The T430 is the most affordable yet powerful used Coreboot laptop available on the market. W530 is not that well supported and very rare.
In this thread I want to discuss the process, list parts needed and in the end a guide on how to do it, including pictures, will be available.
I will be using Heads, as this coreboot Distribution has measured boot and support for Hardware based verification (HOTP), as well as Time based verification (TOTP).
What is coreboot?
Roughly, coreboot is a replacement for the old, slow and proprietary BIOS on your PC or Laptop. It allows to initialize your hardware, boot your Operating System, and more:
- run memtest86
- verify your kernel
- boot an UEFI (Tianocore), legacy BIOS (Seabios), a minimal Linux Kernel (LinuxBoot) or directly use grub to boot Linux
- configure the fancurve
- play Tetris…
These features depend on the payload you add to your coreboot installation.
Devices preinstalled
Coreboot comes preinstalled and supported in these devices:
- System76 Desktops and Laptops
- Novacustom NV41, NS51, NS70, as well as the Nitrokey variants and the matching OEM Clevo laptops (Awesome Video Tutorial)
- Starlabs Machines
- Nitropad T430 and X230, premodified Thinkpads
- all Chromebooks (some run Linux)
- some more PCs
- Purism Librem (if you can get one, lol)
Distributions
Common Coreboot Distributions you can install on existing hardware:
- Libreboot, now also with binary blobs
- Skulls: simple T430 distribution
- Heads: secure distribution with all the nice benefits
- dasharo: for Novacustom for example, supports fwupd
- …
Hardware for flashing
If you want to be sure its official, or dont have it preinstalled, you will need to flash Coreboot onto your BIOS chips.
Needed tools:
- a Linux PC with
flashrominstalled - a CH431a (the a is crucial!) Programmer, Guide how to mod the voltage to not burn your chip
- a matching clip, cable and connector (often a combined package)
- something to open your PC
- when running Heads, a Yubikey or Nitrokey with gpg storage
Note: for Thinkpads there is 1vyrain, which uses a BIOS exploit to flash without hardware. This can only use a part of your available BIOS space though, and the Intel ME is not neutered when flashing another Coreboot Distro during Install. So Hardware flashing is recommended.
Procedure
-
Remove any BIOS password to be sure!
-
Turn off your Laptop and screw it open. Make sure you have no static electricity on your hands (touch a heater or wear a band).
-
Remove the battery and power supply, afterwards press the power button several seconds to remove and electricity from the board.
-
Install flashrom on your other PC. Connect the CH431a programmer with its clip and cable and plug it into a USB port.
-
Disassemble your to-be-flashed laptop or PC and find the BIOS chips. Attach the clip to one of the chips.
-
To test the attached connection, read the BIOS image from that chip twice, dont move the Laptop in the meantime. Save the two images under different names and compare using
difforsha256sum. -
If the images match, your clip is attached correctly. Flash your Coreboot Distribution of choice. Make sure to use the right chip and image.
-
You may have a top and bottom image, if yes, attach your clip to the other BIOS chip and repeat step 6, flash the other BIOS chip with the matching image.
To be continued…
I have no knowledge regarding firmware flashing but it’s something I want to do long-term (and if I ever find a T430 I can buy irl). Hence, a low-bar explanatory walk-through like you seem to want to create here is highly appreciated! 