githubisnonfree
commented
2 years ago i'm leah btw. leah rowe of libreboot and osboot
Open githubisnonfree opened 2 years ago
githubisnonfree
commented
2 years ago i'm leah btw. leah rowe of libreboot and osboot
githubisnonfree
commented
2 years ago
githubisnonfree
commented
2 years ago all you need is tweezers!
githubisnonfree
commented
2 years ago There is a caveat: in order to install 1vyrain, you need to boot into Windows. Once 1vyrain is installed, though, you can install linux/bsd and run flashrom on there, with HDA_SDO strapped to allow flashing IFD/GbE/ME.
It'd be nice if you could install 1vyrain from a libre OS.
I still recommend external flashing, to install osboot/heads on these machines. It's actually easier, in my opinion. Raspberry Pi + 2.54mm breadboard cables + pomona clip is inexpensive, and trivial to set up for flashing.
I suppose if you're replacing thermal paste anyway, which you should btw, when you get your machine off of e.g. ebay (sellers never re-paste), it's no extra effort, plus most thinkpads from sites like ebay will come with Windows on them, so it's not much hassle to just use that once to install 1vyrain. Then when re-pasting, boot up with HDA_SDO strapped while the board is still out... and flash heads/osboot. Then reassemble and you're done.
Again, I still recommend external flashing as a viable option. If there was a way to install 1vyrain from linux/bsd, then that'd be a different matter entirely. Perhaps osbmk and heads could each implement something on this basis? Perhaps even to directly install osboot/heads (or other coreboot rom), skipping 1vyrain entirely.
Thoughts?
githubisnonfree
commented
2 years ago By the way, even without 1vyrain first, strapping HDA_SDO lets you make a full dump of the original contents of the flash, prior to installing coreboot-based firmware.
Also, installing 1vyrain while HDA_SDO is strapped is probably possible (but not practical because you have to short it each time when the system reboots - does a reboot retain HDA_SDO setting?) - if doing HDA_SDO before 1vyrain, you better just solder it, that's what I did on one of mine, see pic. IFD-based flash protection is weak anything, better to use a combination of: set PR (protected range) registers, can do it (must do it) at every boot, from linux/grub (but maybe offer a way to securely not do it, for later re-flashing); do PR regs, and enable CONFIG_STRICT_DEVMEM in linux, or equivalent in BSD.
choices, choices, choices
have fun!
githubisnonfree
commented
2 years ago btw 1vyrain supports more boards that both heads and osboot support, so you could do this on those too. just gotta find where HDA_SDO is, to pull high. if you have a boardview, great, it'll be there, otherwise just... scan the board, with your eyes, to find the HDA chip. job done
githubisnonfree
commented
2 years ago By the way, even without 1vyrain first, strapping HDA_SDO lets you make a full dump of the original contents of the flash, prior to installing coreboot-based firmware.
Also, installing 1vyrain while HDA_SDO is strapped is probably possible (but not practical because you have to short it each time when the system reboots - does a reboot retain HDA_SDO setting?) - if doing HDA_SDO before 1vyrain, you better just solder it, that's what I did on one of mine, see pic. IFD-based flash protection is weak anything, better to use a combination of: set PR (protected range) registers, can do it (must do it) at every boot, from linux/grub (but maybe offer a way to securely not do it, for later re-flashing); do PR regs, and enable CONFIG_STRICT_DEVMEM in linux, or equivalent in BSD.
choices, choices, choices
have fun!
i forgot to attach pic lol. here it is
githubisnonfree
commented
2 years ago found hda_sdo on t440p. had to manually look for it. found by: buzzing on multimeter against hda pin 5, to find hda_sdo test point
then i just turned on my t440p and used volt meter on test points until i found 3.3v
When you remove the the "big door", remove HDD/SSD and peel the tape. You'll see it.
Solder them, OR: short with tweezers until you see lenovo logo, with HDD/SSD in ultrabay, EDIT: i found that 1vyrain isn't supported on t440p, so HDA_SDO isn't as useful or interesting for our purpose. Just do external flashing on t440p
Not yet tested, at the time of this post
.
githubisnonfree
commented
2 years ago I figured out easy 5-minute flashing method for T440p based on the above. See:
githubisnonfree
commented
2 years ago i reported earlier that i'd found hda_sdo on t440p; i did. but i didn't find a test point to connect dvdd from the hda chip to it, not yet anyway
i assumed any +3.3v would be ok, but i've tested it and it doesn't work
so, disassembly on t440p is still needed, for flashing spi1
doing it on x230 does work though, exactly the way i showed. i tested it myself, as did a user on irc
githubisnonfree
commented
2 years ago I discovered: first 8MB theoretically flashable internally (PR regs didn't protect it), but even with HDA_SDO strapped, I still couldn't flash it internally from lenovo's firmware; you'll get errors and if you try to reboot afterwards, the result will be a brick.
The best way is this: https://doc.coreboot.org/mainboard/lenovo/ivb_internal_flashing.html
Then strap HDA_SDO and erase/write the whole flash.
Basically, the conclusion of my research is that it's easier and cheaper in terms of time investment to simply reflash externally with an SPI programmer like the Raspberry Pi.
This is cheaper overall in terms of time, especially if you're flashing a lot of of machines like I do.
https://twitter.com/n4of7/status/1509262478869422080
https://mas.to/@libreleah/108047359882985640
so yeah. hda_sdo thing has been known for years, but i had someone on osboot irc earlier, with old osboot setup with locked ifd regions, i helped him unlock without spi flasher, using the hda_sdo trick
flashing from lenovobios is trickier, because lenovo uses pr0 regs to write protect the bios region
see links above. should work. all you need is....
tweezers. metal ones
enjoy!