--- /dev/null
+By Bernie Innocenti, 23 March 2014 (re-published with minor edits on 30 June 2020)
+
+== Flashing Coreboot on the Thinkpad X230 ==
+
+<div style="width:800px; margin:0 auto;">{{pictures/misc/x230-flashing.jpg | maxwidth=640}}</div>
+
+Coreboot, the free PC BIOS that powers all Google Chromebooks, was recently ported to the Thinkpad X230
+by the long time GRUB hacker Vladimir 'φ-coder' Serbinenko. So this week-end, just while Libre Planet was
+taking place at the nearby MIT Stata Center, I decided to give a shot at it. Building a custom Coreboot
+image for the X230 was relatively easy:
+
+{{{
+git clone http://review.coreboot.org/p/coreboot cd coreboot
+git submodule update --init --checkout
+make crosstools-i386
+# install the .config file provided by phcoder on the Coreboot wiki
+make oldconfig
+make
+}}}
+
+The build process generates a 12MB image containing all the board-specific code to initialize the hardware
+and a "payload" program to continue the boot process. I chose SeaBIOS, a legacy PC BIOS which can boot off
+hard-drives and other media.
+
+Things get interesting at this point: until someone figures out a way to workaround for Lenovo's BIOS
+write protection, flashing Coreboot requires a SPI programmer. So I borrowed a Pirate Bus with a Pomona 5250
+SOIC test clip from some friends at the [[https://www.fsf.org/ | Free Software Foundation]].
+The +3.3V pin of the SOIC chip is connected to several other components on the motherboard and pulls a
+lot of current while flashing (>400mA), so I had to hook it up to a beefy external power supply, being
+careful not to fry the entire motherboard.
+
+The X230 BIOS resides in two SPI flash chips of 8 and 4 megabytes that contain several things
+(for the details, check the X230 flashing instructions in the Coreboot wiki). Because my Coreboot image
+was small enough to fit into the top 4MB, I only had to flash one chip. From a separate machine, I used
+the 'flashrom' tool to backup the original BIOS, so I could easily restore it in case I couldn't get
+Coreboot to work.
+
+{{{
+sudo flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=8M -c MX25L3206E -r x230-orig-4M.rom
+}}}
+
+Next, I crossed fingers and wrote my Coreboot image:
+
+{{{
+sudo flashrom -p buspirate_spi:dev=/dev/ttyUSB0,spispeed=8M -c MX25L3206E -w x230-bernie-4M.rom
+}}}
+
+The entire operation takes about 15 minutes. The Pirate Bus isn't the fastest SPI programmer on
+the planet, but it costs only $30 and it's pretty reliable. Ok, now let's disconnect the clip and
+power on the laptop. The leds blink a little. The machine seems alive, but the LCD panel doesn't
+turn on. From the hard drive led it's evident that the system is booting, so I hook up an external
+VGA monitor and see a familiar password prompt.
+
+I already knew I was missing the VGA BIOS blob that initialize the video ports, but I wanted to see
+if Linux was able to do it after boot. So I cried for help in the #coreboot IRC channel, and phcoder
+pointed me at [[http://review.coreboot.org/#/c/5396/ | a patch]] floating around in Gerrit which
+contains 8KB of magical numbers to initialize the flat panel.
+
+The title photo shows the colorful result I got while trying phcoder's off-tree patch with SeaBIOS.
+Phcoder hinted that a recent snapshot of GRUB2 should initialize the display properly, and then went to sleep.
+Other Coreboot developers on IRC helped me debug my configuration until, finally, I powered on the laptop and
+in a couple of seconds a familiar GRUB2 prompt appeared on the panel.
+From there, I could easily load the OS bootmenu:
+
+{{{
+set root=(ahci,msdos1)
+source /grub/grub.cfg
+normal
+}}}
+
+Of course, it's also possible to build a custom grub.cfg into the Coreboot image and let the machine boot
+automatically. There's also [[http://www.coreboot.org/pipermail/seabios/2014-February/007651.html | a set of SeaBIOS patches]]
+which enable native VGA initialization. I got these patches to apply to my tree, but the resulting display is still messed up.
+The author, Kevin O'Connor, is away from the keyboard at the moment.
+
+Another open problem is that the S3 mode (aka sleep mode) is totally broken: instead of resuming, the machine simply reboots.
+This is annoying enough to prevent me from using Coreboot on my main machine. Before I can even attempt debugging this I need
+to figure out a way to get a debug console, because there are no usable serial ports on the X230. One of the Coreboot devs
+on IRC said that Android phones can serve as usbdebug dongles; I guess I'll try it next week if I have time.
+
+Note that the resulting machine is still running plenty of scary proprietary code: there's the firmware for the Embedded Controller,
+a separate processor which manages power and keyboard input, and the Intel Management Engine (ME),
+which runs even while the machine is sleeping, and for which interesting persistent rootkits have been demonstrated by clever
+security researchers years ago.
+
+There are no alternatives for the ME firmware at this time, but free implementations of the EC firmware exist for various
+Chromebooks and for the OLPC XO laptops. The codebase is quite board-specific, and porting it to the Thinkpad without
+documentation from Lenovo isn't a trivial project.
+
+Nevertheless, Coreboot seems to be improving rapidly in terms of usability and hardware support. There's a lively developer
+community and some business participation. It's not yet something I'd recommend to casual users, but if you're a nerd with a
+spare laptop and a fetish for hardware hacking, you might want to give Coreboot a try while it's still l33t 😉
\ No newline at end of file
projects / wiki.git / commitdiff