Skip to content

CoreBoot

CoreBoot

The Thinkpad x230 is a great machine to experiment with CoreBoot -- it is cheap (under $200) and well deigned. The SPI flash chips are easily accessible under the palm rest, which requires six normal phillips head screws to be removed.

If you've already installed Qubes, you will likely get an error that says something like:

Error whle starting the 'personal' VM:
PCI device 03:00.0 does not exist
(domain sys-net)

This is because the PCI device ID mappings have changed due to CoreBoot enumerating the bus differently or not supporting certain devices. Open the VM manager, right click on sys-net VM and select "VM Settings". On the "Devices" tab you will need to ensure that the ethernet and WiFi devices are mapped to the VM (on mine they were "00:19.0 Ethernet Controller" and "02:00.0 Network Controller"). Reboot or restart the VMs and things should be fine.

My initial CoreBoot / SeaBIOS config causes glitches durng startup since the VGA isn't correctly setup, but otherwise everything works great. WiFi, Suspend (S3 sleep), RTC, etc.

The plan for Heads is to replace SeaBIOS with a Linux payload so that there is a familiar and flexible environment for doing all of the early boot setup. This works great and boots to a shell in less than two seconds. Qubes works as well, although Xen has required patches to the startup code since it assumes there is a BIOS. I've ported tpmtotp to attest to the user to the state of the firmware and am working on additional security fixes to the configuration.

2016 ROM Firmware Security


Last update: November 8, 2020