Libreboot version 20160818 released

Libreboot version 20160818 released

The new version of Librebot was just released which brings new hardware compatibility and tons of great improvements. I am excited to update my Lenovo x200s and will make sure to update this post with a quick overview of my experience.

This is one of features that really popped out for me:

256MiB VRAM allocated on GM45 (X200, T400, T500, R400) instead of 32MiB. This is an improvement over both Lenovo BIOS and Libreboot 20150518, allowing video decoding at 1080p to be smoother. (thanks Arthur Heymans) To clarify, GM45 video performance in libreboot 20160818 is better than on the original BIOS and the previous libreboot release.

They also improved battery life across multiple models.

You can read all the changes here and download the software from their website.

Update, 8-22-16

The upgrade was really straight forward and worked great on my x200s. Anyone who has already flashed a laptop will already know everything they need to upgrade.

The guide can be found here. Make sure to merge your MAC address into the rom before upgrading.


Update, 9-15-16

A bugfix version, 20160907, was released on 2016-09-07. It does not contain any board changes, but make sure to use the latest one while upgrading.

FAILED at 0x00000000! Expected=0xff, Found=0x00

FAILED at 0x00000000! Expected=0xff, Found=0x00

I spent the last couple days pulling my hair out trying to figure out why flashrom kept failing to flash my Lenovo x220 with coreboot. I was able to get a successful backup of my firmware after shortening the cables, but for some reason writing and image kept failing. When running the command the chip would randomly not be found or sometimes acted like it disconnected during the operation. At this point my laptop was bricked and I was having trouble finding anyone else on the internet having the same problem.

I am using the BeagleBone Black as a SPI flasher and it has been successful in the past with my Lenovo x200s. The flash chip was powered with 3.3V from a cheap breadboard power supply. The Libreboot project provides a really nice guide and some troubleshooting tips.
Screenshot from 2016-08-15 13-10-26
I was suspicious that the power supply wasn’t supplying a stable 3.3V so I ordered an expensive Sparkfun model and a Teensy 3.2 as a good backup plan.

After receiving my order, the off brand and Sparkfun breadboard power supplies did show any positive improvements to my problem. However, pulling 3.3 voltage from the Teensy did. I was able to flash and boot my laptop. I believe my main issue was the fact that voltage was not stable or high enough to properly flash the chip. The chart below shows the measured voltage outputs using a decent multimeter:

5V – 2A 9V – 650mA 12V – 1A (Linksys) USB
Black 2.835v 3.256v 3.306v
White 3.248v 3.249v 3.250v
Red(Sparkfun) 3.278v 3.277v 3.278v
Teensy 3.289v

This chart makes me think that my original method using the black breadboard power supply and the Linksys wall adapter should have worked. However, I am not sure how to measure voltage under draw and maybe it dropped to low when the write started. I also did not test all of the above options for flashing. It is important to note how much the power supplies are affected by different power adapters.


My theory is that I did not have problems flashing my x200s because the flash chip was older and smaller which required less voltage to write. Reading a chip might also require less voltage which is how I got a good backup and was able to build my coreboot image. I do not pretend to be an expert in electronics so please correct me in the comments if you have a better idea than me. I am just trying to provide my findings to hopefully help another person.

Next time my flash is failing the first thing I will do is pull out a multimeter and double check the voltage.

Edit (8-2-2017): I found out that a 5v adapter and the USB connection on the BeagleBone Black makes the built-in 3.3V pinout work just fine. I saw this in some other documentation recently and I am not sure if it is new or if I overlooked it before.


Dumping Comodo for Let’s Encrypt

Dumping Comodo for Let’s Encrypt

I have been trying to support the open source and free software communities more over the past couple years. Linux has become a big part of my job and I use free software every day instead of Windows. I was especially excited about Let’s Encrypt because they provide anyone a free and trusted certificate at zero cost. Since Let’s Encrypt became available to the public, it has issued more than five million certificates [1].

In the past Comodo has made some questionable decisions and most recently they tried to steal the Let’s Encrypt trademark. I imagine Comodo saw Let’s Encrypt as a threat and damaging to their business of selling certificates. Thankfully Let’s Encrypt reached out to the community and we spoke out. Long story short, Comodo backed off and removed their trademark requests. I assume most people may already know about it, but you can read a summary here.

After I saw the response from Comodo’s CEO, Melih, I contacted Namecheap who resells Comodo certificates. Melih is clearly confused and does not understand the difference between giving customers a 90-day free trial and giving certs away for free and forever. Amazingly, as of July 23, 2016, Comodo has not pulled down the forum post from their CEO [2], but I uploaded a backup screen shot here just in case. After this shady move, Namecheap said they appreciate the current partnership. So now it is time for me to personally stop supporting Comodo and switch to Let’s Encrypt.



The Best CPU Cooler – Period

The Best CPU Cooler – Period

I recently built a tower server to provide room for a nice GPU. I had most of the parts already because I was pulling them from a rack mount server chassis, but I knew that regular heat sinks would not be sufficient. I then discovered, the hard way, that the Cooler Master 212 EVO does not fit on server LGA1366. The screws were not able to thread into the Xeon backplate. The Cooler Master used to be my go to cooler for desktop applications. After the Cooler Masters were returned, I ordered a set of Intel Server/Workstation coolers because I knew they would be compatible. They did a decent job, but had an unbearable loud whine to them. I keep my servers in the spare bedroom next to mine and you could just hear the things screaming away through the door/walls.

After I little more research I settled on spending more money and ordering two Noctua i4 CPU Coolers. Their website clearly shows they are compatible with the LGA1366 socket and Xeon backplate. There were also some good reviews from people online saying these fans were quiet and worked well. The only bad reviews were the ones where people did not realized they were shipped a server CPU cooler and had to order the motherboard backplate separately.

Read More Read More

Proxy Plex through Apache on Debian

Proxy Plex through Apache on Debian

I have used Plex on and off for a while. After spending some time away from home I decided to get the software set up again. Plex makes it easy for less technical people, but it feels like some control is removed from advanced users. My first pet peeve was that there is not a great way to change the port or URL. You are stuck with something that looks like Second, to enable TLS they recommend you configure Remote Access. Remote Access will allow you to log into their protected website and it will direct you to the server. It is magic, but you loose the ability to use your own domain name.

I have been using Apache proxies at work for a few projects and wanted to setup the same thing for Plex. It turns out Matt Coneybeare decided to do this in 2013. Matt’s walk through is really good and you can find it here. I wanted to take it a step further and configure https/redirection.

Read More Read More

Libreboot X200s Flashchip Replacement

Libreboot X200s Flashchip Replacement

In my first Libreboot post I talked about how awesome the project is and how I decided to order a Lenovo X200s on eBay to give it a try. While reading the documentation they talk about how the X200s using a WSON flash chip instead of a SOIC chip that the other laptops use. The downside to this is that they do not have a clip on programmer and it requires you solder directly to the pins. The author includes a note that you might be able to replace the chip with the one that comes in the X201.

For 8MiB capacity in this case, the X201 SOIC-8 flash chip (Macronix 25L6445E) might work.

Honestly this is not really a problem but I saw an opportunity to possibly help someone else and the project by giving this a try. If you were to brick the firmware after your initial flash you would have to open everything up and solder the board again. I ordered the two parts on Digikey: 1092-1065-ND for the recommended SOIC flash chip and 923655-08-ND for the test clip. It looks like you can get cheaper test clips online but I stuck with ordering from a single source.

The Process

The first step was to tear the laptop apart so I could easily get to the flash chip on the bottom. After that I wanted to carefully remove the original WSON package so if things do not work out I will be able to put it back on and not destroy the laptop. If you are new to soldering I would not recommend you try this project. The actually process of removing the WSON chip was a lot harder than I expected. You need to be careful not to get the chip and the board too hot. In the middle under the chip there is solder that needs to be heated up as well as the pins.



I decided to abandon the process because it was much more difficult to remove the chip than it was to solder wires to it. If I had a hot air rework station and more experience this would have been possible without destroying the board.

I was also able to successfully flash the chip before it was connected to the motherboard. I actually grounded pins 3 and 7 during the flash process instead of hooking them up to 3.3V.

I think I will save my extra chips to see if I can replace the 4MBit ones that are on the Gigabyte motherboard I just got off eBay… article coming soon.


pfSense Firewall Upgrade

pfSense Firewall Upgrade

Recently I shutdown my 1U servers and decided to move them into the spare bedroom. To my surprise they were making less noise than I originally thought. A lot of the noise was coming from the pfSense firewall I recently replaced my ASA with. The server is an atom board with passive cooling mounted in an older Supermicro case.  All of the noise was being generated by the 200 watt power supply.

I did some bad calculations to determine how many watts the system was currently using then started researching some ways to quite down the power supply. There were a couple people online that swapped the power supply out with a similar unit but I did not think that would be enough. I knew there were fanless power supplies but did not know much about them. They are called PicoPSU and come in various wattage outputs but most of them are designed for larger cases and need at least 1.5U.

The lower wattage PicoPSU is supposed to fit a 1U case. They make these power supplies so small by moving the AC to DC conversion to a power brick like a laptop. I ordered the PicoPSU-120 + 102W Adapter Power Kit for $52 online and hoped it would be enough. It was difficult to find how much power would be used by the POE Gigabyte ethernet adapter that I installed to power my access points but I was able to borrow a Kill A Watt from a friend and got a good reading… although I will admit this was a day or two after I placed my order.


End Results

When I was planning the project I originally planned on removing the old power supply and fabricating a bracket to hold the power adapter. Once I got the server apart again and was looking at the back I decided that was a lot more trouble then it was worth. I also thought it might be nice to leave the old power supply in place for a manual fail over backup. I plugged the PicoPSU in and wired everything then decided to drill a 5/16th hole into the PCI bracket. This held the power adapter very nicely and looked cleaned.

The new setup works great. It is now impossible to tell if the firewall is running or not without taking a look or hoping online.



Why I Disabled Google Analytics

Why I Disabled Google Analytics

I decided to disable Google Analytics on my site and delete my account. I have also begun cleaning up other accounts I have online.

While it is kind of cool to look at the traffic and see things increase over time I also understand not everyone wants to be tracked. There has been an increasing call for security and privacy when using the internet. Personally I run Privacy Badger which is developed with the EFF. This browser plug-in can prevent sites from tracking you.

An example of tracking could be a website using your cookie information to see what other websites you or your web browser have been visiting. If a user is shopping online a website may be able to get an insight into the products you are looking to buy and how you are searching for them.

This is very hard to detect as an internet user. However, I ran into one example that is easy to see. While I was shopping at a popular geek website and thinking about buying a product I added it to my shopping cart. It is important to know that I have never shopped there before and did not have an account. I left the website without buying the product or creating an account. Amazingly the next day I received an email offering a 10% discount for the product I had left in my shopping cart. The online store stole cookie information from my Gmail account in order to be “super helpful” and offer me a discount if I returned.

Now, you might be thinking well that is a nice and reasonable way to benefit their customers and for the most part I would agree. Privacy Badger allows you to white list domains if you wanted to use their tracking features. Without the plug-in and privacy conscious browsers there are so many other malicious ways this data could be used.

CISPA, which has been known by other names, has been repeatedly spoken out against by the American people. It is pretty much a surveillance bill that will let companies share your information in the name of security. Unfortunately with the year end budget package a technology bill was tossed into the mix and my understanding is many people considered this a must pass “Omnibus” package. The EFF does a much better job than I can explaining the bill but I am going to take steps to protect my privacy because of it. Those steps may include switches services and in this case to stop storing data.

More information here:

Installing Debian on a Libreboot X200s

Installing Debian on a Libreboot X200s

The Libreboot documentation located here provides some really good information for helping you installing your Linux distro. Before I flashed my laptop I had installed Ubuntu to test everything and make sure it worked well. After I finished flashing it I tested various things like sleep and booting from my tails USB drive. Next it was time to install Debian on the primary hard drive.

Booting ISOLINUX images (manual method)

For whatever reason my tails flash drive booted with no problems using Parse ISOLINUX menu (USB) but the Debian flash drive only loaded the background and would not boot. After looking again at the documentation I found the manual method.

These are the commands I had to run for my Debian 8.2 AMD64 USB drive:

cat (usb0,msdos1)/isolinux/txt.cfg

set root=’usb0,msdos1′
linux /install.amd/vmlinuz vga=788
initrd /install.amd/initrd.gz


I used an encrypted LVM partition layout during the installation. An interesting thing about Libreboot is it uses a GRUB payload built into the firmware. Therefore when you tell your installation to setup the GRUB boot record that information is basically ignored.

Again… they have more information to help you through this! 

I have been pretty impressed by their documentation and it has had information about all the things I have run into along the way. Of course it is not specific information regarding my linux distribution but it is fairly easy to figure out from what they have provided and then people like me can publish stuff for those who are a little newer to linux.

Search for GRUB configuration (grub.cfg) outside of CBFS

This option worked for me to boot Debian. At first I had planned on updating the GRUB payload in the firmware. I started working on that process and later decided it was a lot of hassle. For one, if I decide to update to a newer Libreboot release I will have to do this over again along with switching out the MAC address. Two, if I decide to install another Operating System the configurations may not match.

Another option was to add a symlink called libreboot_grub.cfg which points to the installed grub.cfg. It is important for this to be a symlink instead of a copy because this file can change during upgrades.

$ cd /boot/grub/
$ ln -s grub.cfg libreboot_grub.cfg

This is what I ended up doing. Simple, quick, effective.

Building my own Tastic RFID Thief, Part 2

Building my own Tastic RFID Thief, Part 2

I received my printed circuit boards and wrapped up my Tastic RFID Thief and wrote a review on the ordering process from OSH Park. I started soldering on the components and things fit well. If I were doing the project over again I would have ordered a socket to solder to the board instead of soldering the Arduino Nano directly although I am not sure if that would make it too tall.


I did not take as many pictures as I could have but I wanted to avoid modifying the HID case as much as possible. I ended up drilling out the hole in the back to fit a small switch and wired up the batteries in a series. They are secured using thick 3M double sided tape. I had a small issue with the tape coming loose so I used some sand paper to rough up the surfaces.