image. It could be data + (non-functional) that the original Lenovo BIOS used, but we don't know. +

    -
    +

    + It has only a 448 byte fragment different from 0x00 or 0xFF. +

    + +
    -
    +
    -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../../license.txt for more information. +

    + +
    diff --git a/docs/index.html b/docs/index.html index f672db1..f3439c4 100644 --- a/docs/index.html +++ b/docs/index.html @@ -12,213 +12,162 @@ -

    Libreboot project documentation

    - -

    - It is expected that your libreboot-compatible device is running GNU/Linux - (no other operating system is known to work with this release of libreboot). -

    -

    - What is libreboot? -

    - -
    - -

    Release information

    + +
    +

    Libreboot project documentation

    Information about this release can be found at release.html. Always check libreboot.org for updates.

    - The release page and future/index.html contain details - about future work. -

    - -

    Hardware compatibility list

    -

    - Information about what systems libreboot supports. -

    -

    - Goto hcl/index.html. -

    - -

    Installing libreboot

    -

    - Information about how to install libreboot on supported targets, - using software and/or dedicated hardware. -

    -

    - Goto install/index.html. -

    - -

    GNU/Linux distributions

    -

    - Installing GNU/Linux distributions, preparing bootable USB drives, changing the default GRUB - menu and so on. -

    -

    - This also contains guides for fully encrypted Trisquel and Parabola GNU/Linux-libre installations. -

    -

    - Goto gnulinux/index.html. -

    - -

    Developing libreboot

    -

    - Information about configuring libreboot, building from source, maintaining the project, - working in git and so on. -

    -

    - Goto git/index.html. -

    - -

    Security topics

    -

    - Goto security/index.html. -

    - -

    Hardware maintenance

    -

    - Goto hardware/index.html. + What is libreboot?

    +
    -

    GRUB payload

    -

    - Information about fonts and keyboard layouts used in GRUB. -

    -

    - Goto grub/index.html -

    - -

    Miscellaneous

    -

    - Random topics that don't belong anywhere else. -

    -

    - Goto misc/index.html. -

    - -
    - -

    What is libreboot, really?

    - + + +
    + +

    About the libreboot project

    + +

    + Libreboot is a coreboot distribution (distro) with proprietary software removed, + intended to be a free + (libre) 'BIOS' replacement for your computer. The project is aimed at users, attempting to make + coreboot as easy to use as possible. +

    + +

    + Read the full Free Software definition. +

    + +
    +

    + The libreboot project has three main goals: +

    +
      +
    • + Recommend and distribute only free software. The coreboot project distributes proprietary code/blobs on some computers; + this can include things like CPU microcode updates, memory initialization code and so on. The project also actively + recommends that the user install additional blobs in some cases (such as the video BIOS or Intel ME). + While this can be necessary from the coreboot project's point of view, Libreboot is an attempt to support as many + computers from coreboot as possible, without distributing any blobs and without having the user install additional + proprietary software. This is not to say that the coreboot project is bad; a lot of extremely dedicated and talented + individuals in coreboot work night and day to reverse engineer and free those blobs that still remain in coreboot. + Any system from coreboot that can run without blobs is a viable libreboot candidate! +
    • +
    • + Support as much hardware as possible! This goes without saying. The list of officially supported hardware + in libreboot is smaller than in upstream (coreboot), because some boards in coreboot require proprietary software which + libreboot does not and will not distribute. The main goal of the libreboot project is to spread free software at a low-level + (the boot firmware) to as many people as possible, so of course that means supporting as much hardware as possible (but without + compromising on the main goal). +
    • +
    • + Make coreboot easy to use. The main problem that many users have with coreboot is that it is extremely difficult to + understand, learn about, install and use. This is understandable; coreboot is a low-level piece of software and has many + talented individuals working on it, but the project's resources are limited and so the developers focus their efforts on the code. + Coreboot offers wonderful support for other coreboot developers and those who wish to climb up + that steep curve to learn everything that they can.

      + + At the same time, those who simply want to use coreboot (for any number + of reasons) are often left feeling intimidated and many of them give up in frustration. Libreboot attempts to bridge this gap; + its documentation is entirely focussed on users, with detailed steps showing exactly how to install and use it and the issues + that they may come across (and how to work around them).

      + + Almost everything in libreboot is completely automated, with + scripts for downloading, building and installing the various components used in libreboot. Pre-compiled ROM images built + from the libreboot source code are provided, along with the utilities (statically compiled, from libreboot sources) that the user will need for installing them.

      + + Libreboot is similar in concept to a GNU/Linux or GNU/Linux-libre distribution; it is composed of not just coreboot (deblobbed), + but everything else that the user will need, such as GRUB and flashrom. These are all fully integrated, in a way where + most of the detailed steps otherwise required of the user (if they used coreboot, the upstream provider) are completely eliminated.

      + + In much the same way that you can simply download an ISO image for your favourite GNU/Linux-libre distribution, and install it, + you can download pre-compiled libreboot ROM images (built from the sources) along with installation scripts and documentation + that make libreboot as easy to use as possible. +
    • +
    +
    + +

    + Libreboot is not a fork of coreboot, despite misconceptions of this fact. Libreboot (downstream supplier) is a parallel effort + which works closely with and re-bases on the latest coreboot (upstream supplier) every so often. +

    + +

    + + As such, all new coreboot development should be done in coreboot, not libreboot! + Libreboot is about deblobbing, and packaging coreboot in a user-friendly way, where most work is already done for the user! + If, for example you wanted to attempt porting a new motherboard then you should do that in coreboot. Libreboot will (as a downstream supplier) + receive your change at some point in the future, in a future release. + +

    + +

    + Libreboot as a whole is the distribution consisting of everything surrounding coreboot. However, the main component is coreboot; + libreboot's deblobbed coreboot tree is sometimes referred to as coreboot-libre to distinguish it as a component of libreboot. +

    + +

    + Libreboot is a 'stable' coreboot +

    +
      +
    • + Coreboot uses the rolling release model, which + is quite volatile; one day when you build coreboot, it may or may not work correctly on your machine. +
    • +
    • + Libreboot changes less often (as far as the release model is concerned), focusing instead on 'tested' releases for specific machines. + At any given time, it might also be possible to build ROM images for systems other than those officially supported. If you get your board to work + (without violating the "coreboot development goes in coreboot" rule), then others could benefit from it. +
    • +
    + +

    + On the other hand, coreboot is also strict about what it accepts (merges) into the main git repository: + most of the time, a lot of changes are under review at review.coreboot.org (as a way of encouraging as much further development + as possible before accepting the patch). +

    + +

    + Meanwhile, libreboot is a lot less strict in this area and freely merges specific patches that are desirable, sometimes before they are merged into coreboot's main repository. +

    + +

    Back to top of page.

    + +
    + +
    +

    - Libreboot is a coreboot distribution (distro) with proprietary software removed, - intended to be a free - (libre) 'BIOS' replacement for your computer. The project is aimed at users, attempting to make - coreboot as easy to use as possible. + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at license.txt.

    - Read the full Free Software definition. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See license.txt for more information.

    - -

    - The libreboot project has three main goals: -

    -
      -
    • - Recommend and distribute only free software. The coreboot project distributes proprietary code/blobs on some computers; - this can include things like CPU microcode updates, memory initialization code and so on. The project also actively - recommends that the user install additional blobs in some cases (such as the video BIOS or Intel ME). - While this can be necessary from the coreboot project's point of view, Libreboot is an attempt to support as many - computers from coreboot as possible, without distributing any blobs and without having the user install additional - proprietary software. This is not to say that the coreboot project is bad; a lot of extremely dedicated and talented - individuals in coreboot work night and day to reverse engineer and free those blobs that still remain in coreboot. - Any system from coreboot that can run without blobs is a viable libreboot candidate! -
    • -
    • - Support as much hardware as possible! This goes without saying. The list of officially supported hardware - in libreboot is smaller than in upstream (coreboot), because some boards in coreboot require proprietary software which - libreboot does not and will not distribute. The main goal of the libreboot project is to spread free software at a low-level - (the boot firmware) to as many people as possible, so of course that means supporting as much hardware as possible (but without - compromising on the main goal). -
    • -
    • - Make coreboot easy to use. The main problem that many users have with coreboot is that it is extremely difficult to - understand, learn about, install and use. This is understandable; coreboot is a low-level piece of software and has many - talented individuals working on it, but the project's resources are limited and so the developers focus their efforts on the code. - Coreboot offers wonderful support for other coreboot developers and those who wish to climb up - that steep curve to learn everything that they can.

      - - At the same time, those who simply want to use coreboot (for any number - of reasons) are often left feeling intimidated and many of them give up in frustration. Libreboot attempts to bridge this gap; - its documentation is entirely focussed on users, with detailed steps showing exactly how to install and use it and the issues - that they may come across (and how to work around them).

      - - Almost everything in libreboot is completely automated, with - scripts for downloading, building and installing the various components used in libreboot. Pre-compiled ROM images built - from the libreboot source code are provided, along with the utilities (statically compiled, from libreboot sources) that the user will need for installing them.

      - - Libreboot is similar in concept to a GNU/Linux or GNU/Linux-libre distribution; it is composed of not just coreboot (deblobbed), - but everything else that the user will need, such as GRUB and flashrom. These are all fully integrated, in a way where - most of the detailed steps otherwise required of the user (if they used coreboot, the upstream provider) are completely eliminated.

      - - In much the same way that you can simply download an ISO image for your favourite GNU/Linux-libre distribution, and install it, - you can download pre-compiled libreboot ROM images (built from the sources) along with installation scripts and documentation - that make libreboot as easy to use as possible. -
    • -
    - -

    - Libreboot is not a fork of coreboot, despite misconceptions of this fact. Libreboot (downstream supplier) is a parallel effort - which works closely with and re-bases on the latest coreboot (upstream supplier) every so often. -

    - -

    - - As such, all new coreboot development should be done in coreboot, not libreboot! - Libreboot is about deblobbing, and packaging coreboot in a user-friendly way, where most work is already done for the user! - If, for example you wanted to attempt porting a new motherboard then you should do that in coreboot. Libreboot will (as a downstream supplier) - receive your change at some point in the future, in a future release. - -

    - -

    - Libreboot as a whole is the distribution consisting of everything surrounding coreboot. However, the main component is coreboot; - libreboot's deblobbed coreboot tree is sometimes referred to as coreboot-libre to distinguish it as a component of libreboot. -

    - -

    - A 'stable' coreboot: -

    -
      -
    • - Coreboot uses the rolling release model - (and it is therefore quite volatile; one day when you build coreboot, it may or may not work correctly on your machine). -
    • -
    • - Libreboot changes less often (as far as the release model is concerned), focusing instead on 'tested' releases for specific machines. - At any given time, it might also be possible to build ROM images for systems other than those officially supported. If you get your board to work - (without violating the "coreboot development goes in coreboot" rule), then others could benefit from it. -
    • -
    - -

    - On the other hand, coreboot is also strict about what it accepts (merges) into the main git repository: - most of the time, a lot of changes are under review at review.coreboot.org (as a way of encouraging as much further development - as possible before accepting the patch). -

    - -

    - Meanwhile, libreboot is a lot less strict in this area and freely merges specific patches that are desirable, sometimes before they are merged into coreboot's main repository. -

    - -

    Back to top of page.

    - -
    - -

    - Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See license.txt for more information. -

    + +
    diff --git a/docs/install/bbb_setup.html b/docs/install/bbb_setup.html index 3ccebc7..ee2326f 100644 --- a/docs/install/bbb_setup.html +++ b/docs/install/bbb_setup.html @@ -13,70 +13,69 @@ -
    +

    Setup the BeagleBone Black as an SPI flashrom programmer

    - -
    +

    How to use the BBB as an external flashrom programmer, for reading/writing an SPI flash chip.

    +

    Back to previous index

    +
    -

    Or go back to main index

    +
    -
    - -

    Hardware requirements

    - -

    - Shopping list (pictures of this hardware is shown later): -

    -
      -
    • - External SPI programmer: BeagleBone Black (rev. C) - is highly recommended. Sometimes referred to as 'BBB'. -
    • -
    • - Clip for connecting to the flash chip: Pomona 5250 - (SOIC-8) or Pomona 5252 (SOIC-16) is recommended - (X200S and X200 Tablet users will need a soldering iron - instead, because of the type of package the flash chip is - in on those machines). -
    • -
    • - External 3.3V DC power supply. The one used by this - author has the label HF100W-SF-3.3 on it, but any decent - supply will be fine. Some people use the 3.3V from an ATX - PSU for instance (the kind that you get on a typical - Intel/AMD desktop computer. 6A supply should be fine, - the one used by this author is 20A (it won't actually use - that, it's just what the PSU is capable of). -
    • -
    • - Dupont jumper cables (2.54mm / 0.1" headers) - You should get male-male, male-female and female-female - cables in 10cm and 20cm sizes. Just get a load of them. -
    • -
    • - Mini USB A-B cable (the BeagleBone probably already comes - with one.) -
    • -
    • - FTDI serial board, for unbricking the BeagleBone if - necessary. -
    • -
    • - 5V DC power supply (from wall outlet to the BeagleBone). - The BeagleBone can have power supplied via USB, but a - dedicated power supply is recommended. -
    • -
    - -

    - Back to top of page. -

    +

    Hardware requirements

    + +

    + Shopping list (pictures of this hardware is shown later): +

    +
      +
    • + External SPI programmer: BeagleBone Black (rev. C) + is highly recommended. Sometimes referred to as 'BBB'. +
    • +
    • + Clip for connecting to the flash chip: Pomona 5250 + (SOIC-8) or Pomona 5252 (SOIC-16) is recommended + (X200S and X200 Tablet users will need a soldering iron + instead, because of the type of package the flash chip is + in on those machines). +
    • +
    • + External 3.3V DC power supply. The one used by this + author has the label HF100W-SF-3.3 on it, but any decent + supply will be fine. Some people use the 3.3V from an ATX + PSU for instance (the kind that you get on a typical + Intel/AMD desktop computer. 6A supply should be fine, + the one used by this author is 20A (it won't actually use + that, it's just what the PSU is capable of). +
    • +
    • + Dupont jumper cables (2.54mm / 0.1" headers) + You should get male-male, male-female and female-female + cables in 10cm and 20cm sizes. Just get a load of them. +
    • +
    • + Mini USB A-B cable (the BeagleBone probably already comes + with one.) +
    • +
    • + FTDI serial board, for unbricking the BeagleBone if + necessary. +
    • +
    • + 5V DC power supply (from wall outlet to the BeagleBone). + The BeagleBone can have power supplied via USB, but a + dedicated power supply is recommended. +
    • +
    + +

    + Back to top of page. +

    + +
    -
    +
    -

    Configuring the BeagleBone Black

    - -

    Setting up the 3.3V DC PSU

    +

    Setting up the 3.3V DC PSU

    With my PSU, first I had wire up the mains power cable. Any clover or kettle lead will do. Cut the end off (not the one that goes in the wall, but the kettle/clover connector). @@ -107,7 +106,12 @@ If you are using a different PSU, then the steps will change from those above. Anyway, once you are satisfied, continue reading...

    -

    Setting up the BBB

    + +
    + +
    + +

    Setting up the BBB

    Your BBB will have an sshd with no password on root. Find it's IP address (it will use DHCP by default) and set a root password. The steps below @@ -265,9 +269,14 @@ Note: flashrom can never write if the flash chip isn't found automatically. This means that it's working (the clip isn't connected to any flash chip, so the error is fine).

    -

    + +

    + +
    + +

    Connecting the Pomona 5250/5252 -

    +

    Use this image for reference when connecting the pomona to the BBB: http://beagleboard.org/Support/bone101#headers @@ -326,20 +335,24 @@ Note: flashrom can never write if the flash chip isn't found automatically.

    Back to top of page.

    + +
    -
    +
    -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/install/index.html b/docs/install/index.html index 313c724..60d9a73 100644 --- a/docs/install/index.html +++ b/docs/install/index.html @@ -13,17 +13,25 @@ -

    Installing libreboot

    -

    - This section relates to installing libreboot on supported targets. -

    -

    - Or Back to main index. -

    +
    + +

    Installing libreboot

    +

    + This section relates to installing libreboot on supported targets. +

    +

    + Back to previous index +

    + +
    + +
    +

    Setting up external programmers

    +

    Installing libreboot (software)

    -
    - -

    QEMU

    - -

    - You don't really do anything here, just run (example):
    - $ qemu-system-i386 -M pc -m 512 -bios bin/qemu_i440fx_piix4/qemu_i440fx_piix4_ukdvorak_vesafb.rom -serial stdio
    - $ qemu-system-i386 -M q35 -m 512 -bios bin/qemu_q35_ich9/qemu_q35_ich9_ukdvorak_vesafb.rom -serial stdio -

    - -
    +
    + +
    -

    Recommended ROMs to flash

    - -

    - List of directories corresponding to each board: -

    -
      -
    • ThinkPad X60, X60s and X60 Tablet: bin/x60/
    • -
    • ThinkPad T60: bin/t60/ (note, see ../hcl/index.html#supported_t60_list)
    • -
    • ThinkPad X200: bin/x200_8mb/ (8MiB flash chip) or bin/x200_4mb (4MiB flash chip) (see ../hcl/x200.html)
    • -
    • Apple MacBook2,1: bin/macbook21/
    • -
    • Apple MacBook1,1: bin/macbook21/ (it's not a typo; the same ROMs work)
    • -
    - -

    These images use coreboot text-mode graphics:

    -
      -
    • US Qwerty keyboard: boardname_usqwerty_txtmode.rom
    • -
    • UK Qwerty keyboard: boardname_ukqwerty_txtmode.rom
    • -
    • US Dvorak keyboard: boardname_usdvorak_txtmode.rom
    • -
    • UK Dvorak keyboard: boardname_ukdvorak_txtmode.rom
    • -
    • French Azerty keyboard: boardname_frazerty_txtmode.rom
    • -
    • French Dvorak (BEPO): boardname_frdvbepo_txtmode.rom
    • -
    • Italian Qwerty keyboard: boardname_itqwerty_txtmode.rom
    • -
    • Swedish Qwerty keyboard: boardname_svenska_txtmode.rom
    • -
    -

    These images use coreboot framebuffer graphics:

    -
      -
    • US Qwerty keyboard: boardname_usqwerty_vesafb.rom
    • -
    • UK Qwerty keyboard: boardname_ukqwerty_vesafb.rom
    • -
    • US Dvorak keyboard: boardname_usdvorak_vesafb.rom
    • -
    • UK Dvorak keyboard: boardname_ukdvorak_vesafb.rom
    • -
    • French Azerty keyboard: boardname_frazerty_vesafb.rom
    • -
    • French Dvorak (BEPO): boardname_frdvbepo_vesafb.rom
    • -
    • Italian Qwerty keyboard: boardname_itqwerty_vesafb.rom
    • -
    • Swedish Qwerty keyboard: boardname_svenska_vesafb.rom
    • -
    +

    QEMU

    + +

    + You don't really do anything here, just run (example):
    + $ qemu-system-i386 -M pc -m 512 -bios bin/qemu_i440fx_piix4/qemu_i440fx_piix4_ukdvorak_vesafb.rom -serial stdio
    + $ qemu-system-i386 -M q35 -m 512 -bios bin/qemu_q35_ich9/qemu_q35_ich9_ukdvorak_vesafb.rom -serial stdio +

    +

    + Back to top of page. +

    -

    - The boards for boardname in the examples above can be found by the names of the directories - in ./bin/ or ./resources/libreboot/config/. -

    - -

    - _txtmode images come with a working MemTest86+ and GRUB Invaders, both of which require text-mode. - _vesafb images are recommended in most cases. -

    - -

    - This will give you your native keyboard layout inside GRUB. The preferences in your OS are not affected, it just makes using - the GRUB command line easier (if you ever need to do that). - ../grub/index.html#grub_keyboard shows you how this was done. If your native keyboard layout - differs, you can adapt those notes and hack the 'build' script for your needs. -

    - -

    Back to top of page.

    - -
    +
    -

    X60/X60S/X60T/T60: How to flash the ROMs onto your machine (if running Lenovo BIOS firmware).

    +
    -
    +

    Recommended ROMs to flash

    - Hover over the next paragraph to make it black. + List of directories corresponding to each board:

    -

    - Following this guide means simply flashing a libreboot ROM. This guide will not (directly) teach you how to make a backup (dump) of the original Lenovo BIOS - because to do so would be to explicitly endorse proprietary software. However, for the purposes of reverse engineering it can be useful - to have a backup. Each copy of the original Lenovo BIOS is tied to the specific machine that it came from; it will not run - on any other machine, even if it's the same type of machine as yours. What this means is that, effectively, you can back it up now (so that you can - re-flash it later if you want to run the original Lenovo BIOS again) or lose it forever. The X60/T60 installation - guide on the coreboot wiki will show you how to do this: - http://www.coreboot.org/Board:lenovo/x60/Installation.
    - Do not make this decision lightly! This is your last and only chance. +

      +
    • ThinkPad X60, X60s and X60 Tablet: bin/x60/
    • +
    • ThinkPad T60: bin/t60/ (note, see ../hcl/index.html#supported_t60_list)
    • +
    • ThinkPad X200: bin/x200_8mb/ (8MiB flash chip) or bin/x200_4mb (4MiB flash chip) (see ../hcl/x200.html)
    • +
    • Apple MacBook2,1: bin/macbook21/
    • +
    • Apple MacBook1,1: bin/macbook21/ (it's not a typo; the same ROMs work)
    • +
    + +

    These images use coreboot text-mode graphics:

    +
      +
    • US Qwerty keyboard: boardname_usqwerty_txtmode.rom
    • +
    • UK Qwerty keyboard: boardname_ukqwerty_txtmode.rom
    • +
    • US Dvorak keyboard: boardname_usdvorak_txtmode.rom
    • +
    • UK Dvorak keyboard: boardname_ukdvorak_txtmode.rom
    • +
    • French Azerty keyboard: boardname_frazerty_txtmode.rom
    • +
    • French Dvorak (BEPO): boardname_frdvbepo_txtmode.rom
    • +
    • Italian Qwerty keyboard: boardname_itqwerty_txtmode.rom
    • +
    • Swedish Qwerty keyboard: boardname_svenska_txtmode.rom
    • +
    +

    These images use coreboot framebuffer graphics:

    +
      +
    • US Qwerty keyboard: boardname_usqwerty_vesafb.rom
    • +
    • UK Qwerty keyboard: boardname_ukqwerty_vesafb.rom
    • +
    • US Dvorak keyboard: boardname_usdvorak_vesafb.rom
    • +
    • UK Dvorak keyboard: boardname_ukdvorak_vesafb.rom
    • +
    • French Azerty keyboard: boardname_frazerty_vesafb.rom
    • +
    • French Dvorak (BEPO): boardname_frdvbepo_vesafb.rom
    • +
    • Italian Qwerty keyboard: boardname_itqwerty_vesafb.rom
    • +
    • Swedish Qwerty keyboard: boardname_svenska_vesafb.rom
    • +
    + +

    + The boards for boardname in the examples above can be found by the names of the directories + in ./bin/ or ./resources/libreboot/config/.

    - The following is for the libreboot image and *not* the factory bios dump: + _txtmode images come with a working MemTest86+ and GRUB Invaders, both of which require text-mode. + _vesafb images are recommended in most cases.

    +

    - Check the last two 64K regions in your ROM file (libreboot.rom in this example):
    - $ dd if=libreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s libreboot.rom) - 0x10000] count=64k
    - $ dd if=libreboot.rom of=lower64k.bin bs=1 skip=$[$(stat -c %s libreboot.rom) - 0x20000] count=64k
    - $ sha512sum lower64k.bin top64k.bin
    - Make *sure* that they match before you continue. The ROMs included pre-compiled in libreboot should already match. - If they don't match, then do this (based on those instructions from coreboot wiki):
    - $ dd if=top64k.bin of=libreboot.rom bs=1 seek=$[$(stat -c %s libreboot.rom) - 0x20000] count=64k conv=notrunc
    - After this, the ROM will be safe to flash. Explanation is provided in ../git/index.html#build_bucts. + This will give you your native keyboard layout inside GRUB. The preferences in your OS are not affected, it just makes using + the GRUB command line easier (if you ever need to do that). + ../grub/index.html#grub_keyboard shows you how this was done. If your native keyboard layout + differs, you can adapt those notes and hack the 'build' script for your needs.

    -
    - -

    This is for the ThinkPad X60 and T60 while running Lenovo BIOS. If you already have coreboot or libreboot running, - then go to #flashrom instead!

    - -

    If you are flashing a Lenovo ThinkPad T60, be sure to read ../hcl/index.html#supported_t60_list

    +

    Back to top of page.

    + +
    + +
    + +

    X60/X60S/X60T/T60: How to flash the ROMs onto your machine (if running Lenovo BIOS firmware).

    + +
    + +

    + Hover over the next paragraph to make it black. +

    +

    + Following this guide means simply flashing a libreboot ROM. This guide will not (directly) teach you how to make a backup (dump) of the original Lenovo BIOS + because to do so would be to explicitly endorse proprietary software. However, for the purposes of reverse engineering it can be useful + to have a backup. Each copy of the original Lenovo BIOS is tied to the specific machine that it came from; it will not run + on any other machine, even if it's the same type of machine as yours. What this means is that, effectively, you can back it up now (so that you can + re-flash it later if you want to run the original Lenovo BIOS again) or lose it forever. The X60/T60 installation + guide on the coreboot wiki will show you how to do this: + http://www.coreboot.org/Board:lenovo/x60/Installation.
    + Do not make this decision lightly! This is your last and only chance. +

    + +

    + The following is for the libreboot image and *not* the factory bios dump: +

    +

    + Check the last two 64K regions in your ROM file (libreboot.rom in this example):
    + $ dd if=libreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s libreboot.rom) - 0x10000] count=64k
    + $ dd if=libreboot.rom of=lower64k.bin bs=1 skip=$[$(stat -c %s libreboot.rom) - 0x20000] count=64k
    + $ sha512sum lower64k.bin top64k.bin
    + Make *sure* that they match before you continue. The ROMs included pre-compiled in libreboot should already match. + If they don't match, then do this (based on those instructions from coreboot wiki):
    + $ dd if=top64k.bin of=libreboot.rom bs=1 seek=$[$(stat -c %s libreboot.rom) - 0x20000] count=64k conv=notrunc
    + After this, the ROM will be safe to flash. Explanation is provided in ../git/index.html#build_bucts. +

    + +
    + +

    This is for the ThinkPad X60 and T60 while running Lenovo BIOS. If you already have coreboot or libreboot running, + then go to #flashrom instead!

    + +

    If you are flashing a Lenovo ThinkPad T60, be sure to read ../hcl/index.html#supported_t60_list

    + +
    +

    + If you are using libreboot_src or git, then make sure that you built the sources first (see ../git/index.html#build). +

    +
    + +

    "YOURBOARD/YOURROM" should be replaced with what is correct as per #rom. Alternatively + you may be using your own custom ROM. Adapt.

    -

    - If you are using libreboot_src or git, then make sure that you built the sources first (see ../git/index.html#build). + Run the script:
    + $ sudo ./lenovobios_firstflash bin/YOURBOARD/YOURROM.

    -
    -

    "YOURBOARD/YOURROM" should be replaced with what is correct as per #rom. Alternatively - you may be using your own custom ROM. Adapt.

    +
    -

    - Run the script:
    - $ sudo ./lenovobios_firstflash bin/YOURBOARD/YOURROM. -

    +

    + You should see within the output the following:
    + "Updated BUC.TS=1 - 64kb address ranges at 0xFFFE0000 and 0xFFFF0000 are swapped". +

    -
    +

    + You should also see within the output the following:
    + "Flash chip is in an unknown state", "FAILED" and "DO NOT SHUTDOWN OR REBOOT"
    + Seeing this means that the operation was a resounding success! DON'T PANIC. +

    -

    - You should see within the output the following:
    - "Updated BUC.TS=1 - 64kb address ranges at 0xFFFE0000 and 0xFFFF0000 are swapped". -

    +

    + See this link for more details: + http://thread.gmane.org/gmane.linux.bios.flashrom/575. +

    -

    - You should also see within the output the following:
    - "Flash chip is in an unknown state", "FAILED" and "DO NOT SHUTDOWN OR REBOOT"
    - Seeing this means that the operation was a resounding success! DON'T PANIC. -

    +

    + If the above is what you see, then SHUT DOWN. Wait a few seconds, and then boot; libreboot is running, but there is a 2nd procedure *needed* (see below). +

    + +

    - See this link for more details: - http://thread.gmane.org/gmane.linux.bios.flashrom/575. + + If you boot and you see nothing, try turning up the backlight (Fn+Home). +

    - If the above is what you see, then SHUT DOWN. Wait a few seconds, and then boot; libreboot is running, but there is a 2nd procedure *needed* (see below). + When you have booted up again:
    + $ sudo ./lenovobios_secondflash bin/YOURBOARD/YOURROM

    -
    +
    -

    - - If you boot and you see nothing, try turning up the backlight (Fn+Home). - -

    +

    + You should see within the output the following:
    + "Updated BUC.TS=0 - 128kb address range 0xFFFE0000-0xFFFFFFFF is untranslated" +

    -

    - When you have booted up again:
    - $ sudo ./lenovobios_secondflash bin/YOURBOARD/YOURROM -

    +

    + You should also see within the output the following:
    + "Verifying flash... VERIFIED." +

    -
    +

    Shut down again, wait a few seconds, and then boot.

    -

    - You should see within the output the following:
    - "Updated BUC.TS=0 - 128kb address range 0xFFFE0000-0xFFFFFFFF is untranslated" -

    +

    - You should also see within the output the following:
    - "Verifying flash... VERIFIED." + Some thinkpads come with WWAN cards installed, along with sim cards. These use non-free firmware and should be removed. + You might also want to remove bluetooth. See ../security/x60_security.html and + ../security/t60_security.html.

    -

    Shut down again, wait a few seconds, and then boot.

    +

    Back to top of page.

    + +
    -
    +
    -

    - Some thinkpads come with WWAN cards installed, along with sim cards. These use non-free firmware and should be removed. - You might also want to remove bluetooth. See ../security/x60_security.html and - ../security/t60_security.html. -

    +

    macbook21: How to flash your ROM (if running Apple EFI firmware)

    -

    Back to top of page.

    +
    -
    +

    + Hover over the next paragraph to make it black. +

    +

    + Following this guide means simply flashing a libreboot ROM. This guide will not (directly) teach you how to make a backup (dump) of the original Apple EFI firmware + because to do so would be to explicitly endorse proprietary software. However, for the purposes of reverse engineering it can be useful + to have a backup. Each copy of the original Apple EFI is (believed, but unproven to be) tied to the specific machine that it came from; it will not (as is believed) run + on any other machine, even if it's the same type of machine as yours. What this means is that, effectively, you can back it up now (so that you can + re-flash it later if you want to run the original Apple EFI firmware again) or lose it forever. The macbook21 installation + guide on the coreboot wiki will show you how to do this: + http://www.coreboot.org/Board:apple/macbook21.
    + Do not make this decision lightly! This is (very likely) your last and only chance. +

    -

    macbook21: How to flash your ROM (if running Apple EFI firmware)

    +

    + (this theory is untested at the time of writing) +

    -
    +

    + Note: If you have a MacBook1,1 then these instructions will not work. See ../hcl/index.html#macbook11 for MacBook1,1 flashing instructions. +

    + +

    - Hover over the next paragraph to make it black. + + This is for the MacBook2,1 while running Apple EFI firmware. If you already have + coreboot or libreboot running, then go to #flashrom instead! +

    -

    - Following this guide means simply flashing a libreboot ROM. This guide will not (directly) teach you how to make a backup (dump) of the original Apple EFI firmware - because to do so would be to explicitly endorse proprietary software. However, for the purposes of reverse engineering it can be useful - to have a backup. Each copy of the original Apple EFI is (believed, but unproven to be) tied to the specific machine that it came from; it will not (as is believed) run - on any other machine, even if it's the same type of machine as yours. What this means is that, effectively, you can back it up now (so that you can - re-flash it later if you want to run the original Apple EFI firmware again) or lose it forever. The macbook21 installation - guide on the coreboot wiki will show you how to do this: - http://www.coreboot.org/Board:apple/macbook21.
    - Do not make this decision lightly! This is (very likely) your last and only chance. + +

    + Be sure to read the information in ../hcl/index.html#macbook21.

    +
    +

    + If you are using libreboot_src or git, then make sure that you built the sources first (see ../git/index.html#build). +

    +
    +

    - (this theory is untested at the time of writing) + Look at #rom to see which ROM is suitable for your machine. Alternatively you may be using your own + custom ROM. Adapt.

    - Note: If you have a MacBook1,1 then these instructions will not work. See ../hcl/index.html#macbook11 for MacBook1,1 flashing instructions. + Flashing is actually easy (compared to X60/T60).
    + $ sudo flashrom -p internal:laptop=force_I_want_a_brick -w bin/YOURBOARD/YOURROM

    -
    +

    + Alternatively, a script is provided which does the same thing:
    + $ sudo ./macbook21_firstflash bin/YOURBOARD/YOURROM +

    -

    - - This is for the MacBook2,1 while running Apple EFI firmware. If you already have - coreboot or libreboot running, then go to #flashrom instead! - -

    +
    -

    - Be sure to read the information in ../hcl/index.html#macbook21. -

    +

    + You should also see within the output the following:
    + "Verifying flash... VERIFIED." +

    -
    -

    - If you are using libreboot_src or git, then make sure that you built the sources first (see ../git/index.html#build). -

    -
    +

    + If you see that, great! Shut down now (power off). Wait a few seconds and then boot! +

    -

    - Look at #rom to see which ROM is suitable for your machine. Alternatively you may be using your own - custom ROM. Adapt. -

    +

    + + If you boot and you see nothing, try turning up the backlight (F2 for macbook21). + +

    -

    - Flashing is actually easy (compared to X60/T60).
    - $ sudo flashrom -p internal:laptop=force_I_want_a_brick -w bin/YOURBOARD/YOURROM -

    -

    - Alternatively, a script is provided which does the same thing:
    - $ sudo ./macbook21_firstflash bin/YOURBOARD/YOURROM -

    +
    + +

    Back to top of page.

    + +
    -
    +
    + +

    X60/X60S/X60T/T60/X200/macbook21: How to flash the ROMs onto your machine (if running libreboot or coreboot already)

    - You should also see within the output the following:
    - "Verifying flash... VERIFIED." + + These instructions work for the Lenovo ThinkPad X60/X60S/X60T/T60 and Apple MacBook2,1. +

    -

    - If you see that, great! Shut down now (power off). Wait a few seconds and then boot! + + This assumes that you already have coreboot or libreboot running. +

    -

    - If you boot and you see nothing, try turning up the backlight (F2 for macbook21). + If you have Lenovo BIOS running (X60/X60S/X60T/T60), go to #flashrom_lenovobios instead.

    - - -
    - -

    Back to top of page.

    - -
    - -

    X60/X60S/X60T/T60/X200/macbook21: How to flash the ROMs onto your machine (if running libreboot or coreboot already)

    - -

    - - These instructions work for the Lenovo ThinkPad X60/X60S/X60T/T60 and Apple MacBook2,1. - -

    -

    - - This assumes that you already have coreboot or libreboot running. - -

    -

    - - If you have Lenovo BIOS running (X60/X60S/X60T/T60), go to #flashrom_lenovobios instead. - -

    -

    - - If you have Lenovo BIOS running (X200), go to x200_external.html instead. - -

    -

    - - If you have Apple EFI firmware running (macbook21), go to #flashrom_macbook21 instead. - -

    -

    - - If you are flashing a Lenovo ThinkPad T60, be sure to read ../hcl/index.html#supported_t60_list. - -

    -

    - - If you have an X200 with libreboot or coreboot already running, note that - the Gbe in the boot flash contains your MAC address. You will need to change the default - MAC address inside the ROM images before flashing a new libreboot image. See - ich9gen for details. - - Another important note about the X200: even if you do already have libreboot or coreboot, - it is possible for the user to write-protect regions in the flash chip, by modifying - the flash descriptor. If you have locked regions, you will need an external flasher - (see x200_external.html) to re-flash those regions. By default, - the X200 ROM images in libreboot contain a descriptor+gbe with all regions unlocked. - -

    -

    - - If you are flashing an Apple MacBook2,1, be sure to read the information in ../hcl/index.html#macbook21. - -

    -

    - If you are using libreboot_src or git, then make sure that you built the sources first (see ../git/index.html#build). + + If you have Lenovo BIOS running (X200), go to x200_external.html instead. +

    -
    -

    - Look at #rom to see which ROM is suitable for your machine. Alternative you may be using your own - custom ROM. Adapt. -

    -

    - Flash the ROM:
    - $ sudo ./flash bin/YOURBOARD/YOURROM -

    -

    - If you are flashing a ThinkPad X60 that is currently running libreboot 5th release or lower - (anything on or before June 22nd 2014), then use this to upgrade:
    - $ sudo ./x60flashfrom5 bin/YOURBOARD/YOURROM -

    - -
    -

    - You should see "Verifying flash... VERIFIED." written at the end of the flashrom output. SHUT DOWN - after you see this, and then boot up again after a few seconds. + + If you have Apple EFI firmware running (macbook21), go to #flashrom_macbook21 instead. + +

    +

    + + If you are flashing a Lenovo ThinkPad T60, be sure to read ../hcl/index.html#supported_t60_list. + +

    +

    + + If you have an X200 with libreboot or coreboot already running, note that + the Gbe in the boot flash contains your MAC address. You will need to change the default + MAC address inside the ROM images before flashing a new libreboot image. See + ich9gen for details. + + Another important note about the X200: even if you do already have libreboot or coreboot, + it is possible for the user to write-protect regions in the flash chip, by modifying + the flash descriptor. If you have locked regions, you will need an external flasher + (see x200_external.html) to re-flash those regions. By default, + the X200 ROM images in libreboot contain a descriptor+gbe with all regions unlocked. +

    -

    - If you boot and you see nothing, try turning up the backlight (Fn+Home for X60/X60S/X60T/T60/X200, F2 for macbook21). + If you are flashing an Apple MacBook2,1, be sure to read the information in ../hcl/index.html#macbook21.

    +
    +

    + If you are using libreboot_src or git, then make sure that you built the sources first (see ../git/index.html#build). +

    +
    +

    + Look at #rom to see which ROM is suitable for your machine. Alternative you may be using your own + custom ROM. Adapt. +

    +

    + Flash the ROM:
    + $ sudo ./flash bin/YOURBOARD/YOURROM +

    +

    + If you are flashing a ThinkPad X60 that is currently running libreboot 5th release or lower + (anything on or before June 22nd 2014), then use this to upgrade:
    + $ sudo ./x60flashfrom5 bin/YOURBOARD/YOURROM +

    -
    +
    -

    - Some thinkpads come with WWAN cards installed, along with sim cards. These use non-free firmware and should be removed. - You might also want to remove bluetooth. See ../security/x60_security.html and - ../security/t60_security.html. -

    +

    + You should see "Verifying flash... VERIFIED." written at the end of the flashrom output. SHUT DOWN + after you see this, and then boot up again after a few seconds. +

    -

    Back to top of page

    +

    + + If you boot and you see nothing, try turning up the backlight (Fn+Home for X60/X60S/X60T/T60/X200, F2 for macbook21). + +

    -
    +
    -

    - Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Some thinkpads come with WWAN cards installed, along with sim cards. These use non-free firmware and should be removed. + You might also want to remove bluetooth. See ../security/x60_security.html and + ../security/t60_security.html. +

    + +

    Back to top of page

    + +
    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +
    + +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/install/t60_unbrick.html b/docs/install/t60_unbrick.html index ba010d3..a36f961 100644 --- a/docs/install/t60_unbrick.html +++ b/docs/install/t60_unbrick.html @@ -13,161 +13,166 @@ -
    +

    Unbricking the ThinkPad T60

    - -
    - -

    Or go back to main index

    - -

    Table of Contents

    - - -

    Brick type 1: bucts not reset.

    -

    - You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and - the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.

    - - In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:
    -

    - - *Those dd commands should be applied to all newly compiled T60 ROM images (the ROM images in libreboot binary archives already have this applied!):
    - dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k
    - dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump
    - dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc
    - (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running, - using those instructions: http://www.coreboot.org/Board:lenovo/x60/Installation. - (it says x60, but instructions for t60 are identical) -

    - -

    bad rom (or user error), machine won't boot

    - -

    - In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from - booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all. -

    -

    - "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides). -

    - -

    - Remove those screws and remove the HDD:
    - -

    - -

    - Lift off the palm rest:
    - -

    - -

    - Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:
    - -

    - -

    - Gently wedge both sides loose:
    - -

    - -

    - Remove that cable from the position:
    - -

    - -

    - Now remove that bezel. Remove wifi, nvram battery and speaker connector (also remove 56k modem, on the left of wifi):
    - -

    - -

    - Remove those screws:
    - -

    - -

    - Disconnect the power jack:
    - -

    - -

    - Remove nvram battery:
    - -

    - -

    - Disconnect cable (for 56k modem) and disconnect the other cable:
    - -

    - -

    - Disconnect speaker cable:
    - -

    - -

    - Disconnect the other end of the 56k modem cable:
    - -

    - -

    - Make sure you removed it:
    - -

    - -

    - Unscrew those:
    - -

    - -

    - Make sure you removed those:
    - -

    - -

    - Disconnect LCD cable from board:
    - -

    - -

    - Remove those screws then remove the LCD assembly:
    - -

    - -

    - Once again, make sure you removed those:
    - -

    - -

    - Remove the shielding containing the motherboard, then flip it over. Remove these screws, placing them on a steady - surface in the same layout as they were in before you removed them. Also, you should mark each screw hole after removing the - screw (a permanent marker pen will do), this is so that you have a point of reference when re-assembling the machine:
    - - -

    - -

    - Now wire up the BBB and the Pomona with your PSU.
    - Refer to bbb_setup.html for how to setup - the BBB for flashing.
    - Note, the guide mentions a 3.3v DC PSU but you don't need this on the T60: - if you don't have or don't want to use an external PSU, then make - sure not to connect the red/black 3.3v leads mentioned in the guide; - instead, connect the AC adapter (the one that normally charges your - battery) so that the board has power (but don't boot it up)
    -
    - Correlate the following with the BBB guide linked above: -

    +

    This guide will show you how to recover from a bad flash that prevents your ThinkPad T60 from booting.

    +

    Back to previous index

    +
    + +
    +

    Table of Contents

    + +
    + +
    +

    Brick type 1: bucts not reset.

    +

    + You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and + the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.

    + + In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:
    +

    + + *Those dd commands should be applied to all newly compiled T60 ROM images (the ROM images in libreboot binary archives already have this applied!):
    + dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k
    + dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump
    + dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc
    + (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running, + using those instructions: http://www.coreboot.org/Board:lenovo/x60/Installation. + (it says x60, but instructions for t60 are identical) +

    +
    + +
    + +

    bad rom (or user error), machine won't boot

    + +

    + In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from + booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all. +

    +

    + "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides). +

    + +

    + Remove those screws and remove the HDD:
    + +

    + +

    + Lift off the palm rest:
    + +

    + +

    + Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:
    + +

    + +

    + Gently wedge both sides loose:
    + +

    + +

    + Remove that cable from the position:
    + +

    + +

    + Now remove that bezel. Remove wifi, nvram battery and speaker connector (also remove 56k modem, on the left of wifi):
    + +

    + +

    + Remove those screws:
    + +

    + +

    + Disconnect the power jack:
    + +

    + +

    + Remove nvram battery:
    + +

    + +

    + Disconnect cable (for 56k modem) and disconnect the other cable:
    + +

    + +

    + Disconnect speaker cable:
    + +

    + +

    + Disconnect the other end of the 56k modem cable:
    + +

    + +

    + Make sure you removed it:
    + +

    + +

    + Unscrew those:
    + +

    + +

    + Make sure you removed those:
    + +

    + +

    + Disconnect LCD cable from board:
    + +

    + +

    + Remove those screws then remove the LCD assembly:
    + +

    + +

    + Once again, make sure you removed those:
    + +

    + +

    + Remove the shielding containing the motherboard, then flip it over. Remove these screws, placing them on a steady + surface in the same layout as they were in before you removed them. Also, you should mark each screw hole after removing the + screw (a permanent marker pen will do), this is so that you have a point of reference when re-assembling the machine:
    + + +

    + +

    + Now wire up the BBB and the Pomona with your PSU.
    + Refer to bbb_setup.html for how to setup + the BBB for flashing.
    + Note, the guide mentions a 3.3v DC PSU but you don't need this on the T60: + if you don't have or don't want to use an external PSU, then make + sure not to connect the red/black 3.3v leads mentioned in the guide; + instead, connect the AC adapter (the one that normally charges your + battery) so that the board has power (but don't boot it up)
    +
    + Correlate the following with the BBB guide linked above: +

     POMONA 5250:
     ===  DVD drive ====
    @@ -179,98 +184,102 @@ POMONA 5250:
     This is how you will connect. Numbers refer to pin numbers on the BBB, on the plugs near the DC jack.
     
    -

    - Connect the pomona from the BBB to the flash chip. No pics unfortunately. (use the text diagram above). -

    - -

    - SSH'd into the BBB:
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -w yourrom.rom -

    -

    - It should be Verifying flash... VERIFIED at the end. If flashrom complains about multiple flash chip - definitions detected, then choose one of them following the instructions in the output. -

    - -

    - Put those screws back:
    - -

    - -

    - Put it back into lower chassis:
    - -

    - -

    - Attach LCD and insert screws (also, attach the lcd cable to the board):
    - -

    - -

    - Insert those screws:
    - -

    - -

    - On the CPU (and there is another chip south-east to it, sorry forgot to take pic) - clean off the old thermal paste (with the alcohol) and apply new (Artic Silver 5 is good, others are good too) - you should also clean the heatsink the same way
    - -

    - -

    - Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):
    - +

    + Connect the pomona from the BBB to the flash chip. No pics unfortunately. (use the text diagram above). +

    + +

    + SSH'd into the BBB:
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -w yourrom.rom +

    +

    + It should be Verifying flash... VERIFIED at the end. If flashrom complains about multiple flash chip + definitions detected, then choose one of them following the instructions in the output. +

    + +

    + Put those screws back:
    + +

    + +

    + Put it back into lower chassis:
    + +

    + +

    + Attach LCD and insert screws (also, attach the lcd cable to the board):
    + +

    + +

    + Insert those screws:
    + +

    + +

    + On the CPU (and there is another chip south-east to it, sorry forgot to take pic) + clean off the old thermal paste (with the alcohol) and apply new (Artic Silver 5 is good, others are good too) + you should also clean the heatsink the same way
    + +

    + +

    + Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):
    + +

    + +

    + Reinstall that upper bezel:
    + +

    + +

    + Do that:
    + +

    + +

    + Re-attach modem, wifi, (wwan?), and all necessary cables. Sorry, forgot to take pics. Look at previous removal steps to see where they go back to. +

    + +

    + Attach keyboard and install nvram battery:
    + +

    + +

    + Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:
    + +

    + +

    + It lives!
    + +

    + +

    + Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:
    + +

    + +
    + +
    + +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -

    - Reinstall that upper bezel:
    - -

    - -

    - Do that:
    - -

    - -

    - Re-attach modem, wifi, (wwan?), and all necessary cables. Sorry, forgot to take pics. Look at previous removal steps to see where they go back to. -

    - -

    - Attach keyboard and install nvram battery:
    - -

    - -

    - Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:
    - -

    - -

    - It lives!
    - -

    - -

    - Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:
    - -

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/install/x200_external.html b/docs/install/x200_external.html index 84bf2ed..66f938f 100644 --- a/docs/install/x200_external.html +++ b/docs/install/x200_external.html @@ -13,62 +13,61 @@ -
    +

    Flashing the X200 with a BeagleBone Black

    - -
    - -

    - This guide is for those who want libreboot on their ThinkPad X200 - while they still have the original Lenovo BIOS present. This guide - can also be followed (adapted) if you brick your X200, to know how - to recover. -

    - -

    - The X200S is also briefly covered (image showing soldering joints, wired up - to a BBB). Note, not all X200S or X200 Tablet configurations are supported yet - (see ../hcl/x200.html#x200s -

    - -

    - Before following this section, please make sure to setup your libreboot ROM properly first. - Although ROM images are provided pre-built in libreboot, there are some modifications that - you need to make to the one you chose before flashing. (instructions referenced later in - this guide) -

    +

    Initial flashing instructions for X200.

    +

    + This guide is for those who want libreboot on their ThinkPad X200 + while they still have the original Lenovo BIOS present. This guide + can also be followed (adapted) if you brick your X200, to know how + to recover. +

    +

    + The X200S is also briefly covered (image showing soldering joints, wired up + to a BBB). Note, not all X200S or X200 Tablet configurations are supported yet + (see ../hcl/x200.html#x200s +

    +

    + Before following this section, please make sure to setup your libreboot ROM properly first. + Although ROM images are provided pre-built in libreboot, there are some modifications that + you need to make to the one you chose before flashing. (instructions referenced later in + this guide) +

    -

    Or go back to main index

    +

    Back to main index

    +
    -
    +
    -

    Flash chips

    - -

    - There are two possible flash chip sizes for the X200: 4MiB - (32Mbit) or 8MiB (64Mbit). This can be identified by the type - of flash chip below the palmrest: 4MiB is SOIC-8 (8 pins), 8MiB - is SOIC-16 (16 pins). The X200S uses a WSON package and has the same - pinout as SOIC-8 (covered briefly later on in this guide) but - the chip is on the underside of the board (disassembly required). -

    - -

    - Back to top of page. -

    +

    Flash chips

    + +

    + There are two possible flash chip sizes for the X200: 4MiB + (32Mbit) or 8MiB (64Mbit). This can be identified by the type + of flash chip below the palmrest: 4MiB is SOIC-8 (8 pins), 8MiB + is SOIC-16 (16 pins). The X200S uses a WSON package and has the same + pinout as SOIC-8 (covered briefly later on in this guide) but + the chip is on the underside of the board (disassembly required). +

    -
    +

    + Back to top of page. +

    + +
    + +
    -

    Initial BBB setup

    - -

    - Refer to bbb_setup.html for how to - setup the BBB for flashing. -

    +

    Initial BBB setup

    + +

    + Refer to bbb_setup.html for how to + setup the BBB for flashing. +

    -

    - The following shows how to connect clip to the BBB (on the P9 header), for SOIC-16 (clip: Pomona 5252): -

    +

    + The following shows how to connect clip to the BBB (on the P9 header), for SOIC-16 (clip: Pomona 5252): +

     POMONA 5252 (correlate with the BBB guide)
     ===  front (display) on your X200 ====
    @@ -83,9 +82,9 @@ POMONA 5252 (correlate with the BBB guide)
     ===  back (palmrest) on your X200 ===
     This is how you will connect. Numbers refer to pin numbers on the BBB, on the plugs near the DC jack.
     
    -

    - The following shows how to connect clip to the BBB (on the P9 header), for SOIC-8 (clip: Pomona 5250): -

    +

    + The following shows how to connect clip to the BBB (on the P9 header), for SOIC-8 (clip: Pomona 5250): +

     POMONA 5250 (correlate with the BBB guide)
     ===  front (display) on your X200 ====
    @@ -96,34 +95,34 @@ POMONA 5250 (correlate with the BBB guide)
     ===  back (palmrest) on your X200 ===
     This is how you will connect. Numbers refer to pin numbers on the BBB, on the plugs near the DC jack.
     
    -

    - On the X200S the flash chip is underneath the board, in a WSON package. - The pinout is very much the same as a SOIC-8, except you need to solder (there are no clips available). - images/x200/wson_soldered.jpg (image copyright (C) 2014 Steve Shenton under CC-BY-SA 4.0 - or higher, same license that this document uses) shows it wired (soldered) and - connected to a BBB. -

    - -

    - Connect Pomona 5252/5250 to the X200 flash chip, and dump/flash -

    -

    - images/x200/x200_pomona.jpg - shows everything connected. In this picture, the X200 is being flashed - with the BBB. -

    - Remove the battery from your X200, then remove all the screws on - the bottom (underside) of the machine. Then remove the keyboard and palmrest. - The flash chip is below the palm rest. Lift back the tape that goes over it, - and then connect your 5252/5250 (make sure to get it the right way round). - Then connect the 3.3v PSU wire (red one) and make sure that everything else is connected. -

    -

    - I did (SSH'd into the BBB):
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512
    - In my case, the output was: + On the X200S the flash chip is underneath the board, in a WSON package. + The pinout is very much the same as a SOIC-8, except you need to solder (there are no clips available). + images/x200/wson_soldered.jpg (image copyright (C) 2014 Steve Shenton under CC-BY-SA 4.0 + or higher, same license that this document uses) shows it wired (soldered) and + connected to a BBB.

    + +

    + Connect Pomona 5252/5250 to the X200 flash chip, and dump/flash +

    +

    + images/x200/x200_pomona.jpg + shows everything connected. In this picture, the X200 is being flashed + with the BBB. +

    +

    + Remove the battery from your X200, then remove all the screws on + the bottom (underside) of the machine. Then remove the keyboard and palmrest. + The flash chip is below the palm rest. Lift back the tape that goes over it, + and then connect your 5252/5250 (make sure to get it the right way round). + Then connect the 3.3v PSU wire (red one) and make sure that everything else is connected. +

    +

    + I did (SSH'd into the BBB):
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512
    + In my case, the output was: +

     flashrom v0.9.7-r1854 on Linux 3.8.13-bone47 (armv7l)
     flashrom is free software, get the source code at http://www.flashrom.org
    @@ -134,48 +133,48 @@ Found Macronix flash chip "MX25L6445E/MX25L6473E" (8192 kB, SPI) on li
     Multiple flash chip definitions match the detected chip(s): "MX25L6405(D)", "MX25L6406E/MX25L6436E", "MX25L6445E/MX25L6473E"
     Please specify which chip definition to use with the -c <chipname> option.
     
    -

    - This is just to test that it's working. In my case, I had to define which chip to use, like so (in your case - it may be different, depending on what flash chip you have):
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -

    -

    - At this point, you need to create a copy of the original lenovo firmware that is currently flashed. - This is so that you can extract the gbe (gigabit ethernet) and flash descriptor regions for use in libreboot. These - are not blobs, they only contain non-functional data (configuration details, fully readable) which is fully documented in public datasheets. - The descriptor will need to be modified - to disable the ME (also disable AMT) so that you can flash a ROM that excludes it. -

    -

    - How to backup factory.rom (change the -c option as neeed, for your flash chip):
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -r factory.rom
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -r factory1.rom
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -r factory2.rom
    - Now compare the 3 images:
    - # sha512sum factory*.rom
    - If the hashes match, then just copy one of them (the factory.rom) to a safe place (on a drive connected to another machine, not - the BBB). You will need it later for part of the deblobbing. -

    -

    - Information about the descriptor, gbe regions and how the ME was removed can be found in the notes linked at - ../hcl/x200_remove_me.html. Libreboot ROM images now include - the 12KiB descriptor+gbe by default, generated using ich9gen; - however, do note that the MAC address in the Gbe region is generic. Follow the instructions at - ../hcl/x200_remove_me.html#ich9gen and do what it says to change the MAC address - inside your X200 ROM image, before flashing it. -

    -

    - Assuming that your libreboot ROM image is properly setup (modified descriptor plus gbe region included in the ROM), - then you can flash (assuming that the filename is libreboot.rom) for example I had to do:
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -w libreboot.rom -

    -

    - You might see errors, but if it says Verifying flash... VERIFIED at the end, then it's flashed and should boot. - Test it! (boot your X200) -

    -

    - My output when running the command above: -

    +

    + This is just to test that it's working. In my case, I had to define which chip to use, like so (in your case + it may be different, depending on what flash chip you have):
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" +

    +

    + At this point, you need to create a copy of the original lenovo firmware that is currently flashed. + This is so that you can extract the gbe (gigabit ethernet) and flash descriptor regions for use in libreboot. These + are not blobs, they only contain non-functional data (configuration details, fully readable) which is fully documented in public datasheets. + The descriptor will need to be modified + to disable the ME (also disable AMT) so that you can flash a ROM that excludes it. +

    +

    + How to backup factory.rom (change the -c option as neeed, for your flash chip):
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -r factory.rom
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -r factory1.rom
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -r factory2.rom
    + Now compare the 3 images:
    + # sha512sum factory*.rom
    + If the hashes match, then just copy one of them (the factory.rom) to a safe place (on a drive connected to another machine, not + the BBB). You will need it later for part of the deblobbing. +

    +

    + Information about the descriptor, gbe regions and how the ME was removed can be found in the notes linked at + ../hcl/x200_remove_me.html. Libreboot ROM images now include + the 12KiB descriptor+gbe by default, generated using ich9gen; + however, do note that the MAC address in the Gbe region is generic. Follow the instructions at + ../hcl/x200_remove_me.html#ich9gen and do what it says to change the MAC address + inside your X200 ROM image, before flashing it. +

    +

    + Assuming that your libreboot ROM image is properly setup (modified descriptor plus gbe region included in the ROM), + then you can flash (assuming that the filename is libreboot.rom) for example I had to do:
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -c "MX25L6405(D)" -w libreboot.rom +

    +

    + You might see errors, but if it says Verifying flash... VERIFIED at the end, then it's flashed and should boot. + Test it! (boot your X200) +

    +

    + My output when running the command above: +

     flashrom v0.9.7-r1854 on Linux 3.8.13-bone47 (armv7l)
     flashrom is free software, get the source code at http://www.flashrom.org
    @@ -188,24 +187,28 @@ Reading current flash chip contents... done. Looking for another erase function.
     Erase/write done.
     Verifying flash... VERIFIED.
     
    + +

    + Back to top of page. +

    -

    - Back to top of page. -

    +
    -
    +
    -

    - Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/install/x60_unbrick.html b/docs/install/x60_unbrick.html index 89edfb4..1b5056d 100644 --- a/docs/install/x60_unbrick.html +++ b/docs/install/x60_unbrick.html @@ -13,123 +13,128 @@ -
    +

    Unbricking the ThinkPad X60

    - -
    +

    This guide will show you how to recover from a bad flash that prevents your ThinkPad X60 from booting.

    +

    Back to previous index

    + -

    Or go back to main index

    +
    +

    Table of Contents

    + +
    -

    Table of Contents

    - +
    +

    Brick type 1: bucts not reset.

    +

    + You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and + the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.

    -

    Brick type 1: bucts not reset.

    -

    - You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and - the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.

    - - In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:
    -

    + In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:
    +

    - *Those dd commands should be applied to all newly compiled X60 ROM images (the ROM images in libreboot binary archives already have this applied!):
    - dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k
    - dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump
    - dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc
    - (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running, - using those instructions: http://www.coreboot.org/Board:lenovo/x60/Installation. -

    + *Those dd commands should be applied to all newly compiled X60 ROM images (the ROM images in libreboot binary archives already have this applied!):
    + dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k
    + dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump
    + dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc
    + (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running, + using those instructions: http://www.coreboot.org/Board:lenovo/x60/Installation. +

    +
    + +
    -

    bad rom (or user error), machine won't boot

    -

    - In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from - booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all. -

    -

    - "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides). -

    -

    - Remove those screws:
    - -

    -

    - Push the keyboard forward (carefully):
    - -

    -

    - Lift the keyboard up and disconnect it from the board:
    - -

    -

    - Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:
    - -

    -

    - You should now have this:
    - -

    -

    - Disconnect the wifi antenna cables, the modem cable and the speaker:
    - -

    -

    - Unroute the cables along their path, carefully lifting the tape that holds them in place. Then, disconnect the modem - cable (other end) and power connection and unroute all the cables so that they dangle by the monitor hinge on the right-hand - side:
    - -

    -

    - Disconnect the monitor from the motherboard, and unroute the grey antenna cable, carefully lifting the tape - that holds it into place:
    - -

    -

    - Carefully lift the remaining tape and unroute the left antenna cable so that it is loose:
    - -

    -

    - Remove the screw that is highlighted (do NOT remove the other one; it holds part of the heatsink (other side) into place):
    - -

    -

    - Remove those screws:
    - -

    -

    - Carefully remove the plate, like so:
    - -

    -

    - Remove the SATA connector:
    - -

    -

    - Now remove the motherboard (gently) and cast the lcd/chassis aside:
    - -

    -

    - Lift back that tape and hold it with something. Highlighted is the SPI flash chip:
    - -

    -

    - Now wire up the BBB and the Pomona with your PSU.
    - Refer to bbb_setup.html for how to setup - the BBB for flashing.
    - Note, the guide mentions a 3.3v DC PSU but you don't need this on the X60: - if you don't have or don't want to use an external PSU, then make - sure not to connect the red/black 3.3v leads mentioned in the guide; - instead, connect the AC adapter (the one that normally charges your - battery) so that the board has power (but don't boot it up) -
    - Correlate the following with the BBB guide linked above: -

    +

    bad rom (or user error), machine won't boot

    +

    + In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from + booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all. +

    +

    + "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides). +

    +

    + Remove those screws:
    + +

    +

    + Push the keyboard forward (carefully):
    + +

    +

    + Lift the keyboard up and disconnect it from the board:
    + +

    +

    + Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:
    + +

    +

    + You should now have this:
    + +

    +

    + Disconnect the wifi antenna cables, the modem cable and the speaker:
    + +

    +

    + Unroute the cables along their path, carefully lifting the tape that holds them in place. Then, disconnect the modem + cable (other end) and power connection and unroute all the cables so that they dangle by the monitor hinge on the right-hand + side:
    + +

    +

    + Disconnect the monitor from the motherboard, and unroute the grey antenna cable, carefully lifting the tape + that holds it into place:
    + +

    +

    + Carefully lift the remaining tape and unroute the left antenna cable so that it is loose:
    + +

    +

    + Remove the screw that is highlighted (do NOT remove the other one; it holds part of the heatsink (other side) into place):
    + +

    +

    + Remove those screws:
    + +

    +

    + Carefully remove the plate, like so:
    + +

    +

    + Remove the SATA connector:
    + +

    +

    + Now remove the motherboard (gently) and cast the lcd/chassis aside:
    + +

    +

    + Lift back that tape and hold it with something. Highlighted is the SPI flash chip:
    + +

    +

    + Now wire up the BBB and the Pomona with your PSU.
    + Refer to bbb_setup.html for how to setup + the BBB for flashing.
    + Note, the guide mentions a 3.3v DC PSU but you don't need this on the X60: + if you don't have or don't want to use an external PSU, then make + sure not to connect the red/black 3.3v leads mentioned in the guide; + instead, connect the AC adapter (the one that normally charges your + battery) so that the board has power (but don't boot it up) +
    + Correlate the following with the BBB guide linked above: +

     POMONA 5250:
     ===  golden finger and wifi switch ====
    @@ -141,132 +146,136 @@ POMONA 5250:
     This is how you will connect. Numbers refer to pin numbers on the BBB, on the plugs near the DC jack.
     
    -

    - Connecting the BBB and pomona (in this image, an external 3.3v DC PSU was used):
    - -

    +

    + Connecting the BBB and pomona (in this image, an external 3.3v DC PSU was used):
    + +

    -

    - SSH'd into the BBB:
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -w yourrom.rom -

    -

    - It should be Verifying flash... VERIFIED at the end. If flashrom complains about multiple flash chip - definitions detected, then choose one of them following the instructions in the output. -

    +

    + SSH'd into the BBB:
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -w yourrom.rom +

    +

    + It should be Verifying flash... VERIFIED at the end. If flashrom complains about multiple flash chip + definitions detected, then choose one of them following the instructions in the output. +

    + +

    + Remove the programmer and put it away somewhere. Put back the tape and press firmly over it:
    + +

    +

    + Your empty chassis:
    + +

    +

    + Put the motherboard back in:
    + +

    +

    + Reconnect SATA:
    + +

    +

    + Put the plate back and re-insert those screws:
    + +

    +

    + Re-route that antenna cable around the fan and apply the tape:
    + +

    +

    + Route the cable here and then (not shown, due to error on my part) reconnect the monitor cable to the motherboard + and re-insert the screws:
    + +

    +

    + Re-insert that screw:
    + +

    +

    + Route the black antenna cable like so:
    + +

    +

    + Tuck it in neatly like so:
    + +

    +

    + Route the modem cable like so:
    + +

    +

    + Connect modem cable to board and tuck it in neatly like so:
    + +

    +

    + Route the power connection and connect it to the board like so:
    + +

    +

    + Route the antenna and modem cables neatly like so:
    + +

    +

    + Connect the wifi antenna cables. At the start of the tutorial, this machine had an Intel wifi chip. Here you see I've replaced it with an + Atheros AR5B95 (supports 802.11n and can be used without blobs):
    + +

    +

    + Connect the modem cable:
    + +

    +

    + Connect the speaker:
    + +

    +

    + You should now have this:
    + +

    +

    + Re-connect the upper chassis:
    + +

    +

    + Re-connect the keyboard:
    + +

    +

    + Re-insert the screws that you removed earlier:
    + +

    +

    + Power on!
    + +

    +

    + Trisquel live USB menu (using the GRUB ISOLINUX parser):
    + +

    +

    + Trisquel live desktop:
    + +

    + +
    + +

    - Remove the programmer and put it away somewhere. Put back the tape and press firmly over it:
    - -

    -

    - Your empty chassis:
    - -

    -

    - Put the motherboard back in:
    - -

    -

    - Reconnect SATA:
    - -

    -

    - Put the plate back and re-insert those screws:
    - -

    -

    - Re-route that antenna cable around the fan and apply the tape:
    - -

    -

    - Route the cable here and then (not shown, due to error on my part) reconnect the monitor cable to the motherboard - and re-insert the screws:
    - -

    -

    - Re-insert that screw:
    - -

    -

    - Route the black antenna cable like so:
    - -

    -

    - Tuck it in neatly like so:
    - -

    -

    - Route the modem cable like so:
    - -

    -

    - Connect modem cable to board and tuck it in neatly like so:
    - -

    -

    - Route the power connection and connect it to the board like so:
    - -

    -

    - Route the antenna and modem cables neatly like so:
    - -

    -

    - Connect the wifi antenna cables. At the start of the tutorial, this machine had an Intel wifi chip. Here you see I've replaced it with an - Atheros AR5B95 (supports 802.11n and can be used without blobs):
    - -

    -

    - Connect the modem cable:
    - -

    -

    - Connect the speaker:
    - -

    -

    - You should now have this:
    - -

    -

    - Re-connect the upper chassis:
    - -

    -

    - Re-connect the keyboard:
    - -

    -

    - Re-insert the screws that you removed earlier:
    - -

    -

    - Power on!
    - -

    -

    - Trisquel live USB menu (using the GRUB ISOLINUX parser):
    - + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    +

    - Trisquel live desktop:
    - + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/install/x60tablet_unbrick.html b/docs/install/x60tablet_unbrick.html index 0510867..3623482 100644 --- a/docs/install/x60tablet_unbrick.html +++ b/docs/install/x60tablet_unbrick.html @@ -8,120 +8,125 @@ @import url('../css/main.css'); - Libreboot documentation: Unbricking the ThinkPad X60 Tablet + Unbricking the ThinkPad X60 Tablet -
    -

    Unbricking the ThinkPad X60

    - -
    - -

    Or go back to main index

    - -

    Table of Contents

    - - -

    Brick type 1: bucts not reset.

    -

    - You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and - the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.

    - - In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:
    -

    - - *Those dd commands should be applied to all newly compiled X60 ROM images (the ROM images in libreboot binary archives already have this applied!):
    - dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k
    - dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump
    - dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc
    - (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running, - using those instructions: http://www.coreboot.org/Board:lenovo/x60/Installation. -

    - -

    bad rom (or user error), machine won't boot

    -

    - In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from - booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all. -

    -

    - "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides). -

    - -

    - -

    - -

    - Remove those screws:
    - -

    - -

    - Remove the HDD:
    - -

    - -

    - Push keyboard forward to loosen it:
    - -

    - -

    - Lift:
    - -

    - -

    - Remove those:
    - -

    - -

    +

    +

    Unbricking the ThinkPad X60 Tablet

    +

    This guide will show you how to recover from a bad flash that prevents your ThinkPad X60 Tablet from booting.

    +

    Back to previous index

    +
    + +
    +

    Table of Contents

    + +
    + +
    +

    Brick type 1: bucts not reset.

    +

    + You still have Lenovo BIOS, or you had libreboot running and you flashed another ROM; and you had bucts 1 set and + the ROM wasn't dd'd.* or if Lenovo BIOS was present and libreboot wasn't flashed.

    + + In this case, unbricking is easy: reset BUC.TS to 0 by removing that yellow cmos coin (it's a battery) and putting it back after a minute or two:
    +

    + + *Those dd commands should be applied to all newly compiled X60 ROM images (the ROM images in libreboot binary archives already have this applied!):
    + dd if=coreboot.rom of=top64k.bin bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x10000] count=64k
    + dd if=coreboot.rom bs=1 skip=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k | hexdump
    + dd if=top64k.bin of=coreboot.rom bs=1 seek=$[$(stat -c %s coreboot.rom) - 0x20000] count=64k conv=notrunc
    + (doing this makes the ROM suitable for use when flashing a machine that still has Lenovo BIOS running, + using those instructions: http://www.coreboot.org/Board:lenovo/x60/Installation. +

    +
    + +
    + +

    bad rom (or user error), machine won't boot

    +

    + In this scenario, you compiled a ROM that had an incorrect configuration, or there is an actual bug preventing your machine from + booting. Or, maybe, you set BUC.TS to 0 and shut down after first flash while Lenovo BIOS was running. In any case, your machine is bricked and will not boot at all. +

    +

    + "Unbricking" means flashing a known-good (working) ROM. The problem: you can't boot the machine, making this difficult. In this situation, external hardware (see hardware requirements above) is needed which can flash the SPI chip (where libreboot resides). +

    + +

    + +

    + +

    + Remove those screws:
    + +

    + +

    + Remove the HDD:
    + +

    + +

    + Push keyboard forward to loosen it:
    + +

    + +

    + Lift:
    + +

    + +

    + Remove those:
    + +

    + +

    + + +

    + +

    + Also remove that (marked) and unroute the antenna cables:
    + +

    + +

    + For some X60T laptops, you have to unroute those too:
    + +

    + +

    + Remove the LCD extend board screws. Also remove those screws (see blue marks) and remove/unroute the cables and remove the metal plate:
    + +

    + +

    + Remove that screw and then remove the board:
    + +

    - -

    - -

    - Also remove that (marked) and unroute the antenna cables:
    - -

    - -

    - For some X60T laptops, you have to unroute those too:
    - -

    - -

    - Remove the LCD extend board screws. Also remove those screws (see blue marks) and remove/unroute the cables and remove the metal plate:
    - -

    - -

    - Remove that screw and then remove the board:
    - -

    - -

    - Now wire up the BBB and the Pomona with your PSU.
    - Refer to bbb_setup.html for how to setup - the BBB for flashing.
    - Note, the guide mentions a 3.3v DC PSU but you don't need this on the X60 Tablet: - if you don't have or don't want to use an external PSU, then make - sure not to connect the red/black 3.3v leads mentioned in the guide; - instead, connect the AC adapter (the one that normally charges your - battery) so that the board has power (but don't boot it up) -
    - Correlate the following with the BBB guide linked above: -

    +

    + Now wire up the BBB and the Pomona with your PSU.
    + Refer to bbb_setup.html for how to setup + the BBB for flashing.
    + Note, the guide mentions a 3.3v DC PSU but you don't need this on the X60 Tablet: + if you don't have or don't want to use an external PSU, then make + sure not to connect the red/black 3.3v leads mentioned in the guide; + instead, connect the AC adapter (the one that normally charges your + battery) so that the board has power (but don't boot it up) +
    + Correlate the following with the BBB guide linked above: +

     POMONA 5250:
     ===  golden finger and wifi switch ====
    @@ -133,37 +138,41 @@ POMONA 5250:
     This is how you will connect. Numbers refer to pin numbers on the BBB, on the plugs near the DC jack.
     
    -

    - Connecting the BBB and pomona (in this image, an external 3.3v DC PSU was used):
    - -

    +

    + Connecting the BBB and pomona (in this image, an external 3.3v DC PSU was used):
    + +

    + +

    + SSH'd into the BBB:
    + # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -w yourrom.rom +

    +

    + It should be Verifying flash... VERIFIED at the end. If flashrom complains about multiple flash chip + definitions detected, then choose one of them following the instructions in the output. +

    + +

    + Reverse the steps to re-assemble your machine. +

    + +
    + +

    - SSH'd into the BBB:
    - # ./flashrom -p linux_spi:dev=/dev/spidev1.0,spispeed=512 -w yourrom.rom -

    -

    - It should be Verifying flash... VERIFIED at the end. If flashrom complains about multiple flash chip - definitions detected, then choose one of them following the instructions in the output. + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    - Reverse the steps to re-assemble your machine. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/misc/index.html b/docs/misc/index.html index f4e7836..a4e0aba 100644 --- a/docs/misc/index.html +++ b/docs/misc/index.html @@ -13,74 +13,82 @@ -

    Miscellaneous

    -

    - Or Back to main index. -

    - - -
    - -

    High Pitched Whining Noise on Idle (how to remove in Trisquel)

    + -

    - Tested in Trisquel 6 and 7. -

    +
    -

    Powertop - how to use

    +

    High Pitched Whining Noise on Idle (how to remove in Trisquel)

    -

    Now you can use this command to kill that noise:
    - $ sudo powertop --auto-tune

    +

    + Tested in Trisquel 6 and 7. +

    -

    You can also run it without parameters and then go into 'Tunables' and set everything to 'Good'

    +
    +

    Powertop - how to use

    -

    Note: On Trisquel 6, you will need to use a later powertop version from git. The one in the repositories is too old. See below:

    +

    Now you can use this command to kill that noise:
    + $ sudo powertop --auto-tune

    -

    Powertop - Start automatically at boot time (Trisquel 6)

    +

    You can also run it without parameters and then go into 'Tunables' and set everything to 'Good'

    -

    Included with libreboot is a script called 'powertop.trisquel6'. Run this and it will setup powertop to run with --auto-tune - at boot time. Load the file in your text editor to see how it does that.

    +

    Note: On Trisquel 6, you will need to use a later powertop version from git. The one in the repositories is too old. See below:

    +
    -

    $ ./powertop.trisquel6

    +
    +

    Powertop - Start automatically at boot time (Trisquel 6)

    -

    For Trisquel 7 users:

    -

    $ ./powertop.trisquel7

    +

    Included with libreboot is a script called 'powertop.trisquel6'. Run this and it will setup powertop to run with --auto-tune + at boot time. Load the file in your text editor to see how it does that.

    -

    Back to top of page

    +

    $ ./powertop.trisquel6

    -
    +

    For Trisquel 7 users:

    +

    $ ./powertop.trisquel7

    +
    -

    High Pitched Whining Noise on Idle (how to remove in Parabola)

    +

    Back to top of page

    + +
    -

    The following removes most of the noise. It reduces what is a high frequency whine - (that not everyone can hear) to a slight buzz (which most people can't hear or doesn't bother most people).

    +
    -

    This is not perfect! The full solution is still not discovered but this is a step towards that. - Also, in some instances you will need to run 'sudo powertop --auto-tune' again. - This needs to be implemented properly in coreboot itself!

    +

    High Pitched Whining Noise on Idle (how to remove in Parabola)

    -

    On the X60 with coreboot or libreboot, there is a high pitched sound when idle. - So far we have use processor.max_cstate=2 or idle=halt in GRUB. - These consume power. Stop using them!

    +

    The following removes most of the noise. It reduces what is a high frequency whine + (that not everyone can hear) to a slight buzz (which most people can't hear or doesn't bother most people).

    -

    Be root
    - $ su -

    +

    This is not perfect! The full solution is still not discovered but this is a step towards that. + Also, in some instances you will need to run 'sudo powertop --auto-tune' again. + This needs to be implemented properly in coreboot itself!

    -

    Installed powertop:
    - # pacman -S powertop

    +

    On the X60 with coreboot or libreboot, there is a high pitched sound when idle. + So far we have use processor.max_cstate=2 or idle=halt in GRUB. + These consume power. Stop using them!

    -

    and added the following to /etc/systemd/system/powertop.service :

    +

    Be root
    + $ su -

    + +

    Installed powertop:
    + # pacman -S powertop

    + +

    and added the following to /etc/systemd/system/powertop.service :

    
     [Unit]
    @@ -98,85 +106,93 @@ WantedBy=multi-user.target
     
    -

    Finally, as root do that:
    - # systemctl enable powertop
    - # systemctl start powertop

    - -

    The next time you boot the machine, the buzz will be gone.

    - -

    Back to top of page

    +

    Finally, as root do that:
    + # systemctl enable powertop
    + # systemctl start powertop

    + +

    The next time you boot the machine, the buzz will be gone.

    + +

    Back to top of page

    + +
    + +
    + +

    X60/T60: Serial port - how to use (for dock owners)

    +

    + For the Thinkpad X60 you can use the "UltraBase X6" dock (for the X60 Tablet it is called + X6 Tablet UltraBase). For the ThinkPad T60, + you can use the "Advanced Mini Dock". +

    +

    + If you are using one of the ROM images with 'serial' in the name, then you have serial port enabled in libreboot + and you have memtest86+ included inside the ROM. Connect your null modem cable to the serial port on the dock + and connect the other end to a 2nd machine using your USB Serial adapter. +

    +

    + On the 2nd machine, you can try this (using GNU Screen):
    + $ sudo screen /dev/ttyUSB0 115200 +

    +

    + How to quit GNU Screen: Ctrl+A then release and press K, and then press Y. +

    +

    There are also others like Minicom but I like GNU Screen

    +

    + By doing this before booting the X60/T60, you will see console output from libreboot. You will also see + GRUB displaying on the serial output, and you will be able to see MemTest86+ on the serial output aswell. + You can also configure your distro so that a terminal (TTY) is accessible from the serial console. +

    +

    + The following guide is for Ubuntu, and can be followed for Trisquel 6.0 which is based on Ubuntu 12.04 + (should also work in Trisquel 7, based on Ubuntu 14.04) to enable a serial console using GeTTY:
    + https://help.ubuntu.com/community/SerialConsoleHowto +

    +

    + Note: part of the tutorial above requires changing your grub.cfg. Just change the linux line to add instructions for enabling getty. + See ../gnulinux/grub_cbfs.html. +

    +

    Back to top of page + +

    + +
    + +

    Get EDID: Find out the name (model) of your LCD panel

    +

    + Get the panel name with sudo get-edid | strings
    + Or look in /sys/class/drm/card0-LVDS-1/edid +

    +

    + Alternatively you can use i2cdump. In Trisquel, this is in the package i2c-tools.
    + $ sudo modprobe i2c-dev
    + $ sudo i2cdump -y 5 0x50
    + $ sudo rmmod i2c-dev
    + You'll see the panel name in the output (from the EDID dump). +

    +

    + If neither of these options work (or they are unavailable), physically removing the LCD panel is an option. + Usually, there will be information printed on the back. +

    + +

    Back to top of page.

    + +
    + +
    -
    - -

    X60/T60: Serial port - how to use (for dock owners)

    -

    - For the Thinkpad X60 you can use the "UltraBase X6" dock (for the X60 Tablet it is called - X6 Tablet UltraBase). For the ThinkPad T60, - you can use the "Advanced Mini Dock". -

    -

    - If you are using one of the ROM images with 'serial' in the name, then you have serial port enabled in libreboot - and you have memtest86+ included inside the ROM. Connect your null modem cable to the serial port on the dock - and connect the other end to a 2nd machine using your USB Serial adapter. -

    -

    - On the 2nd machine, you can try this (using GNU Screen):
    - $ sudo screen /dev/ttyUSB0 115200 -

    - How to quit GNU Screen: Ctrl+A then release and press K, and then press Y. + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

    -

    There are also others like Minicom but I like GNU Screen

    -

    - By doing this before booting the X60/T60, you will see console output from libreboot. You will also see - GRUB displaying on the serial output, and you will be able to see MemTest86+ on the serial output aswell. - You can also configure your distro so that a terminal (TTY) is accessible from the serial console. -

    -

    - The following guide is for Ubuntu, and can be followed for Trisquel 6.0 which is based on Ubuntu 12.04 - (should also work in Trisquel 7, based on Ubuntu 14.04) to enable a serial console using GeTTY:
    - https://help.ubuntu.com/community/SerialConsoleHowto -

    -

    - Note: part of the tutorial above requires changing your grub.cfg. Just change the linux line to add instructions for enabling getty. - See ../gnulinux/grub_cbfs.html. -

    -

    Back to top of page -


    - -

    Get EDID: Find out the name (model) of your LCD panel

    - Get the panel name with sudo get-edid | strings
    - Or look in /sys/class/drm/card0-LVDS-1/edid + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    -

    - Alternatively you can use i2cdump. In Trisquel, this is in the package i2c-tools.
    - $ sudo modprobe i2c-dev
    - $ sudo i2cdump -y 5 0x50
    - $ sudo rmmod i2c-dev
    - You'll see the panel name in the output (from the EDID dump). -

    -

    - If neither of these options work (or they are unavailable), physically removing the LCD panel is an option. - Usually, there will be information printed on the back. -

    - -

    Back to top of page.

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/misc/patch.html b/docs/misc/patch.html index 3d926ac..681fdfb 100644 --- a/docs/misc/patch.html +++ b/docs/misc/patch.html @@ -6,7 +6,7 @@ @@ -17,147 +17,170 @@ <body> - <header> + <div class="section"> <h1 id="pagetop">Diff and patch</h1> - <aside>This is just a quick guide for reference, use 'man' to know more.</aside> - </header> - - <p> - <a href="index.html">back to index</a> - </p> - -<hr/> - - <h1> - Apply a patch - </h1> - - <p class="important"> - To apply a patch to a single file, do that in it's directory:<br/> - <b>$ patch < foo.patch</b> - </p> - - <p> - Assuming that the patch is distributed in unified format identifying - the file the patch should be applied to, the above will work. Otherwise:<br/> - <b>$ patch foo.txt < bar.patch</b> - </p> - - <p> - You can apply a patch to an entire directory, but note the "p level". - What this means is that inside patch files will be the files that you - intend to patch, identified by path names that might be different - when the files ane located on your own computer instead of on the computer - where the patch was created. 'p' level instructs the 'patch' utility to - ignore parts of the path name to identify the files correctly. Usually a - p level of 1 will work, so you would use:<br/> - <b>$ patch -p1 < baz.patch</b> - </p> - - <p> - Change to the top level directory before running this. If a patch level - of 1 cannot identify the files to patch, then inspect the patch file for file names. - For example:<br/> - <b>/home/user/do/not/panic/yet.c</b> - </p> - - <p> - and you are working in a directory that contains panic/yet.c, use:<br/> - <b>$ patch -p5 < baz.patch</b> - </p> - - <p> - You usually count one up for each path separator (forward slash) - removed from the beginning of the path, until you are left with a path - that exists in the current working directory. The count is the p level. - </p> - - <p> - Removing a patch using the -R flag<br/> - <b>$ patch -p5 -R < baz.patch</b> - </p> - - <p><a href="#pagetop">Back to top of page.</a></p> - -<hr/> - - <h1> - Create a patch with diff - </h1> - - <p> - Diff can create a patch for a single file:<br/> - <b>$ diff -u original.c new.c > original.patch</b> - </p> - - <p> - For diff'ing a source tree:<br/> - <b>$ cp -R original new</b> - </p> - - <p> - Do whatever you want in new/ and then diff it:<br/> - <b>$ diff -rupN original/ new/ > original.patch</b> - </p> - - <p><a href="#pagetop">Back to top of page.</a></p> - -<hr/> - - <h1> - git diff - </h1> - - <p> - git is something special. - </p> - - <p> - Just make whatever changes you want to a git clone and then:<br/> - <b>$ git diff > patch.git</b> - </p> - - <p> - Note the git revision that you did this with:<br/> - <b>$ git log</b> - </p> - - <p><a href="#pagetop">Back to top of page.</a></p> - -<hr/> - - <h1> - git apply - </h1> - - <p>it really is.</p> - - <p> - Now to apply that patch in the future, just git clone it again and do - with the git revision you found from above:<br/> - <b>$ git reset --hard REVISIONNUMBER</b> - </p> - - <p> - Now put patch.git in the git clone directory and do:<br/> - <b>$ git apply patch.git</b> - </p> - - <p><a href="#pagetop">Back to top of page.</a></p> - -<hr/> - - <p> - Copyright © 2014 Francis Rowe <info@gluglug.org.uk><br/> - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at <a href="../license.txt">../license.txt</a>. - </p> - - <p> - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. - </p> + <p>This is just a quick guide for reference, use 'man' to know more.</p> + <p> + <a href="index.html">Back to index</a> + </p> + </div> + + <div class="section"> + + <h1> + Apply a patch + </h1> + + <p class="important"> + To apply a patch to a single file, do that in it's directory:<br/> + <b>$ patch < foo.patch</b> + </p> + + <p> + Assuming that the patch is distributed in unified format identifying + the file the patch should be applied to, the above will work. Otherwise:<br/> + <b>$ patch foo.txt < bar.patch</b> + </p> + + <p> + You can apply a patch to an entire directory, but note the "p level". + What this means is that inside patch files will be the files that you + intend to patch, identified by path names that might be different + when the files ane located on your own computer instead of on the computer + where the patch was created. 'p' level instructs the 'patch' utility to + ignore parts of the path name to identify the files correctly. Usually a + p level of 1 will work, so you would use:<br/> + <b>$ patch -p1 < baz.patch</b> + </p> + + <p> + Change to the top level directory before running this. If a patch level + of 1 cannot identify the files to patch, then inspect the patch file for file names. + For example:<br/> + <b>/home/user/do/not/panic/yet.c</b> + </p> + + <p> + and you are working in a directory that contains panic/yet.c, use:<br/> + <b>$ patch -p5 < baz.patch</b> + </p> + + <p> + You usually count one up for each path separator (forward slash) + removed from the beginning of the path, until you are left with a path + that exists in the current working directory. The count is the p level. + </p> + + <p> + Removing a patch using the -R flag<br/> + <b>$ patch -p5 -R < baz.patch</b> + </p> + + <p><a href="#pagetop">Back to top of page.</a></p> + + </div> + + <div class="section"> + + <h1> + Create a patch with diff + </h1> + + <p> + Diff can create a patch for a single file:<br/> + <b>$ diff -u original.c new.c > original.patch</b> + </p> + + <p> + For diff'ing a source tree:<br/> + <b>$ cp -R original new</b> + </p> + + <p> + Do whatever you want in new/ and then diff it:<br/> + <b>$ diff -rupN original/ new/ > original.patch</b> + </p> + + <p><a href="#pagetop">Back to top of page.</a></p> + + </div> + + <div class="section"> + + <h1> + git diff + </h1> + + <p> + git is something special. + </p> + <p> + Note: this won't show new files created. + </p> + + <p> + Just make whatever changes you want to a git clone and then:<br/> + <b>$ git diff > patch.git</b> + </p> + + <p> + Note the git revision that you did this with:<br/> + <b>$ git log</b> + </p> + + <p> + Alternatively (better yet), commit your changes and then use:<br/> + $ <b>git format-patch -N</b><br/> + Replace N with the number of commits that you want to show. + </p> + + <p><a href="#pagetop">Back to top of page.</a></p> + + </div> + + <div class="section"> + + <h1> + git apply + </h1> + + <p>it really is.</p> + + <p> + Now to apply that patch in the future, just git clone it again and do + with the git revision you found from above:<br/> + <b>$ git reset --hard REVISIONNUMBER</b> + </p> + + <p> + Now put patch.git in the git clone directory and do:<br/> + <b>$ git apply patch.git</b> + </p> + + <p> + If you use a patch from git format-patch, then use <b>git am patch.git</b> instead of <b>git apply patch.git</b>. git-am + will re-create the commits aswell, instead of just applying the patch. + </p> + + <p><a href="#pagetop">Back to top of page.</a></p> + + </div> + + <div class="section"> + + <p> + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk><br/> + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at <a href="../license.txt">../license.txt</a>. + </p> + + <p> + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See <a href="../license.txt">../license.txt</a> for more information. + </p> + + </div> </body> </html> diff --git a/docs/release.html b/docs/release.html index 6fce18d..709895e 100644 --- a/docs/release.html +++ b/docs/release.html @@ -11,279 +11,293 @@ <title>Libreboot release information -
    +

    Libreboot release information

    - -
    +

    Documentation for this release can be found at index.html.

    + -

    GnuPG public key (signing key)

    +
    -

    - pub  4096R/656F212E 2014-07-04 Libreboot Releases (signing key) <releases@libreboot.org>
    - Fingerprint=C923 4BA3 200C F688 9CC0  764D 6E97 D575 656F 212E -

    -

    - Download the key: libreboot.asc. -

    -

    - Import the key as follows:
    - $ gpg --import < libreboot.asc -

    -

    - You should also be able to find it on a key server. Note: the above key is not for email. It is only for verifying the release archives. -

    -

    - You can verify the downloaded archives as follows:
    - $ gpg --verify libreboot_src.tar.xz.sig
    - $ gpg --verify libreboot_bin.tar.xz.sig -

    - -

    Old Releases

    -

    - Releases are now named from the date of release. -

    -

    - See archive_old.html for older libreboot releases. -

    +

    GnuPG public key (signing key)

    - +

    + pub  4096R/656F212E 2014-07-04 Libreboot Releases (signing key) <releases@libreboot.org>
    + Fingerprint=C923 4BA3 200C F688 9CC0  764D 6E97 D575 656F 212E +

    +

    + Download the key: libreboot.asc. +

    +

    + Import the key as follows:
    + $ gpg --import < libreboot.asc +

    +

    + You should also be able to find it on a key server. Note: the above key is not for email. It is only for verifying the release archives. +

    +

    + You can verify the downloaded archives as follows:
    + $ gpg --verify libreboot_src.tar.xz.sig
    + $ gpg --verify libreboot_bin.tar.xz.sig +

    + +
    -
    +
    + +

    Old Releases

    +

    + Releases are now named from the date of release. +

    +

    + See archive_old.html for older libreboot releases. +

    -

    Release 20150126

    - -

    - Release date: January 26th, 2015. -

    + + +
    -

    Binaries (right-click save as, or use wget)

    - -

    Source code (right-click save as, or use wget)

    - +
    +

    Release 20150126

    +

    - Installation instructions can be found at install/index.html#flashrom. - Building instructions (for source code) can be found at git/index.html#build. + Release date: January 26th, 2015.

    -

    Machines supported in this release:

    -
      -
    • - Lenovo ThinkPad X60/X60s -
        -
      • - You can also remove the motherboard from an X61/X61s and replace it with an X60/X60s motherboard. - An X60 Tablet motherboard will also fit inside an X60/X60s. -
      • -
      -
    • -
    • - Lenovo ThinkPad X60 Tablet (1024x768 and 1400x1050) with digitizer support -
        -
      • See hcl/index.html#supported_x60t_list for list of supported LCD panels
      • -
      • It is unknown whether an X61 Tablet can have it's mainboard replaced with an X60 Tablet motherboard.
      • -
      -
    • -
    • - Lenovo ThinkPad T60 (Intel GPU) (there are issuesinstall/x200_external.html; see below): - -
    • -
    • - Lenovo ThinkPad X200 - -
    • -
    • - Apple MacBook1,1 (MA255LL/A, MA254LL/A, MA472LL/A) - -
    • -
    • - Apple MacBook2,1 (MA699LL/A, MA701LL/A, MB061LL/A, MA700LL/A, MB063LL/A, MB062LL/A) - -
    • -
    +

    Binaries (right-click save as, or use wget)

    + +

    Source code (right-click save as, or use wget)

    + -

    - Updates (relative to r20150124) -

    -

    - This is a bug fix release based on r20150124 from two days ago. It contains a few small changes: -

    -
      -
    • grub.cfg: hardcode the list of partitions to search (speeds up booting considerably. GRUB regexp isn't very well optimized)
    • -
    • Docs (x200.html hcl): Remove incorrect information
    • -
    • Documentation (bbb_setup.html): Fix typos
    • -
    • - build-release: delete ich9fdgbe_{4m,8m}.bin files from ich9gen -
        -
      • - These were accidentically included in the r20150124 release. They - are generated from ich9gen so it's ok, but they don't need to be - in the archive. -
      • -
      -
    • -
    • Documentation (grub_cbfs.html): Looping in libreboot_grub.cfg (Add notes about it if the user copied from grub.cfg in CBFS.)
    • -
    • Documentation: refer to Guix as GNU Guix System Distribution or GNU GSD per advice from the Guix project.
    • -
    -

    - Changes for this release (latest changes first, earliest changes last) -

    -
      -
    • Documentation: added information about how to boot Guix GNU/Linux.
    • -
    • grub.cfg: Added (usb0) and (usb0,*) to the list of devices in the Search for GRUB menuentry (this is needed for Guix GNU/Linux)
    • -
    • grub.cfg: Added (ahci1) to list of devices for ISOLINUX parser (CD/DVD) (this is needed for the X200 docking station).
    • -
    • grub.cfg: ISOLINUX parsing is now done on all USB partitions.
    • -
    • grub.cfg: Automatically switched to /boot/grub/libreboot_grub.cfg on a partition, if it exists.
    • -
    • libreboot_bin: added static ARM binaries for flashrom, cbfstool, ich9gen and - ich9deblob (tested on beaglebone black).
    • -
    • Flashrom: removed redundant Macronix flashchip definitions (for X200 owners).
    • -
    • Flashrom: added whitelist for ThinkPad X200.
    • -
    • X200: fixed uneven backlight (at low levels)
    • -
    • ich9macchange (new script, uses ich9gen): for changing the default MAC address on X200 ROM images.
    • -
    • ich9gen: added capability to change the default MAC address (and update the checksum)
    • -
    • ich9deblob: added new utility ich9gen: this can generate a descriptor+gbe image without a factory.rom dump present.
    • -
    • Modified ich9deblob to use a struct for Gbe, documenting everything.
    • -
    • Massively updated the ich9deblob utility: re-factored everything completely.
    • -
    • Enabled cstates 1 and 2 on macbook21. This reduces idle heat / power consumption.
    • -
    • buildrom-withgrub: disabled creation of *txtmode*.rom for X200 (only framebuffer graphics work)
    • -
    • Updated SeaBIOS (again)
    • -
    • docs/install/index.html#flashrom_x200: improve instructions
    • -
    • Updated flashrom (again) - patches updated
    • -
    • Updated GRUB (again)
    • -
    • Updated coreboot (again)
    • -
    • build-release: not all files were copied to libreboot_src. fix that.
    • -
    • build-release: include cbmem (statically compiled) in libreboot_bin
    • -
    • Documentation (X200): added software-based flashing instructions
    • -
    • Documentation: remove all references to the bus pirate (replaced with BBB flashing tutorials)
    • -
    • New board: ThinkPad X200S and X200 Tablet support added to libreboot
    • -
    • build: automatically find board names (configs) to build for
    • -
    • New board: ThinkPad X200 support added to libreboot
    • -
    • coreboot-libre config (all boards): enable USB dongle log output (for BeagleBone Black)
    • -
    • cleandeps: actually clean grubinvaders
    • -
    • .gitignore: add powertop directory
    • -
    • cleandeps: clean i945-pwm utility
    • -
    • scripts (all): fix typos
    • -
    • Documentation: general cleanup.
    • -
    • builddeps-flashrom: reduce build commands to a single for loop
    • -
    • scripts (all): replace unnecessary rm -rf with rm -f
    • -
    • powertop.trisquel7: remove sudo (script already checks if the user is root)
    • -
    • docs/release.html: add lenovo g505s to the list of candidates
    • -
    • .gitignore: add libreboot_bin.tar.xz and libreboot_src.tar.xz
    • -
    • - libreboot_bin.tar.xz: Include utils as statically linked binaries -
        -
      • This means that the user does not have to install build dependency - or build from source anymore.
      • -
      -
    • -
    • deps-trisquel: Add binutils-source
    • -
    • powertop.trisquel7 (new): Setup powertop on trisquel 7
    • -
    • deps-trisquel,flash,lenovobios_firstflash,lenovobios_secondflash,macbook21_firstflash - x60flashfrom5,powertop.trisquel6: check if user is root
    • -
    • deps-trisquel: Make GRUB build on in Trisquel 7 x86_64. (cross compile dependencies. fixes build error in GRUB)
    • -
    • deps-parabola (removed) Remove Parabola dependencies script. Will re-add later (properly tested)
    • -
    • grub.cfg: Add more path checks to isolinux parser (more ISOs should work now)
    • -
    • Update SeaBIOS
    • -
    • x60flashfrom5 (new), for X60 users upgrading from 5th/early release
    • -
    • Update flashrom
    • -
    • Update GRUB
    • -
    • - Updated coreboot-libre -
        -
      • i945: permanently set tft_brightness to 0xff (fixes bug on X60 where - turning up brightness at max would make it loop back to low brightness)
      • -
      -
    • -
    • - getcb: Revert X60/T60 to legacy backlight controls -
        -
      • The ACPI brightness patches were abandoned and obsolete.
      • -
      -
    • -
    • grub.cfg: Only load initrd.img if it exists. Add rw to linux line (for ProteanOS)
    • -
    • build: Only generate the GRUB configurations once (re-use on all images)
    • -
    • Only build 2 GRUB payload executables, re-use on all boards.
    • -
    • - resources/utilities/grub-assemble/gen.txtmode.sh: Use GNU BASH
      - resources/utilities/grub-assemble/gen.vesafb.sh: Use GNU BASH -
    • -
    • scripts (error handling): Replace exit with exit 1 (make debugging easier)
    • -
    • - Move most files in CBFS to GRUB memdisk, except grub.cfg and grubtest.cfg -
        - This reduces the space used in CBFS because coreboot compresses - its payloads with LZMA by default. grub.cfg is all that most users - will want to modify, which remains in CBFS. -
      -
    • -
    • docs/release.html Add DMP vortex86ex to list of candidates.
    • -
    • docs/release.html Add ThinkPad X201 to list of candidates.
    • -
    • New links added to docs/security/x60_security and docs/security/t60_security
    • -
    • lenovobios_secondflash: Warn if BUCTS is not present. (not a dealbreaker. Can just pull out nvram battery/coin).
    • -
    • lenovobios_firstflash: Fail if BUCTS fails. (anti-bricking precaution)
    • -
    • Removed obnoxious warnings from flashing scripts, improved documentation instead.
    • -
    • scripts (all): add proper error checking (fail fast, fail early. Do not continue if there are errors)
    • -
    • buildrom-withgrub: rename image to boardname_layout_romtype.rom
    • -
    • buildrom-withgrub: don't move cbfstool, execute directly
    • -
    • resources/utilities/grub-assemble: add French Dvorak (BEPO) keyboard layout.
    • -
    • Documentation: add docs/hardware/x60_keyboard.html (show how to replace keyboard on X60/X60T)
    • -
    • Documentation: major cleanup (better structure, easier to find things)
    • -
    • - docs/release.html: Remove Acer CB5 from list of future candidates. -
        -
      • - Too many issues. Chromebooks are crippled (soldered RAM/storage/wifi) - and have too many usability issues for the libreboot project. -
      • -
      -
    • -
    • docs/gnulinux/grub_cbfs.html Major cleanup. Usability improvements.
    • -
    • hocs/gnulinux/encrypted_trisquel.html: Fixed mistakes/typos. General improvements
    • -
    • - flash (flashrom script): remove boardmismatch=force -
        -
      • - This was put there before for users upgrading from libreboot r5 - to r6, but also allows the user to flash the wrong image. For - example, the user could flash a T60 image on an X60, thus - bricking the machine. It's almost certain that most people - have upgraded by now, so remove this potentially dangerous - option. -
      • -
      -
    • -
    • Documentation: update compatibility list for X60T LCD panels.
    • -
    • docs/release.html: add note about X60 Tablet board in X60/X60s
    • -
    • docs/howtos/grub_boot_installer.html: small corrections
    • -
    • docs/howtos/grub_boot_installer.html: improved readability, fixed html errors
    • -
    • Documentation (macbook21 related): clean up
    • -
    +

    + Installation instructions can be found at install/index.html#flashrom. + Building instructions (for source code) can be found at git/index.html#build. +

    -
    +

    Machines supported in this release:

    +
      +
    • + Lenovo ThinkPad X60/X60s +
        +
      • + You can also remove the motherboard from an X61/X61s and replace it with an X60/X60s motherboard. + An X60 Tablet motherboard will also fit inside an X60/X60s. +
      • +
      +
    • +
    • + Lenovo ThinkPad X60 Tablet (1024x768 and 1400x1050) with digitizer support +
        +
      • See hcl/index.html#supported_x60t_list for list of supported LCD panels
      • +
      • It is unknown whether an X61 Tablet can have it's mainboard replaced with an X60 Tablet motherboard.
      • +
      +
    • +
    • + Lenovo ThinkPad T60 (Intel GPU) (there are issuesinstall/x200_external.html; see below): + +
    • +
    • + Lenovo ThinkPad X200 + +
    • +
    • + Apple MacBook1,1 (MA255LL/A, MA254LL/A, MA472LL/A) + +
    • +
    • + Apple MacBook2,1 (MA699LL/A, MA701LL/A, MB061LL/A, MA700LL/A, MB063LL/A, MB062LL/A) + +
    • +
    + +
    + +
    -
    +

    + Updates (relative to r20150124) +

    +

    + This is a bug fix release based on r20150124 from two days ago. It contains a few small changes: +

    +
      +
    • grub.cfg: hardcode the list of partitions to search (speeds up booting considerably. GRUB regexp isn't very well optimized)
    • +
    • Docs (x200.html hcl): Remove incorrect information
    • +
    • Documentation (bbb_setup.html): Fix typos
    • +
    • + build-release: delete ich9fdgbe_{4m,8m}.bin files from ich9gen +
        +
      • + These were accidentically included in the r20150124 release. They + are generated from ich9gen so it's ok, but they don't need to be + in the archive. +
      • +
      +
    • +
    • Documentation (grub_cbfs.html): Looping in libreboot_grub.cfg (Add notes about it if the user copied from grub.cfg in CBFS.)
    • +
    • Documentation: refer to Guix as GNU Guix System Distribution or GNU GSD per advice from the Guix project.
    • +
    +

    + Changes for this release (latest changes first, earliest changes last) +

    +
      +
    • Documentation: added information about how to boot Guix GNU/Linux.
    • +
    • grub.cfg: Added (usb0) and (usb0,*) to the list of devices in the Search for GRUB menuentry (this is needed for Guix GNU/Linux)
    • +
    • grub.cfg: Added (ahci1) to list of devices for ISOLINUX parser (CD/DVD) (this is needed for the X200 docking station).
    • +
    • grub.cfg: ISOLINUX parsing is now done on all USB partitions.
    • +
    • grub.cfg: Automatically switched to /boot/grub/libreboot_grub.cfg on a partition, if it exists.
    • +
    • libreboot_bin: added static ARM binaries for flashrom, cbfstool, ich9gen and + ich9deblob (tested on beaglebone black).
    • +
    • Flashrom: removed redundant Macronix flashchip definitions (for X200 owners).
    • +
    • Flashrom: added whitelist for ThinkPad X200.
    • +
    • X200: fixed uneven backlight (at low levels)
    • +
    • ich9macchange (new script, uses ich9gen): for changing the default MAC address on X200 ROM images.
    • +
    • ich9gen: added capability to change the default MAC address (and update the checksum)
    • +
    • ich9deblob: added new utility ich9gen: this can generate a descriptor+gbe image without a factory.rom dump present.
    • +
    • Modified ich9deblob to use a struct for Gbe, documenting everything.
    • +
    • Massively updated the ich9deblob utility: re-factored everything completely.
    • +
    • Enabled cstates 1 and 2 on macbook21. This reduces idle heat / power consumption.
    • +
    • buildrom-withgrub: disabled creation of *txtmode*.rom for X200 (only framebuffer graphics work)
    • +
    • Updated SeaBIOS (again)
    • +
    • docs/install/index.html#flashrom_x200: improve instructions
    • +
    • Updated flashrom (again) - patches updated
    • +
    • Updated GRUB (again)
    • +
    • Updated coreboot (again)
    • +
    • build-release: not all files were copied to libreboot_src. fix that.
    • +
    • build-release: include cbmem (statically compiled) in libreboot_bin
    • +
    • Documentation (X200): added software-based flashing instructions
    • +
    • Documentation: remove all references to the bus pirate (replaced with BBB flashing tutorials)
    • +
    • New board: ThinkPad X200S and X200 Tablet support added to libreboot
    • +
    • build: automatically find board names (configs) to build for
    • +
    • New board: ThinkPad X200 support added to libreboot
    • +
    • coreboot-libre config (all boards): enable USB dongle log output (for BeagleBone Black)
    • +
    • cleandeps: actually clean grubinvaders
    • +
    • .gitignore: add powertop directory
    • +
    • cleandeps: clean i945-pwm utility
    • +
    • scripts (all): fix typos
    • +
    • Documentation: general cleanup.
    • +
    • builddeps-flashrom: reduce build commands to a single for loop
    • +
    • scripts (all): replace unnecessary rm -rf with rm -f
    • +
    • powertop.trisquel7: remove sudo (script already checks if the user is root)
    • +
    • docs/release.html: add lenovo g505s to the list of candidates
    • +
    • .gitignore: add libreboot_bin.tar.xz and libreboot_src.tar.xz
    • +
    • + libreboot_bin.tar.xz: Include utils as statically linked binaries +
        +
      • This means that the user does not have to install build dependency + or build from source anymore.
      • +
      +
    • +
    • deps-trisquel: Add binutils-source
    • +
    • powertop.trisquel7 (new): Setup powertop on trisquel 7
    • +
    • deps-trisquel,flash,lenovobios_firstflash,lenovobios_secondflash,macbook21_firstflash + x60flashfrom5,powertop.trisquel6: check if user is root
    • +
    • deps-trisquel: Make GRUB build on in Trisquel 7 x86_64. (cross compile dependencies. fixes build error in GRUB)
    • +
    • deps-parabola (removed) Remove Parabola dependencies script. Will re-add later (properly tested)
    • +
    • grub.cfg: Add more path checks to isolinux parser (more ISOs should work now)
    • +
    • Update SeaBIOS
    • +
    • x60flashfrom5 (new), for X60 users upgrading from 5th/early release
    • +
    • Update flashrom
    • +
    • Update GRUB
    • +
    • + Updated coreboot-libre +
        +
      • i945: permanently set tft_brightness to 0xff (fixes bug on X60 where + turning up brightness at max would make it loop back to low brightness)
      • +
      +
    • +
    • + getcb: Revert X60/T60 to legacy backlight controls +
        +
      • The ACPI brightness patches were abandoned and obsolete.
      • +
      +
    • +
    • grub.cfg: Only load initrd.img if it exists. Add rw to linux line (for ProteanOS)
    • +
    • build: Only generate the GRUB configurations once (re-use on all images)
    • +
    • Only build 2 GRUB payload executables, re-use on all boards.
    • +
    • + resources/utilities/grub-assemble/gen.txtmode.sh: Use GNU BASH
      + resources/utilities/grub-assemble/gen.vesafb.sh: Use GNU BASH +
    • +
    • scripts (error handling): Replace exit with exit 1 (make debugging easier)
    • +
    • + Move most files in CBFS to GRUB memdisk, except grub.cfg and grubtest.cfg +
        + This reduces the space used in CBFS because coreboot compresses + its payloads with LZMA by default. grub.cfg is all that most users + will want to modify, which remains in CBFS. +
      +
    • +
    • docs/release.html Add DMP vortex86ex to list of candidates.
    • +
    • docs/release.html Add ThinkPad X201 to list of candidates.
    • +
    • New links added to docs/security/x60_security and docs/security/t60_security
    • +
    • lenovobios_secondflash: Warn if BUCTS is not present. (not a dealbreaker. Can just pull out nvram battery/coin).
    • +
    • lenovobios_firstflash: Fail if BUCTS fails. (anti-bricking precaution)
    • +
    • Removed obnoxious warnings from flashing scripts, improved documentation instead.
    • +
    • scripts (all): add proper error checking (fail fast, fail early. Do not continue if there are errors)
    • +
    • buildrom-withgrub: rename image to boardname_layout_romtype.rom
    • +
    • buildrom-withgrub: don't move cbfstool, execute directly
    • +
    • resources/utilities/grub-assemble: add French Dvorak (BEPO) keyboard layout.
    • +
    • Documentation: add docs/hardware/x60_keyboard.html (show how to replace keyboard on X60/X60T)
    • +
    • Documentation: major cleanup (better structure, easier to find things)
    • +
    • + docs/release.html: Remove Acer CB5 from list of future candidates. +
        +
      • + Too many issues. Chromebooks are crippled (soldered RAM/storage/wifi) + and have too many usability issues for the libreboot project. +
      • +
      +
    • +
    • docs/gnulinux/grub_cbfs.html Major cleanup. Usability improvements.
    • +
    • hocs/gnulinux/encrypted_trisquel.html: Fixed mistakes/typos. General improvements
    • +
    • + flash (flashrom script): remove boardmismatch=force +
        +
      • + This was put there before for users upgrading from libreboot r5 + to r6, but also allows the user to flash the wrong image. For + example, the user could flash a T60 image on an X60, thus + bricking the machine. It's almost certain that most people + have upgraded by now, so remove this potentially dangerous + option. +
      • +
      +
    • +
    • Documentation: update compatibility list for X60T LCD panels.
    • +
    • docs/release.html: add note about X60 Tablet board in X60/X60s
    • +
    • docs/howtos/grub_boot_installer.html: small corrections
    • +
    • docs/howtos/grub_boot_installer.html: improved readability, fixed html errors
    • +
    • Documentation (macbook21 related): clean up
    • +
    + +
    + +
    + +

    Critical tasks for future release @@ -333,7 +347,7 @@

    -
    +

    Other tasks (non-critical, but still important)

    @@ -350,20 +364,24 @@

    Back to top of page.

    + +
    -
    +
    -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at license.txt. -

    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See license.txt for more information. +

    + +
    diff --git a/docs/security/dock.html b/docs/security/dock.html index 30f23d5..b2fdc7e 100644 --- a/docs/security/dock.html +++ b/docs/security/dock.html @@ -5,17 +5,18 @@ Notes about DMA and the docking station (X60/T60) -
    +

    Notes about DMA and the docking station (X60/T60)

    -
    +
    +
     
     Use case:
    @@ -135,20 +136,23 @@ added too?
     > trough nvram.
     
     
    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +
    + +
    + +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/security/index.html b/docs/security/index.html index 64008b8..73ced45 100644 --- a/docs/security/index.html +++ b/docs/security/index.html @@ -13,28 +13,32 @@ -

    Security topics

    + + +
    + +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    +

    - Or Back to main index. + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    - - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    + +
    diff --git a/docs/security/t60_security.html b/docs/security/t60_security.html index 279d301..ad07878 100644 --- a/docs/security/t60_security.html +++ b/docs/security/t60_security.html @@ -13,283 +13,288 @@ -
    +

    Security on the ThinkPad T60

    - -
    - -

    Or go back to main index

    - -

    Table of Contents

    - - -

    Hardware requirements

    -
      -
    • A T60
    • -
    • screwdriver
    • -
    • Rubbing or isopropyl alcohol, and thermal compound.
    • -
    • (in a later version of this tutorial: soldering iron and scalpel)
    • -
    - -

    Software requirements

    -
      -
    • none (at least in the scope of the article as-is)
    • -
    • You probably want to encrypt your GNU/Linux install using LUKS
    • -
    - -

    - Rationale -

    -

    - Most people think of security on the software side: the hardware is important aswell. - work. -

    -

    - This tutorial deals with reducing the number of devices that have direct memory access that - could communicate with inputs/outputs that could be used to remotely - command the machine (or leak data). All of this is purely theoretical for the time being. -

    +

    Hardware modifications to enhance security on the ThinkPad T60. This tutorial is incomplete at the time of writing.

    +

    Back to previous index

    +
    -

    Disassembly

    +
    +

    Table of Contents

    + +

    Hardware requirements

    +
      +
    • A T60
    • +
    • screwdriver
    • +
    • Rubbing or isopropyl alcohol, and thermal compound.
    • +
    • (in a later version of this tutorial: soldering iron and scalpel)
    • +
    +

    Software requirements

    +
      +
    • none (at least in the scope of the article as-is)
    • +
    • You probably want to encrypt your GNU/Linux install using LUKS
    • +
    +
    -

    - Remove those screws and remove the HDD:
    - -

    +
    +

    + Rationale +

    +

    + Most people think of security on the software side: the hardware is important aswell. +

    +

    + This tutorial deals with reducing the number of devices that have direct memory access that + could communicate with inputs/outputs that could be used to remotely + command the machine (or leak data). All of this is purely theoretical for the time being. +

    +
    -

    - Lift off the palm rest:
    - -

    +
    -

    - Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:
    - -

    +

    Disassembly

    -

    - Gently wedge both sides loose:
    - -

    +

    + Remove those screws and remove the HDD:
    + +

    -

    - Remove that cable from the position:
    - -

    +

    + Lift off the palm rest:
    + +

    -

    - Now remove that bezel. Remove wifi, nvram battery and speaker connector (also remove 56k modem, on the left of wifi):
    -
    - Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.
    - Wifi: The ath5k/ath9k cards might not have firmware at all. They might safe but could have - access to the computer's RAM trough DMA. If people have an intel - card(most T60 laptops come with Intel wifi by default, until you change it),then that card runs - a non-free firwamre and has access to the computer's RAM trough DMA! So - the risk-level is very high. -

    +

    + Lift up the keyboard, pull it back a bit, flip it over like that and then disconnect it from the board:
    + +

    -

    - Remove those screws:
    - -

    +

    + Gently wedge both sides loose:
    + +

    -

    - Disconnect the power jack:
    - -

    +

    + Remove that cable from the position:
    + +

    -

    - Remove nvram battery (we will put it back later):
    - -

    +

    + Now remove that bezel. Remove wifi, nvram battery and speaker connector (also remove 56k modem, on the left of wifi):
    +
    + Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.
    + Wifi: The ath5k/ath9k cards might not have firmware at all. They might safe but could have + access to the computer's RAM trough DMA. If people have an intel + card(most T60 laptops come with Intel wifi by default, until you change it),then that card runs + a non-free firwamre and has access to the computer's RAM trough DMA! So + the risk-level is very high. +

    -

    - Disconnect cable (for 56k modem) and disconnect the other cable:
    - -

    +

    + Remove those screws:
    + +

    -

    - Disconnect speaker cable:
    - -

    +

    + Disconnect the power jack:
    + +

    -

    - Disconnect the other end of the 56k modem cable:
    - -

    +

    + Remove nvram battery (we will put it back later):
    + +

    -

    - Make sure you removed it:
    - -

    +

    + Disconnect cable (for 56k modem) and disconnect the other cable:
    + +

    -

    - Unscrew those:
    - -

    +

    + Disconnect speaker cable:
    + +

    -

    - Make sure you removed those:
    - -

    +

    + Disconnect the other end of the 56k modem cable:
    + +

    -

    - Disconnect LCD cable from board:
    - -

    +

    + Make sure you removed it:
    + +

    -

    - Remove those screws then remove the LCD assembly:
    - -

    +

    + Unscrew those:
    + +

    -

    - Once again, make sure you removed those:
    - -

    +

    + Make sure you removed those:
    + +

    -

    - Remove the shielding containing the motherboard, then flip it over. Remove these screws, placing them on a steady - surface in the same layout as they were in before you removed them. Also, you should mark each screw hole after removing the - screw (a permanent marker pen will do), this is so that you have a point of reference when re-assembling the machine:
    - - -

    +

    + Disconnect LCD cable from board:
    + +

    -

    - Remove microphone (soldering iron not needed. Just wedge it out gently):
    -
    - Rationale:
    - Another reason to remove the microphone: If your computer gets[1] compromised, it can - record what you say, and use it to receive data from nearby devices if - they're compromised too. Also, we do not know what the built-in microcode (in the CPU) is doing; it could theoretically - be programmed to accept remote commands from some speaker somewhere (remote security hole). In other words, - the machine could already be compromised from the factory. -

    +

    + Remove those screws then remove the LCD assembly:
    + +

    -

    - Remove infrared:
    - -

    +

    + Once again, make sure you removed those:
    + +

    -

    - Remove cardbus (it's in a socket, no need to disable. Just remove the port itself):
    -
    - Rationale:
    - It has direct memory access and can be used to extract sensitive details (such as LUKS keys). See - 'GoodBIOS' video linked at the end (speaker is Peter Stuge, a coreboot hacker). The video covers X60 - but the same topics apply to T60. -

    +

    + Remove the shielding containing the motherboard, then flip it over. Remove these screws, placing them on a steady + surface in the same layout as they were in before you removed them. Also, you should mark each screw hole after removing the + screw (a permanent marker pen will do), this is so that you have a point of reference when re-assembling the machine:
    + + +

    -

    - Before re-installing the upper chassis, remove the speaker:
    -
    - Reason: combined with the microphone issue, this could be used to leak data.
    - If your computer gets[1] compromised, it can be used to - transmit data to nearby compromised devices. It's unknown if it can be - turned into a microphone[2].
    - Replacement: headphones/speakers (line-out) or external DAC (USB). -

    +

    + Remove microphone (soldering iron not needed. Just wedge it out gently):
    +
    + Rationale:
    + Another reason to remove the microphone: If your computer gets[1] compromised, it can + record what you say, and use it to receive data from nearby devices if + they're compromised too. Also, we do not know what the built-in microcode (in the CPU) is doing; it could theoretically + be programmed to accept remote commands from some speaker somewhere (remote security hole). In other words, + the machine could already be compromised from the factory. +

    -

    - Remove the wwan:
    -
    - Wwan (3d modem): They run proprietary software and have access to the - computer's RAM! So it's like AMT but over the GSM network which is - probably even worse.
    - Replacement: external USB wifi dongle. (or USB wwan/3g dongle; note, this has all the same privacy issues as mobile phones. wwan not recommended). -

    +

    + Remove infrared:
    + +

    -

    - This is where the simcard connector is soldered. See notes above about wwan. Remove simcard by removing battery - and then it's accessible (so, remember to do this when you re-assemble. or you could do it now?)
    - -

    +

    + Remove cardbus (it's in a socket, no need to disable. Just remove the port itself):
    +
    + Rationale:
    + It has direct memory access and can be used to extract sensitive details (such as LUKS keys). See + 'GoodBIOS' video linked at the end (speaker is Peter Stuge, a coreboot hacker). The video covers X60 + but the same topics apply to T60. +

    -

    - Put those screws back:
    - -

    +

    + Before re-installing the upper chassis, remove the speaker:
    +
    + Reason: combined with the microphone issue, this could be used to leak data.
    + If your computer gets[1] compromised, it can be used to + transmit data to nearby compromised devices. It's unknown if it can be + turned into a microphone[2].
    + Replacement: headphones/speakers (line-out) or external DAC (USB). +

    -

    - Put it back into lower chassis:
    - -

    +

    + Remove the wwan:
    +
    + Wwan (3d modem): They run proprietary software and have access to the + computer's RAM! So it's like AMT but over the GSM network which is + probably even worse.
    + Replacement: external USB wifi dongle. (or USB wwan/3g dongle; note, this has all the same privacy issues as mobile phones. wwan not recommended). +

    -

    - Attach LCD and insert screws (also, attach the lcd cable to the board):
    - -

    +

    + This is where the simcard connector is soldered. See notes above about wwan. Remove simcard by removing battery + and then it's accessible (so, remember to do this when you re-assemble. or you could do it now?)
    + +

    -

    - Insert those screws:
    - -

    +

    + Put those screws back:
    + +

    -

    - On the CPU (and there is another chip south-east to it, sorry forgot to take pic) - clean off the old thermal paste (with the alcohol) and apply new (Artic Silver 5 is good, others are good too) - you should also clean the heatsink the same way
    - -

    +

    + Put it back into lower chassis:
    + +

    -

    - Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):
    - -

    +

    + Attach LCD and insert screws (also, attach the lcd cable to the board):
    + +

    -

    - Reinstall that upper bezel:
    - -

    +

    + Insert those screws:
    + +

    -

    - Do that:
    - -

    +

    + On the CPU (and there is another chip south-east to it, sorry forgot to take pic) + clean off the old thermal paste (with the alcohol) and apply new (Artic Silver 5 is good, others are good too) + you should also clean the heatsink the same way
    + +

    -

    - Attach keyboard and install nvram battery:
    - -

    +

    + Attach the heatsink and install the screws (also, make sure to install the AC jack as highlighted):
    + +

    -

    - Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:
    - -

    +

    + Reinstall that upper bezel:
    + +

    -

    - Remove those covers and unscrew:
    - -

    +

    + Do that:
    + +

    -

    - Gently pry off the front bezel (sorry, forgot to take pics). -

    +

    + Attach keyboard and install nvram battery:
    + +

    -

    - Remove bluetooth module:
    - -

    +

    + Place keyboard and (sorry, forgot to take pics) reinstall the palmrest and insert screws on the underside:
    + +

    -

    - Re-attach the front bezel and re-insert the screws (sorry, forgot to take pics). -

    +

    + Remove those covers and unscrew:
    + +

    -

    - It lives!
    - -

    +

    + Gently pry off the front bezel (sorry, forgot to take pics). +

    -

    - Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:
    - -

    +

    + Remove bluetooth module:
    + +

    + +

    + Re-attach the front bezel and re-insert the screws (sorry, forgot to take pics). +

    + +

    + It lives!
    + +

    + +

    + Always stress test ('stress -c 2' and xsensors. below 90C is ok) when replacing cpu paste/heatsink:
    + +

    + +
    +

    Not covered yet:

    @@ -306,7 +311,9 @@

    A lot of this tutorial is based on that video. Look towards the second half of the video to see how to do the above.

    +
    +

    Also not covered yet:

    @@ -339,91 +346,108 @@ https://gitorious.org/gnutoo-for-coreboot/grub-assemble/source/a61f636797777a742f65f4c9c58032aa6a9b23c3: +
    -

    - Extra notes -

    -

    - EC: Cannot be removed but can be mitigated: it contains non-free - non-loadable code, but it has no access to the computer's RAM. - It has access to the on-switch of the wifi, bluetooth, modem and some - other power management features. The issue is that it has access to the - keyboard, however if the software security howto (not yet written) is followed correctly, - it won't be able to leak data to a local attacker. It has no network - access but it may still be able to leak data remotely, but that - requires someone to be nearby to recover the data with the help of an - SDR and some directional antennas[3]. -

    -

    - Intel 82573 Ethernet controller - on the X60 seems safe, according to Denis. -

    +
    +

    + Extra notes +

    +

    + EC: Cannot be removed but can be mitigated: it contains non-free + non-loadable code, but it has no access to the computer's RAM. + It has access to the on-switch of the wifi, bluetooth, modem and some + other power management features. The issue is that it has access to the + keyboard, however if the software security howto (not yet written) is followed correctly, + it won't be able to leak data to a local attacker. It has no network + access but it may still be able to leak data remotely, but that + requires someone to be nearby to recover the data with the help of an + SDR and some directional antennas[3]. +

    +

    + Intel 82573 Ethernet controller + on the X60 seems safe, according to Denis. +

    -

    - Risk level -

    +
    +

    + Risk level +

    +
      +
    • Modem (3g/wwan): highest
    • +
    • Intel wifi: Near highest
    • +
    • Atheros PCI wifi: unknown, but lower than intel wifi.
    • +
    • Microphone: only problematic if the computer gets compromised.
    • +
    • Speakers: only problematic if the computer gets compromised.
    • +
    • EC: can be mitigated if following the guide on software security.
    • +
    +
    +
    + +
    +

    + Further reading material (software security) +

    - -

    - Further reading material (software security) -

    - - -

    - References -

    -

    [1] physical access

    -

    - Explain that black hats, TAO, and so on might use a 0day to get in, - and explain that in this case it mitigates what the attacker can do. - Also the TAO do some evaluation before launching an attack: they take - the probability of beeing caught into account, along with the kind of - target. A 0day costs a lot of money, I heard that it was from 100000$ - to 400000$, some other websites had prices 10 times lower but that - but it was probably a typo. So if people increase their security it - makes it more risky and more costly to attack people. -

    -

    [2] microphone

    -

    - It's possible to turn headphones into a microphone, you could try - yourself, however they don't record loud at all. Also intel cards have - the capability to change a connector's function, for instance the - microphone jack can now become a headphone plug, that's called - retasking. There is some support for it in GNU/Linux but it's not very - well known. -

    -

    [3] Video (CCC)

    -

    - 30c3-5356-en-Firmware_Fat_Camp_webm.webm from the 30th CCC. While - their demo is experimental(their hardware also got damaged during the - transport), the spies probably already have that since a long time. - http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm -

    - -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    - -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +
    + +
    +

    + References +

    +
    +

    [1] physical access

    +

    + Explain that black hats, TAO, and so on might use a 0day to get in, + and explain that in this case it mitigates what the attacker can do. + Also the TAO do some evaluation before launching an attack: they take + the probability of beeing caught into account, along with the kind of + target. A 0day costs a lot of money, I heard that it was from 100000$ + to 400000$, some other websites had prices 10 times lower but that + but it was probably a typo. So if people increase their security it + makes it more risky and more costly to attack people. +

    +
    +
    +

    [2] microphone

    +

    + It's possible to turn headphones into a microphone, you could try + yourself, however they don't record loud at all. Also intel cards have + the capability to change a connector's function, for instance the + microphone jack can now become a headphone plug, that's called + retasking. There is some support for it in GNU/Linux but it's not very + well known. +

    +
    +
    +

    [3] Video (CCC)

    +

    + 30c3-5356-en-Firmware_Fat_Camp_webm.webm from the 30th CCC. While + their demo is experimental(their hardware also got damaged during the + transport), the spies probably already have that since a long time. + http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm +

    +
    +
    + +
    + +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    diff --git a/docs/security/x60_security.html b/docs/security/x60_security.html index c87c581..7b524c7 100644 --- a/docs/security/x60_security.html +++ b/docs/security/x60_security.html @@ -13,277 +13,301 @@ -
    +

    Security on the ThinkPad X60

    - -
    +

    Hardware modifications to enhance security on the ThinkPad X60. This tutorial is incomplete at the time of writing.

    +

    Back to previous index

    + -

    Or go back to main index

    + -

    Table of Contents

    - +
    + +

    Hardware requirements

    +
      +
    • An X60
    • +
    • screwdriver
    • +
    • (in a later version of this tutorial: soldering iron and scalpel)
    • +
    -

    Hardware requirements

    -
      -
    • An X60
    • -
    • screwdriver
    • -
    • (in a later version of this tutorial: soldering iron and scalpel)
    • -
    +

    Software requirements

    +
      +
    • none (at least in the scope of the article as-is)
    • +
    • You probably want to encrypt your GNU/Linux install using LUKS
    • +
    + +
    -

    Software requirements

    -
      -
    • none (at least in the scope of the article as-is)
    • -
    • You probably want to encrypt your GNU/Linux install using LUKS
    • -
    +
    -

    - Rationale -

    -

    - Most people think of security on the software side: the hardware is important aswell. - work. -

    -

    - This tutorial deals with reducing the number of devices that have direct memory access that - could communicate with inputs/outputs that could be used to remotely - command the machine (or leak data). All of this is purely theoretical for the time being. -

    +

    + Rationale +

    +

    + Most people think of security on the software side: the hardware is important aswell. +

    +

    + This tutorial deals with reducing the number of devices that have direct memory access that + could communicate with inputs/outputs that could be used to remotely + command the machine (or leak data). All of this is purely theoretical for the time being. +

    -

    Disassembly

    +

    Disassembly

    -

    - Firstly remove the bluetooth (if your X60 has this):
    - The marked screws are underneath those stickers (marked in those 3 locations at the bottom of the LCD assembly):
    -
    - Now gently pry off the bottom part of the front bezel, and the bluetooth module is on the left (easily removable):
    -
    -

    +

    + Firstly remove the bluetooth (if your X60 has this):
    + The marked screws are underneath those stickers (marked in those 3 locations at the bottom of the LCD assembly):
    +
    + Now gently pry off the bottom part of the front bezel, and the bluetooth module is on the left (easily removable):
    +
    +

    -

    - If your model was WWAN, remove the simcard (check anyway):
    - Uncover those 2 screws at the bottom:
    -
    - SIM card (not present in the picture) is in the marked location:
    -
    - Replacement: USB dongle. -

    +

    + If your model was WWAN, remove the simcard (check anyway):
    + Uncover those 2 screws at the bottom:
    +
    + SIM card (not present in the picture) is in the marked location:
    +
    + Replacement: USB dongle. +

    -

    - Now get into the motherboard. -

    +

    + Now get into the motherboard. +

    -

    - Remove those screws:
    - -

    -

    - Push the keyboard forward (carefully):
    - -

    -

    - Lift the keyboard up and disconnect it from the board:
    - -

    -

    - Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:
    - -

    -

    - You should now have this:
    - -

    +

    + Remove those screws:
    + +

    +

    + Push the keyboard forward (carefully):
    + +

    +

    + Lift the keyboard up and disconnect it from the board:
    + +

    +

    + Grab the right-hand side of the chassis and force it off (gently) and pry up the rest of the chassis:
    + +

    +

    + You should now have this:
    + +

    -

    - The following is a summary of what you will remove (already done to this machine):
    -
    - Note: the blue lines represent antenna cables and modem cables. You don't need to remove these, but you can if you want - (to make it tidier after removing other parts). I removed the antenna wires, the modem jack, the modem cable and - also (on another model) a device inside the part where the wwan antenna goes (wasn't sure what it was, but I knew it wasn't needed). This is optional -

    +

    + The following is a summary of what you will remove (already done to this machine):
    +
    + Note: the blue lines represent antenna cables and modem cables. You don't need to remove these, but you can if you want + (to make it tidier after removing other parts). I removed the antenna wires, the modem jack, the modem cable and + also (on another model) a device inside the part where the wwan antenna goes (wasn't sure what it was, but I knew it wasn't needed). This is optional +

    -

    - Remove the microphone (can desolder it, but you can also easily pull it off with you hands). Already removed here:
    -
    - Rationale:
    - Another reason to remove the microphone: If your computer gets[1] compromised, it can - record what you say, and use it to receive data from nearby devices if - they're compromised too. Also, we do not know what the built-in microcode (in the CPU) is doing; it could theoretically - be programmed to accept remote commands from some speaker somewhere (remote security hole). In other words, - the machine could already be compromised from the factory. -

    +

    + Remove the microphone (can desolder it, but you can also easily pull it off with you hands). Already removed here:
    +
    + Rationale:
    + Another reason to remove the microphone: If your computer gets[1] compromised, it can + record what you say, and use it to receive data from nearby devices if + they're compromised too. Also, we do not know what the built-in microcode (in the CPU) is doing; it could theoretically + be programmed to accept remote commands from some speaker somewhere (remote security hole). In other words, + the machine could already be compromised from the factory. +

    -

    - Remove the modem:
    -
    - (useless, obsolete device) -

    +

    + Remove the modem:
    +
    + (useless, obsolete device) +

    -

    - Remove the speaker:
    -
    - Reason: combined with the microphone issue, this could be used to leak data.
    - If your computer gets[1] compromised, it can be used to - transmit data to nearby compromised devices. It's unknown if it can be - turned into a microphone[2].
    - Replacement: headphones/speakers (line-out) or external DAC (USB). -

    +

    + Remove the speaker:
    +
    + Reason: combined with the microphone issue, this could be used to leak data.
    + If your computer gets[1] compromised, it can be used to + transmit data to nearby compromised devices. It's unknown if it can be + turned into a microphone[2].
    + Replacement: headphones/speakers (line-out) or external DAC (USB). +

    -

    - Remove the wlan (also remove wwan if you have it):
    -
    - Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.
    - Wifi: The ath5k/ath9k cards might not have firmware at all. They might safe but could have - access to the computer's RAM trough DMA. If people have an intel - card(most X60s come with Intel wifi by default, until you change it),then that card runs - a non-free firwamre and has access to the computer's RAM trough DMA! So - the risk-level is very high.
    - Wwan (3d modem): They run proprietary software and have access to the - computer's RAM! So it's like AMT but over the GSM network which is - probably even worse.
    - Replacement: external USB wifi dongle. (or USB wwan/3g dongle; note, this has all the same privacy issues as mobile phones. wwan not recommended). -

    +

    + Remove the wlan (also remove wwan if you have it):
    +
    + Reason: has direct (and very fast) memory access, and could (theoretically) leak data over a side-channel.
    + Wifi: The ath5k/ath9k cards might not have firmware at all. They might safe but could have + access to the computer's RAM trough DMA. If people have an intel + card(most X60s come with Intel wifi by default, until you change it),then that card runs + a non-free firwamre and has access to the computer's RAM trough DMA! So + the risk-level is very high.
    + Wwan (3d modem): They run proprietary software and have access to the + computer's RAM! So it's like AMT but over the GSM network which is + probably even worse.
    + Replacement: external USB wifi dongle. (or USB wwan/3g dongle; note, this has all the same privacy issues as mobile phones. wwan not recommended). +

    -

    - Not covered yet: -

    -
      -
    • Disable cardbus (has fast/direct memory access)
    • -
    • Disable firewire (has fast/direct memory access)
    • -
    • Disable flashing the ethernet firmware
    • -
    • Disable SPI flash writes (can be re-enabled by unsoldering two parts)
    • -
    • Disable use of xrandr/edid on external monitor (cut 2 pins on VGA)
    • -
    • Disable docking station (might be possible to do it in software, in coreboot upstream as a Kconfig option)
    • -
    +

    + Not covered yet: +

    +
      +
    • Disable cardbus (has fast/direct memory access)
    • +
    • Disable firewire (has fast/direct memory access)
    • +
    • Disable flashing the ethernet firmware
    • +
    • Disable SPI flash writes (can be re-enabled by unsoldering two parts)
    • +
    • Disable use of xrandr/edid on external monitor (cut 2 pins on VGA)
    • +
    • Disable docking station (might be possible to do it in software, in coreboot upstream as a Kconfig option)
    • +
    +

    + Go to http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html + or directly to the video: http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm. +

    +

    + A lot of this tutorial is based on that video. Look towards the second half of the video to see how to do the above. +

    + +

    + Also not covered yet: +

    +
      +
    • + Intrusion detection: randomized seal on screws
      + Just put nail polish with lot of glider on the important screws, take + some good pictures. Keep the pictueres and make sure of their integrity. + Compare the nail polish with the pictures before powering on the laptop. +
    • +
    • + Tips about preventing/mitigating risk of cold boot attack. +
        +
      • soldered RAM?
      • +
      • seal RAM door shut (possibly modified lower chassis) so that system has to be disassembled (which has to go through the nail polish)
      • +
      • wipe all RAM at boot/power-off/power-on? (patch in coreboot upstream?)
      • +
      • ask gnutoo about fallback patches (counts number of boots)
      • +
      +
    • +
    • + General tips/advice and web links showing how to detect physical intrusions. +
    • +
    • + For example: http://cs.tau.ac.il/~tromer/acoustic/ + or http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper. +
    • +
    • + https://en.wikipedia.org/wiki/Tempest_%28codename%29 +
    • +
    • + https://gitorious.org/gnutoo-for-coreboot/grub-assemble/source/a61f636797777a742f65f4c9c58032aa6a9b23c3: +
    • +
    + +
    + +
    +

    + Extra notes +

    - Go to http://media.ccc.de/browse/congress/2013/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge.html - or directly to the video: http://mirror.netcologne.de/CCC/congress/2013/webm/30c3-5529-en-Hardening_hardware_and_choosing_a_goodBIOS_webm.webm. + EC: Cannot be removed but can be mitigated: it contains non-free + non-loadable code, but it has no access to the computer's RAM. + It has access to the on-switch of the wifi, bluetooth, modem and some + other power management features. The issue is that it has access to the + keyboard, however if the software security howto (not yet written) is followed correctly, + it won't be able to leak data to a local attacker. It has no network + access but it may still be able to leak data remotely, but that + requires someone to be nearby to recover the data with the help of an + SDR and some directional antennas[3].

    - A lot of this tutorial is based on that video. Look towards the second half of the video to see how to do the above. + Intel 82573 Ethernet controller + on the X60 seems safe, according to Denis.

    -

    - Also not covered yet: -

    -
      -
    • - Intrusion detection: randomized seal on screws
      - Just put nail polish with lot of glider on the important screws, take - some good pictures. Keep the pictueres and make sure of their integrity. - Compare the nail polish with the pictures before powering on the laptop. -
    • -
    • - Tips about preventing/mitigating risk of cold boot attack. +
      +

      + Risk level +

        -
      • soldered RAM?
      • -
      • seal RAM door shut (possibly modified lower chassis) so that system has to be disassembled (which has to go through the nail polish)
      • -
      • wipe all RAM at boot/power-off/power-on? (patch in coreboot upstream?)
      • -
      • ask gnutoo about fallback patches (counts number of boots)
      • +
      • Modem (3g/wwan): highest
      • +
      • Intel wifi: Near highest
      • +
      • Atheros PCI wifi: unknown, but lower than intel wifi.
      • +
      • Microphone: only problematic if the computer gets compromised.
      • +
      • Speakers: only problematic if the computer gets compromised.
      • +
      • EC: can be mitigated if following the guide on software security.
      -
    • -
    • - General tips/advice and web links showing how to detect physical intrusions. -
    • -
    • - For example: http://cs.tau.ac.il/~tromer/acoustic/ - or http://cyber.bgu.ac.il/content/how-leak-sensitive-data-isolated-computer-air-gap-near-mobile-phone-airhopper. -
    • -
    • - https://en.wikipedia.org/wiki/Tempest_%28codename%29 -
    • -
    • - https://gitorious.org/gnutoo-for-coreboot/grub-assemble/source/a61f636797777a742f65f4c9c58032aa6a9b23c3: -
    • -
    +
    + -

    - Extra notes -

    -

    - EC: Cannot be removed but can be mitigated: it contains non-free - non-loadable code, but it has no access to the computer's RAM. - It has access to the on-switch of the wifi, bluetooth, modem and some - other power management features. The issue is that it has access to the - keyboard, however if the software security howto (not yet written) is followed correctly, - it won't be able to leak data to a local attacker. It has no network - access but it may still be able to leak data remotely, but that - requires someone to be nearby to recover the data with the help of an - SDR and some directional antennas[3]. -

    -

    - Intel 82573 Ethernet controller - on the X60 seems safe, according to Denis. -

    - -

    - Risk level -

    +
    +

    + Further reading material (software security) +

    +
    -

    - Further reading material (software security) -

    - +
    +

    + References +

    +
    +

    [1] physical access

    +

    + Explain that black hats, TAO, and so on might use a 0day to get in, + and explain that in this case it mitigates what the attacker can do. + Also the TAO do some evaluation before launching an attack: they take + the probability of beeing caught into account, along with the kind of + target. A 0day costs a lot of money, I heard that it was from 100000$ + to 400000$, some other websites had prices 10 times lower but that + but it was probably a typo. So if people increase their security it + makes it more risky and more costly to attack people. +

    +
    +
    +

    [2] microphone

    +

    + It's possible to turn headphones into a microphone, you could try + yourself, however they don't record loud at all. Also intel cards have + the capability to change a connector's function, for instance the + microphone jack can now become a headphone plug, that's called + retasking. There is some support for it in GNU/Linux but it's not very + well known. +

    +
    +
    +

    [3] Video (CCC)

    +

    + 30c3-5356-en-Firmware_Fat_Camp_webm.webm from the 30th CCC. While + their demo is experimental(their hardware also got damaged during the + transport), the spies probably already have that since a long time. + http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm +

    +
    +
    -

    - References -

    -

    [1] physical access

    -

    - Explain that black hats, TAO, and so on might use a 0day to get in, - and explain that in this case it mitigates what the attacker can do. - Also the TAO do some evaluation before launching an attack: they take - the probability of beeing caught into account, along with the kind of - target. A 0day costs a lot of money, I heard that it was from 100000$ - to 400000$, some other websites had prices 10 times lower but that - but it was probably a typo. So if people increase their security it - makes it more risky and more costly to attack people. -

    -

    [2] microphone

    -

    - It's possible to turn headphones into a microphone, you could try - yourself, however they don't record loud at all. Also intel cards have - the capability to change a connector's function, for instance the - microphone jack can now become a headphone plug, that's called - retasking. There is some support for it in GNU/Linux but it's not very - well known. -

    -

    [3] Video (CCC)

    -

    - 30c3-5356-en-Firmware_Fat_Camp_webm.webm from the 30th CCC. While - their demo is experimental(their hardware also got damaged during the - transport), the spies probably already have that since a long time. - http://berlin.ftp.media.ccc.de/congress/2013/webm/30c3-5356-en-Firmware_Fat_Camp_webm.webm -

    +
    -
    - -

    - Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    - This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. - A copy of the license can be found at ../license.txt. -

    +

    + Copyright © 2014, 2015 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    -

    - This document is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. -

    +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + +
    -- cgit v0.9.1