1 (edited by zapper 2020-12-04 15:27:15)

Topic: Found something for libreboot users,

Its an updated version of libreboot with security fixes, etc... and its being actively worked on. 
Get the free roms, not the non-free ones though as this version has both.

Anyways without furtherado here it is:

https://github.com/JaGoLi/Libreboot-X200-Updated

But a warning, this repo only has updates for X200 for the time being. Anywho, enjoy!

PS, it worked extremely well on my x200 and with no problematic changes. 

the rom folder first on there is where you get it, its based also on coreboot's 4.12 stable.  enjoy!

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

2 (edited by rachad 2020-12-04 18:21:17)

Re: Found something for libreboot users,

thanks zapper i jumped and done it as well with the free roms smile
to make it easy on others just run the following command :

 doas flashrom -p internal:laptop=force_I_want_a_brick -w <name_of_selected_rom> 

instead of using JaGoLi command
sudo flashrom -c "chip_name" -p internal:boardmismatch=force,laptop=force_I_want_a_brick -w name_of_selected_rom

3

Re: Found something for libreboot users,

problems i face right now with my x200:
1- a never ending black screen on reboot or at least i waited 2mints smile and keeps the ethernet light turn on and off
2- FN brightness up and down stops working after i decrypt my hdd and start the system i must say that it worked just before openrc started wpa_supplicant then ufw i loose control over brightness
3- my pc have french azerty keyboard and grub on this libreboot doesn't can i fix it?

i will reflash back to the old libreboot release till the brightness problem is fixed cause of my eyes
i also dont have a github account if someone could send this issues to JaGoLi it would be great till i find a way to deal with github my self smile

4

Re: Found something for libreboot users,

rached wrote:

problems i face right now with my x200:
1- a never ending black screen on reboot or at least i waited 2mints smile and keeps the ethernet light turn on and off
2- FN brightness up and down stops working after i decrypt my hdd and start the system i must say that it worked just before openrc started wpa_supplicant then ufw i loose control over brightness
3- my pc have french azerty keyboard and grub on this libreboot doesn't can i fix it?

i will reflash back to the old libreboot release till the brightness problem is fixed cause of my eyes
i also dont have a github account if someone could send this issues to JaGoLi it would be great till i find a way to deal with github my self smile

Hmm, it worked for me correctly, maybe this image is only for english keyboards aka usa.

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

5

Re: Found something for libreboot users,

zapper wrote:

Hmm, it worked for me correctly, maybe this image is only for english keyboards aka usa.

maybe brithness problem comes from the keyboard but why then it worked before openrc started
but the reboot cant be because of keyboard

6

Re: Found something for libreboot users,

rached wrote:
zapper wrote:

Hmm, it worked for me correctly, maybe this image is only for english keyboards aka usa.

maybe brithness problem comes from the keyboard but why then it worked before openrc started
but the reboot cant be because of keyboard

Hmm, I dunno... but at least the annoying beep sound and some security issues are fixed. smile

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

7

Re: Found something for libreboot users,

zapper wrote:

Hmm, I dunno... but at least the annoying beep sound and some security issues are fixed. smile

on IRC #libreboot they said there was no security issues and that we shouldn't believe anyone that claims that and for sound u can use nvramtool im no expert so i cant comment and i couldn't reply i just said yes thank you alright smile

i also wanna thank FrostKnight for adding those issues in Github
it would be great if he fixed them then i will go and discuss with someone on #libreboot again and see what will i accept

8

Re: Found something for libreboot users,

rached wrote:
zapper wrote:

Hmm, I dunno... but at least the annoying beep sound and some security issues are fixed. smile

on IRC #libreboot they said there was no security issues and that we shouldn't believe anyone that claims that and for sound u can use nvramtool im no expert so i cant comment and i couldn't reply i just said yes thank you alright smile

i also wanna thank FrostKnight for adding those issues in Github
it would be great if he fixed them then i will go and discuss with someone on #libreboot again and see what will i accept

Yeah, the security issue mentioned is the boothole vulnerability, the github page mentions it. I dunno if there are others, but did you ask libreboot devs about that vulnerability?

HyperbolaBSD: The Future of Secure Libre Lightweight Operating Systems!

9

Re: Found something for libreboot users,

zapper wrote:

Yeah, the security issue mentioned is the boothole vulnerability, the github page mentions it. I dunno if there are others, but did you ask libreboot devs about that vulnerability?

yes i did come there and ask them maybe i wasn't or surely i wasn't that good in discussing it

10 (edited by throgh 2020-12-08 02:41:53)

Re: Found something for libreboot users,

zapper wrote:

Its an updated version of libreboot with security fixes, etc... and its being actively worked on. 
Get the free roms, not the non-free ones though as this version has both.

Anyways without furtherado here it is:

https://github.com/JaGoLi/Libreboot-X200-Updated

But a warning, this repo only has updates for X200 for the time being. Anywho, enjoy!

PS, it worked extremely well on my x200 and with no problematic changes. 

the rom folder first on there is where you get it, its based also on coreboot's 4.12 stable.  enjoy!

Thanks, I don't want to minimize the work behind this but I don't trust a repository with roms including microcode.
There is no further guide included how to compile an own build with the included files itself, especially the folder structure was changed. And especially the compilation for other keyboard-layouts, so you can have your own trustworthy buildout without loading "something" from a proprietary service itself and just flashing that on your computer. neutral

Better to have a guide to compile this on your own instead of download finished roms. Getting them from the official project-downloads is one thing but another to have modified versions the author left a month ago. Besides that: Has anyone tried to build Libreboot with this repository?
The question is important from my point of view as I don't understand why the author didn't share those information with the Libreboot-project itself and hosted that onto Github. Would be better to get this back to the project as it is not dead and people are working on it, so when there are security-issues they have to be shared upstream.

As I had done a first checkout from the concurrent repository: The file-structure is even more kind of a problem and mixed rom-images with proprietary microcode is not even near the major goals of Libreboot. sad
We'll see if the author is replying in the issue created. If there is no reply within the upcoming four weeks, I think questions are left. Would be a pity! And Libreboot is not only about X200-models. They are nice and very good to handle, but there are other boards also to take care of.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

11 (edited by throgh 2020-12-08 03:12:25)

Re: Found something for libreboot users,

Coming back with answers directly from the IRC and swiftgeek!
First of all Libreboot is not affected and the issue the repository, better the author, is speaking of it.

also it's not even grub that is affected by "boothole" but distros that didn't enable signature verification in grub (like of any .cfg loaded), but signed said grub binary for secureboot use

it's like that "ssh" cve where exploit was abusing extremely bad configuration strongly discouraged by sshd because somebody could exploit it...

what was the most recent one that hopefully won't get accepted

if something decrypts data intended for it with key it has, that's a CVE because it reveals encrypted data!

Especially the mixing with the newer Coreboot:

and libreboot is not a fork of coreboot

In the end the answer is: There is no security-problem to be fixed and as I've mentioned ... using proprietary microcode within rom-images?
Well, not the way to go as this is not Libreboot.

Sorry, don't want to minimize the repository and its content. Hope the information is more helpful and clear now?
Note also: The repository brought up a little discussion in the IRC about the current situation of security issues within chip, vendors and the problems around with free, libre hardware:

<swiftgeek> so it's not like OSHW is a pie in the sky kind of thing or something obscure

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

12

Re: Found something for libreboot users,

Had a look onto this again and seems for now: I was wrong? Not final clear for me but better to see there are updates to be done and the person behind have not lost any interest doing this. Here more: https://github.com/JaGoLi/Libreboot-X20 … d/releases

Nice to see as a possibility getting more into this. big_smile

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

13

Re: Found something for libreboot users,

throgh wrote:

Had a look onto this again and seems for now: I was wrong? Not final clear for me but better to see there are updates to be done and the person behind have not lost any interest doing this. Here more: https://github.com/JaGoLi/Libreboot-X20 … d/releases

Nice to see as a possibility getting more into this. big_smile

Could you please share your experience if you decide to give the update a try? I'm not a very tech-savvy person, I've managed to libreboot my X200's because I can read and follow clear instructions, which I found on Reddit. Of course I want some kind of update for Libreboot 2016, but  I have doubts and questions of course. And I do have a bug on current version, when after long periods of use my screen turns grey and I need to turn it off. sad But as far as I read it still there...

However, I have experienced random crashes after long periods of use on both my test machines when the microcode isn't present.

14

Re: Found something for libreboot users,

thinkbad wrote:
throgh wrote:

Had a look onto this again and seems for now: I was wrong? Not final clear for me but better to see there are updates to be done and the person behind have not lost any interest doing this. Here more: https://github.com/JaGoLi/Libreboot-X20 … d/releases

Nice to see as a possibility getting more into this. big_smile

Could you please share your experience if you decide to give the update a try? I'm not a very tech-savvy person, I've managed to libreboot my X200's because I can read and follow clear instructions, which I found on Reddit. Of course I want some kind of update for Libreboot 2016, but  I have doubts and questions of course. And I do have a bug on current version, when after long periods of use my screen turns grey and I need to turn it off. sad But as far as I read it still there...

However, I have experienced random crashes after long periods of use on both my test machines when the microcode isn't present.

Zapper had a good idea: Perhaps bringing swiftgeek and and_who (Andrew) with the author of the repository together. I'll try to get in contact with the people and keep this updated here, of course. Also about having more views onto compilation itself without firmware-blobs.

Human being in favor with clear principles and so also for freedom in soft- and hardware!

Certainly anyone who has the power to make you believe absurdities has the power to make you commit injustices: For a life of every being full with peace and kindness, including diversity and freedom. Capitalism is destroying our minds, the planet itself and the universe in the end!

15 (edited by thinkbad 2021-04-03 00:41:46)

Re: Found something for libreboot users,

It's not good but great idea! smile 
Regarding these crashes  - actually that was the reason for check my ram with memtest86+...I thought maybe some trouble with ram,  but now I have found the evidence about crashes and microcode dependence.