Documentation update: Highlight differences in x230 boards

[copyvar]

Hello,

I have difficulties to understand the differences of the available x230 boards. In https://github.com/osresearch/heads-wiki/edit/master/Installing-and-Configuring/Prerequisites.md three boards namely x230, x230-hotp-verification and x230-flash are listed. However, looking at https://github.com/osresearch/heads/tree/master/boards five boards are listed: x230-flash, x230-hotp-maximized, x230-hotp-verification, x230-maximized and x230

What are the differences between them? Why are only three boards mentioned in documentation? Looking at the boards config files does not help unexperienced users. It would help, if there was more detailed documentation about the differences and which board one has to build depending on what devices (e.g. Nitrokey Pro etc.) one wants to use. I will update the config files of each board and the documentation if someone answers.

[tlaurion]

Most of those questions are answered under #1015 specifically https://github.com/osresearch/heads/pull/1015#issuecomment-894523907 and current documentation under https://osresearch.net website, but let me know what is missing.

The quick answer would be: if you are using an external reprogrammer and intend to neuter ME, you want the maximized version for your xx20/xx30 board.

If you are coming from 1vyrain or Skulls project, and/or you are not sure if IFD and ME are neutered and unlocked regions, then xxxx-flash from there, which won't unlock not neuter long term. Then choose between xxxx-hotp-verification if you own a HOTP compliant USB device (Librem key, Nitrokey pro, Nitrokey Storage), or xxxx if you do not.

[tlaurion]

So to answer your question

Non-maximized x230 boards: loose flashy framebuffer menus and dropbear support. Doesn't touch ME nor IFD region. Loss of 4.5MiB SPI space as compared to maximized builds for xx30 boards.

x230-flash is to be flashed through skulls or 1vyrain, not touching IFD nor ME.

x230 is without HOTP, coming from unknown external flashing rom or x230-flash.

x230-hotp-verification is with hotp, coming from unknown external flashing from as above.

You cannot flash x230 or x230-hotp-verifacrion from maximized builds or your system will become a brick.

x230-maximized: keeps flashy framebuffer supports. Flashes generated Ethernet de:ad:c0:ff:ee mac address that needs to be randomized from OS prior of usage in GBE blob. Gives BIOS region freed 4.5MiB ME space. Can be flashed externally from provided top and bottom rom images.

x230-hotp-maximized is internal flashing on top of unlocked IFD where ME can be overwritten. Can he flashed both internally or externally, while first internal flash coming from recovery shell needs to be a manual flashrom call, not specifying IFD bios region as per standard x230, x230-hotp-verification or 230-flash roms.

x230-maximized is like x230-hotp-maximized but without HOTP support.

[tlaurion]

Situation is different for xx20 boards, which have 8MiB of SPI flash coming from a single SPI chip, where xx30 have 2 chips which made situation more complex.Note also that xx20 boards just have BUP in ME, where xx30 being more recent have BUP and ROMP regions that cannot be neutered.

Consequently, xx20 boards came after historically into Heads project by community, and do not loose features since board owners already cleaned their ME since they had no other choice to be able to flash Heads initially, and externally.

So xx20 boards have 7.5MiB of SPI available since the arrival of the boards, as opposed to xx30 boards which had 7MiB initially.

So xx20 boards owners are not loosing FBWhiptail as opposed to xx30 owners if not going the maximized path.

@copyvar Poke me directly if you have questions, I would gladly welcome help into documenting this properly.

[tlaurion]

@copyvar please review/cherry-pick my branch https://github.com/osresearch/heads-wiki/pull/82/files?short_path=529f311#diff-529f311e8716c83389f3e386ff6b8e9a90113d07f137321554820739e2a7b81c in link with #1015

[tlaurion]

@copyvar ?