Unofficial AMI BIOS for NitroPC?

Hi,
I’ve been using the device since January. I appreciate that bootstrap is fast and also size of the device. I liked it. Unfortunately fan is loud (maybe too loud for office) I guess it might be improved in the future (where possible passive cooling should be preferred). I would like check NitroPC behavior with proprietorial BIOS which support BIOS password and UEFI SecureBoot (despite presence of binary BLOBs SecureBoot and BIOS password might make device more secure). I guess that mainboard should support at least one BIOS with password support and more options (classic boot instead of CoreBoot payloads might make installing new versions of Qubes OS easier not tested it yet). It should be possible to switch back to original CoreBoot in any moment without using external programmer with plain flashrom compiled from recent source.

Unfortunately coreboot hides many features and not everything is available via SeaBIOS (great for VM, but still lacking many features which are hard to control). I hope it will get more features without process similar to kernel configuration (make menuconfig) manual device reflashing using external programmer in case of failure in configuration. Too complex for people not involved in hardware R&D.

This device is quite similar to another vendor (USA) of this device reference in the source code repository:

It seems that more than 1 hardware vendor is using this board. Librem Mini seems to be something similar. However, they also do not provide direct reference to good classic UEFI BIOS. I believe it must be available.

Could you please provide me reliable information if I can install BIOS such as AMI to get full x86 experience? I expect it should be an option.

I’m aware this is my risk and it is not officially supported. I didn’t find any info regarding this in the documentation. If this is an option it is valuable information and should be included in the documentation.

To sum up:

• I need to get rid of CoreBoot
• I think that due to less number of options in SeaBOS vs classic BIOS/UEFI where both operate on very complex and advanced hardware coreboot might not be the best possible option if bootstrap time is no main criterion
• need to know how to enable secure boot (I guess another BIOS should be used) it seems to be a good feature not supported in CoreBoot?
• how to set up password (I need to wait until CoreBoot implements it or use another BIOS)
• is AMI or similar BIOS available (should be an officially supported option) - on motherboard level
• I’m amazed how powerful computer has been put inside such small case
• I cannot disable unused hardware on BIOS/UEFI level I need to blacklist kernel modules

Best regards,
Marcin

The X230 Firmware is stored on two chips with 8 and 4MB. The chips contain the UEFI firmware (heads/original thinkpad firmware) and the Embedded Controller firmware.

With electronics expertise, reliable flasher (beware of cheap ones that fry the chip with a wrong voltage) and a firm connector (so that it does not fall off during the flashing process), the chips can be flashed (one at a time) several times and you could switch the firmware.

However, one should ideally only flash the firmware that you stored as backup yourself and matches your hardware. Flashing a wrong firmware can brick your device.

Lenovo provides update ISOs with firmware images. It might work or not to restore the firmware using those files. There lots of parameters that might affect the EC part of the firmware (like with thumbprint reader or not. LCD controller, with broadband modem or not, original country the X230 was prepared for, etc.) And part of what Nitrokey does with the heads firmware is also getting rid of the ME part of the firmware. So if the Lenovo firmware only updates part of the flash areas, you might end with a corrupted/bricked system.

There are also GitHub users that have created backups of their X230 firmware.

THERE IS A HIGH CHANCE OF BRICKING YOUR DEVICE FLASHING THAT. HANDLING EEPROM CHIPS REQUIRES ANTISTATIC MEASURES.

IMHO your best bet would be to sell / trade a Nitropad with a vanilla X230.

As you could do a firmware update from within heads / readout the firmware using heads or using a hardware flasher, it is possible to verify that the firmware has not been tampered with. So I think it would be reasonable safe to use a preowned Nitropad for less security sensitive applications.

The Nitropad has a much higher value than a vanilla X230 and there are certainly people that would like to have a Nitropad.

It should be fairly easy to install original Lenovo BIOS on already corebooted computer. I have some legacy Thinkpad with original firmware and I will probably install some open-source coreboot (maybe skulls?) on them to experiment, but this is not my priority and will happen in the future.

The topic is not about Thinkpad modification, but rather Librem Mini clone (appreciate very fast delivery and opportunity to test it in Europe). I’m asking about different hardware:

Still interested in getting answers to questions:
Q1: What is the formal name of motherboard of NitroPC? Can I download datasheet for it? Internet says (comments at NitroPC - Powerful and Secure Mini PC | Nitrokey say this is exactly LibremMini clone). But there is no AMI BIOS on Librem site. It would be nice to get datasheet from factory.
Q2: Is there an option to install classic AMI BIOS? Majority of CoreBooted devices support double firmware option: CoreBoot or AMI BIOS and consumer can choose / switch in any moment. I think there should be always possibility to have a choice (faster but more limited CoreBoot or full feature BIOS/UEFI with SecureBoot and passwords support).

Best regards,
Marcin

Sorry. My bad. Mixed NitroPC with NitroPad. Can’t 100% identify the Mini PC whitelabel barebone provider. Could be a NVISEN MU05. There are often various configuration options and while they look similar, they can be totally different.

NVISEN device has similar case, but hard to find reliable information regarding this.

The only information is reference to Purism blobs in buildfile linked above. It’s a pity that datasheets are not yet available.

Q3: What about this? Purism Librem Mini (v1, v2) — coreboot 4.16-821-g0feef99814 documentation
Purism Librem Mini (v1, v2) — coreboot 4.16-821-g0feef99814 documentation I guess it might be compatible with mini_v2 but how to verify it? Last update was 5 months ago.

What I want achieve: get QubeOS bootable without dependency to Nitro images. I had no problems with booting different Linux distributions. I don’t hurry and don’t want to destroy the device. This is only additional low priority technological exploration after core hours.

Hi

you should be able to boot the vanila qubes install images with no problems with the nitrokey firmware (if you are interested in how we build them have a look here GitHub - Nitrokey/coreboot-builder: Builder Repository for Coreboot with Tianocore Firmware ). If there are problem with that please contact support@nitrokey.com because this is likely connected to a hardware issue.

Regarding the “original” AMI Bios this is a bit tricky. We could provide you with an image we read from the flash before writing our image. But to be safe you would need a external flasher and also there is the possibility that because you may use a different hardware revision, as the one we taking this image from, this could brick your device. So you would be on your own on this, since this would void warranty most definitely.

Decided to download again recent image of vanilla Qubes and it launched an installer without an issue (earlier downloaded images didn’t work what is rather Qubes factor). Please consider support for AMI bios as very low priority and welcome feature request. Images of original BIOS should be available on website together with control checksum. Using external programmer is not a problem (should not be required for flashing BIOS while using standard images, rather for debugging purposes or another flash SPI operations). I will contact support directly in case of problems with vanilla images in the future.

Currently I don’t need AMI BIOS. Thanks for informing.