>To install a coreboot, you will have to:
>1) get some hardware tools like screwdrivers, CH341A USB flasher and SOIC-8 test clip
>2) tear down your laptop to access the motherboard
>3) take SOIC-8 test clip and attach its wires to USB flasher that is supported by flashrom (such as CH341A), then attach SOIC-8 test clip to BIOS chip with 8 legs, then plug USB flasher device to another computer with Linux (while it is still connected to G505S motherboard through wires and SOIC-8 test clip)
>4) using flashrom, make a dump of your existing BIOS just in case, then flash a new coreboot image with verification 5) assemble your laptop in reverse order . That is exactly how computer repair shops are repairing laptops with failed BIOS updates, and are earning pretty good money on it
>Here is a hardware flashing manual - http://dangerousprototypes.com/docs/Flashing_a_BIOS_chip_with_Bus_Pirate .
Everything is described in a great detail here: complete list of tools and where you could buy them (need to spend from $0 to $30, depends on what tools you already have), how to connect these tools properly, a lot of helpful photos - for example, photo of G505S motherboard, so you could easily see where is that BIOS chip with 8 legs is located, dont need to spend time reading the motherboard chip labels. While this instruction mentions Bus Pirate USB flasher, the instructions for CH341A USB flasher are exactly the same - only a flashrom command is different (could see this command at the end of page)
My current coreboot build is from December 2016 - it is not the latest, but still pretty recent, so I am not going to rebuild it from scratch yet. Still, there is one component inside BIOS image that could be easily updated: KolibriOS, tiny wonderful open source operating system that fits on a floppy. It could be launched from SeaBIOS Boot Menu, and works as a RamDisk (no changes to your computer saved). After you tell that you are prepared for hardware BIOS flashing, I will take KolibriOS latest daily build, add it to ROM and send a complete coreboot BIOS ROM to you
Please reply if you have any questions
Best regards,
qmastery
-----------------------------------------------
Is it possible to also reflash the USB firmware at the same time in case it has been tampered by Bad USB ?
Unless USB port seals (e.g. http://www.padjack.com/padjack-versions/usb-port-lock/) are put in place as soon as the laptop is removed from the manufacturers box it is impossible to know whether someone has installed a device that has in turn infected firmware. A similar situation for any DMA access ports (Thunderbolt etc)
I'm interested in being able to take a possibly infected laptop (i.e. infected with firmware malware) and reset it to a known safe starting point. Coreboot seems to handle the BIOS (thank you for clarification that it completely rewrite legacy and UEFI). Replacing the HD with a new SSD should handle that firmware attack vector. That leaves the other EEPROMS.
I figure, if I'm going to strip down my G505S to reflash with Coreboot, I should see what other EEPROMs I can reflash.
Apart from the obvious RAM and SSD upgrade and possible putting switches on peripherals, are there any other hardware mods you can suggest for the G505S.
Having sorted out the hardware, I am then going to be looking to use Qubes to protect against any attempts to reflash through Malware and after thats done, I'll be looking for ways to detect that any attack is being attempted.
All in all I think I've got about a years work ahead !
Did you buy the necessary components from AliExpress as linked in the article ? They are saying a couple of months delivery time !!
All components now ordered, most from Ali Express but a couple from USA. I should hopefully be good to start in about a month
Thanks for the heads-up, I've just updated my AliExpress order accordingly
Here is how I built, flashed and tested it : https://ghostbin.com/paste/wprhk
Basically, I built it with the extracted vgabios binary from the stock rom, flashed it with Bus Pirate and tried to start the laptop.
The screen would not turn on, at all.
Thanks in advance :)
>
> Could you please trim emails when you reply? It was hard to find your
> questions in all that text!
>
Sorry about not trimming the original!
>
> I'm not sure you could fit one in there, the hole is only big enough for
> half-height mini-PCIe cards.
>
Okay. I found some half mini PCIe SSD but it appears to just use SATA interface and probably not worth losing WiFi.
>
> Not sure on this one; Coreboot can be picky on memory timings. Might have
> to dig in to the source code to see if that is supported, if nobody else
> knows.
>
Good to know.
> Welcome! Some of us G505s users are putting together a page with tips on
> Coreboot and Qubes, but I'm not sure where it will end up yet.
That would be amazing and much appreciated. This seems like a great hardware choice for running Qubes. I have the tools and have flashed a BIOS chip before so I feel okay about that part, but building the coreboot file is going to stretch me a bit.
I decided to use your prebuilt rom and flashed it successfully on my G505s last night. Afterwards, I began the Qubes 4.0 installation. It installed fine, but following the restart it freezes while setting up the Template VMs. I waiting several hours to verify that it was indeed frozen. I restarted and tried setup again and it keeps freezing at various points (Fedora Template, Debian Template, Whonix). I then tried a fresh reinstall but that yielded the same result.
I'm currently in the process of downloading 4.0 again and I'll try the install on a different usb stick. Is there anything else that I might try to make this work? Thanks for any assistance.
I'd love to try your prebuilt one!
Thanks again to everyone for helping me get my G505s up and going with coreboot and for all the useful info on recommended upgrades here.
Thanks for all the info! I bought my battery from some random seller on eBay and it was disappointing initially but seems better after a few cycles. I may check out your recommended ones anyway. I did many of the other recommended upgrades already, including replacing the thermal paste, the WiFi adapter and upgrading to 16gb of Patriot Viper RAM and an SSD.
I'm very happy with my current setup thanks to you and others. One question I have is regarding boot time for 4.0. Is it several minutes long for you on coreboot/Qubes 4.0? I also get a Failed to Load Kernel Modules message early on in Qubes boot if that matters. Once it's up and running, things run smoothly.
On Tuesday, April 10, 2018 at ...
One question I have is regarding boot time for 4.0. Is it several minutes long for you on coreboot/Qubes 4.0?
I also get a Failed to Load Kernel Modules message early on
My assumption is that the time is explained by the fact that it is not only booting the physical machine but also the various CMs that are tagged to be started at bootup.
Then I take the created coreboot.rom file and load it onto a separate computer where I can externally flash the G505s as shown here: http://dangerousprototypes.com/docs/Flashing_a_BIOS_chip_with_Bus_Pirate
Was it these two files I am looking for changes in?
src/vendorcode/amd/agesa/f15tn/Proc/CPU/Family/0x15/TN/F15TnEquivalenceTable.c
src/vendorcode/amd/agesa/f15tn/Proc/CPU/Family/0x15/TN/F15TnMicrocodePatch0600110F_Enc.c
or do I understand correctly that I can run these commands at a Debian terminal and get the needed output too?
dd skip=5284 iflag=skip_bytes
if=/lib/firmware/amd-ucode/microcode_amd_fam15h.bin of=amd.bin
xxd -i amd.bin
I then copy some/all of that content and paste it into the image file itself?
Does anybody know where I can find an up-to-date copy of the microcode for this laptop? The latest microcode images I've been able to find *anywhere* are
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode
which according to the logs date back to 2016 and therefore can't possibly contain spectre mitigations for an A10-5750M CPU.
Supposedly AMD has/will release mitigating microcode for family 15h but I don't think AMD has an equivalent to: https://downloadcenter.intel.com/download/27776/Linux-Processor-Microcode-Data-File
Does AMD even announce when they release microcode for a particular family/CPU? Ideally they'd have a list of CPU->microcode.tar.gz but one can only dream I guess...
The next step of course will be figuring out how to build coreboot to load the microcode image, but, one step at a time.
EDIT: https://web.archive.org/web/20160726141516/http://www.amd64.org:80/microcode.html doesn't seem to have been up since 2016