Installing Skulls (Coreboot) on a Thinkpad X230
The two BIOS chips of my X230
…why?
After realizing I really no longer had a main use for my beloved ThinkPad X230, I figured I would dick around with it and attempt to install Skulls, which (for the uninitiated) is distribution of the free BIOS replacement known as Coreboot. Coreboot is meant to replace proprietary motherboard BIOSes on a handful of systems (mostly ThinkPads and some other purpose built computers such as servers and Chromebooks). On the surface, it is more or less a loader that will launch into a specific payload. In the instance of Skulls, it is configured to launch into something calle “SeaBIOS” which is a more traditional legacy MBR BIOS implementation. Other options such as Tianocore (which focuses on UEFI OSes) or GRUB (which is often used to load Linux) can be installed and configured with normal Coreboot, but neither are (currently) distributed with Skulls.
One of the major things that attracts people to Coreboot (and Skulls by proxy) is the ability to “de-blob” and remove proprietary, closed source content from a computer’s BIOS. By replacing the original stock BIOS, you can remove/neuter things such as Intel ME, bypass weird hardware restrictions such as wireless card and battery whitelists, and overall have more personal control and freedom over your hardware. A lot of people like the idea of being able to remove Intel ME as it is seen by many as an “always available backdoor to control just about everything with your system”. Personally, I am not that paranoid of a person to really care about things like Intel ME that much. I am the kind of guy who has fully embraced the BotNet (TM); I’ve got an Android phone and two Google Homes. I don’t bother covering my webcams. I live life dangerously. That being said, even if I may not be interested in Coreboot based on privacy alone, I am interested in the concept of something that is truly open-sourced and yours and I stand for the principle of having control over something you own. Even if the novice consumer has no idea what “ an Intel ME” even means, they shouldn’t be subject something that could cause such massive vulnerabilities, even if the chance of having their HP Stream craptop stolen and exploited through some sort of Intel ME backdoor are slim as hell.
I touched on this a bit in my previous post about my T440P. Older laptops like ThinkPads offer a lot of things modern machines simply don’t. Easily accessible and replaceable components are becoming incredibly more rare on modern laptops. You are lucky to find something that isn’t glued shut and forces you to seek help directly from the manufacturer in the case of some form of hardware issues. Expensive repair plans, planned obsolence and just outright bad business practices plague the current laptop landscape. Desktops still offer flexibility to chose your own components from the ground up, but not every person has the space or can justify having a whole desktop setup. Laptops offer more choice at the cost of somtimes lacking in upgradability or longevity. To me, ThinkPads have stood out as devices that somewhat disregard the norms and focus on features that professionals and enthusiasts want. At least, their older models did. Modern ThinkPads have gotten… pretty bad over the past few years. Some would argue that they went downhill after the brand was sold from IBM to Lenovo, but I don’t know. I think there is still a pocket of time where Lenovo operated the ThinkPad brand with the ideas and morals that the moniker was built upon still in-tact. The X230 and T440p luckily fall in the camp of “Good” ThinkPads and are examples of the things I want in a portable device. They aren’t the slimmest, sleekest devices around, but they have things like replaceable RAM, storage and even swappable freakin CPUs in the case of the T440p. Even if they launched with locked whitelists for specific components like the batteries and wireless cards, the overall flexibility still stands miles above current machines.
Skulls is just the next logical step to me for true ownership of my old X230. If you have complete and utter control of just about every other aspect of the device, why shouldn’t you also be able to customize the system level firmware of it as well? Becasue you can fuckin brick your shit. That’s why.
Flashing Skulls versus using 1vyrain
Yeah… I didn’t brick mine this time, but I absolutely did in the past. Somehow I was able to recover things back to normal, but Skulls isn’t for the weak of heart. You CAN fuck your shit up and if you aren’t savy or patient enough to slow down and try again, you can risk it all.
The concept of freedom doesn’t always blend with what people still want to use their laptops for. I have seen multiple attempts at using Coreboot/Skulls end poorly for someone because they expected things that weren’t possible anymore. Things like Skulls are a trade off; you get rid of the proprietary Intel junk that you don’t want, but also sacrifice modern features and more advanced control. The advanced menu you can unlock on the X230 via 1vyrain, for example, gives you incredibly granualar (and potentially dangerous) control of a lot of things. 1vyrain on it’s own is a good place to stop for many people as it is still uses the original ThinkPad BIOS but removes the whitelists and adds an advanced menu while still retaining the ability to boot via legacy or UEFI. Skulls/Coreboot is a significantly more stripped down approach, but this is purposeful. The point of Skulls isn’t to give you every single option as far as tweaking frequencies and thermal limits for your laptop; it is to essentially strip the BIOS down to it’s bare necesseties and cut out all of the crap that isn’t necessary, including Intel ME. It’s worth mentioning for the people who hate Intel ME, but don’t want to get into risky hardware flashes for something such as Skulls or Coreboot that 1vyrain does technically have options for soft-disabling Intel ME. This option adds almost 5 additional seconds to startup time though, mostly because of how it disables ME. It is also possible to run the “me_cleaner” script on an 1vyrain modified BIOS, which may be a better stopping point for many instead of going all the way to Skulls/Coreboot.
Throwback to when I originally modified my (then very broken) X230’s BIOS via 1vyrain
The whole process of using 1vyrain to unlock the stock BIOS is quite simple in comparison to your standard Skulls/Coreboot install. 1vyrain even apparently offers flashing Coreboot or Skulls images, but I have yet to see anyone document this process and the 1vyrain page doesn’t go into much detail on it. Flashing just the modified BIOS using 1vyrain is done using a bootable image off of a USB stick and then flashing internally as if it was a vanilla BIOS update done through the OS, no additional hardware required. In contrast, flashing Skulls the first time required that I take apart my laptop, locate and identify the two BIOS chips on the motherboard and then use a hardware flasher to dump, modify and reflash the BIOS. To me, since I had only just recently did some hardware flashing on my T440P, this wasn’t the most challenging or worrying thing in the world. I felt significantly more confident this time around since I knew my flasher worked and I had some fresh, spare clips laying around to use.
The Skulls page is fantastic for documenting how to install everything and get it set up, but I also used a few other guides to make sure I was doing everything correctly. My main goal, since I had experienced a brick before, was to make absolutely sure I could recover my BIOS if things didn’t go according to plan. I backed up the original BIOS top and bottom chips twice in addition to the backup that is done by the Skulls installer script on it’s own. Making sure my flasher was reading properly and making the same dumps just made me feel a bit better. Running ‘diff’ in the terminal and comparing the two dumps showed they were both identical and confirmed that my flasher was working.
Following the guide via the Skulls github, I proceeded to get everything prepared on my T440P after confirming my dumps. I was using a CH341a flasher with some new clips off Amazon for the whole process. I am unsure whether or not my CH341a was truly up-to-spec, since a lot of the guides I also read for just vanilla Coreboot installs mentioned having to either modify the flasher or use something else due to a voltage issue. Even so, I didn’t experience any issues during the backup or flashing process, so I suppose things went fine either way. Do note that your mileage may vary, and this blog post doesn’t serve to be a tutorial as much as it is just a documentation of something I did.
Clipping the CH341a down and flashing Skulls didn’t take long, and after taking care of both top and bottom chips, I was ready to partially reassemble and fire everything up.
And it worked! I was incredibly pleased at this point since I had messed with Skulls before and messed up royally, vowing to not touch the project again. Stupidity strikes twice with me though, and I couldn’t help myself but to try again now that the X230 wasn’t my main machine.
The “Downsides” of Skulls
After installing Skulls, I knew I would either have to convert my current OS installs to Legacy/MBR or just start from scratch. I ditched my Hackintosh install and wiped both drives I had installed to start with a clean slate. On the MSATA SSD, I went with Windows 10 LTSC 2021 and on the 2.5” SSD I chose EndeavourOS. The newer hackintosh-capable wireless card I had installed a year or two ago I decided to keep installed, even though it required additional drivers once I got Windows installed. Luckily, as I mentioned before, Skulls gets rid of the wireless whitelist entirely, so this wasn’t an issue.
Windows 10 was first. I have experience messing with GRUB, but only really on UEFI devices, so I wanted to make sure I could get everything booting properly with Linux after getting Windows taken care of. The majority of the issues I went through were from Windows, since it is a modern OS expecting some modern things in order to communicate with everything. After installing Lenovo Vantage, I started getting things up-to-date driver wise. At some point though, I suppose Vantage pulled the Intel ME drivers and things got a bit sticky. Suddenly, boots were hangning significantly at the Windows logo without much indication that anything was going on other than the HDD status indicator blinking under the X230’s display. I was able to fix this by disabling the device in device manager and then blacklisting the hardware ID from updating via a Group Policy. Once this was taken care of, boot speeds returned to normal.
Next issue though was with the keyboard. I had installed the classic 7-row keyboard on my X230 and flashed the embedded controller long before doing 1vyrain or Skulls, so this didn’t cause any issues. What did have problems, however, was any sort of hotkey integration with Windows. I guess for whatever reason, Skulls breaks the ability to use the hotkey software in Windows, so things like being able to get an on-screen indicator for caps/num lock or use any of the special function keys was not possible. This was weird to me as I hadn’t really seen it documented as a problem before. I spent awhile fiddling around with old drivers, backup websites and archives for the keyboard integration software – all of which didn’t work at all. Eventually, I searched about the issue online and stumbled across a blog that mentioned the keyboard integration not working, so I felt a bit relieved but annoyed that I had spend as long as I did trying to fix it. Due to the EC mod and classic controller, the laptop now doesn’t have any way to display when capslock is enabled other than just typing something, which kinda stinks. This is an easy issue to get around in software on the Linux side of things, but a lot of the Windows solutions are kind of ugly, so I am just dealing with it. It’s not THAT big of a deal, anyways.
Another lost feature is the ability to set the custom charging threshold of the ThinkPad’s battery in Lenovo Vantage. Due to how the ACPI interfaces with Skulls (or something like that), you can’t pass that sort of command to the battery. In Windows, I have been more or less just dealing with this issue as it is rather than using any third party sofware to get around it. Luckily, in Linux I was able to create a script following another Coreboot user’s guide that let me set minimum and maximum charge values as a service. This seems to stick with the laptop off, which is nice.
After messing around with Windows 10 for a bit longer than anticipated, I went ahead with my install of EndeavourOS and it went a lot easier. Interestingly enough, the first boot or so also hung on trying to initialize something with Intel ME, but subsequent startups haven’t had the issue. My wireless card was also picked up on immediately with Endeavour instead of requiring modprobes like with other distributions, which was a nice sign. Once I tailored Endeavour to my liking and set the battery threshold, I focused on making sure GRUB was configured properly and still able to get into Windows. Luckily, everything worked without much additional work.
The linux experience is a lot more friendly to the average Skulls/Coreboot user in my opinion. Not only do you lose less in-OS functionality, but you can also update Skulls internally with just an terminal script. Skulls doesn’t update incredibly often, but people using Coreboot who are looking to take advantage of newer or more customized features may benefit from internal flashing.
Conclusion
The whole process of dumping my BIOS, flashing Skulls and then installing my OSes took way less than I was thinking it would. The whole project took place in just a weekend, in contrast to the days or weeks I had blown in the past trying to mess with less invasive projects. It was refreshing to have something work relatively out-of-the-box like Skulls did without much need to panic and scramble onto some online blog post or wiki to figure out something I had did wrong. OS related issue aside, it was a pretty pleasant experience so long as you have the tools for the job. Having new clips for my CH341a flasher DEFINITELY helped things move a long at a quicker pace than they had before since I had to spend significantly less time fiddling around with them to make sure the CH341a was reading properly.
Overall, if you understand what little sacrifices you may have to make and have the patience to troubleshoot things as they come, Skulls is a pretty rewarding project that enhances the ThinkPad experience for those who have the curiosity to take up the project. Vanilla Coreboot absolutely offers more control and options if you want to customize how your system boots (like loading directly into GRUB or keeping UEFI support), but for people with less time on their hands, Skulls was seriously easy to do.
I would highly recommend the project to users of the X230 lineup. It is definitely not for everyone, and maybe I am not the perfect example of the target audience for Coreboot, but it was a rewarding challenge and really makes me feel like I own my X230 just that much more.
For more detailed guides on getting Skulls/Coreboot up and running on your own X230, here are some of the links I followed:
- https://www.chucknemeth.com/laptop/lenovo-x230/flash-lenovo-x230-coreboot
- https://famicoman.com/2020/07/30/corebooting-the-thinkpad-x230-with-skulls/
- https://github.com/merge/skulls/tree/master/x230
Stay tuned for more posts in the coming future. I want to write a bit more about the T440p now that I finally have all of my OSes installed and Nvidia Optimus graphics working under Linux (which was a BITCH to do, by the way).
~ Tiduscrying 03-27-22