Thinkpad X230 and X230TSkulls -
Get it from our release page
- coreboot: We take coreboot's master branch at the time we build a release image.
- microcode update: revision
20from 2018-04-10 (includes mitigations for Spectre Variant 3a and 4)
- SeaBIOS: version 1.12.0 from 2018-11-17
release images to choose from
We release multiple different, but very similar images you can choose from. They all should work on all versions of the X230/X230T. These are the differences; (xxxxxxxxxx stands for random characters in the filename):
x230_coreboot_seabios_xxxxxxxxxx_top.romincludes the proprietary VGA BIOS from Intel which is non-free software. It is executed in "secure" mode.
x230_coreboot_seabios_free_xxxxxxxxxx_top.romincludes the VGA BIOS SeaVGABIOS which is free software. While technically more interesting, visually this is currently not as beautiful:
table of contents
sudo ./x230_before_first_install.shon your current X230 Linux system
- Power down, remove the battery. Remove the keyboard and palmrest. Connect
a hardware flasher to an external PC (or a Raspberry Pi with a SPI 8-pin chip clip
can directly be used), and run
sudo ./external_install_bottom.shon the lower chip and
sudo ./external_install_top.shon the top chip of the two.
- For updating later, run
./x230_skulls.sh. No need to disassemble.
And always use the latest released package. This will be tested. The git master branch is not meant to be stable. Use it for testing only.
before you begin
Before starting, run Linux on your X230, install
dmidecode and run
sudo ./x230_before_first_install.sh. It simply prints system information and
helps you to be up to date.
Also make sure you have the latest skulls-x230 package release by running
original BIOS update / EC firmware (optional)
Before flashing coreboot, consider doing one original Lenovo upgrade process in case you're not running the latest version. This is not supported anymore, once you're running coreboot (You'd have to manually flash back your backup images first, see later chapters).
Also, this updates the BIOS and Embedded Controller (EC) firmware. The EC is not updated anymore, when running coreboot. The latest EC version is 1.14 and that's unlikely to change.
In case you're not running the latest BIOS version, either
use the latest original CD and burn it, or
use the same, only with a patched EC firmware that allows using any aftermarket-battery: By default, only original Lenovo batteries are allowed. Thanks to this project we can use Lenovo's bootable upgrade image, change it and create a bootable USB image, with an EC update that allows us to use any 3rd party aftermarket battery:
sudo apt-get install build-essential git mtools libssl-dev git clone https://github.com/hamishcoleman/thinkpad-ec && cd thinkpad-ec make patch_disable_keyboard clean make patch_enable_battery clean make patched.x230.img
That's it. You can create a bootable USB stick:
sudo dd if=patched.x230.img of=/dev/sdx
and boot from it. Alternatively, burn
patched.x230.iso to a CD. And make sure
you have "legacy" boot set, not "UEFI" boot.
preparation: required hardware
- An 8 Pin SOIC Clip, for example from Pomona electronics (for availability, check aliexpress or elsewhere) or alternatively hooks like E-Z-Hook
- 6 female jumper wires like these to connect the clip to a hardware flasher (if not included with the clip)
- a hardware flasher supported by flashrom, see below for the examples we support
open up the X230
Remove the 7 screws of your X230 to remove the keyboard (by pushing it towards the screen before lifting) and the palmrest. You'll find the chips using the photo below. This is how the SPI connection looks like on both of the X230's chips:
Screen (furthest from you) ______ MOSI 5 --| |-- 4 GND CLK 6 --| |-- 3 N/C N/C 7 --| |-- 2 MISO VCC 8 --|______|-- 1 CS Edge (closest to you)
... choose one of the following supported flashing hardware examples:
Hardware Example: Raspberry Pi 3
A Raspberry Pi can directly be a flasher through it's I/O pins, see below. Use a test clip or hooks, see required hardware.
On the RPi we run Raspbian and have the following setup:
Connect to the console: Either
in the SD Cards's
For flashrom we put
Connect to a wifi or ethernet to
sudo apt-get install flashrom
connect the Clip to the Raspberry Pi 3 (there are prettier images too):
Edge of pi (furthest from you) (UART) L GND TX RX CS E | | | | F +---------------------------------------------------------------------------------+ T | x x x x x x x x x x x x x x x x x x x x | | x x x x x x x x x x x x x x x x x x x x | E +----------------------------------^---^---^---^-------------------------------^--+ D | | | | | G 3.3V MOSIMISO| GND E (VCC) CLK Body of Pi (closest to you)
Now copy the Skulls release tarball over to the Rasperry Pi and continue on the Pi.
We flash at low speeds. Unlocking the bottom chip with its two reads, one write and one verify step usually takes approximately one hour in total.
Hardware Example: CH341A based
The CH341A from Winchiphead, a USB interface chip, is used by some cheap memory programmers. The one we describe can be bought at aliexpress, but it's available elsewhere too. Also, we don't use the included 3,3V power output (provides too little power), but a separate power supply. If you don't have any, consider getting a AMS1117 based supply for a second USB port (like this or this).
- Leave the P/S Jumper connected (programmer mode, 1a86:5512 USB device)
- Connect 3,3V from your external supply to the Pomona clip's (or hook) VCC
- Connect GND from your external supply to GND on your CH341A programmer
- Connect your clip or hooks to the rest of the programmer's SPI pins
- Connect the programmer (and power supply, if USB) to your PC's USB port
unpack the Skulls release archive
tar -xf skulls-x230-<version>.tar.xz cd skulls-x230-<version>
ifd unlock and me_cleaner: the 8MB chip
Flashing the bottom chip (closer to you) is optional. It has the same pinout than the upper chip. This allows you to enable/disable in-system flashing (without disassembling the Thinkpad) and/or to neuter the the Intel Management Engine for security reasons.
sudo ./external_install_bottom.sh -m -k <backup-file-to-create>
That's it. Keep the backup safe. Here are the options (just so you know):
me_cleaner -Sbefore flashing back, see me_cleaner.
-loption will (re-)lock your flash ROM, in case you want to force yourself (and others) to hardware-flashing, see updating.
BIOS: the 4MB chip
sudo ./external_install_top.sh -k <backup-file-to-create>
Select the image to flash and that's it. Keep the backup safe, assemble and turn on the X230. coreboot will do hardware init and start SeaBIOS.
If you have locked your flash (i.e.
./external_install_bottom -l) you can
flash externally using
external_install_top.sh just like the
first time, see above. Only the "upper" 4MB chip has to be written.
It is recommended to do the the update directly on your X230 using Linux
though. This is considered more safe for your hardware and is very convenient -
just install the "flashrom" program and run
./x230_skulls.sh, see below.
- boot Linux with the
iomem=relaxedboot parameter (for example in /etc/default/grub
- download the latest Skulls release tarball and unpack it
sudo ./x230_skulls.shand choose the image to flash.
Hint: In case your Linux distribution's GRUB bootloader doesn't use the full
screen, put the line
GRUB_GFXMODE=1366x768x32 in your
Moving to Heads
Heads is an alternative BIOS system with advanced security features. It's more complicated to use though. When having Skulls installed, installing Heads is as easy as updating Skulls. You can directly start using it:
- build Heads
- boot Linux with the
- copy Heads' 12M image file
build/x230/coreboot.romto Skulls' x230 directory
Switching back to Skulls is the same as updating. Just run
Why does this work?
On the X230, there are 2 physical "BIOS" chips. The "upper" 4MB one holds the actual bios we can generate using coreboot, and the "lower" 8MB one holds the rest that you can modify yourself once, if you like, but strictly speaking, you don't need to touch it at all. What's this "rest"? Mainly a tiny binary used by the Ethernet card and the Intel Management Engine. Read the coreboot documentation for more details.
how to reproduce the release images
git clone https://github.com/merge/skulls
git checkout <VERSION>for the release you want to build
./build.shand choose the configuration you want to build