From 9a321884379a71b5f0986fdfb97a2b6c5bdccd8a Mon Sep 17 00:00:00 2001 From: Francis Rowe Date: Wed, 3 Sep 2014 18:13:00 +0000 Subject: Libreboot release 6 beta 6. - Added modified builddeb* scripts for Parabola GNU/Linux-libre: buildpac, buildpac-flashrom, buildpac-bucts (courtesy of Noah Vesely) - Documentation: updated all relevant areas to mention use of buildpac* scripts for Parabola users. - Documentation: added information showing how to enable or disable bluetooth on the X60 - MacBook1,1 tested! See ../docs/index.html#macbook11" - Documentation: fixed typo in ../docs/index.html#get_edid_panelname (get-edit changed to get-edid) - Documentation: added ../docs/howtos/x60_lcd_change/ (pics only for now) - Added gcry_serpent and gcry_whirlpool to the GRUB module list in the 'build' script (for luks users) - Libreboot is now based on a new coreboot version from August 23rd, 2014: Merged commits (relates to boards that were already supported in libreboot): - http://review.coreboot.org/#/c/6697/ - http://review.coreboot.org/#/c/6698/ (merged already) - http://review.coreboot.org/#/c/6699/ (merged already) - http://review.coreboot.org/#/c/6696/ (merged already) - http://review.coreboot.org/#/c/6695/ (merged already) - http://review.coreboot.org/#/c/5927/ (merged already) - http://review.coreboot.org/#/c/6717/ (merged already) - http://review.coreboot.org/#/c/6718/ (merged already) - http://review.coreboot.org/#/c/6723/ (merged already) (text-mode patch, might enable memtest. macbook21) - http://review.coreboot.org/#/c/6732/ (MERGED) (remove useless ps/2 keyboard delay from macbook21. already merged) - These were also merged in coreboot (relates to boards that libreboot already supported): - http://review.coreboot.org/#/c/5320/ (merged) - http://review.coreboot.org/#/c/5321/ (merged) - http://review.coreboot.org/#/c/5323/ (merged) - http://review.coreboot.org/#/c/6693/ (merged) - http://review.coreboot.org/#/c/6694/ (merged) - http://review.coreboot.org/#/c/5324/ (merged) - Documentation: removed the section about tft_brightness on X60 (new code makes it obsolete) - Removed all patches from resources/libreboot/patch/ and added new patch: 0000_t60_textmode.git.diff - Updated getcb script and DEBLOB script. - Updated configuration files under resources/libreboot/config/ to accomodate new coreboot version. - Removed grub_serial*.cfg and libreboot_serial*.rom, all configs/rom's are now unified (containing same configuration as serial rom's from before). - Documentation: updated ../docs/index.html#rom to reflect the above. - Updated GRUB to new version from August 14th, 2014. - Unified all grub configurations for all machines to a single grub.cfg under resources/grub/config/ - Updated flashrom to new version from August 20th, 2014 - Added getseabios and builddeps-seabios (builddeps and getall were also updated) - Added instructions to 'buildrom-withgrub' to include bios.bin.elf and vgaroms/vgabios.bin from SeaBIOS inside the ROM. - Added seabios (and sgavgabios) to grub as payload option in menu - Disabled serial output in Memtest86+ (no longer needed) to speed up tests. - MemTest86+ now works properly, it can output on the laptop screen (no serial port needed anymore). - Added getgrubinvaders, builddeps-grubinvaders scripts. Added these to getall and builddeps. - Added GRUB Invaders menu entry in resources/grub/config/grub.cfg - Added rules to builddeps-coreboot to build libpayload with TinyCurses. (added appropriate instructions to cleandeps script). - Commented out lines in resources/grub/config/grub.cfg for loading font/background (not useful anymore, now that GRUB is in text-mode). - Commented out lines in buildrom-withgrub that included backgrounds/fonts (not useful anymore, now that GRUB is in text-mode). - Added resources/utilities/i945-pwm/ (from git://git.mtjm.eu/i945-pwm), for debugging acpi brightness on i945 machines. - Added instructions for it in builddeps, builddeps-i945pwm, builddeb and cleandeps - 'build' script: removed the parts that generated sha512sum manifests (not needed, since release tarballs are GPG-signed) - 'build' script: removed the parts that generated libreboot_meta directory (not needed anymore, since _meta will be hosted in git) - Updated ../docs/index.html#build_meta (and other parts of documentation) to accomodate this change. - Documentation: simplified (refactored) the notes in ../docs/index.html#rom - 'build' script: removed the parts that generated libreboot_bin and added them to a new script: 'build-release' - Documentation: ../docs/index.html#build updated to reflect the above. - Removed 'sudo' from builddeb, builddeb-flashrom, powertop.trisquel6 and builddeb-bucts scripts (assuming that the user has it is a really bad idea). - Added all gcry_* modules to grub (luks/cryptomount): gcry_arcfour gcry_camellia gcry_crc gcry_dsa gcry_md4 gcry_rfc2268 gcry_rmd160 gcry_seed gcry_sha1 gcry_sha512 gcry_twofish gcry_blowfish gcry_cast5 gcry_des gcry_idea gcry_md5 gcry_rijndael gcry_rsa gcry_serpent gcry_sha256 gcry_tiger gcry_whirlpool - Added GNUtoo's list of GRUB modules (includes all of the gcry_* modules above), cryptomount should be working now. - Removed builddeb-bucts and builddeb-flashrom, merged them with builddeb (../docs/index.html updated accordingly) - Removed buildpac-bucts and buildpac-flashrom, merged them with buildpac (../docs/index.html updated accordingly) - Renamed builddeb to deps-trisquel (../docs/index.html updated accordingly) - Renamed buildpac to deps-parabola (../docs/index.html updated accordingly) - Documentation: removed all parts talking about build dependencies, replaced them with links to ../docs/index.html#build_dependencies - Documentation: emphasized more strongly on the documentation, the need to re-build bucts and/or flashrom before flashing a ROM image. - build-release: flashrom, nvramtool, cbfstool and bucts are no longer provided pre-compiled in binary archives, and are now in source form only. (to maximize distro compatibility). - Documentation: added ../docs/howtos/encrypted_trisquel.html showing how to setup a fully encrypted Trisquel installation (including /boot) and boot it from the GRUB payload. - 'build' script: replaced grub.elf assembly instructons, it's now handled by a utility added under resources/utilities/grub-assemble - Moved resources/grub/keymap to resources/utilities/grub-assemble/keymap, and updated that utility to use it - Documentation: removed useless links to pictures of keyboard layouts and unmodified layouts. - Removed all unused fonts from dejavu-fonts-ttf-2.34/ directory - 'buildrom-withgrub' script: updated it to create 2 sets of ROM's for each machine: one with text-mode, one with coreboot framebuffer. - Documentation: updated ../docs/index.html#rom to reflect the above - Deleted unused README and COPYING file from main directory - Removed some rm -rf .git* instructions from the get* scripts and moved them to build-release script - Split up default grub.cfg into 6 parts: extra/{common.cfg,txtmode.cfg,vesafb.cfg} and menuentries/{common.cfg,txtmode.cfg,vesafb.cfg} - buildrom-withgrub script uses these to generate the correct grub.cfg for each type of configuration. - grub_memdisk.cfg (used inside grub.elf) now only loads grub.cfg from cbfs. It no longer enables serial output or sets prefix. (menuentries/common.cfg does instead) - resources/grub/config/extra/common.cfg, added: - insmod instructions to load those modules: nativedisk, ehci, ohci, uhci, usb, usbserial_pl2303, usbserial_ftdi, usbserial_usbdebug - set prefix=(memdisk)/boot/grub - For native graphics (recommended by coreboot wiki): - gfxpayload=keep - terminal_output --append gfxterm - Play a beep on startup: - play 480 440 1 - Documentation: added note about 'fb=false' workaround for text-mode debian-installer (Trisquel net install) to ../docs/howtos/grub_boot_installer.html - Documentation: updated ../docs/howtos/grub_cbfs.html to make it safer (and easier) to follow. --- docs/howtos/encrypted_trisquel.html | 321 ++++++++++++++++++++++++++++ docs/howtos/grub_boot_installer.html | 36 +++- docs/howtos/grub_cbfs.html | 160 +++++++++++++- docs/howtos/t60_dev/t60_unbrick.jpg | Bin 0 -> 61220 bytes docs/howtos/t60_heatsink.html | 11 +- docs/howtos/t60_lcd_15.html | 11 +- docs/howtos/t60_mainboard/t60_ati_gpu.jpg | Bin 94538 -> 0 bytes docs/howtos/t60_mainboard/t60_intel_gpu.jpg | Bin 61298 -> 0 bytes docs/howtos/t60_security.html | 26 ++- docs/howtos/t60_unbrick.html | 11 +- docs/howtos/x60_heatsink.html | 11 +- docs/howtos/x60_lcd_change.html | 54 +++++ docs/howtos/x60_lcd_change/0001.JPG | Bin 0 -> 80828 bytes docs/howtos/x60_lcd_change/0002.JPG | Bin 0 -> 72986 bytes docs/howtos/x60_lcd_change/0003.JPG | Bin 0 -> 81777 bytes docs/howtos/x60_lcd_change/0004.JPG | Bin 0 -> 87164 bytes docs/howtos/x60_lcd_change/0005.JPG | Bin 0 -> 66652 bytes docs/howtos/x60_lcd_change/0006.JPG | Bin 0 -> 57127 bytes docs/howtos/x60_lcd_change/0007.JPG | Bin 0 -> 31729 bytes docs/howtos/x60_security.html | 26 ++- docs/howtos/x60_unbrick.html | 11 +- docs/howtos/x60tablet_unbrick.html | 11 +- 22 files changed, 649 insertions(+), 40 deletions(-) create mode 100644 docs/howtos/encrypted_trisquel.html create mode 100644 docs/howtos/t60_dev/t60_unbrick.jpg delete mode 100644 docs/howtos/t60_mainboard/t60_ati_gpu.jpg delete mode 100644 docs/howtos/t60_mainboard/t60_intel_gpu.jpg create mode 100644 docs/howtos/x60_lcd_change.html create mode 100755 docs/howtos/x60_lcd_change/0001.JPG create mode 100755 docs/howtos/x60_lcd_change/0002.JPG create mode 100755 docs/howtos/x60_lcd_change/0003.JPG create mode 100755 docs/howtos/x60_lcd_change/0004.JPG create mode 100755 docs/howtos/x60_lcd_change/0005.JPG create mode 100755 docs/howtos/x60_lcd_change/0006.JPG create mode 100755 docs/howtos/x60_lcd_change/0007.JPG (limited to 'docs/howtos') diff --git a/docs/howtos/encrypted_trisquel.html b/docs/howtos/encrypted_trisquel.html new file mode 100644 index 00000000..2529da4c --- /dev/null +++ b/docs/howtos/encrypted_trisquel.html @@ -0,0 +1,321 @@ + + + + + + + + + Installing Trisquel GNU/Linux with full disk encryption (including /boot) + + + +
+

Installing Trisquel GNU/Linux with full disk encryption (including /boot)

+ +
+ +

+ Because GRUB is installed directly as a payload of libreboot (or coreboot), you don't need an unencrypted /boot partition + when setting up an encrypted system. This means that your machine can really secure data while powered off. +

+ +

+ This works in Trisquel 7, and probably Trisquel 6. Boot the 'net installer' (Install Trisquel in Text Mode). How to boot a GNU/Linux installer. +

+ +

+ Set a strong user password (ideally above 40 characters, of lowercase/uppercase, numbers and symbols) and when the installer asks you to setup + encryption (ecryptfs) for your home directory, select 'Yes'. +

+ +

+ + Your user password should be different than the LUKS password which you will set later on. + Your LUKS password should, like the user password, be secure. + +

+ +

Partitioning

+ +

Choose 'Manual' partitioning:

+ + +

Further partitioning

+ +

+ Now you are back at the main partitioning screen. You will simply set mountpoints and filesystems to use. +

+ + +

Kernel

+ +

+ Installation will ask what kernel you want to use. linux-generic is fine. +

+ +

Tasksel

+ +

+ Just continue here, without selecting anything. You can install everything later (it's really easy). +

+ +

Install the GRUB boot loader to the master boot record

+ +

+ Choose 'Yes'. It will fail, but don't worry. Then at the main menu, choose 'Continue without a bootloader'. +

+ +

+ You do not need to install GRUB at all, since in libreboot you are using the GRUB payload (for libreboot) to boot your system directly. +

+ +

Clock UTC

+ +

+ Just say 'Yes'. +

+ +

+ Booting your system +

+ +

+ At this point, you will have finished the installation. At your GRUB payload, press C to get to the command line. +

+ +

+ Do that:
+ grub> cryptomount -a (ahci0,msdos1)
+ grub> set root='lvm/buzz-distro'
+ grub> linux /vmlinuz root=/dev/mapper/buzz-distro cryptdevice=/dev/mapper/buzz-distro:root quiet splash ro
+ grub> initrd /initrd.img
+ grub> boot +

+ +

+ ecryptfs +

+ +

+ Immediately after logging in, do that:
+ $ sudo ecryptfs-unwrap-passphrase +

+ +

+ This will be needed in the future if you ever need to recover your home directory from another system, so write it down and keep the note + somewhere secret. Ideally, you should memorize it and then burn the note (or not even write it down, and memorize it still)> +

+ +

+ Modify grub.cfg (CBFS) +

+ +

+ Now you need to set it up so that the system will automatically boot, without having to type a bunch of commands. +

+ +

+ Modify your grub.cfg (in the firmware) using this tutorial; + just change the default menu entry 'Load Operating System' to say this inside: +

+ +

+ cryptomount -a (ahci0,msdos1)
+ set root='lvm/buzz-distro'
+ linux /vmlinuz root=/dev/mapper/buzz-distro cryptdevice=/dev/mapper/buzz-distro:root quiet splash ro
+ initrd /initrd.img +

+ +

+ Additionally, you should set a GRUB password. This is not your LUKS password, but it's a password that you have to enter to see + GRUB. This protects your system from an attacker simply booting a live USB and re-flashing your firmware. This should be different than your LUKS passphrase and user password. +

+ +

+ The GRUB utility can be used like so:
+ $ grub-mkpasswd-pbkdf2 +

+ +

+ Give it a password (remember, it has to be secure) and it'll output something like:
+ grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711 +

+ +

+ Put that in the grub.cfg (the one for CBFS inside the ROM) before the 'Load Operating System' menu entry like so (example):
+

+ 
+set superusers="root"
+password_pbkdf2 root grub.pbkdf2.sha512.10000.711F186347156BC105CD83A2ED7AF1EB971AA2B1EB2640172F34B0DEFFC97E654AF48E5F0C3B7622502B76458DA494270CC0EA6504411D676E6752FD1651E749.8DD11178EB8D1F633308FD8FCC64D0B243F949B9B99CCEADE2ECA11657A757D22025986B0FA116F1D5191E0A22677674C994EDBFADE62240E9D161688266A711
+
+ +

+ Obviously, replace it with the correct hash that you actually got for the password that you entered. Meaning, not the hash that you see above! +

+ +

+ After this, you will have a modified ROM with the menu entry for cryptomount, and the entry before that for the GRUB password. Flash the modified ROM + using this tutorial. +

+ +

+ Update Trisquel +

+ +

+ $ sudo apt-get update
+ $ sudo apt-get upgrade +

+ +

+ At the time of writing, Trisquel 7 had this + bug from upstream. The workaround identified in this page + was as follows:
+ $ sudo apt-get remove libpam-smbpass +

+ +

+ Install a desktop (optional) +

+ +

+ Installs the default desktop:
+ $ sudo apt-get install trisquel +

+ +

+ It might ask for postfix configuration. I just choose 'No configuration'. +

+ +

+ Next time you boot, it'll start lightdm and you can login. To start lightdm now, do:
+ $ sudo service lightdm start +

+ +

+ Go back to the terminal (ctrl-alt-f1) and exit:
+ $ exit +

+ +

+ Go back to lightdm (ctrl-alt-f7) and login. +

+ +

+ Since you installed using net install and you only installed the base system, network-manager isn't controlling + your eth0 but instead /etc/network/interfaces is. Comment out the eth0 lines in that file, and then do:
+ $ sudo /etc/init.d/networking stop
+ $ sudo service network-manager restart +

+ +

+ Conclusion +

+ +

+ If you followed all that correctly, you should now have a fully encrypted system. +

+ +
+ +

+ Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

+ +

+ This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

+ + + diff --git a/docs/howtos/grub_boot_installer.html b/docs/howtos/grub_boot_installer.html index 9377cfc1..38a47955 100644 --- a/docs/howtos/grub_boot_installer.html +++ b/docs/howtos/grub_boot_installer.html @@ -63,11 +63,43 @@ the way you specified.

+

Troubleshooting

+ +

debian-installer (trisquel net install) graphical corruption in text-mode

+

+ When using the ROM images that use coreboot's "text mode" instead of the coreboot framebuffer, + booting the Trisquel net installer results in graphical corruption because it is trying to switch to a framebuffer which doesn't + exist. Use that kernel parameter on the 'linux' line when booting it:
+ vga=normal fb=false +

+ +

+ Tested in Trisquel 6 (and 7). This forces debian-installer to start in text-mode, instead of trying to switch to a framebuffer. +

+ +

+ If selecting text-mode from a GRUB menu created using the ISOLINUX parser, you can press E on the menu entry to add this. + Or, if you are booting manually (from GRUB terminal) then just add the parameters. +

+ +

+ This workaround was found on the page: https://www.debian.org/releases/stable/i386/ch05s04.html. + It should also work for gNewSense, Debian and any other apt-get distro that provides debian-installer (text mode) net install method. +

+

- Copyright © 2014 Francis Rowe, All Rights Reserved.
- See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt.

+ +

+ This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

+ diff --git a/docs/howtos/grub_cbfs.html b/docs/howtos/grub_cbfs.html index d95904d0..b82a12a9 100644 --- a/docs/howtos/grub_cbfs.html +++ b/docs/howtos/grub_cbfs.html @@ -11,6 +11,9 @@ font-family:sans-serif; font-size:1em; } + div.important { + background-color:#ccc; + } Libreboot documentation: GRUB menu @@ -42,12 +45,11 @@

Download libreboot_src.tar.gz or libreboot_bin.tar.gz from http://libreboot.org/ -
If you downloaded libreboot_meta.tar.gz, refer to ../index.html#build_meta before continuing. +
If you downloaded libreboot from git, refer to ../index.html#build_meta before continuing.

- On apt-get distributions such as Trisquel you can install the build dependency (GCC) by running:
- $ sudo apt-get install build-essential + First, install the build dependencies.

@@ -73,22 +75,153 @@ # chown yourusername:yourusername libreboot_usqwerty.rom

+

+ If you currently have flashed a ROM image from an older version, it is recommended to update first: basically, modify one of the latest ROM's + and then flash it. +

+

Display contents of ROM:
$ ./cbfstool libreboot_usqwerty.rom print

- The libreboot_usqwerty.rom file contains your grub.cfg. + The libreboot_usqwerty.rom file contains your grub.cfg, along with a copy called grubtest.cfg. + You should extract, modify and re-insert the copy first. grub.cfg will load first, but it has a menu entry for switching to the copy (grubtest.cfg). + This reduces your chance of making a mistake that could make your machine unbootable (or very hard to boot).

Extract grub.cfg from the ROM:
- $ ./cbfstool libreboot_usqwerty.rom extract -n grub.cfg -f grub.cfg + $ ./cbfstool libreboot_usqwerty.rom extract -n grubtest.cfg -f grubtest.cfg

- Now you have a grub.cfg in cbfstool directory. Edit it however you wish. + Now you have a grubtest.cfg in cbfstool directory. Edit it however you wish. +

+ +
+ +

Example modification (Trisquel GNU/Linux, can also be adapted, or copied, for other apt-get distros)

+ +

+ Look at the 3 lines under the menu entry 'Load Operating System'; these are all you need to change. +

+ +

+ As an example, on my test system in /boot/grub/grub.cfg I see for the main menu entry: + linux /boot/vmlinuz-3.15.1-gnu.nonpae root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro crashkernel=384M-2G:64M,2G-:128M quiet splash $vt_handoff + initrd /boot/initrd.img-3.15.1-gnu.nonpae +

+ +

+ crashkernel=384M-2G:64M,2G-:128M and $vt_handoff can be safely ignored. +

+ +

+ I use this to get my partition layout:
+ $ lsblk +

+ +

+ In my case, I have no /boot partition, instead /boot is on the same partition as / on sda1. Yours might be different. + In GRUB terms, sda means ahci0. 1 means msdos1, or gpt1, depending on whether I am using MBR or GPT partitioning. + Thus, /dev/sda1 is GRUB is (ahci0,msdos1) or (ahci0,gpt1). In my case, I use MBR partitioning so it's (ahci0,msdos1). + 'msdos' is GRUB's name simply because this partitioning type is traditionally used by MS-DOS. It doesn't mean you have a + proprietary OS. +

+ +

+ Trisquel doesn't keep the filenames of kernels consistent, instead it keeps old kernels and new kernel updates are provided + with the version in the filename. This can make GRUB payload a bit tricky. Fortunately, there are symlinks /vmlinuz and /initrd.img + so if your /boot and / are on the same partition, you can set GRUB to boot from that. These are also updated automatically when + installing kernel updates from your distributions apt-get repositories. + NOte: when using jxself.org/linux-libre kernels, these are not updated at all and you have to update them manually. +

+ +

+ For the GRUB payload's grub.cfg (in 'Load Operating System' menu entry), we therefore have (in this example):
+ set root='ahci0,msdos1'
+ linux /vmlinuz root=UUID=3a008e14-4871-497b-95e5-fb180f277951 ro quiet splash
+ initrd /initrd.img +

+ +

+ Optionally, you can convert the UUID to it's real device name, for example /dev/sda1 in this case. + sdX naming isn't very reliable, though, which is why UUID is used for most distributions. +

+ +

+ Alternatively, if your /boot is on a separate partition then you cannot rely on the /vmlinuz and /initrd.img symlinks. + Instead, go into /boot and create your own symlinks (update them manually when you install a new kernel update).
+ $ sudo -s
+ # cd /boot/
+ # rm -rf vmlinuz initrd.img
+ # ln -s kernel ksym
+ # ln -s initrd isym
+ # exit +

+ +

+ Replace the underlined kernel and initrd filenames above with the actual filenames, of course. +

+ +

+ Then your grub.cfg menu entry (for payload) becomes like that, for example if / was on sda2 and /boot was on sda1:
+ set root='ahci0,msdos1'
+ linux /ksym root=/dev/sda2 ro quiet splash
+ initrd /isym +

+ +

+ There are lots of possible variations so please try to adapt. +

+ +

Parabola GNU/Linux-libre

+ +

+ You can basically adapt the above. Note however that Parabola does not keep old kernels still installed, and the file names + are always consistent, so you don't need to boot from symlinks, you can just use the real thing directly. +

+ +
+ +

+ Now you have your modified grub.cfg. (right?) +

+ +

+ Delete the grubtest.cfg that remained inside the ROM:
+ $ ./cbfstool libreboot_usqwerty.rom remove -n grubtest.cfg +

+ +

+ Display ROM contents and now you see grubtest.cfg no longer exists there:
+ $ ./cbfstool libreboot_usqwerty.rom print +

+ +

+ Add the modified version that you just made:
+ $ ./cbfstool libreboot_usqwerty.rom add -n grubtest.cfg -f grubtest.cfg -t raw +

+ +

+ Now display ROM contents again and see that it exists again:
+ $ ./cbfstool libreboot_usqwerty.rom print +

+ +

+ Now you have a modified ROM. Refer back to ../index.html#flashrom for information + on how to flash it. +

+ +

+ Choose (in GRUB) the menu entry that switches to grubtest.cfg. If it works, then your config is safe and you can continue below. +

+ +

+ Rename (just reduce confusion):
+ $ mv grubtest.cfg grub.cfg

@@ -116,6 +249,10 @@ on how to flash it.

+

+ If all went well, GRUB should now boot your system the way you intended. +

+

Anecdotally, a user reported that segmentation faults occur with cbfstool when using this procedure depending on the size of the grub.cfg being re-insterted. In his case, a minimum size of 857 bytes was required. This could (at the time of this release) be a bug in cbfstool that should be investigated with the coreboot community. If cbfstool segfaults, then keep this in mind. 'strace' (or gdb? clang?) could be used for debugging. This was in libreboot 5th release (based on coreboot from late 2013). Not sure if the issue perists in the 6th release (based on coreboot from June 1st, 2014 at the time of writing); I have never personally encountered the bug. strace (from that user) is here: cbfstool_libreboot5_strace. The issue has been reported by a few users, so does not happen all the time: this bug (if it still exists) could (should) be reproduced.

@@ -123,8 +260,15 @@

- Copyright © 2014 Francis Rowe, All Rights Reserved.
- See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

+ +

+ This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

diff --git a/docs/howtos/t60_dev/t60_unbrick.jpg b/docs/howtos/t60_dev/t60_unbrick.jpg new file mode 100644 index 00000000..820a9b42 Binary files /dev/null and b/docs/howtos/t60_dev/t60_unbrick.jpg differ diff --git a/docs/howtos/t60_heatsink.html b/docs/howtos/t60_heatsink.html index d2d52fdb..f10ea60c 100644 --- a/docs/howtos/t60_heatsink.html +++ b/docs/howtos/t60_heatsink.html @@ -118,8 +118,15 @@

- Copyright © 2014 Francis Rowe, All Rights Reserved.
- See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

+ +

+ This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

diff --git a/docs/howtos/t60_lcd_15.html b/docs/howtos/t60_lcd_15.html index b5fbd5f5..3b382f5a 100644 --- a/docs/howtos/t60_lcd_15.html +++ b/docs/howtos/t60_lcd_15.html @@ -79,8 +79,15 @@

- Copyright © 2014 Francis Rowe, All Rights Reserved.
- See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
+ This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

+ +

+ This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

diff --git a/docs/howtos/t60_mainboard/t60_ati_gpu.jpg b/docs/howtos/t60_mainboard/t60_ati_gpu.jpg deleted file mode 100644 index d2c83db2..00000000 Binary files a/docs/howtos/t60_mainboard/t60_ati_gpu.jpg and /dev/null differ diff --git a/docs/howtos/t60_mainboard/t60_intel_gpu.jpg b/docs/howtos/t60_mainboard/t60_intel_gpu.jpg deleted file mode 100644 index 46fc5619..00000000 Binary files a/docs/howtos/t60_mainboard/t60_intel_gpu.jpg and /dev/null differ diff --git a/docs/howtos/t60_security.html b/docs/howtos/t60_security.html index 0ce36456..27d1e75e 100644 --- a/docs/howtos/t60_security.html +++ b/docs/howtos/t60_security.html @@ -345,12 +345,6 @@
  • ask gnutoo about fallback patches (counts number of boots)
    • -
  • - Software-based security hardening (GRUB trust/cryptomount, kernel LUKS/ecryptfs, etc). - -
  • General tips/advice and web links showing how to detect physical intrusions.
    • @@ -386,9 +380,16 @@
  • Atheros PCI wifi: unknown, but lower than intel wifi.
  • Microphone: only problematic if the computer gets compromised.
  • Speakers: only problematic if the computer gets compromised.
    • -
  • EC: can be mitigated if following the (not yet written) guide on software security.
    • +
  • EC: can be mitigated if following the guide on software security.
    • +

    + Further reading material (software security) +

    + +

    References

    @@ -423,8 +424,15 @@

    - Copyright © 2014 Francis Rowe, All Rights Reserved.
    - See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    diff --git a/docs/howtos/t60_unbrick.html b/docs/howtos/t60_unbrick.html index 9a262126..69648e1c 100644 --- a/docs/howtos/t60_unbrick.html +++ b/docs/howtos/t60_unbrick.html @@ -304,8 +304,15 @@

    - Copyright © 2014 Francis Rowe, All Rights Reserved.
    - See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    diff --git a/docs/howtos/x60_heatsink.html b/docs/howtos/x60_heatsink.html index 0feee779..22b55e1c 100644 --- a/docs/howtos/x60_heatsink.html +++ b/docs/howtos/x60_heatsink.html @@ -134,8 +134,15 @@

    - Copyright © 2014 Francis Rowe, All Rights Reserved.
    - See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    diff --git a/docs/howtos/x60_lcd_change.html b/docs/howtos/x60_lcd_change.html new file mode 100644 index 00000000..3ddeaac0 --- /dev/null +++ b/docs/howtos/x60_lcd_change.html @@ -0,0 +1,54 @@ + + + + + + + + + Libreboot documentation: Unbricking the ThinkPad T60 + + + + +
    +

    Changing the LCD panel on X60

    +
    + +

    Or go back to main index

    + +

    This tutorial is incomplete, and only pictures for now.

    + +

    + + + + + + + +

    + +
    + +

    + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information. +

    + + + diff --git a/docs/howtos/x60_lcd_change/0001.JPG b/docs/howtos/x60_lcd_change/0001.JPG new file mode 100755 index 00000000..fd066eb2 Binary files /dev/null and b/docs/howtos/x60_lcd_change/0001.JPG differ diff --git a/docs/howtos/x60_lcd_change/0002.JPG b/docs/howtos/x60_lcd_change/0002.JPG new file mode 100755 index 00000000..96949f1e Binary files /dev/null and b/docs/howtos/x60_lcd_change/0002.JPG differ diff --git a/docs/howtos/x60_lcd_change/0003.JPG b/docs/howtos/x60_lcd_change/0003.JPG new file mode 100755 index 00000000..90216aaa Binary files /dev/null and b/docs/howtos/x60_lcd_change/0003.JPG differ diff --git a/docs/howtos/x60_lcd_change/0004.JPG b/docs/howtos/x60_lcd_change/0004.JPG new file mode 100755 index 00000000..3b704a45 Binary files /dev/null and b/docs/howtos/x60_lcd_change/0004.JPG differ diff --git a/docs/howtos/x60_lcd_change/0005.JPG b/docs/howtos/x60_lcd_change/0005.JPG new file mode 100755 index 00000000..823bab94 Binary files /dev/null and b/docs/howtos/x60_lcd_change/0005.JPG differ diff --git a/docs/howtos/x60_lcd_change/0006.JPG b/docs/howtos/x60_lcd_change/0006.JPG new file mode 100755 index 00000000..040f2ca4 Binary files /dev/null and b/docs/howtos/x60_lcd_change/0006.JPG differ diff --git a/docs/howtos/x60_lcd_change/0007.JPG b/docs/howtos/x60_lcd_change/0007.JPG new file mode 100755 index 00000000..42c2607c Binary files /dev/null and b/docs/howtos/x60_lcd_change/0007.JPG differ diff --git a/docs/howtos/x60_security.html b/docs/howtos/x60_security.html index 6abda98d..660dbd68 100644 --- a/docs/howtos/x60_security.html +++ b/docs/howtos/x60_security.html @@ -206,12 +206,6 @@
  • ask gnutoo about fallback patches (counts number of boots)
    • -
  • - Software-based security hardening (GRUB trust/cryptomount, kernel LUKS/ecryptfs, etc). - -
  • General tips/advice and web links showing how to detect physical intrusions.
    • @@ -247,9 +241,16 @@
  • Atheros PCI wifi: unknown, but lower than intel wifi.
  • Microphone: only problematic if the computer gets compromised.
  • Speakers: only problematic if the computer gets compromised.
    • -
  • EC: can be mitigated if following the (not yet written) guide on software security.
    • +
  • EC: can be mitigated if following the guide on software security.
    • +

    + Further reading material (software security) +

    + +

    References

    @@ -284,8 +285,15 @@

    - Copyright © 2014 Francis Rowe, All Rights Reserved.
    - See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    diff --git a/docs/howtos/x60_unbrick.html b/docs/howtos/x60_unbrick.html index 8427c5ac..945712d8 100644 --- a/docs/howtos/x60_unbrick.html +++ b/docs/howtos/x60_unbrick.html @@ -295,8 +295,15 @@

    - Copyright © 2014 Francis Rowe, All Rights Reserved.
    - See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    diff --git a/docs/howtos/x60tablet_unbrick.html b/docs/howtos/x60tablet_unbrick.html index 975c7643..da60227f 100644 --- a/docs/howtos/x60tablet_unbrick.html +++ b/docs/howtos/x60tablet_unbrick.html @@ -204,8 +204,15 @@

    - Copyright © 2014 Francis Rowe, All Rights Reserved.
    - See ../license.html for license conditions. + Copyright © 2014 Francis Rowe <info@gluglug.org.uk>
    + This document is released under the Creative Commons Attribution-ShareAlike 4.0 International Public License and all future versions. + A copy of the license can be found at ../license.txt. +

    + +

    + This document is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See ../license.txt for more information.

    -- cgit v1.2.3-70-g09d2