No.16605
Coreboot is hell. I have a few years of college in some Computer fields and I won't touch it.
No.16606
If you want it, it might be cheaper to dump money on a consultant?
1K on a consultant vs 40 hours of research of your own time * 50 dollars an hour.
No.16609
>>16526post comprehensive details of the issue and help will arrive
No.16617
>>16605>>16606The first time around I tried building myself and wasn't able to produce a working image, so I did it using a prebuilt rom (skulls) and had no issues. I think I would have a bit more luck now.
>>16609Thanks. Basically the issue is that there are two bios chips (1 4MB containing bios and 1 8MB containing gbe, fd, and intel me), but only the 8MB chip is accessible. One of the workarounds involved changing the chip layout in the flash descriptor to contain the bios in the 8MB chip, something like this
https://ch1p.io/coreboot-t530-one-chip/The other solution, which I didn't fully understand was this
https://doc.coreboot.org/mainboard/lenovo/w530.htmlThe third solution, which I came to by myself, was to extract blobs, reduce ME, and unlock ifd on the accessible 8MB chip, build and spilt the coreboot rom, flash to 8MB chip, then internally flash to the 4MB chip using a USB with 1vyrain.
I ultimately decided to go with 1vyrain, which isn't full on coreboot, but it allows me to do a soft-disable of the ME and implement other custom bios features while retaining the ability to boot UEFI or legacy (I was planning on going with UEFI via tianocore, but I prefer to retain the ability to do both using 1vyrain). I still might open up the computer and run me_cleaner on the bottom chip, but I have not decided yet. I think I understand the process that would go into that, but I am not entirely sure.
No.16624
>>16617I've only corebooted systems or motherboards by following clear + defined instruction tutorials for that system or motherboard tbh.
If there are no tutorials for your specific system or you're coming to solutions by yourself then you're a couple of levels beyond me.
If there's anyone else reading this interested in trying coreboot you're in luck. A massive number of cheap chromebook models became coreboot compatible in the last few months. They can be found for $40 or less secondhand, schools have millions of them. It's extremely simple to wipe chromOS off them, flash coreboot as the new bios, and install whatever distro or OS you want.
They are amazing, Cheap, rugged little hacking terminals. Now with coreboot. What's not to like?
No.16861
>>16624>If there's anyone else reading this interested in trying coreboot you're in luck. A massive number of cheap chromebook models became coreboot compatible in the last few months. They can be found for $40 or less secondhand, schools have millions of them. It's extremely simple to wipe chromOS off them, flash coreboot as the new bios, and install whatever distro or OS you want.
>They are amazing, Cheap, rugged little hacking terminals. Now with coreboot. What's not to like?Nobody else surprised at this? Coreboot devices cheap and available everywhere. People used to fantasize about this a couple of years ago.
No.17177
Just got a $10 usb c to hdmi adapter for my $40 2019 (ex-educational stock) chromebook that's now running latest coreboot and fedora silverblue. It's got 2 usb c and a usb 3 port. yoga hinge and touchscreen too. It's also rugged af, I would honestly be happier throwing it in a rucksack than a thinkpad somehow.
Pretty cozy sitting back on a hot couch in the evenings with a wireless keyboard watching it play HD x265 on the big screen like a champ.
Painless install too compared to corebooting thinkpads.
fuck paying $1000 dollars for pozzed phones. Everyone should have 3 of these for all their communication needs.
No.17179
>>17177That's good, happy for you man.
>happier throwing it in a rucksack than a thinkpad somehow. Propably because it's cheaper honestly
No.17191
>>17179>>happier throwing it in a rucksack than a thinkpad somehow. >Propably because it's cheaper honestlyNah I meant because it actually seems more rugged than a thinkpad, crazy as that seems. These things are designed for kids in school. They are so solid.
Doesn't having one of these with the latest coreboot and a secure OS almost solve all the mobile security and privacy issues that exist with cellphones?
I can't understand how people are so wild about corebooting thinkpads for ultimate security but there doesn't seem to be much interest in almost free chromebooks with the same functionality and an easier install.
No.17193
>>17191>Nah I meant because it actually seems more rugged than a thinkpad, crazy as that seems. These things are designed for kids in school. They are so solid.Sounds good, maybe this'll be my next laptop purchase. I haven't been following stuff on chromebooks, how does it perform? Could you play something like 30fps HL2 on it?
>Doesn't having one of these with the latest coreboot and a secure OS almost solve all the mobile security and privacy issues that exist with cellphones?Mostly yeah, it's the metadata that does the work. Plus I remember some thread a few months back where someone was advertising some mobile phone equivelant of corebooting if my memory is correct.
>I can't understand how people are so wild about corebooting thinkpads for ultimate security but there doesn't seem to be much interest in almost free chromebooks with the same functionality and an easier install.Plenty of people pretend to be tech jesuses but in reality they really are just follow trends, it's like with many other things like cars where one of the models gets a cult following despite there being a much better alternative.
No.17195
>>17193>Could you play something like 30fps HL2 on it?Don't think i mentioned specs anon. Performance will depend on the specs of whatever model you get. In the last few months hundreds more models have become coreboot compatible so it's looking good.
>Mostly yeah, it's the metadata that does the work.With this setup you control almost all the metadata, compared to a phone.
>I remember some thread a few months back where someone was advertising some mobile phone equivelant of corebooting if my memory is correct. Now that sounds interesting. I can't find anything on it, link?
> it's like with many other things like cars where one of the models gets a cult following despite there being a much better alternative.for sure. The practicality of this device compared to an x220 or something should blow any cult feelings out of the water tho.
No.17196
>>17195So these are used? Sounds cheaper and way more performant than a raspberry pi. I'm looking into having a home media system and this sounds like a good option. What's your setup?
No.17197
>>17195>With this setup you control almost all the metadata, compared to a phone.Yeah well I guess, it's easier as wellbbut you can also technically control metadata on your phone by using it in a really conservative way. Like using a completely different writing style etc. with the whole thing wrapped in foil.
>LinkYeah it does sound interesting but sorry anon, like I said I don't remember much of it expect that it may exist. I would share if I could.
No.19071
>>17196Wireless mouse and keyboard, the chromebook is connected to the tv with a $10 usb-c to hdmi dongle. All the latest distros just werk 100% - suspend settings, everything.
<Is this not the holy grail for thinkpad privacy obsessors - an almost free, small rugged laptop with latest coreboot and an immutable os, or any os. Where do I find info about security audits for setups like these? No.19102
get a chromebook in your hands, anons. I will talk you through unlocking, flashing the firmware and installing the distro you need. It's ridiculous how sweet it is to have fully functioning distros on a laptop that cost dollars.
No.19121
>>19102i have one it is trash. the screen is broke but maybe it is just a wire maybe it is the screen I do not even want to look at it. i found it a nightmare and i am a long time linux user.
Worth repairing?
No.19123
>>19102but I want my clit mouse
No.19148
>>19121A nightmare because of Chromeos? I never used it. If the screen is broken you can probably still flash coreboot onto the firmware headlessly, install your distro, and connect it to an external monitor as a media pc or whatever.
Another use is to install a router OS like pfsense an use it headlessly as a router.
>Worth repairing?Depends on the specs of the device and the cost of repair. List model or specs if you like. I would usually say that shit is worth repairing.
Guys, I'm coming at this from a certain position. I had the gear lust. I was spending time obsessing about shitty gpd handhelds for $600 that didn't even have coreboot. Dreaming about boutique phones with mechanical pop out keyboards for $700. Then I fucking find out that I can install coreboot and every distro on an indestructible military grade (educational grade) 10 inch yoga touch screen netbook that I got second hand for $10? My mind is blown. Yours should be too.
No.19159
>>19148i will have to dig it out but the main thing i remember having issues with was the shitty hardware. i understand it was a cheap laptop (it got delivered to me on accident because the ex-tennant there was running scams but he went to jail and i moved in) but the keyboard was trash and in a non-standard format iirc and maybe even had only a left click button, not a left and right.
No.19175
>>19159It's worth digging out imo. I got a second chromebook for $40 on the local marketplace. It's a 5 year old weakling intel processor with 4GB ram but it's running the latest distros with KDE on an external monitor like a champ. It can also run other distros in VM toolbox containers.
No.19195
>>19175Portable battery powered routers (travel routers), can be expensive. The best ones come with openWRT or pfsense/opnsense. I just installed OPNsense on one of these corebooted chromebooks, added $10 usb wifi for a second wifi network and two usb ethernet adapters for wired ethernet. WPA3 is possible too.
No.19196
>>19195How does opnsense compare with pfsense?
No.19200
>>19198So it's pretty much exactly the same? No additional features, pros or cons? Might as well just flip a coin?
No.19222
>>19200breh we are talking about coreboot on chromebooks here for the last few posts. Why are you demanding opinions on pfsense v opnsense? Both installed and have full functionality on the device I tried.
No.19230
openWRT installed and functional too. Find the model number if you have a chromebook or box within reach, I can probably save you a few hours of research. It's just following instructions from a website.
No.19235
buying a 11.6" chromebook off ebay
i am somewhat of a noob and retard to computer haxXxing though so like
i just get coreboot and it magically installs linux mint on my shitty little device?
No.19238
>>19235What model is it? It would have been optimal to post the model here first lol. How much did you pay? fwiw I'll do my best to help you get mint onto it anon.
No.19239
>>19235coreboot is a motherboard thing that you'd ideally flash onto it (theres software alternatives but if youre a privacyhead its not as safe), linux is an OS and you install it on your drive
No.19242
>>19235>>i just get coreboot and it magically installs linux mint on my shitty little device?<Depending on model, disable write protect<run script to install coreboot<no longer a chromebook<install mintIt will definitely get more complicated but that's basically it
>(theres software alternatives but if youre a privacyhead its not as safe)tbh I just use the mr chromebox scripts. Is the end result less secure than using an external hardware device to flash the bios chips directly, in your opinion?
No.19250
>>19230OpenWRT is all you need for a home network. pfsense is overkill.
No.19281
>>19238got me a lenovo N23. this gallium wiki article about compatible hardware seems to suggest itll work. TIME TO ROCK!
No.19304
>>19281Coreboot pusher anon here. Let's try and rock. Gallium isn't maintained so you may want to install a different distro if the stock lenovo chromebook bios allows it. If you need to replace the stock lenovo bios with Coreboot and then install a distro there are a few ways to do it. The easiest seems to be Mr chromebox on github. He/They also have a website with full instructions and information on supported chipsets. Go there and investigate your hardware anon.
No.19351
>>19235>buying a 11.6" chromebook off ebay>i am somewhat of a noob and retard to computer haxXxingGet haxxing bro. I'm running pentest tools in a docker container using openwrt as the docker host. openwrt and some other distros are multi booting. All on a ruggedized $20 used chromebook.
No.19358
I have an x230, I have the clips, I have the flashing chip. I have everything I need, just hesitant to start because:
1) I might brick my laptop
2) It might not go smoothly so I will spend all night troubleshooting.
>>19304What times are you online (UTC)? We can talk on irc, freenode or libera.chat. You can keep me company and provide moral support. Plus help me troubleshoot if something goes wrong. In return, one more laptop will be corebooted.
I know x230 it is supposed to be relatively easy, but what about t530? I have one of those too.
No.19360
>>19358lmao fucking same, i got some x220 months ago and its still sitting there because im a coward, what flashing guide are you going to follow btw?
No.19361
I think flashing me_cleaner is more important than coreboot.
No.19378
>>193582 extremely logical reasons to hesitate lol.
>You can keep me company and provide moral support.I work split shifts so not much spare moral support.
>In return, one more laptop will be corebooted.What a deal.
We should organize a convention for all thinkpad cowards to get their bios corebooted.
>what about t530?I'm not an oracle on this, what do the docs say?
No.19387
ive heard coreboot will make your thonkpads battery last a little bit less, is that true?
No.19428
>>19235So what are you haxxing anon? Did you get a distro onto that chromebook?
No.19531
>>19358>>19360Why don't you two get a couple of chromebooks, maybe the easiest models to coreboot, and flash the bios. Seems like it would be cheaper and quicker than a thinkpad.
No.19532
>>19531whats the difference between flashing the motherboard of a chromebook and that of a thinkpad
No.19533
>>19532Many chromebooks can be corebooted without an external device, by just disabling the write protection depending on the model. Many recent model chromebooks with recent processors can do this since the last 12 months. Thinkpads are more complicated and require an external device like a Pi and a clamp to contact the bios chips.
No.19534
>>19533Chromebooks can also be bought used for a few dollars.
No.19535
>>19533>>19534if youre a schizo how do you know a software solution actually works unlike using a hardware programmer
No.19536
>>19535I don't, which is why I asked further back up the thread where to get info on security audits for corebooted chromebooks like this. The value in corebooting a chromebook is in the fact that they can be bought used for a few dollars, imo. Getting coreboot on them is a bonus I guess.
No.19583
>$20 2019 1204x768 Celeron 4GB/30GB emmc, big battery chromebook
>coreboot
>hdmi monitor + keyboard
>disto hopping on the emmc now
>openwrt and opnsense on bootable sdcards with usb ethernet
>perfect rugged terminal
No.20641
>>19583just updated it to what is supposed to be the latest coreboot release, it took just a few minutes. where is the discussion online around the security of corebooting a system this way? I can't find shit with search engines now
No.21436
>>20641It's usually on forums, they don't get categorized that well by search engines
No.21437
I thought "Chromebooks after [early releases] come preinstalled with Coreboot", are you guys telling me that's not the case? I need to flash coreboots anyway? I don't get it.
Also how does Libreboot fit into this.
No.21438
>>21437latest release of libreboot makes it pretty much exactly like coreboot anyway
No.21441
Do Chromebooks flashed with Coreboot have Intel ME disabled?
No.21485
bump
No.21486
How to square the Chromebook shilling ITT with the following
https://libreboot.org/docs/hardware/#desktops-amd-intel-x86>Removed boards>These boards were in Libreboot, but have been removed with the intention of re-adding them at a later date. They were removed due to issues. List:>·[Bunch of Chromebook boards]>NOTES about removed boards:>WARNING: veyron speedy boards (e.g. C201) have non-functional video init as of 19 February 2023, and no fix is yet available on that date. See: https://notabug.org/libreboot/lbmk/issues/136 - the last tested revision from 2021.01 is known to work, for u-boot on this board. See:https://wiki.postmarketos.org/wiki/ASUS_Chromebook_C201_(google-veyron-speedy) (alpernebbi on IRC is looking into this, to bisect uboot and update the latest revisions) - for now, ROM images deleted from the Libreboot 20221214 and 20230319 releases.
>WARNING: daisy- and peach- boards require a BL1 bootloader blob, but the one from coreboot 3rdparty is a fake/placeholder blob. We need logic in the Libreboot build system for properly fetching/extracting these, plus docs to cover it. For now, assume that these are broken - ROM images are excluded, for now, and have been deleted from the Libreboot 20221214 and 20230319 releases. - see: https://review.coreboot.org/plugins/gitiles/blobs/+/4c0dcf96ae73ba31bf9aa689768a5ecd47bac19e and https://review.coreboot.org/plugins/gitiles/blobs/+/b36cc7e08f7337f76997b25ee7344ab8824e268d>d945gclf: Doesn’t boot at all, according to last report. D510MO is still in lbmk but still was reported problematic; other boards should be fine (see list above). No.21503
<Analysis paralysis
CHROMEBOOK OR NOT AAAAAAA
No.21515
>>21441Why would you get Coreboot if you can't disable crap like this?
No.21545
>>21486I shilled and laid out why ITT
What's the TLDR on this?
No.21546
>>21515because you want a custom bios..?
No.21551
>>21486>Is a corebooted Chromebook less free? How so, if its running a custom BIOS?Yes it is less free because Coreboot includes binary blobs (non free parts) while Libreboot does not. Libreboot also completely removes the Intel ME while coreboot only "cleans" or disables the ME via a program called me_cleaner. me_cleaner leaves parts of the IME code on the chip and the IME actually starts alongside the bootup on Corebooted machines but in theory it has all functionality removed.
from desuarchive
No.22072
>>22071libreboot supports more devices and has better docs imo. also has a clearer binary-blob policy if thats what you care about
No.22078
>>21515So you can get a cool custom splash image on your bios.
No.22084
>>22072if libreboots docs are better i dont want to imagine how the other is. fucking vague instructions scattered across multiple pages in no order. certified FLOSS moment
No.22308
>>22295that has to be one dedicated maid to bring along a flashing kit when she could just drug me and tie me up and tell me I've been a bad boy
No.22332
>>22295LUKS + store the key in flash drive/TPM
No.22333
>>22295Well no, if someone has physical access to your machine always assume the worst. Encrypting like
>>22332 says will only keep your data safe but they can still flash whatever they want on the machine.
Afaik once you go coreboot you can also flash internally which means anyone with a modified USB flash could easily change it too.
Unique IPs: 13