Qubes 4 and coreboot
341 views
Skip to first unread message
qube...@go-bailey.com
Feb 27, 2018, 4:42:07 PM2/27/18
to qubes...@googlegroups.com
Do the Qubes devs recommend a specific payload to use with coreboot and
Qubes 4?
For those who are using coreboot with the Qubes 4 release candidates,
what payload are you using?
Have you run into any oddities with said payload detecting the install
DVD or USB stick as well as with the subsequent installation?
I haven't been able to get coreboot with a petitboot payload working
well with Qubes 4 thus far so am thinking of trying a different payload.
Thanks in advance.
Qubes 4?
For those who are using coreboot with the Qubes 4 release candidates,
what payload are you using?
Have you run into any oddities with said payload detecting the install
DVD or USB stick as well as with the subsequent installation?
I haven't been able to get coreboot with a petitboot payload working
well with Qubes 4 thus far so am thinking of trying a different payload.
Thanks in advance.
[799]
Feb 27, 2018, 4:49:53 PM2/27/18
to qube...@go-bailey.com, qubes...@googlegroups.com
Hello,
-------- Original-Nachricht --------
An 27. Feb. 2018, 22:41, schrieb:
> Do the Qubes devs recommend a specific
> payload to use with coreboot and
> Qubes 4?
> For those who are using coreboot with the
> Qubes 4 release candidates,
> what payload are you using?
Are you running Qubes in a Dual Boot configuration or as the single Operating System (which would be the better option regarding security)?
I was running Qubes OS and Windows in a dual boot setup as I needed Windows 10 ony corporate laptop (unfortunately).
Thereof I was using Coreboot with SeaBIOS in order to be able to boot Qubes and Windows.
Unfortunately I had issues with standby/resume and decided to run Qubes as primary OS removing windows.
To access Windows I am now using a "my-work" Qube which has Cisco AnyConnect and VMware Horizon View Client installed to access my windows 10 virtual desktop or network shares.
Thereof I think I don't need SeaBIOS anymore and will reflash with a Coreboot without SeaBIOS.
I am also interested in some recommendations for an optimized Coreboot Config, maybe also some shared config files.
[799]
-------- Original-Nachricht --------
An 27. Feb. 2018, 22:41, schrieb:
> Do the Qubes devs recommend a specific
> payload to use with coreboot and
> Qubes 4?
> For those who are using coreboot with the
> Qubes 4 release candidates,
> what payload are you using?
I was running Qubes OS and Windows in a dual boot setup as I needed Windows 10 ony corporate laptop (unfortunately).
Thereof I was using Coreboot with SeaBIOS in order to be able to boot Qubes and Windows.
Unfortunately I had issues with standby/resume and decided to run Qubes as primary OS removing windows.
To access Windows I am now using a "my-work" Qube which has Cisco AnyConnect and VMware Horizon View Client installed to access my windows 10 virtual desktop or network shares.
Thereof I think I don't need SeaBIOS anymore and will reflash with a Coreboot without SeaBIOS.
I am also interested in some recommendations for an optimized Coreboot Config, maybe also some shared config files.
[799]
qube...@go-bailey.com
Feb 27, 2018, 5:03:15 PM2/27/18
to qubes...@googlegroups.com, [799]
I'm using Qubes OS as the sole OS on the system.
MirrorWay
Feb 27, 2018, 5:22:12 PM2/27/18
to qubes...@googlegroups.com
coreboot+seabiospayload - I can use to install, boot Qubes 4.
coreboot+grubpayload - I can't get the installer to run, but it boots an already-installed Qubes 4.
if you run MECleaner, you might want to blacklist mei and mei_me to get rid of some error messages / speed up boot.
coreboot+grubpayload - I can't get the installer to run, but it boots an already-installed Qubes 4.
if you run MECleaner, you might want to blacklist mei and mei_me to get rid of some error messages / speed up boot.
qube...@go-bailey.com
Feb 28, 2018, 8:07:33 AM2/28/18
to qubes...@googlegroups.com
MirrorWay:
Thank you. Very helpful to know.
Thank you. Very helpful to know.
stevens...@gmail.com
Mar 1, 2018, 2:30:29 AM3/1/18
to qubes-users
I use Coreboot + SeaBIOS with Qubes 4, and it works perfectly on a Thinkpad x230.
qube...@go-bailey.com
Mar 1, 2018, 8:11:37 AM3/1/18
to qubes...@googlegroups.com
Steven:
Thank you. Very helpful to have another data point about SeaBIOS.
Thank you. Very helpful to have another data point about SeaBIOS.
Jo
Mar 1, 2018, 8:46:33 AM3/1/18
to qube...@go-bailey.com, qubes-users
Hello,
Qubes rc4 works just fine with pretty much every Payload, so far grub,
Seabios Heads worked without any issues.If you strip down ME, you should
blacklist me / ime,
to speed up boot.
cheers
Qubes rc4 works just fine with pretty much every Payload, so far grub,
Seabios Heads worked without any issues.If you strip down ME, you should
blacklist me / ime,
to speed up boot.
cheers
[799]
Mar 1, 2018, 11:09:58 AM3/1/18
to adver...@seefelder-web.de, qube...@go-bailey.com, qubes...@googlegroups.com
Hello,
-------- Original-Nachricht --------
An 1. März 2018, 14:46, Jo schrieb:
> If you strip down ME, you should
> blacklist me / ime, to speed up boot.
I've read this within this thread sometimes, what exactly needs to be done here?
I have run ME_cleaner and when booting up there is a delay, can this be resolved by blacklisting something? If so where? What?
[799]
-------- Original-Nachricht --------
An 1. März 2018, 14:46, Jo schrieb:
> If you strip down ME, you should
> blacklist me / ime, to speed up boot.
I have run ME_cleaner and when booting up there is a delay, can this be resolved by blacklisting something? If so where? What?
[799]
MirrorWay
Mar 1, 2018, 12:15:51 PM3/1/18
to qubes...@googlegroups.com
First, grep through dmesg to look for errors related to probing for me or mei.
If you find some, then try blacklisting Intel ME-related kernel modules:
In /etc/modprobe.d, create a new file called e.g. blacklist-me.conf, and put in there
blacklist mei
blacklist mei_me
MirrorWay
Mar 1, 2018, 12:24:13 PM3/1/18
to qubes...@googlegroups.com
Another coreboot-specific tweak - if you are using a SeaBIOS-generated vbios, it lacks some vbios functionality expected by some bootloaders, so you may want to set GRUB_TERMINAL_OUTPUT="console" (instead of gfxterm) in /etc/default/grub. [1]
[1]https://www.coreboot.org/SeaBIOS
[1]https://www.coreboot.org/SeaBIOS
[799]
Mar 1, 2018, 1:25:17 PM3/1/18
to qubes...@googlegroups.com
Hello,
-------- Original-Nachricht --------Ok, I understand that you guys were speaking about blacklisting within the Operating System.
I thought that you are using a blacklist to do something to the Coreboot config.
Strangely my X230 has something like a 10sec delay, when I got the start button and I am running coreboot Bios.
After this delay the boot up is fast, no delay even without blacklisting something within the main OS.
[799]
-------- Original-Nachricht --------
I thought that you are using a blacklist to do something to the Coreboot config.
Strangely my X230 has something like a 10sec delay, when I got the start button and I am running coreboot Bios.
After this delay the boot up is fast, no delay even without blacklisting something within the main OS.
[799]
Alex Dubois
Mar 1, 2018, 2:51:04 PM3/1/18
to qubes-users
Any good how-to/doc you would recommend. I'm on a Lenovo T430 and might give coreboot a try...
stevens...@gmail.com
Mar 1, 2018, 3:14:03 PM3/1/18
to qubes-users
Here are some of the guides I used. They're for the x230, but the x230 is similar enough to the t430 that a lot of stuff should be the same or similar. YMMV, though, as I'm currently struggling to get coreboot working on my T530
A video fully explaining coreboot for an x230:
https://vimeo.com/177951809
The coreboot wiki is the best resource, though it seems to be down as of this post.
https://www.coreboot.org/Board:lenovo/x230
This guide looks fairly informative for the T430:
https://github.com/sellerie98/Coreboot-ThinkPad-T430/wiki/Procedure
I strongly recommend buying a CH341A, some short jumper wires, and a pomona SOIC8 (5250) clip for this. A raspberry pi will work for flashing, but in my experience it is slow, and in some cases very unreliable, which could mean the difference between a laptop and a brick.
Tim W
Mar 1, 2018, 3:49:37 PM3/1/18
to qubes-users
If your having iasues installing via petitboot here is a link to ibms specific instructions for petitboot and fedora redhat as well
https://www.ibm.com/support/knowledgecenter/en/linuxonibm/liabw/liabwinstallusb.htm
qube...@go-bailey.com
Mar 1, 2018, 7:30:02 PM3/1/18
to qubes...@googlegroups.com
Thanks all for the additional feedback about working payloads.
Tim, thanks. I used some similar guides to try some different configs
when I was attempting with petitboot. As best I could tell the issue
wasn't so much with fedora per se but with getting it to boot with
fedora and xen. I was able to get it to boot partially but never all the
way through.
Based on the comments in this thread though, am going to try SeaBIOS.
Tim, thanks. I used some similar guides to try some different configs
when I was attempting with petitboot. As best I could tell the issue
wasn't so much with fedora per se but with getting it to boot with
fedora and xen. I was able to get it to boot partially but never all the
way through.
Based on the comments in this thread though, am going to try SeaBIOS.
Tim W
Mar 2, 2018, 12:54:21 AM3/2/18
to qubes-users
sounds good when in doubt go with whats proven to work. Too bad as petitboot has nice features
Tai...@gmx.com
Mar 2, 2018, 5:34:19 PM3/2/18
to qubes...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages