$ git clone https://review.coreboot.org/flashrom.git $ cd flashrom $ make $ ./flashrom -p internal -r my-darp5-flashrom-measured.flashrom # writing could be done with -w
darp5-UEFI-measured. | signature |
darp5-coreboot image 2019-12-31 | signature |
The coreboot image from 2019-12-31 is a known good one. If you flash coreboot firmware you need to reinstall your bootloader:
> xchroot /mnt > grub-install --target=coreboot-i386 /dev/sda
The sources were partially fetched via tor and partially via a VPN (use vpngate-extract from elstel.org). Compilation took place on a clean boot stick installation (https://www.elstel.org/
set pager=1 help ls (hd0) (hd0,1) (hd0,2) (hd1) (hd1,1) ls (hd0)/boot/grub/grub.cfg # use tab for input completion configfile (hd0)/boot/grub/grub.cfg
If the Intel ME has been enabled on your computer due to some accident you need to flash externally with a Raspberry Pi. Flashing the chip with an external controller requires a Raspberry Pi, the Pomona Clip Pinout wiring from the link below, jumper cables of type female-female and a SPI clip:
Libreboot: Pomona Clip Pinout wiringBefore you make your setup read the general description on how to flash externally.
Flashing with the Raspberry should then work as follows:
flashrom [-V] -p linux_spi:dev=/dev/spidev0.0,spispeed=20000 -c GD25Q128C -r my-darp5.flashromYou need the spispeed parameter which may at most be 20000 or 10000 if that should not work. Note that the chip may not be recognized at all if the spispeed is too high. At me flashing the darp5 has worked without external power (PSU). You may also want to disconnect the accumulator/
System76 also provides coreboot for the given machine (no official support):
$git clone https://github.com/system76/firmware-open $git checkout whl-u evtl.: $rm -rf apps/firmware-setup $git submodule update --init --recursive --checkouot $ find | grep rust-toolchain ./apps/firmware-setup/rust-toolchain ./rust-toolchain $./scripts/deps.sh $./scripts/build.sh darp5 use with flashrom: build/darp5/coreboot.rom
You may ask questions to Jeremy Soller who is known as jackpot51 on #coreboot and #flashrom or write an email to firmware@system76.com.
The good thing about many System76 notebooks is that the Intel ME (a security risk, intelligence service can log in via the ME) can be disabled also when using UEFI.
As far as now you know about the AP BIOS chip (Application Proecssor). However there is also a second flash chip on your board for the EC (embedded controller). This one contains proprietary software in case of a current System76 notebook. It is here for low level hardware control like the CPU fan. You may also want to backup the content of this chip in order to make sure that you have a backup if someone tampers your firmware maliciously. However flashrom guys have warned me from flashing this chip. As far as now I have only successfully tested to read it. You should only write it in case that something is damaged with your machine. Take care: Disconnect your AC power adapter (PSU) and at best also disconnect the battery. The danger about flashing this chip is that some components from the embedded controller could awake by powering them externally and then interfere with the flashing process. Make sure you have fixed the clip right before you boot your Raspberry Pi. Use the -c GD25Q10 parameter to avoid probing for the chip type. I have tried it with spispeed=10000 and I would not change that parameter either. The chip is directly to the left of the BIOS chip and it has “25D10BT” printed on it in the second line.
darp5-EC-noboot-USBM2SATA. | signature |
In case that your computer should be unusable due to a bad EC content you may try to flash the image from above (I have never tested to write this chip!). However this is no more a pristine copy of a Darter Pro 5 Embedded Controller content. It already appears to have been manipulated. Initially my machine booted USB SATA M.2 memory sticks well. However after tampering no more. SDCards can still be booted with an USB-SDCard adapter. You need to insert it in your USB2 slot since the darp5 currently does not boot from USB3. However booting USB M.2 sticks can be done well via USB3 by chocking the boot with an USB-SDCard where Grub is installed. Then simply press the [c]-key and enter configfile (hd0,77)/boot/grub/grub.cfg to boot from USB3.
general description: external BIOS flashing
visit www.elstel.org