Legacy and untested boards now considered untested until tested

[tlaurion]

EDIT:
The following boards configurations are now considered untested until tested and reported as being functional by board owners:

coreboot, built by CircleCI but untested (NEEDS IMMEDIATE TESTING!)

Will not be able to update that list forever, but pointing PR that were untested in the list below as this issue tracks untested boards.

**You can refer to master's list of boards containing UNTESTED_ ** :
https://github.com/osresearch/heads/tree/master/boards

As a general note, dgpu boards are less tested then igpu (standard) boards.

linuxboot (NOT built by CircleCI/NOT tested since NERF/Heads project diverged, back in 2020):

• UNTESTED_leopard
• UNTESTED_qemu-linuxboot
• UNTESTED_r630
• UNTESTED_s2600wf
• UNTESTED_tioga
• UNTESTED_winterfell

coreboot based, but not built by CircleCI because build toolchain incompatibilities/CircleCI having race condition which makes build fails

• UNTESTED_kgpe-d16_server
• UNTESTED_kgpe-d16_server-whiptail
• UNTESTED_kgpe-d16_workstation
• UNTESTED_kgpe-d16_workstation-usb_keyboard

Cannot be built by CircleCI (invalid ROM unless user adds ME/IFD/GBE manually: non-maximized board configs)

• UNTESTED_x220
• UNTESTED_t420

---

EDIT: t430-legacy and x230-legacy have been tested prior of #1398 being merged.
x220/t430/x230 boards ROMs not showing "maximized" on Heads main menu are "legacy" boards ROMs. Those boards have been renamed under boards/ to legacy counterpart in the last year to bit be mixed with legacy boards.

EDIT:

• t530-hotp-maximized t530-hotp-maximized-v0.2.0-1705-gedf200e.rom tested by @3hhh
• t530-maximized considered tested at the same time

Recent attempts bringing newer kernel version (5.10.5), gnupg 2.4 and newer flashrom tools (with reduction to only support newer flashrom with WP protection) is to be built for legacy boards/by lack of space in CBFS to add built payload into coreboot: https://app.circleci.com/pipelines/github/tlaurion/heads/1743/workflows/4d707277-dfdd-446f-82d9-ed241cd0842d

How many of you are still using non-maximized x230/t430/x220? That would be: not seeing maximized on main Heads prompt as seen in https://osresearch.net screenshot.

Please voice yourself.

---

Tagging per board owners of #692:

• x220 (xx20): @Thrilleratplay @BlackMaria @srgrint (This would be initial flashing without neutered ME and having IFD for BIOS augmented with freed space from ME)
• t430 (xx30): @Thrilleratplay @alexmaloteaux @lsafd @bwachter(iGPU) @shamen123 @eganonoa(iGPU) @nitrosimon @jans23 @icequbes1 (iGPU) @weyounsix (t430-dgpu) (That would be all Nitropad users shipped prior of firmware version 1.3 if I recall well)
• x230 (xx30): @tlaurion @osresearch @merge @jan23 @MrChromebox @shamen123 @eganonoa @bwachter @Thrilleratplay @jnscmns @doob85 (That would be all users of Nitropad shipped prior of version 1.3 if I recall well)

Heads users coming from other projects:
@n4ru: That would impact all your users coming from 1vyrain. (IFD unlock is not possible from 1vyrain)
@merge: That would be all your users coming from skulls without applying optional IFD unlock.
This touches the following board configs: x230-legacy, x220 (legacy) and t420 (legacy).

---

VALIDATION STEP: https://osresearch.net/Updating#locked-ifd-and-me

[merge]

I haven't used (or at least changed) a Heads installation in quite a while now. What exactly is the meaning of the issue? - I'm not entierly sure. Skulls users "usually" would unlock IFD, this is the default behaviour even - as I think ideally we want Heads to enable WP before booting an OS.

[tlaurion]

Skulls users "usually" would unlock IFD, this is the default behaviour even - as I think ideally we want Heads to enable WP before booting an OS.

@merge that is exactly my concern. If ifd is locked by default today, those users can only flash Heads legacy ROMs for t430/x230/x220.

And those legacy boards per this ticket are thought to be dropped from main repository because its extremely hard to pack everything under 7mb of normally defined IFD BIOS region.

So my question to you is to how many users out there from skulls user base are having IFD locked, ME non-neutered/not unlocked which won't be able to internally flash to maximized boards.

As for WP protection, io386 and maximized boards are pushing PR0 locking, aka SMM platform locking through SMI chipset locking really recently.

[merge]

no, IFD is unlocked by default when installing Skulls. Most users neuter ME, but it's not yet the default. maximize the "bios" region is not yet done by Skulls, but iiuic it could be done without disrupting the user-workfow. what would it roughly be? coreboot config size-change, new layout-file + ifdtool run on the image? And if the actual size of the Skulls image remains <4M, external hardware-flashing is still possible to only the one 4M-chip? patches and testing welcome :)

good to hear WP is progressing

[bwachter]

I only have boards with neutered ME.

[tlaurion]

@merge @n4ru

good to hear WP is progressing

This was merged per 6ec0c81 for maximized boards only as of now.

It is to note that further disabling kernel config network options under linux-x230-legacy.config per https://github.com/osresearch/heads/pull/1381/files#diff-2af02345f256b80007d10fb6a49cfaaf8dd4c2d96f044f9976f8f5f1396b3fb6 delays deprecation for legacy boards (which all use linux-x230-legacy.config 5.10.5 from now on) a little bit more.

maximize the "bios" region is not yet done by Skulls, but iiuic it could be done without disrupting the user-workfow. what would it roughly be? coreboot config size-change, new layout-file + ifdtool run on the image? And if the actual size of the Skulls image remains <4M, external hardware-flashing is still possible to only the one 4M-chip? patches and testing welcome :)

This is the problem we are talking about. In simpler terms, skulls users need to follow https://osresearch.net/Prerequisites#current-legacy-boards down to this actionable verification https://osresearch.net/Updating#verify-upgradeability-paths-of-the-firmware

Problem here is that fixes for now would still not fix past deployments when it comes to IFD/ME being locked and requires external flashing. There is no such thing under Heads as a 4mb image outside of legacy-flash images that can be flashed to then flash legacy board rom images, which cannot use ME freed space unless IFD+ME are unlocked to flash maximized (neutered ME, space given to IFD BIOS region).

@merge : the question is then: how many past users using legacy version of Heads rom images are out there for x220/x230/t430. All other boards do not have legacy versions and expect a first external flash of maximized board images, which are always full images (containing ME, IFD, GBE), either one full 8mb ROM or a 12mb rom image splitted into bootom and top images to be flashed externally.

This basically would mean dropping x220/t430-legacy-flash/t430-legacy*/x230-flash/x230-legacy* board configs and stopping building those from CircleCI for direct download, preventing users from bricking their devices.

[tlaurion]

So per #1398 t430-legacy and x230-legacy were tested.

Other currently untested boards will now be renamed UNTESTED_*.

It is considered that the last working commit for those platforms was 91f65be for the following boards:

• UNTESTED_x230-maximized-fhd_edp
• UNTESTED_x230-hotp-maximized-fhd_edp
• UNTESTED_w530-maximized
• UNTESTED_w530-hotp-maximized
• UNTESTED_w530-dgpu-K2000m-maximized
• UNTESTED_w530-dgpu-K2000m-hotp-maximized
• UNTESTED_w530-dgpu-K1000m-maximized
• UNTESTED_w530-dgpu-K1000m-hotp-maximized
• UNTESTED_t530-maximized
• UNTESTED_t530-hotp-maximized
• UNTESTED_t530-dgpu-maximized
• UNTESTED_t530-dgpu-hotp-maximized
• UNTESTED_t520-maximized
• UNTESTED_t520-hotp-maximized
• UNTESTED_t420-maximized
• UNTESTED_t420-hotp-maximized
• UNTESTED_p8z77-m_pro-tpm1-maximized
• UNTESTED_p8z77-m_pro-tpm1-hotp-maximized

---

EDIT:

• x220-maximized
• x220-hotp-maximized
  Were readded per b2a375c thanks for @srgrint standing up prior of merging.

---

Edit: t440p-maximized and t440p-hotp-maximized were readded per 56a312e thanks for #@srgrint for standing up prior of merging.

[tlaurion]

x220-maximized and x220-hotp-maximized salvaged from going untested under #1398 thanks to @srgrint
Note: x220 (legacy) is still untested.

[tlaurion]

t440p-maximized and t440p-hotp-maximized salvaged from going untested under #1398 thanks to @srgrint

[tlaurion]

t420-maximized and t420-hotp-maximized back to normal, was an error and fixed #1432

t420 (legacy) is still untested.

[3hhh]

I just tested d4f56bd546c195c8a46b3839813b514c30f2efbceef963c1ed6cb3499eafbaa3 heads-UNTESTED_t530-hotp-maximized-v0.2.0-1705-gedf200e.rom (https://github.com/osresearch/heads/commit/edf200e7913c62975a424cfb9dbd579747d0665c), seems to work so far. Apparently it even fixed QubesOS/qubes-issues#8232, thanks!

[tlaurion]

I just tested d4f56bd546c195c8a46b3839813b514c30f2efbceef963c1ed6cb3499eafbaa3 heads-UNTESTED_t530-hotp-maximized-v0.2.0-1705-gedf200e.rom (edf200e), seems to work so far. Apparently it even fixed QubesOS/qubes-issues#8232, thanks!

@3hhh So you get "finalizing chipset" on kexec call?
Hopefully #1373 (comment) was successful for you: should.

[tlaurion]

@3hhh if #1373 (comment) doesn't work for you please open issue (should: coreboot config was unified across boards, but you never know until confirmed working through testing).

[pcm720]

@tlaurion You can remove x230-maximized-fhd_edp variations from untested, edf200e works fine on my eDP-modded X230.
Sorry for not being able to test it sooner.

[3hhh]

@3hhh So you get "finalizing chipset" on kexec call?
Hopefully #1373 (comment) was successful for you: should.

Yes, that worked as well. :-)

[tlaurion]

• UNTESTED_x230-hotp-maximized-fhd_edp
• UNTESTED_x230-maximized-fhd_edp
  Removed from untested per Rename UNTESTED_x230-maximized-fhd_edp and UNTESTED_x230-hotp-maximized-fhd_edp to normal names #1448 being merged

[Tickmeister1]

KGPE-D16 is working. (workstation variant tested)

[tlaurion]

KGPE-D16 is working. (workstation variant tested)

That is unexpected. Version? I see you replied on other issue with old version. Is that on master?

[Tickmeister1]

Yes, it is a fresh build from master, about 2 days old.
v0.2.0-1713-g06b1b09
Linux 5.10.5-heads

[tlaurion]

w530-hotp-max 1727 reported working under https://matrix.to/#/!pAlHOfxQNPXOgFGTmo:matrix.org/$XeRUrwx_n3uCjN8UDcYhLS4Ml2wlySGd0N3LmSx9_VU?via=matrix.org&via=nitro.chat&via=fairydust.space

(I suppose without dGPU otherwise would have been specified)

[ThePlexus]

p8z77-m_pro-tpm1-hotp-maximized
p8z77-m_pro-tpm1-maximized

tested working

[tlaurion]

Unfortunately @ThePlexus, w530 have not been tested under #1403 which will be merged soon. Please report testing on top of master or under that branch and report individual board report statuses here so those board flavors can be moved back to tested (normal) so other can flash without worries.

Otherwise this is still considered untested.

[tlaurion]

Modified OP post to point to the list of boards containing UNTESTED_ from master.
I think this is the most efficient way of dealing with this, and keeping issues open for untested boards

[tlaurion]

Can confirm heads-t430-maximized-v0.2.0-1747-g572573f.rom works

Originally posted by @srgrint in #1403 (comment)

---

t430-hotp-maximized and t430-maximized were removed from untested boards prior of #1403 merge, thanks to last minute testing from @srgrint !