[coreboot] Lenovo Thinkpad X201: cannot boot encrypted Debian w/Coreboot & GRUB2

Denis 'GNUtoo' Carikli GNUtoo at no-log.org
Mon Mar 27 20:34:02 CEST 2017

On Wed, 22 Mar 2017 16:03:28 +0000
Sam Kuper <sam.kuper at uclmail.net> wrote:
> Is my interpretation plausible? In any case, how would more
> experienced Corebooters suggest I proceed?
Here's my configuration for the I945 and GM45 thinkpads.

It probably will not help you to find and/or fix the cause of the black
screen, but it might be interesting to have some reference with recent
coreboot+grub, and it might also help setting up GRUB configuration for
using luks+lvm
> # This image was built using coreboot 4.5-1391-g5a16282fa6
> CONFIG_GRUB2_REVISION_ID="c42cb97f0881a927b5039d830d1d007f2eaa5b50"
> CONFIG_GRUB2_EXTRA_MODULES="acpi adler32 affs afs ahci all_video aout
> archelp ata at_keyboard backtrace bfs bitmap bitmap_scale blocklist
> boot boottime bsd bswap_test btrfs cat cbfs cbls cbmemc cbtime chain
> cmdline_cat_test cmosdump cmostest cmp cmp_test configfile cpio_be
> cpio cpuid crc64 cryptodisk crypto cs5536 ctz_test datehook date
> datetime diskfilter disk div div_test dm_nv echo efiemu ehci elf eval
> exfat exfctest ext2 extcmd fat file fshelp functional_test
> gcry_arcfour gcry_blowfish gcry_camellia gcry_cast5 gcry_crc gcry_des
> gcry_dsa gcry_idea gcry_md4 gcry_md5 gcry_rfc2268 gcry_rijndael
> gcry_rmd160 gcry_rsa gcry_seed gcry_serpent gcry_sha1 gcry_sha256
> gcry_sha512 gcry_tiger gcry_twofish gcry_whirlpool gdb geli gettext
> gfxmenu gfxterm_background gfxterm_menu gptsync gzio halt hashsum
> hdparm hello help hexdump hfs hfspluscomp hfsplus http iorw iso9660
> jfs jpeg keylayouts keystatus ldm linux16 linux loadenv loopback
> lsacpi lsmmap ls lspci luks lvm lzopio macbless macho mda_text
> mdraid09_be mdraid09 mdraid1x memdisk memrw minicmd minix2_be minix2
> minix3_be minix3 minix_be minix mmap morse mpi msdospart mul_test
> multiboot2 multiboot nativedisk net newc nilfs2 normal ntfscomp ntfs
> odc offsetio ohci part_acorn part_amiga part_apple part_bsd part_dfly
> part_dvh part_gpt part_msdos part_plan part_sun part_sunpc parttool
> password password_pbkdf2 pata pbkdf2 pbkdf2_test pcidump pci play png
> priority_queue probe procfs progress raid5rec raid6rec random read
> reboot regexp reiserfs relocator romfs scsi search_fs_file
> search_fs_uuid search_label search serial setjmp setjmp_test setpci
> sfs shift_test signature_test sleep sleep_test spkmodem squash4
> syslinuxcfg tar terminal terminfo test_blockarg testload test
> testspeed tftp tga time trig tr true udf ufs1_be ufs1 ufs2 uhci
> usb_keyboard usb usbms usbserial_common usbserial_ftdi
> usbserial_pl2303 usbserial_usbdebug usbtest verify video_bochs
> video_cirrus video_colors videoinfo videotest_checksum videotest xfs
> xnu xnu_uuid xnu_uuid_test xzio zfscrypt zfsinfo zfs"
I've removed some unrelated configuration (for normal/fallback) and
some debug stuff from that configuration.

Here's what the git revision corresponds to:
> $ git log --oneline
> 5a16282fa6 [DO NOT MERGE] mainboard/lenovo/x60: Add TPM 1.2 mainboard
> support 4cf7873412 payloads/external: GRUB2: Fix build error.
> b45bbb253f nb/intel/i945: Fix SPD dumps

Here's the relevant parts of my grub.cfg:
> # /etc/grub.cfg in coreboot.rom cbfs image
> set root=cbfsdisk
> # Make sure to load the apropriate modules
> # This allow us to build and use coreboot's grub
> insmod luks
> insmod lvm
> insmod password_pbkdf2
> insmod password
> # Serial port (For dock)
> serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1
> terminal_input --append  serial
> terminal_output --append serial
> terminal_input --append at_keyboard # Internal keyboard: Keep it!!!
> terminal_output --append cbmemc
> [...]
> menuentry '[...]' {
> [...]
> }

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20170327/335150aa/attachment.sig>

More information about the coreboot mailing list