Anti Evil Maid and Lenovo x230

“If I got the skulls tutorial correctly, if there would be some updates I have to flash my bios chip again with my raspberry right?
My work colleague would solder this temporary for flash at Wednesday”

Which Update. Update to a different ECC on Target Computer? Perhaps a roll back?

What “solder?” “Solder” What to what? I don’t think it is needed. Clip onto Chip is spring loaded with trenches with contact to the legs of Chip. Connection between the Chip and the Programmer is usually some friction with the connection Wires. I did know a fellow who said he Soldered those Wires. I do not think that is a standard.

What are using for “From” Computer? What OS on it? Please let me know, I am anxious for how I will do that part. If you Trail Blaze, Please tell us the path.

I am interested in what you are going to do? Why you are doing it?

Here is one of the better check lists I’ve found and saved awhile ago. Not sure of the source anymore, probably found it during an allnighter. It covers x230 heads building, flashing and IME removal. I would cross-reference it with pictures on the osresearch website. I hope it’s helps.


Build/Make Heads On Audited System:

Download all repositories and clone heads

git clone

sudo apt update

sudo apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract

Clone ME_Cleaner

git clone

At heads directory run command:


at heads/blobs/xx30 run command:

wget && innoextract g1rg24ww.exe && python ~/me_cleaner/ -r -t -O ~/heads/blobs/xx30/me.bin app/ME8_5M_Production.bin

at heads top directory run command:

make BOARD=x230-hotp-maximized

The result: 3 new rom files named heads-x230-hotp-maximized-v-dirty-bottom, -top and -nothing, at 12, 8 and 4MB.

On Flashing System:

If Using Debian Live USB:

open terminal to install flashrom utilities

sudo apt install -y \ bison \ build-essential \ curl \ flashrom \ flex \ git \ gnat \ libncurses5-dev \ m4 \ rename \ zlib1g-dev

Verify Flash Device Communication:

First physically read and note if possible both the ID of the top and bottom chips starting with "MX"

Use following command three times to verify read of top chip:

sudo flashrom -p ch341a_spi

it finds multiple versions of the chip. If you are able to read the print on your chips, there are numbers that match the output of the above command.

Once read verifies you have a good connection back up the top chip:

sudo flashrom -p ch341a_spi -r factory_top-1.bin -c "MX25L3206E/MX25L3208E"

sudo flashrom -p ch341a_spi -r factory_top-2.bin -c "MX25L3206E/MX25L3208E"

sudo flashrom -p ch341a_spi -r factory_top-3.bin -c "MX25L3206E/MX25L3208E"

Verify perfect copies as the chip reader connection can be flaky:

sha512sum factory_top-*

Now flash the top ROM.

time sudo flashrom --chip "MX25L3206E/MX25L3208E" --programmer ch341a_spi --write heads-x230-hotp-maximized-top.rom

Once you see "verified" connect SPI reader to bottom chip.

Use following command three times to verify read of bottom chip:

sudo flashrom -p ch341a_spi

Once good connection confirmed backup chip.

sudo flashrom -p ch341a_spi -r factory_bottom-1.bin -c "MX25L6406E/MX25L6408E"

sudo flashrom -p ch341a_spi -r factory_bottom-2.bin -c "MX25L6406E/MX25L6408E"

sudo flashrom -p ch341a_spi -r factory_bottom-3.bin -c "MX25L6406E/MX25L6408E"

Verify Hashes:

sha512sum factory_bottom-*

Once verified flash the bottom chip:

time sudo flashrom --chip "MX25L6406E/MX25L6408E" --programmer ch341a_spi --write heads-x230-hotp-maximized-bottom.rom

Now install RAM and boot laptop to setup LibremKey. Heads should be installed with IME killed.

Guide End


Thats pretty accurate for the x230, can confirm. Though it doesnt go into actually setting up heads, just building+flashing the chips. Setting up can be a little tricky, but its a lot better now gui-init is used.

1 Like

I’ve done some research on heads these past couple of days and IMO it would be even better than AEM so,i suggest you to secure your laptop/pc use IMO

1 Like

@Emily1206 welcome to the forum.

I personally prefer Heads as it creates a hardware back root of trust from the firmware romstage in x230 … it then attests itself using TPM+TOTP / HOTP and also uses GPG to sign and verify the /boot files such as kernel, initrd and configs. Then it neuters ME too.

While AEM is definitely a good idea for folks who have aTPM and don’t have a machine which is compatible with heads firmware, if the machine is compatible with heads then heads firmware is the way forward instead of using AEM, IMHO.


That was the conclusion I found when looking into just coreboot and skulls. And when it just worked, I didn’t turn back. Welcome to the forum.

Yup, and I’d like to note that the stuff not covered in that short checklist is pretty straight forward on the screen. However if anyone reading this has any trouble, don’t feel intimidated to ask for help here, I’m more than willing to help you troubleshoot. As long as it’s x230, and heads with librem / nitrokey :wink:

1 Like

Would someone kindly explain what the Heads Clean-the-ME-firmware means when it says:
We consider here that you already build Heads through make BOARD=x230: ~/heads/build/coreboot-4.8.1/util/ifdtool/ifdtool -u down.rom
Asking because when I flashed a couple x230 in late 2018 and early 2019 the doc (archived) didn’t mention using ifdtool and I don’t think the blob “magic” was included back then.

I’ve upgraded a few times since but never externally flashed again. Would I be able to move to the maximized configs without externally flashing first?

Thanks to all for a great discussion!

i am pretty sure you can’t. if you want to go to *-maximized board you must flash externally once.

Surely that depends on the current state of the IFD and what regions are locked? if all regions are unlocked, then why could the internal programmer not simply flash the whole 12mb virtual rom just like a standard update? IFD, ME, CBFS etc would all be within the 12mb file. I cant remember if x230-maximised puts out a coreboot.rom 12mb as well as the top and bottom 8/4 files. I would have thought so, but even if not then concat may be an option.,

of course, if any region is locked then its a non starter and external is required

Thanks @qubicrm and @Plexus

Please forgive me if I’ve missed it, but how would I check the current state of the IFD and/or what regions are locked?

Also, what are the downsides of staying with the regular (i.e. not maximized) configs?

IIUC from the skulls x230 readme using will enable future internal flashing. However if you want neuter the Intel ME and/or use Heads maximized configs you must also externally flash the bottom chip. I have not used skulls myself and I hope someone will correct me if say anything incorrect or ill-advised.

I expect to do some more external flashing in the future so here’s my plan, in case it helps.

On an unmodified x230 where I want to neuter the ME, enable use of 3rd party aftermarket batteries, and install maximized Heads configurations:

  1. Install / Re-install Lenovo BIOS 2.76 EC 1.14
    The Cleaning Intel Management Engine - Heads - Wiki initial recommended step is to install the last official Lenovo x230 BIOS that includes EC firmware permitting patching. In BIOS release 2.77, and its included EC version 1.15, Lenovo implemented a digital signature check that prevents unofficial firmware modifications. Installing/re-installing the official version 2.76 Lenovo x230 BIOS with EC Firmware 1.14 may address concerns about previous BIOS and EC firmware modifications, provides a known “good” starting point, and retains the ability to install patched EC firmware.

If the x230 has a Lenovo BIOS that is already at BIOS version 2.77 I’ll make sure downgrading is enabled in the proprietary BIOS settings (Security/UEFI BIOS Update Option/Secure Rollback Prevention → Disable).

I’ll prepare a bootable USB disk using a SHA1 verified copy of g2uj32us.iso (using the El Torito Method).
On an existing Qubes machine, I’ll open a terminal in a whonix-ws dvm and do the following:

sudo apt-get install genisoimage wget
sha1sum g2uj32us.iso   # Ensure ee434746cabdb7d8bb8077f79be1429d6dec5696
geteltorito -o bios.img g2uj32us.iso
# Attach trusted USB drive [whole disk sys-usb:sda] to dispXXXX 
sudo fdisk -l /dev/xvdi
sudo dd if=bios.img of=/dev/xvdi
# Detach USB drive from dispXXXX and shutdown disposable VM 

1b) I’ll ensure I have a fully charged authentic Lenovo original battery and the target x230 is connected to an external power source via the power adapter. I’ll boot the x230 and press F1 to enter BIOS settings, open the Startup tab and set the startup mode to Legacy (or Both/Legacy First), press F10 to save changes and reboot. I’ll then boot from the USB drive by pressing F12 to select the bootable USB and follow the onscreen instructions.

  1. Install Lenovo BIOS with EC Modified to Permit Aftermarket Batteries
    Given the uncertain future cost and availability of genuine x230 Lenovo batteries it may be desirable to disable the EC’s authentic battery validation check to allow 3rd party aftermarket batteries even though I don’t currently expect to use them.

This will not alter the official Lenovo x230 BIOS v2.76, but will use the official Lenovo BIOS v2.75 bootable CD image (g2uj31us.iso) to modify the official EC 1.14 (G2HT35WW) firmware.

On an existing Qubes machine, I’ll open a terminal in a whonix-ws dvm and do the following:

sudo apt-get install wget build-essential git mtools libssl-dev
git clone && cd thinkpad-ec
make patch_disable_keyboard clean
make patch_enable_battery
cat .config
# Configuration for which patches to apply
make patched.x230.img
sha1sum g2uj31us.iso.orig # Ensure 971a9d57a179f4c368c827fd23c6fd5c86a52df7
#Attach trusted USB drive [whole disk sys-usb:sda] to dispXXXX 
sudo fdisk -l /dev/xvdi
sudo dd if=patched.x230.img of=/dev/xvdi
sudo shutdown -r now
#Remove the USB drive

I’ll repeat 1b and if all goes well I’ll see a “Flashing EC” message in the second stage - after the first reboot. When done the x230 should be able to use 3rd party aftermarket batteries if needed or desired.

  1. Wish I’d actually documented my previous Heads installations :frowning: …but plan anew
    If I decide to use my RPi again I’ll reread [coreboot] your preferred method for supplying power to chip for RPi spi flashing? and make sure I understand I’m going to ignore good advice again. Consider this for the top chip flash, but probably ignore it again.
    Thoroughly review
    osboot – ThinkPad X230/X230T external flashing and osboot – How to program an SPI flash chip with the Raspberry Pi
    since I don’t think it existed when I did this last.

In the end I’ll probably just follow the Heads wiki instructions and perhaps try to incorporate any information and insights gained from this discussion and the links within it.

Hope this helps.

flashrom --force --noverify-all --programmer internal --ifd -r bios.rom

should get the file, then use ifdtool from coreboot utils directory

ifdtool -d bios.rom

and it will show you which regions are locked by IFD. You want to see the various “write access” as enabled (if its unlocked) in FLMSTR1

Trying to Flash bottom chip: Error Message:

chip not detected
flashrom v1.2 on Linux 5.8.0-43

No EEPROM/flash device found.
Note: flashrom can never write if flash chip isn;t found automatically.
chip not detected. Please find it manually and rerun with the -c parameter.

My eyes are not good enough to read a bit of etching that is like 128 of an inch high.

Are these chips standardized? Like the same chip model for all Lenovo x230 ?

I did not see a means to read the chip with the OS running. I don’t want to put it back together, and take it apart again.

probably bad contact, I had those scenarios and it had 2 cases: old version of flashrom and bad contacts. have you tried reattach the soic adapter?

Looked like really good contact

I tried to re attach once.

I could try again.

Sometime I will have someone with young youthful eyes look at chip. I am 71, diabetic and lucky to see at all.

from terminal it says

$ sudo ./ -m -k hop

Please select the hardware you use:

  1. Raspberry Pi
  2. CH341A
  3. Exit
    Please select the hardware flasher: 2
    Ok. Connect a CH341A programmer

ok. Connect a CH341A programmer
trying to detect the chip…
The Skulls coreboot distribution
Run this script on an external computer with a flasher
connected to the X230’s bottom chip (farther away from
the display, closer to you).

Usage: ./ [-m] [-k <backup_filename>] [-l] [-f ] [-b ] [-c ]

-f <hardware_flasher> supported flashers: rpi, ch341a
-c flashrom chip name to use
-m apply me_cleaner -S -d
-l lock the flash instead of unlocking it
-k save the current image as
-s frequency of the RPi SPI bus in Hz. default: 128
-------------- flashrom error: ---------------
flashrom v1.2 on Linux 5.8.0-43-generic (x86_64)
flashrom is free software, get the source code at

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Couldn’t open device 1a86:5512.
Error: Programmer initialization failed.

Notice something new
The Programmer has a cherry red on light.

When I attach clip, it becomes very dim.

One of the forums it was suggested to use a power supply with Flashing. Someone said not to bother.

Which am I supposed to try first?

I still have amplifier.

I am perplexed as to whether the file name I provide for backup is supposed to be already created. or . . . ?

Should I change clk delay? How?

@catacombs I’ve read many of your forum posts and appreciate your thoughts and ideas. I’d like to help you get your x230 heads set up the way you desire, but have limited experience myself. I’d also like to see the heads x230 setup explained in an understandable way for new qubes users so they can make educated choices. Right now, imo, only by doing it yourself can you truly appreciate what Insurgo and others offer. Please understand my questions and comments in that context.

How did you deal with the damaged clip you mentioned previously? Replacement? Repair?

How are you supplying power to the bottom chip? Externally only from the CH341A?

Were you ever able to read from that chip using that CH341A and flashrom?

With regard to visually reading the etching on chips, I’ve found digital cameras (specifically on phones) more helpful than magnifing alone. Changing the light conditions (i.e. light source angle) also made a big difference.

Hope someone else has more to offer…

If you run flashrom without specifying the chip type, does it identify
the type?
If the error message comes after that, then it’s (probably) a bad
Try reconnecting the clip - make sure you have it the right way round.
Some cheap clips can be difficult to connect.
Have you been able to read the top chip?

There are a number of different chip models used in x230.
It isn’t necessary to specify “the right one” - if you read using
different model descriptors, you will get the same output.
Similarly, writing specifying an arbitrary choice has always worked for

Good to know.

If I had not tried one more time, in the dim light of my house. I would not have noticed the dropoff in the level of the Red Light on the Programmer to a much dimmer red. After worrying about it. I should try to use my tower to be run the CH341. I am relying on the power supply of the tower to provide a much more stable power level.

Justin wrote:

"How did you deal with the damaged clip you mentioned previously? Replacement? Repair?

How are you supplying power to the bottom chip? Externally only from the CH341A?"

I bought another Pomona Clip from a different supplier. I suspect that some of these Pomona Clips might be counterfeit.

I looked at the power supply, which really did come all the way from China, and it does not have a plug for the USB. Has a round hole, which I guess is for a power plug into. And no wire supplied to attach to Programmer. Rather than try to make it work, I think using my Tower would be easier. I will open it up, disconnect all the current hard drives. Insert another hard drive to use just for this task. Install Ubuntu, and so on.

I have another candidate for the computer to do the 'From" side of the Flashing. I have a mid 2009 Mac Book Pro which I could put a hard drive in to install Ubuntu to. I would be relying on the Mac Book Pro having, what they used to call “High Power” USB ports. As I can not guess if I would damage either one or both of the laptops involved.

Using the Tower, (it is a 2016, AMD Processor, 8 GB RAM) is what I will try to do, unless someone here advises me of why I should not.

If I get the problem with the, needs me to provide a chip number, anyone know a good substitute number?

1 Like