[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /tech/ - 35495

File: 1489388742181.png (531.58 KB, 300x268, 027.jpg)


Hello, lainons. I'm looking into getting a completely liberated laptop, like the ones many of have, I'm sure.

The obvious first choice is minifree.org, but their prices are just amazingly high, and the only computer they are selling right now is the x220. Is it worth it to pay 600 pounds for a libreboot install? Is it that hard? Have you bought anything from minifree and/or somebody else who sells these? And how much of a difference does it make, in your opinion, to have libreboot that is completely blobless, or a coreboot such as the one that has been made possible recently, where the ME is still on the board, but neutralized.



File: 1489389956771.png (116.43 KB, 142x200, Deimos.jpg)

This is relevant to my interests; I've also been looking into buying an oldie-but-goodie laptop with coreboot.


The x220 is preorder only right now, and unless you are lazy/want to support libreboot, don't buy one that is pre flashed. Save yourself alot of money, buy a cheap thinkpad (or other laptop or mobo), and flash yourself.
Mostly all you need is external flashing device (raspi, beaglebone, ch341a etc) and soic clip. (x60 you can libreboot from cli on the actual device, no need for external flashers).
Libreboot has quite good documentation, and the people in #libreboot (freenode) are quite helpful if you have any issues. I would recommend libreboot simply because it is Free by default, and easier to flash in most cases.
If you own a device that can be corebooted, by all means go ahead, but nothing beats librebooted x200 imo.

Now I am just waiting for the people to come in and say libreboot is bad because it is no longer GNU project (even tho it is still Free software, same license etc), I use software based on the software itself, not any 'drama' behind the software, and I implore you to do the same.


And by support, I mean financially support. I believe most of their "income" comes from minifree, which is used to pay for things such as Freeing new hardware (KGPE-D16 cost 75k USD to Free for example).


how recoverable is a fuarrrked up flashing?


>how recoverable is a fuarrrked up flashing?
Easy if you have external flashing equipment (e.g. BBB, RaspPi, etc.). And since you have direct access to the flash chip there's no worry about having to use a JTAG debugger to fix soykaf, which is nice.

I would avoid purchasing Libreboot'd or Coreboot'd devices online, completely. Considering the current political climate and TLA leaks there's a high chance that your device gets intercepted and bugged en route or gets you put on the naughty list for watching more closely. Get the flashing tools yourself and purchase a supported device in-person, ideally, or online if you must. If you buy online, though, tear it down once you get it and take pictures of every square inch of PCB to compare with images online, and then do a BIOS flash with the vendor's proprietary image (to overwrite any potential malicious embedded controller bugs since Libreboot/Coreboot don't touch the EC). After that continue with the flashing of your preferred BIOS.

Also, OP, don't get one of the supported macbooks--you'll regret it; build quality is soykaf and they overheat all the time.


are their any alternatives to libreboot?


File: 1489414725520.png (35.75 KB, 200x150, IMG_551bbf6f4eaa33764.jpg)


You don't even need the SOIC clip (they are too expensive for a one-shot thing, IMO). Use a section of PCI slot instead http://www.swiatelka.pl/viewtopic.php?t=2178


Why? Is there a problem with it?


>I would avoid purchasing Libreboot'd or Coreboot'd devices online, completely. Considering the current political climate and TLA leaks there's a high chance that your device gets intercepted and bugged en route or gets you put on the naughty list for watching
Can you explain more? I mean, throwing stuff out there without links or something seems pointless. I ordered a THinkpad X200 from minifree awhile back and it was alright. I'm looking at the EOMA68 laptop now and about to place an order for that.


File: 1489437210577-0.png (114.17 KB, 200x150, photo5330342701587081135(1).jpg)

I installed Libreboot on my X200 with a RasPi and a Chinese clip off aliexpress.
You can get an RPi Zero and it'll suffice, later you could turn it into a piratebox or a radio transmitter. It doesn't need an external PSU, 3.3v pin worked just fine. Make sure to use wires of the same length and no longer than 10cm.


Also, this would be useful if you're flashing with a raspi:


I want to flash my t500 but it is my own computer at the moment (other than my pi zero), and with core or libreboot I will lose the ATI Graphics & the Display port with it. I would normally be ok with it but I've played around with it after disabling the HD3650 in BIOS and the intel express graphics are fuarrrking damn near useless on the modern web. Of course I could always just give up web based video streaming in general and then wouldn't have an issue. General OS use and text based web zen existence.


>there's a high chance that your device gets intercepted and bugged en route

Would I be able to reflash a Librebooted laptop to get rid of anything added? I bought mine from some guy on eBay. The package didn't have to travel very far(same state), but it did sit at the post office over the weekend.


>Would I be able to reflash a Librebooted laptop to get rid of anything added?
Naturally. Since it already has Libreboot on it, reflashing can be done in-system using flashrom which is included in every Libreboot release. If you're worried about the BIOS image being compromised, simply use flashrom to read the current one and save it to a file. Then download the same release version from Libreboot's site and run a diff (e.g. diff -s suspect_image.bin release_image.bin) and see what it outputs. If they're different, there might be a problem--either the image config was modified before it was flashed (non-maliciously or maliciously), or you got a bad read off the flash chip (unlikely).

If you want to be extra sure you've got a good image then you'll need to get external flashing tools to extract it while the system isn't running since a compromised BIOS or EC firmware could do anything to the kernel or bootloader, etc., and tell you that everything's fine (when it's not).

>I bought mine from some guy on eBay.

Reflash that thing. Even if it came from Minifree, I'd still reflash it myself to be sure that I have a (more)trust-worthy system.


>Would I be able to reflash a Librebooted laptop to get rid of anything added?
Ah, forgot to add, you can reflash the original proprietary BIOS (which includes the EC firmware) even after it has Libreboot on it. If you wanted to follow the advice in >>35502 anyway.


Can one libre/coreboot an X230?


I think libreboot will work, but i haven't found any solid information and you would lose all the virtualization features of the cpu, since those haven't been reverse engineered yet. Coreboot works fine though, and you can choose to keep binary blobs you can't live without and have no alternatives. If you want to run qubes then that is the closest you will get to a a fully libre bios atm.


maybe his computer isn't compatitble
with libreboot


Currently what's supported with Libreboot are ??00 models and earlier. There is work on ??20 models at present, and I imagine development will move onto ??30 models after that.
Coreboot will probably work on it though.


Libreboot has Pi flashing instructions on their site now.



Ive thought about going full text web lately. I mean, lynx and links are LIGHTNING fast on my old t40s and t20s but muh internet pictures...


You can get links to display some pictures with a switch passed to it if I recall.


Leah Rowe is a immature child and hasn't paid people for services she wanted done. I really hate her as the main dev. I hope that Librecore fork of coreboot goes somewhere.


On this topic, how would libreboot on ??20 and later work? For instance, both X220 and T420 were released in 2011, which is before Intel Boot Guard in 2013 (which prevents any firmware not signed with Intel's private key from running, i.e. core/libreboot), but after 2009, meaning it has Intel Management Engine Ignition signature verification on the firmware, preventing IME from being removed (https://libreboot.org/faq.html#intelme). Surely this would mean that core/libreboot, although possible, wouldn't remove intel backdoors in ME? Forgive me if I'm understanding this incorrectly.

Unless it's neutralizing it as in here: https://hardenedlinux.github.io/firmware/2016/11/17/neutralize_ME_firmware_on_sandybridge_and_ivybridge.html


Core/Libreboot works, but (as I understand it) the ME will not be modified in any way.

This passage in the libreboot faq you linked is the important part:
>Before version 6.0 (that is, on systems from 2008/2009 and earlier), the ME can be disabled by setting a couple of values in the SPI flash memory. The ME firmware can then be removed entirely from the flash memory space. libreboot does this on the Intel 4 Series systems that it supports, such as the Libreboot X200 and Libreboot T400. ME firmware versions 6.0 and later, which are found on all systems with an Intel Core i3/i5/i7 CPU and a PCH, include “ME Ignition” firmware that performs some hardware initialization and power management. If the ME’s boot ROM does not find in the SPI flash memory an ME firmware manifest with a valid Intel signature, the whole PC will shut down after 30 minutes.

If you do want to disable it, you're going to need to follow the other link you posted and adapt accordingly. Also, this (https://github.com/corna/me_cleaner/wiki/How-does-it-work%3F) and the sources at the top of the page are interesting/helpful.


The clips can be as cheap as $3 on ebay. That is neat though.


Wasn't there some person who managed to clean out the newer one too or am I confusing it?


Right now, I'm not sure. I've found an issue on Github that suggests that the Intel Boot Guard is currently one of the major problems with modifying the ME. https://github.com/corna/me_cleaner/issues/6


Guess what? April Fools: https://leahboot.org/


Quick question, I bought a pack of jumper cables and a dedicated 3.3v PSU (along with a bunch of other needed materials) to flash a T400 and I was wondering what's the best way to connect the PSU to the BBB? The PSU has screw terminals and the BBB has female headers. I was thinking I'd crimp some ring terminals on one end of some wire and splice a male header on the other end.

Is there a more efficient way to do this?


forget the ring if its braided wire
put the male header on one end
fan out the braid and screw that down with a piece of square sheet metal (tin foil) threaded onto the screw. thats the crappy way