g/thinkpad-coreboot-qubes
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Minor fixes

Browse Source
This commit is contained in:
Giulio 2018-03-27 20:14:27 +02:00
parent 50381a0018
commit 826e975d1d
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -5,13 +5,12 @@ This is not an easy: mistakes can lead to data loss or bricking of the laptop. O
# Qubes+Coreboot on Thinkpad X220 # Qubes+Coreboot on Thinkpad X220
## Prerequisites ## Prerequisites
* Thinkpad x220 (other models supported by coreboot may apply) * Thinkpad x220 (other models supported by coreboot may apply)
* Stock proprietary bios
* Pomona 5250 + RaspberryPI/BeagleBone black for hardware flashing * Pomona 5250 + RaspberryPI/BeagleBone black for hardware flashing
## Advantages: ## Advantages:
* Encrypted /boot * Encrypted /boot
* Less proprietary components in bios * Less proprietary components in bios
* Neutralized management engine * Neutralized Intel ME
* Evil Maid Attacks requires hardware flashing/partial disassembly * Evil Maid Attacks requires hardware flashing/partial disassembly
## Disadvantages: ## Disadvantages:
@ -491,7 +490,7 @@ sudo flashrom -p internal:laptop=force_I_want_a_brick -w coreboot.rom
## Encrypt /boot ## Encrypt /boot
From now on keep in mind that any error may cause data loss. Even not doing any error may cause data loss. Please make a full backup bedofre going on. From now on keep in mind that any error may cause data loss. Even not doing any error may cause data loss. Please make a full backup bedofre going on.
Boot a live archlinux or any other live distro which has cryptsetup, lvm and dd installed. In this part it is assumed the device with Qubes is `/dev/sda`. Boot a live archlinux or any other live distro which has `cryptsetup`, `lvm` and `dd` installed. In this part it is assumed the device with Qubes is `/dev/sda`.
``` ```
fdisk -l /dev/sda fdisk -l /dev/sda
@ -540,4 +539,5 @@ Reboot. You should now be prompted two times for your LUKS passphrase: this is b
# TODO # TODO
* Flash coreboot read-only to prevent tampering * Flash coreboot read-only to prevent tampering
* Add a script which symlink the latest kernel and the previous one in a predictable path in /boot * Add a script which symlink the latest kernel and the previous one in a predictable path in /boot
* Find a way to disable ExpressCard/Camera/Other components from coreboot * Find a way to disable ExpressCard/Camera/Other components from coreboot
* Test microcode updates for meltdown/spectre