[coreboot] Lenovo Thinkpad X201: cannot boot encrypted Debian w/Coreboot & GRUB2

Nico Huber nico.h at gmx.de
Wed Mar 22 20:13:05 CET 2017


Hi Sam,

On 22.03.2017 17:03, Sam Kuper wrote:
> Steps followed:
> 
> ...
> 
> - On spare PC, in Coreboot directory:
> 
> -- make distclean && make nconfig
> 
> -- Choose "Lenovo" as mainboard vendor.
> 
> -- Choose "ThinkPad X201 / X201s / X201t" as mainboard.
> 
> -- Choose "Add Intel descriptor.bin file".
> 
> -- Choose "Add Intel ME/TXE firmware".
> 
> -- Choose "GRUB2" as payload.

You didn't select any option to initialize the display.

> 
> - After about 10 minutes, the fan spins up for a few seconds, then
> spins back down. This repeats roughly every 10 minutes.

I guess, you are at the GRUB console here, just without display.

> 
> N.B. with the same X201, a day or two ago, I was able to use a
> Coreboot build with a SeaBIOS payload to boot a non-encrypted Debian
> installation from the SSD. Oddly, when I did that, there was no
> SeaBIOS menu displayed, nor any GRUB2 menu displayed, even though the
> unencrypted Debian install had placed a GRUB2 instance on the SSD: it
> was as though Coreboot skipped both its own SeaBIOS payload in the
> flash chip, AND the Debian-installed GRUB2 on the SSD, and somehow
> went straight to the Debian login prompt.

The only thing that is skipped is the display initialization. SeaBIOS
does a legacy boot and detects the installed GRUB, runs it etc...

> 
> Anyhow, I didn't want a non-encrypted Debian installation, I wanted an
> encrypted one: hence the attempt above. I guess maybe what's happening
> is that Coreboot is somehow this time skipping its GRUB2 payload much
> as it previously seemed to skip its SeaBIOS payload, and likewise
> skipping the Debian-installed GRUB2 instance on the SSD as it did
> previously. Only this time, instead of finding an unencrypted drive
> with a Debian kernel that it knows how to boot, Coreboot is instead
> finding an encrypted partition that it doesn't know how to do anything
> with.

The GRUB payload, by default, doesn't have any configuration file and
will wait at the prompt (no matter if the disk is encrypted or not).

> 
> Is my interpretation plausible? In any case, how would more
> experienced Corebooters suggest I proceed?

Easiest option seems to be to select CONFIG_MAINBOARD_DO_NATIVE_VGA_INIT

Hope that helps,
Nico



More information about the coreboot mailing list