Mr Chromebox uses a script to install Core Boot onto Chrome Book without opening the laptop, or attaching a PROM; (CH341a, Ponoma 5250 Test Clip, F to F Breadboard Jumper Cables.)
Is using a Script without using hardware PROM, and so on, like Mr. Chromebox does with a Chrome Book?
Thanks for what you are doing. and for your replies.
Chromebooks are flashable from a live system because their firmware doesn't software lock the BIOS region as part of the boot process, like all properly implemented UEFI firmware should; instead they a combination of a hardware (jumper/screw/CR50) and software (SPI flash chip registers) locks which provide security as well as the ability to be modified by the physical owner of the device.
The x230 requires exploiting a vulnerability in an older UEFI version in order to be flashed without external hardware (and even so, is limited to flashing the 4MB BIOS region only; if you want to disable the ME and use more space for the BIOS region, hardware flashing is mandatory). See: https://github.com/n4ru/1vyrain/
On Fri, Feb 21, 2020 at 11:45 AM pk ggg397@gmail.com wrote:
Mr Chromebox uses a script to install Core Boot onto Chrome Book without opening the laptop, or attaching a PROM; (CH341a, Ponoma 5250 Test Clip, F to F Breadboard Jumper Cables.)
Is using a Script without using hardware PROM, and so on, like Mr. Chromebox does with a Chrome Book?
Thanks for what you are doing. and for your replies.
coreboot mailing list -- coreboot@coreboot.org To unsubscribe send an email to coreboot-leave@coreboot.org
On 21.02.20 19:16, Matt DeVillier wrote:
The x230 requires exploiting a vulnerability in an older UEFI version in order to be flashed without external hardware (and even so, is limited to flashing the 4MB BIOS region only; if you want to disable the ME and use more space for the BIOS region, hardware flashing is mandatory). See: https://github.com/n4ru/1vyrain/
Actually, 7MiB BIOS region. And there is a guide for the procedure upstream now [1]. It's not easy and nothing one could/should do with a script, though.
Nico
[1] https://doc.coreboot.org/mainboard/lenovo/ivb_internal_flashing.html
On Fri, Feb 21, 2020 at 12:25 PM Nico Huber nico.h@gmx.de wrote:
On 21.02.20 19:16, Matt DeVillier wrote:
The x230 requires exploiting a vulnerability in an older UEFI version in order to be flashed without external hardware (and even so, is limited to flashing the 4MB BIOS region only; if you want to disable the ME and use more space for the BIOS region, hardware flashing is mandatory). See: https://github.com/n4ru/1vyrain/
Actually, 7MiB BIOS region. And there is a guide for the procedure upstream now [1]. It's not easy and nothing one could/should do with a script, though.
looks like the 4MB limitation is an 1vyrain thing then, I just scanned the link :)
Nico
[1] https://doc.coreboot.org/mainboard/lenovo/ivb_internal_flashing.html
On 2/21/20 9:16 PM, Matt DeVillier wrote:
if you want to disable the ME [...], hardware flashing is mandatory).
You can also disable ME without external flashing with this patch: https://review.coreboot.org/c/coreboot/+/37115
It will not unlock FD and you can't use more space for coreboot, though.
-
Evgeny Zinoviev -
Matt DeVillier -
Nico Huber -
pk