Corebooting The Last Great ThinkPad

本站收录: 2026-05-22

[00:00:00]The T480 ThinkPad's reputation as the last great ThinkPad is welld deserved.

[00:00:05]But it's not just the hardware upgradability and durability of this laptop which makes it so special. It's also one of the most modern systems and the last in the ThinkPad line at the time of recording that is supported by the Core Boot project. Now Core Boot, if you're not aware, is a free and open-source BIOS alternative. So, if you're familiar with the basic input output system or on more modern systems, we've got the unified extensible firmware interface. Basically, when you turn on your laptop or your computer, it needs to initialize the RAM and the CPU, and it needs to hand off once everything's ready to the operating system, whether that's Mac OS or Windows or GNO Linux. The problem is that this firmware is not open source. We can't audit this code. And Intel includes a thing called the Intel management engine. Consider it an additional operating system with its own RAM, its own architecture, and all existing outside of the context of your operating system. As long as there's power going to your laptop or to your computer, then the Intel management engine could be active. And we actually don't know specifically what it does because we cannot audit the code. Now, there's also been security vulnerabilities associated with the Intel Management Engine. And Intel would argue that the Intel Management Engine is great for its corporate clients because they can remotely wipe machines and they can control these machines remotely. But for us as users, this is the last thing that we want. We want to have full control.

[00:01:40]We want to have freedom and we want to have privacy. And so in this tutorial, I'm going to be showing you how you can install core boot onto your T480 ThinkPad. Now, you could go down the path of using Libre Boot. And Libre Boot is a distribution of core boot. There's nothing wrong with Libre Boot. In fact, it's a wonderful project. You can check out my video specifically on Libre Boot.

[00:02:06]The thing is that Libre Boot by default, it ships with the C BIOS Grub payload.

[00:02:12]Now, just to clarify what I mean by the payload, Corbin's job is to initialize the RAM, to wake up the CPU, to get all of the peripherals working, and then to hand it off. Now, the user interface is what's referred to as the payload. So, in the case of Libre Boot, it's very simple BIOS, but on more modern systems, we have UFI options.

[00:02:37]In my case, I want to use the laptop that we're going to be working on today as a home server. And I want additional options. For example, I want to have things like secure boots and I want to enroll my keys. I also want to, for example, have power on when we have the AC adapter. Then you could have all of these options within Libre Boot. You just have to build it, a custom build.

[00:03:02]But it's nice to have a menu. And we can thank an open- source contributor, Mr. Chromebox for this UEFI menu under the payload which is referred to as EDK2.

[00:03:14]So in this tutorial I'm going to be packaging the core boot distribution with the EDK2 payload and this will give us that menu setup and a bunch of other firmware configuration options when we boot our machine. Now, it's important to note that we can't actually do away entirely with the Intel management engine or some other proprietary blobs.

[00:03:39]I'll explain that as we go through, but it is an important caveat. The T480 is a great machine and it's getting close to being free and open source with this project. However, if you need a truly free and open source laptop, you're going to have to go back a number of generations to something like the X200 where there are no proprietary blobs and the Intel management engine has been fully removed. But like anything with security, there's always a balance. With that being said, let's get into the tutorial. Now, everything's documented in GitHub. I've put everything into a Docker file, so it's containerized.

[00:04:17]It'll work on any system. And the only dependency that you have on your local machine is Docker or in my case I'm going to be using Podman. The only reason I'm using Podman is because Podman is a little bit nicer. It is rootless by default. It also doesn't have a constantly running Damon and it's a drop-in replacement for Docker. So all the commands are the same. So you can use Docker or you can use Podman. It doesn't really matter. The point is that we've got a container that is going to have all the dependencies, everything installed in it. And therefore, you don't have to mess around with your local system installing certain things that you need to worry about later about downgrading or upgrading or removing. In order to follow along, you're going to need a few items. You're going to need another laptop running Linux or Mac OS so that you can run the commands. You're also going to need a USB. If you need to downgrade your BIOS specifically to version 1.52, check the bias version that is on your machine. If you need to downgrade, just check out the link to the GitHub where there's instructions on how to do that.

[00:05:28]And you also need a programmer. Now, the one that I'm using is the CH341A serial peripheral interface programmer.

[00:05:38]Okay. So, with that being said, the first thing that we're going to do is we are going to clone the repository. So, I'm going to grab this and I'm going to head over to my terminal and I'm going to clone the repository. Okay. So, I'm in my home directory on my machine. I'm just going to say get clone. And here I'm just going to clone the repository.

[00:05:58]Now, I've already got it, but just go ahead and clone it. And then we're going to go into the repository. Okay. So, we are in the freshly cloned repository.

[00:06:07]And the first thing that we want to do is we just want to make some directories. So, I'm going to say mkdir.

[00:06:13]And we're going to make a few directories. One's going to be called libre boots. Then, we're going to have one called OEM. And then we're going to have one called ROMs.

[00:06:22]Now, in my case, they've already been created, but go ahead and create these.

[00:06:27]The first thing that we need to do is we need to grab the ROM for Libre Boot.

[00:06:32]Now, I mentioned that we're using Core Boot and not Libre Boot, but I misled you a little bit. What we're actually doing is we're leveraging the Libre Boot make LBMK tool chain because they do a lot of great work when it comes to the Intel management engine. They've really refined the neutering of it or the truncating of it. And so, I'm going to be leveraging all their work there with the Intel Management Engine. Then later, I'm going to package the EDK2 open- source UEFI payload. We're going to package them together. So, I still need to get the ROM for the Libre Boot T480. And so, I'm going to go and have a look at their site. So, I'm in libreo.org/d download.html.

[00:07:19]And I'm going to just scroll down to the https mirrors. I'm going to choose the first one. And I'm going to go to stable. Then I'm going to go to 26.01 rev1.

[00:07:31]I'm going to go to ROMs. And in here, what you need to do, you just need to search for the T480.

[00:07:37]Don't get confused with the T480S, although the steps in this tutorial likely work with it as well. But just download this. And where I need you to save this is into the T480_core boot repository that we just cloned and then into the Libre Boot directory that we just created. So go ahead and save that. Okay. And so I'm back into the repository. If we ls our Libre boot, just want to make sure that you have this file there. This libreoot 2601T480.tar.exz.

[00:08:16]XZ. It's important just keep that name and then we can move on to the next step.

[00:08:28]Okay, so the T480 is pretty easy to get into. Just make sure that you unscrew each of the corners and then these two screws here. Then I'm just going to remove the battery and we're just going to lift it off. Okay. Now, the chip that we're going to be working with is right here.

[00:08:53]So, we can see that we got the RAM here and then the chip is right here. Now, if you've got the internal battery connected, just make sure that you disconnect it and then also disconnect the CMOS battery. And now we're in a position where we're ready to attach the clip. Now, I'm not sure if you can see it here, but there's in this corner, there's a little dot on the chip. Okay, so on the programmer, we got this red wire. This red wire needs to line up with that small dot on the chip. So, what I'm going to do, I'm going to attach it.

[00:09:30]Okay? And only once it's attached, then you can connect it into your other laptop.

[00:09:39]And if it's connected, you should see these two red dots on the programmer.

[00:09:44]And so now I'm going to head back to the machine. So the programmer is connected to the target device. And so we're going to we would say cd and I'm going to go to the OEM directory. I created this directory just so we have a safe place to keep a copy of the original BIOS that is on the chip because we want to take an image of the firmware which came from factory in case something goes wrong or we need to restore it. And so what I'm going to do I'm going to use a program called flash. So you can install this with sudo pacman- s flash. Now I've already got it installed. Go and install it for your system. And then once we've got it installed, what we need to do is we need to run the command. So I'm going to say flash ROM. And I'm going to indicate the type of programmer that we've got. So in my case, the programmer is going to be a ch 341A SPI. and we're going to read the contents of the file and we're going to put it into a file called T480 image.

[00:10:52]Now, if you get an error like this, it means that the programmer is not sufficiently connected or the connection is not clean. So, I'm just going to go and shift it. All right. And now this time it's got a connection. So, we're going to run it. Okay. in. So once you've read it and it'll say that it's completed, what I want you to do, I want you to hit up on the keyboard. And then I'm just going to say we'll call this diff. What I want to do, I just want to read it again into a new file. And then when it's done, we're just going to diff the two. And as long as there's no difference in the output, we know that the reads were clean. We got the same output on both reads, and we can proceed to the next step. Okay. And so once it's done, we just need to run the diff command. So I'm just going to say diff t480 image and then diff do image and we got no output. So we know that we're safe to proceed. I'm just going to remove that diff now with the T481. Just keep it in a safe place in case in the future you need to restore the image. Okay. And so I'm going to cd back one directory and I'm going to clear the screen. Now we're ready to have a look at the Docker file and also the configuration options. So I'm going to use them. I'm just going to have a look into the Docker file. All that's going on here is I'm just creating a container and I'm building in two stages. So what's happening is we're getting a reliable container environment using Debian Bookworm. We know that's a stable version. And so by putting it in a container, I know that it's not going to mess up my local system. I don't have to mess around with dependencies and that kind of thing, downgrading, upgrading dependencies. And the first container, its job is to do all the Libre boot configuration. Okay, so just having a look at the Libre boot builder section, it requires a MAC address. And the way to get the MAC address, you've got to run this IP link show. And then you need to get the MAC address specific to your Ethernet. And that's the MAC address which we're going to inject when we run this container when we build the container. Next, we've just got some environment variables and also some packages that I'm installing for this Debian image. And I'm going to create a user builder. Then what I'm going to do, I'm going to clone the Libre Boot LBMK, the Libre Boot make repository. This is the tool chain that we're using in order to get the Libre Boot Intel Management Engine. Okay. So, we're going to copy in that Libre Boot ROM here on this line that we downloaded earlier. And then what we're going to do, we're just going to set some configuration for Git because otherwise this actually fails.

[00:13:46]Libri boot requires there is a user and a email for the get user and so I just put some mock items in there but most importantly we're going to run this libre boot make inject and we're going to inject the ROMs and we're going to set the MAC address. Then finally we're going to package that all up and the first stage of this container is completed. Now the next stage is the actual step where we do core boot and we inject the EDK2 free and open source UEFI payload that I've mentioned previously. So there's a lot more dependencies here but it's the same principle. We're just installing the dependencies and then we're going to add a user and then we're going to initialize and clone the core boot repository. And I've pinned it to a specific commit so that you know that will work on your system.

[00:14:44]And I've added a few options here like for example restore AC power after loss and also turning the Intel management engine off by default. Now if I go to my menu here, I'm going to come down. I'm going to go to def config. When you build core boot, we've got a default and these are the options that I want to pass to core boot to the builder. For example, they're pretty standard, but we have the vendor is obviously Lenovo.

[00:15:15]Then I'm telling it the board. Okay. And so we've got these binaries. And I mentioned that in the case of the T480, it's not fully free and open source.

[00:15:23]There's a lot of energy and engineering expertise that goes into reverse engineering this system. And it does need to rely on proprietary code or blobs in order to run. So it's not completely free in open source. But it's important to understand what these are. Now the first one is the Intel flash descriptor. The flash chip is divided into regions. Okay? And this is a header. This IFD Intel flash descriptor in the name kind of gives it away. It describes where the certain partitions are or where the data lies on the chip. So for example, you've got the Intel management engine region on the chip. Then you've got the BIOS region and you've also got the GBE. And so this is just a small piece of information, a header that tells us or it tells the system the regions where all of these are stored on the chip that we're flashing to. The next one is obviously extremely important. ME here stands for the management engine. And this is what we've obtained from that step with Libre boot. And we are basically getting a truncated or a neuted version of the Intel management engine binary here. And we're going to be passing that in as the config management engine binary. Like I mentioned, it's not completely removed.

[00:16:50]It still has to run at boot but a lot of it has been truncated. It has been removed. The final one is the GBE firmware. So this is the Ethernet firmware and just similarly it's a binary with proprietary code. It's a blob which is required for the Ethernet.

[00:17:09]We also got this from Libre Boot because it has the MAC address injected into it at build time. This is all going to make sense once we invoke the container and we build it. But I just want to explain everything step by step. Okay. And so now we've just got a number of options to tell core boot that we've got all this. We also want to say that we want to use the EDK2 payload. Next, I'm going to have a custom splash image. If we go here into our file into the repository, we can see that we've got this splash.png. I'll put it on the screen. And we just need to convert that into BMP. So, if you just want to use the core boot default, just remove this and it will go ahead and it'll it'll fix that for you. Otherwise, you can use the one just the ThinkPad logo that I've got on the screen. All right. And then we've got some additional information around the power state after failure and the product name and so forth. Finally, this CBFS size is required because the Libre boot changes to the management engine made it much smaller. And so then we just have to stipulate that. All right.

[00:18:23]Okay. And so once we're confident with that, we now understand that all of this line does 122 is it's going to add the power on after failure. So that was an important thing for me when I was doing this. I really wanted to have an option in the UEFI menu which allowed for power on after failure. And then we've also got this Intel management engine disabled. Now in this next section, what it does, like I mentioned, is it goes into the Libre boot ROM. and it grabs that Libre boot ROM that we've copied across from the first stage in this container and it's going to copy in the Intel flash descriptor and also the management engine binary and the GBE binary for the Ethernet. And we know that we're all good to go now. Then it's going to load the configuration that we just discussed a moment ago. And then this is the part that's going to take a while. We're actually going to make depending on how many cores your CPU has, this will go and actually build crossgc and then finally it's going to build core boot. Okay. And so this is going to take a little bit of time, but it's just important that you understand how this docker file works. So I'm going to quit out of everything now and everything's ready. Now, like I mentioned, you need to run the command IP link show and grab the MAC address, which is going to look something similar to this on the screen.

[00:19:55]And we're going to now run this. So, I'm going to use Podman instead of Docker as I mentioned before. I'm just going to install that. If you don't have it installed, you can install with Pac-Man s Podman. Now, the command looks like this. It's basically just build and then we're going to pass a build argument which is the MAC address. I'm just going to call this core boot libreoot T480.

[00:20:19]And so I'm going to go ahead. I'm going to build this. Okay. And so if you haven't built it yet before, it's going to take a little bit of time, but in my case, I'd already done it. It probably take about 20 25 minutes depending on the power of your machine. And now when it's done, it's going to say that you can run this command here. And it's important that we understand the command. I'm just going to copy it. It's also in the readme.

[00:20:47]All right. And so what this command says is it says we're going to use podman and we're going to run that container that we just did and we're going to remove it when we're done. Basically, what we want to do is we want to mount that ROMs directory that we created earlier. So if we ls in here, we see that we had the OEM, the Libre boot, and also the ROMs directory.

[00:21:11]So we're going to mount that to the container. And then as the root user, we want to copy the core boot ROM into the out directory, which is the temporarily mounted ROMs directory. Okay. And so I've run the command, and now if I ls in that ROMs directory, we're going to see this core boot ROM. So we're now ready to flash this ROM to the target machine.

[00:21:36]Now the command similar to the earlier one where you're going to use flash ROM again. We're going to indicate the kind of programmer that we're using the CH341A in my case and then we're going to write the ROMs core boot ROM. So let's go ahead and do that. Okay. Now once you've got verified it's time to go and remove the clip from the machine. Okay. Okay.

[00:21:59]And so I'm going to remove the USB connection first and then the clip. You want to reconnect the CMOS battery. And if you've got an internal battery, you can go ahead and connect it.

[00:22:20]Okay. And so now for the moment of truth. Now recall that we wanted it to power on AC and I set the option to yes for that already. So I'm going to connect it.

[00:22:36]Okay. And so you can see the custom splash image. And now in a moment it's going to say escape. All right. And so we've got this custom boot menu. And we can go and have a look at the boot menu.

[00:22:50]For example, we can have a look at the boot manager and change the boot order and everything. And we've got the system configuration. So, for example, we can now set it up with secure boot. We can also have a look at the platform setup.

[00:23:04]And in here, there's lots of options like swapping the function and the control key. And we've also got the ability to turn off the track point, for example, the trackpad. We importantly can enable or disable hyperthreading.

[00:23:19]Now, Libre Boot by default disables this for what they state are security purposes. And then importantly for me is the restore AC power after loss. So, I'm going to just exit out of here. And you can see that this is a fullyfledged open-source UEFI. And I'm going to reboot.

[00:23:46]Okay.

[00:23:48]and everything's working. I've got Kios installed on this. And so if you want to see a review and a post install guide for Quios, let me know in the comments.

[00:24:00]Otherwise, thanks very much for watching and I'll see you in the next one.