-
-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heads support for T480/T480s #1885
Comments
The platform may be indeed attractive. I am not sure about being much faster. i7 3740qm/3840qm which can be installed on t420/t430 performs similar to i7 8550u. The newer CPU are less hungry though (45W vs 15 W). Both are EOL in terms of microcode updates. One issue for heads could be the TPM problem. |
Some discussion over Heads matrix channel thread on porting process for t480 if thread discussion is better for you to organize leadership of this port. |
TPM works under coreboot but is "vulnerable to gpio reset attack" source |
Would not be relevant to Heads in any case. Any board owner here willing to take leadership into starting and leading the port? |
Just want to chime in that I am the happy new owner of a T480 which I explicitly bought for playing around with coreboot and the hope to ultimately run heads. So I am more than willing to help with the port and test, but I don't think I am qualified to take the leadership in any way. Maybe to add my perspective on why the T480(s) is an interesting platform: Yes, it is indeed not more powerful than a e.g. a maxed out t440p (which is sad) but uses way less power (good thing on a Laptop) and has all the bells and whistles of USB-C (which is helpful e.g. at my workplace where we have set up monitors to act as a USB-C dock). And while not faster, it is much quieter then my t440p under load. |
|
@doritos4mlady @akunterkontrolle I am trying to evaluate if it is really a good investment in a hobby project. Would you be interested in a community effort of porting heads to t480? Do you know anybody else who would be interested and would/can contribute to the effort? Board advantages: Some questions/obstacles :
|
That's not the BIOS SPI flash, the BIOS flash sits close to the middle of the board and is 16MB |
It is Thunderbolt firmware’s SPI flash, corrected... |
I am certainly interested in a community effort to port heads to the t480 (note: not the t480s, I got the t480 and it is highly unlikely that I will get a t480s as well). I do not know anybody else who could be interested though.
Fully agree. I just flashed Libreboot a few minutes ago for the first time and the hardware-based flashing was so much less painful compared to the t440p. I think I even managed this time to not break any plastic clips, yeah!
Well should have read that first, I had it open just minutes ago but did not look closely at the Thunderbolt chip. However, I do not remember having seen any obstacles around it. Although, I am not sure if it matters, because you can easily upgrade the Thunderbolt firmware via software with fwupdmgr from within Linux (at least if your fwupd version is recent enough, Debian/Devuan stable obviously lagging behind). I am not sure why Libreboot recommends flashing that directly with a hardware programmer as well. Maybe they are not aware of the possibility of updating from within Linux.
Fans work and spin up automatically. I can see the cpu temp sensors but no fan speed and the thinkpad_acpi module does not load. I have to check if the force option will do anything.
Yep. Sadly, this is something I can probably not help with at all. I don't thin I even understand fully how that attack works in the first place.
My current plan on how to get heads to the t480 is as following and probably a very bad idea that will result in burning Thinkpads:
This may work at least as a proof-of-concept and we could go from there. |
@akunterkontrolle That sounds like a plan! Do the initial steps!
Then lets collaborate in the PR you will create. Don't forget to create a heads fork in your own repository, follow/comment linuxboot/heads-wiki#119 as you go, make sure you sign commits and don't stress too much if this seems a lot. Just get a PR started and we will collaborate there. I will guide you to what is Heads specific, but will leave you lead the thing and help you when needed. Don't foget to tag me along the way @tlaurion
I helped before for many ports. Those ports can all be used for references, in which I went in extensive lengths to become redundant at some point. This is a time to test this, and take notes of the process involved if you want to help, so that https://osresearch.net/Porting/ is updated by your notes. If this is done properly, and PRs fixing docs along the way is done, that would be a fruitful, free as in free beer, on my side. If I have to work and do the port by myself, we will quickly go into consultation services discussion in PR. Ideally, someone takes the lead and I mentor so that I do not become the only person doing ports under Heads. The hard part is getting a coreboot port. After that, its learning how to plumbing is done. If you are that willing leader @akunterkontrolle , and are willing to learn and my time investment into mentoring is not lost to the void, i'm willing to do this for free, at the cost of you helping me helping others to do Heads ports in the future and becoming first responder board tester in the future when there is coreboot version bumps and linux kernel version bumps, with others in this room being willing to become second testers as described under https://github.com/linuxboot/heads/blob/master/BOARD_TESTERS.md Heads needs other heads. |
Thank you very much for that detailed plan on how a port of heads for the t480 could come along! @tlaurion I will do my best to read up on the various things like signing my git commits. I knew that this is a thing but have never done it myself before so I am sure I will be on a fun ride :D Well, it seems that I have now "taken the lead" somewhat … Well, I promise I will do my best and I am sure there will be some result at the end. I will try to document my work as best as I can to help the documentation. However, I will say upfront, that it could take a bit until results show up. Sadly this is just a hobby and for various unfair reasons I have to do other stuff as well … |
Yesterday I started to compare the coreboot configs like outlined in the plan. My t480 will arrive tomorrow. @akunterkontrolle what would be the best way to communicate during the port and help you? |
I don't know if this would impact the Heads config, but there a couple of things worth mentioning about the T480. It has two variants: one with integrated graphics, and another with integrated & dedicated graphics. At present, the dedicated graphics do not function in coreboot and are essentially disabled by default. Additionally, in light of the previous X230 maximised config, the T480 has become a commonly modified laptop by the ThinkPad community with do-it-yourself screen replacements at 1440p and 4K being fairly popular. |
Good point, the same applies to the T440p. I think it is handled there somehow as well. My T480 is the one without a dedicated graphics so I can't really test that. I think it should be documented that the dedicated graphics is untested as well as the screen mods and anyone having this hardware config will play guinea pig.
|
Nice to hear that you also already started working on it. I have created a fork from heads under my username with a new branch for the T480, see https://github.com/akunterkontrolle/heads/tree/board_t480 Things I started to do there:
So I think the next steps are to add a linux kernel config for the T480 build and tackle the download and modification of the blobs (note: ME needs deguard and we have to check if and when to apply me_cleaner) @notgivenby Regarding communication: I think we should use mainly this issue which keeps the discussion publicly accessible and helps to document steps, hurdles and question when porting to a new platform. But for some discussion this may not be the right place so you can reach me on Matrix via @ak_unterkontrolle:matrix.org |
My T480 has dedicated graphics, I can play guinea pig. |
You would have to check with Máté, but if iirc from when I built coreboot+edk2 for this board, deguard automatically HAP disables the Management Engine. It also leaves the ME region of the bios completely unsigned, so there's the potential to run your own code in place of Intel's. |
Great!
Perhaps we need to check later the log of the lb build when complied locally to figure out what patches were applied. Perhaps lbmk config can also help.
I believe TPM2 should be correct, since the t480 has it instead of TPM1. I puzzled a bit about the TPM2. When you enable the TPM2 in coreboot config under the lbmk the rom build gives an error. For more details see my fork of heads/wiki https://notgivenby.github.io/heads-wiki/t480-port/. I will try to document changes and steps we did there too. In, short the error is because the menuconfig untility changes the path to 2 vendor files: |
I think it will not be a huge problem. Somebody raised an issue on heads a while ago: the person had t420 with the dGPU. heads was flashed on it actually without knowing that the machine has dGPU. The only think that did not work was DP output to the external display. So, perhaps you should not play a guinea pig yet. |
@akunterkontrolle this needs to be on! |
I have three T480s, one with a dGPU (the one I am writing this message on), and two motherboards with an iGPU waiting to go into dead machines, so if testing is needed let me know. FYI, although Thunderbolt isn't working in coreboot rn, DisplayPort output via the Thunderbolt port (functioning as a simple USB-C port) does work. |
I have a T480 with iGPU, I also have a T440p with a heads so I have some limited experience. I'm willing to help out, it might take me a little longer because I have to look things up in my Linux book. So if you need something from me immediately you'll have to break it down like crayola. |
@akunterkontrolle @MattClifton76 @mblanqui Today I successfully finished one of the ME blob magic for heads. As soon as I get back to my signing key, I will commit the script. In process, I noticed that the me.bin for libreboot was extracted from a dell - donor which had no vPro ME. Since it would be great to use faster CPU under heads,/Qubes, I wonder whether you have a t480 with i7 8650u or 8550u (both vPro)? Does it work with libreboot, is it stable? Can it be an issue @tlaurion? |
I have a i7-8650u, it appears to have vPro. Firmware 1.53 |
Did you flash libreboot on it? does it work fine? |
I have not, I plan on giving it a shot after the Super Bowl. I know they say use 1.52 for the uart but I don't have a need for it so I'm going to try it with 1.53. I also updated the thunderbolt chip through fwupd, not sure why they wanted to flash the chip separately. |
@akunterkontrolle I managed to create blobs scripts that were mostly relied on the libreboot approach my fork We are still missing modifications of the .circleci/config.yml to add t480. |
@notgivenby @akunterkontrolle : My 1.5h contribution for now is at https://github.com/tlaurion/heads/tree/poc_t480
Fails at pointing in vendor fsp fd files :( will leave it to you guys
CircleCI build will fail the same under https://app.circleci.com/pipelines/github/tlaurion/heads/3112/workflows/cf9e893c-96ba-4ae0-9d5b-bffa08b06a5a
Weirdly, there is no vendorfiles under the git repo cloned for commit pointed under modules/coreboot:
Not sure what's up with git submodules cloning there. Something is missing from that upstream commit/submodules dependencies :( Feels free to steal, cherry-pick, learn and ask questions. We are soon to a point where a PR would be helpful to comment, more then this issue. When it builds :) Q:
|
@akunterkontrolle : Not sure, we will have to see from real world experience:
@MattClifton76 feedback would be really helpful. |
Thanks to @krystian-hebel for the tip:
https://app.circleci.com/pipelines/github/tlaurion/heads/3115/workflows/41a21dcd-c79c-46cc-8655-fd4602d06d8b should now build successfully with tlaurion@d666b81 TEST WITH CAUTION! PORT INCOMPLETE! This was a contribution of 2.5h total. Feel free to donate under https://opencollective.com/insurgo |
@tlaurion I'm currently working on it, I'm a rookie at best with this so I have to look up a bunch of commands and read how-to's. Assuming i do get it flashed successfully and it's boots, are there any commands you want me to run or specific things you want me to test? Fedora 41 is currently installed |
I have a i7 8650u (vPro). I built coreboot+edk2 from upstream in early December. It's perfectly stable, and I've had no issues other than the known ones at the time of my build (Fn keys don't work, and the Thunderbolt port doesn't have full functionality). Other than that, it works like a treat. Thanks to @notgivenby for giving me the heads up (no pun intended) to your question. Let me know if you need more info. |
For the adventurous: please report testing of #1906 there! :) |
for all brave please keep in mind that t480 is not the same board as t480s. There are few GPIO differences that can destroy the t480s board if flashed with t480 rom as notified on the libreboot. |
@MattClifton76 @doritos4mlady would you guys be interested in becoming a heads board tester for t480? Additional information is available here https://matrix.to/#/!pAlHOfxQNPXOgFGTmo:matrix.org/$6zRiL6bw55FJLwlhB4VLcc8TbxB_FAu_zaolgtaXbaw?via=matrix.org&via=nitro.chat&via=tchncs.de. https://github.com/linuxboot/heads/blob/master/BOARD_TESTERS.md is the in-tree willing board testers (with external programmers) to be called for testing, basically when there is coreboot version bumps, linux kernel version bumps or board specific changes that could result in bricking platforms, requiring external programmer recovery. This is why board testers are needed: so that things are tested in pull requests by board owners to at least check that the changes do not result in bricks and no important regressions are found prior of merging changes upstream |
I'll flash that bios chip to the moon and back, I even bought a new nitro key for this occasion. As stated previously I'm very new at this, I still have to write down commands and look up explanations. |
Looks like a great candidate as it recently got libreboot support and is much
fasternewer than the T420/T430.Is this something the devs would be interested in supporting?
The text was updated successfully, but these errors were encountered: