NitroPC How to flash UEFI?

Is there a tutorial, how the UEFI can be flashed?

Hey @MarcusE

there is no documentation/tutorial on that yet…

but it’s quite simple:

using this repository: https://github.com/Nitrokey/coreboot-builder you can build the UEFI-firmware (tianocore + coreboot)
To actually flash the NitroPC you can use flashrom -p internal, please make sure to use a recent version based on the flashrom git master branch, as the last release (1.2) does not yet support NitroPC’s chipset.

best

Thank you! It worked (built on kali linux vm)

Do I have to flash it via live-distri or can I do it via UEFI shell?

This image contains the following sections that can be manipulated with this tool:

‘RW_MRC_CACHE’ (size 65536, offset 6291456)
‘SMMSTORE’ (size 262144, offset 6356992)
‘COREBOOT’ (CBFS, size 10157568, offset 6619648)

It is possible to perform either the write action or the CBFS add/remove actions on every section listed above.
To see the image’s read-only sections as well, rerun with the -w option.
CBFSPRINT coreboot.rom

FMAP REGION: COREBOOT
Name Offset Type Size Comp
cbfs master header 0x0 cbfs header 32 none
fallback/romstage 0x80 stage 55852 none
cpu_microcode_blob.bin 0xdb40 microcode 208896 none
fallback/ramstage 0x40bc0 stage 93718 none
config 0x57a40 raw 681 none
revision 0x57d40 raw 664 none
fallback/dsdt.aml 0x58040 raw 9211 none
vbt.bin 0x5a4c0 raw 1185 LZMA (4608 decompressed)
(empty) 0x5a9c0 null 984 none
fspm.bin 0x5adc0 fsp 581632 none
(empty) 0xe8e00 null 3992 none
fsps.bin 0xe9dc0 fsp 190559 LZMA (212992 decompressed)
fallback/postcar 0x118680 stage 18168 none
fallback/payload 0x11cdc0 simple elf 734676 none
(empty) 0x1d0400 null 8206744 none
bootblock 0x9a3dc0 bootblock 49152 none
HOSTCC cbfstool/ifwitool.o
HOSTCC cbfstool/ifwitool (link)

Built purism/librem_cnl (Librem Mini v2)
make[1]: Leaving directory ‘/build/coreboot’
make: Leaving directory ‘/build’
cp coreboot/build/coreboot.rom raw_firmware.rom
chmod 777 raw_firmware.rom
cp raw_firmware.rom tianocore-4.13.rom

→ BUILD DONE

you can now flash the firmware:

./flash.sh tianocore-[version].rom

──(root💀kali)-[/opt/coreboot-builder/coreboot]
└─# uname -a 1 ⨯
Linux kali 5.10.0-kali9-amd64 #1 SMP Debian 5.10.46-4kali1 (2021-08-09) x86_64 GNU/Linux

I have installed a debian for the flashing process.

Can you please tell me, where I can get the latest version of flashrom?
These are all available branches on the git page.
v.1.3 seems to be older than the master

I found the other git repo here https://review.coreboot.org/flashrom and used the 1.3.x branch.

git checkout -b 1.3.x remotes/origin/1.3.x –

I had to build flashrom on a another machine, due to some strange libusb errors.

Finally I got flashrom v1.2-183-g554a01f and used this for the flash process.

The whole command I used was:

flashrom -p internal -w tianocore-4.13.rom

Found out, that it is a reproducable build which can be also found here Index of /files/ci/nitropc/tianocore

The result was:

1 Like

Is it a good idea generally to update my NitroPC to the latest version of the firmware from https://www.nitrokey.com/files/ci/nitropc/tianocore/firmware-nitropc.rom if I bought the PC before the latest firmware at that URL was built?

I’m having issues with frequent unexpected hard shutdowns and hard reboots and wonder if the firmware might have been corrupted by a power failure. But am worried could soft-brick the BIOS/UEFI chip if I try and the PC decides to suddenly turn off during flashing.