Sorry to interrupt, but this seems a good place to ask.
I live in east Texas, I have not been very successful in doing Heads Flash to a Lenovo X-230.
I felt that there might be someone not to far away from me physically, who has done a number of these, who might work out some kind of deal $$ to accomplish Heads Flashing?
You may reply PM if you choose.
I think this deserves a specific thread @moderators on which a list of existing coreboot flashing services should be promoted? There should be no distinction to be made between coreboot flashing services and Heads flashing services, even less since Basic boot mode (referred above) exists. Heads can be flashed without bounding it to any USB security dongle nor provisioning any secret. Therefore an end user could just reflash internally upon reception of the hardware and not trust the firmware and go from there.
Do I understand that I should not trust the firmware, because it was not done in front of me. Or is this just an entry to make until I used a Librem or Nitro Key to be set?
Am I not gaining anything by allowing someone else to do the first Heads flash?
Now things are a bit out of context, unfortunately since post has been moved to a new thread.
Recontextualizing:
If Heads is flashed by a third party, you trust that third party, until you reflash yourself internally, having verified the hash of the firmware yourself, and then remotely attesting the trusted firmware integrity feature, enabling anti-interdiction and remote attestation for in-transit tampering detection.
Basic mode permits, for the first time, to have Heads being flashed as a service, just like people flash libreboot or skulls, which are coreboot distributions, without enabling any of Heads security features enabled. This means no need to buy and couple OpenGPG smartcard to be provisioned by third party, no OS preinstallation necessity: it just permits a third party to do the first external flash which might be complicated for some, even more depending on the hardware in question where those SPI chips are not so easy to access.
Basic mode goal is exactly that: not enforce any security mechanism. It could permit third party to address your first comment on the other thread: the initial burden of externally flashing the hardware, and then permitting you to internally flash your hardware to a firmware image you verified the integrity yourself. You would still have to trust to a certain level that third party to a certain extent, after all, that human will have access to the hardware insides.
When you buy a laptop flashed with Heads from online sellers, those normally provide physical seals and pictures of them, QR code sharing, and coupling a Nitrokey Pro/Librem Key/Nitrokey Storage for HOTP firmware integrity atestation, which third party also preinstall on OS for which /boot content is signed and verified by the public key fused into ROM, bound to the private key on the OpenGPG smartcard of the USB security dongle. I is recommended to reown security components of the hardware upon reception of the hardware anyway. For paranoids, it is also recommended to internally flash/upgrade the firmware at that point, so that the LUKS encryption key is yours only (reencrypting installation) and generating new subkeys on your OpenGPG smartcard, so they are yours only as well. The short version of this is : Heads coming pre-provisioned’s goal is in-transit tampering detection. If you reflash and re-own those components at reception of the hardware (recommended) then the risks are that the hardware might have had implants inserted. It is always better to have a person flash in front of you (or you flash yourself) to guarantee that nothing has been tampered in the hardware itself. But if those are impossible for yourself, having the firmware flashed by a third party might be a viable option.
What i’m basically telling here is that since Basic mode arrival under Heads, laptops could be flashed with Heads as a service without those bundled additional services, which could be beneficial or not for you.
But Heads is just that: a firmware image you can either build yourself or download and verify prior of flashing, after which security mechanisms are to be applied in place for you to be able to attest and verify the the state of your firmware on succeeding reboots. And maximized images are exactly that: full spi images that will overwrite the whole content of what is booted from, replacing ME and everything else in SPI flash with a fresh copy, that on next boot will be sealed in TPM on which you will then be alerted of changes.
Ideally you do all of that yourself, but just like for Skulls, libreboot and coreboot: the first external flash is problematic for some, and that service is offered also by some to ease access to coreboot firmware ecosystem.
Here is what I found:
| Company | Location | Hardware | Price |
|---|---|---|---|
| Minifree | UK | Various laptops | £99 |
| Vikings | Germany | Various servers, workstations, and laptops | €49 - €199 |
| 3mdeb | Poland | Selected hardware models | Contact for a quote |
| Technoethical | EU and US | Various laptops, phones, and other devices | Varies depending on the device |
I’m not aware of North American coreboot flashers, but it would be interesting to compile such list. Would you be willing to take the task of modifying your now OP with such a compiled list with sources provided in this thread?
@catacombs Fablabs are amazing for their dedication into free knowledge sharing and ability to assist into doing those things and might be able to do/help into externally initially flashing the device while you being present.
Here is a non-exhaustive list of fablabs which would benefit of being extended and called/emailed to see if they can help doing this with phisical presence, with sources to extend it with some manual efforts, including the entry for Texas:
| Name | Country | City | Contact |
|---|---|---|---|
| Fab Lab Afghanistan | Afghanistan | Jalalabad | Email: info@fablab.af |
| Fab Lab Manchester | UK | Manchester | Email: info@fablabmanchester.org, Phone: +44 161 839 6324, Address: 42 Edge Street, Manchester M4 1HN, UK |
| FabLab Valencia | Spain | Valencia | Email: info@fablabvalencia.com, Phone: +34 963 877 069, Address: Camino de Vera s/n, Edificio 8G, Acceso J, 46022 Valencia, Spain |
| Fab Lab Oulu | Finland | Oulu | Email: fablab@oulu.fi, Phone: +358 294 482 200, Address: Erkki Koiso-Kanttilan katu 3, Linnanmaa Campus, University of Oulu, Finland |
| Fab Lab San Diego | USA | San Diego | Email: info@fablabsd.org, Phone: +1 619-200-3256, Address: San Diego Central Library @ Joan Λ Irwin Jacobs Common, Innovation Center (8th Floor), 330 Park Blvd., San Diego CA 92101 |
| Fab Lab Baltimore | USA | Baltimore | Email: fablabbaltimore@gmail.com, Phone: +1 443-840-4466, Address: Community College of Baltimore County Catonsville Campus - Engineering Building Room E-100A, 800 South Rolling Road Baltimore MD 21228 |
| Fab Lab El Paso | USA | El Paso | Email: info@fablabelpaso.org, Phone: +1 915-209-2656, Address: 601 N. Oregon St. Suite #2 El Paso TX 79901 |
| Fab Lab NOLA | USA | New Orleans | Email: fablabnola@dcc.edu, Phone: +1 504-671-5012, Address: Delgado Community College City Park Campus - Building One Room W-101A New Orleans LA 70119 |
| Fab Lab Houston | USA | Houston | Email: info@fablabhouston.org, Phone: +1 713-842-3669, Address: BakerRipley East Aldine Campus - Fab Lab Houston Room A-102 Houston TX 77039 |
| Fab Lab Barcelona | Spain | Barcelona | Email: info@fablabbcn.org, Phone: +34 933 209 637, Address: Pujades 102 baixos Poble Nou Barcelona Spain |
| Fab Lab Kerala | India | Kerala | Email: info@fablabkerala.in, Phone: +91 4712 7220 00 / +91 4842 4210 00 / +91 4952 4210 00 / +91 |
Insurgo. Thank you very much. I will look into this.
My brother has been in the ER since last night, and I have been a bit busy.
Edit: info@fablabhouston.org
No Such User Here
Sorry to hear that for your brother. Hang on!
That information was automatically generated based on old sources it seems.
Note that fablabs are “regulated” terminology and the official source for registered fablabs is at https://www.fablabs.io as opposed to MakerSpaces which should also be investigated. You can ask them if they have SOIC8/SOIC16 clips (depending on models to flash) and ch341a 1.6+ programmers and/or bring your own (and even donate some if you can. Buying those bulk is not much more expensive then buying one over alibaba or ebay).
It seems that Fab Lab Houston | FabLabs is more updated then the information I automatically generated through a bing creative chat. Here is an updated generated list focused on fablabs having CNC printers and a known to have an electronic focus:
| Name | Country | City | Contact | Street Address | Website |
|---|---|---|---|---|---|
| Fab Lab Oulu | Finland | Oulu | fablab@oulu.fi, +358 294 482 200 | Pentti Kaiteran katu 1, 90570 Oulu, Finland | Fab Lab Oulu |
| Fab Lab Barcelona | Spain | Barcelona | info@fablabbcn.org, +34 93 512 02 12 | Carrer de Pujades, 102, 08005 Barcelona, Spain | Fab Lab Barcelona |
| Fab Lab Berlin | Germany | Berlin | info@fablab.berlin, +49 30 8145 3994 | Prenzlauer Allee 242, 10405 Berlin, Germany | Fab Lab Berlin |
| Fab Lab Lisboa | Portugal | Lisbon | fablablisboa@cm-lisboa.pt, +351 21 817 0400 | Rua da Boavista, nº131A, 1200-068 Lisboa, Portugal | Fab Lab Lisboa |
| Fab Lab London | United Kingdom | London | hello@fablablondon.org, +44 20 7253 2277 | The City Centre, 80 Basinghall St, London EC2V 5AR, United Kingdom | Fab Lab London |
| Fab Lab Manchester | United Kingdom | Manchester | info@fablabmanchester.org, +44 161 839 6324 | Chips Building, Lower Ground Floor, New Islington Marina, Manchester M4 6BU, United Kingdom | Fab Lab Manchester |
| Fab Lab Amsterdam (Waag) (Waag Society) | Netherlands | Amsterdam | fablab@waag.org, +31 20 5579 8900 | Nieuwmarkt 4, Amsterdam NL-1012 CR Netherlands | [Fab Lab Amsterdam] |
| Fab Lab Zurich (FabLab Zürich) | Switzerland | Zurich | info@fablabzurich.ch,+41 44 2730 000 | Technoparkstrasse 1,Zurich CH-8005 Switzerland | [Fab Lab Zurich] |
| Fab Lab Wgtn (FabLab Wellington) | New Zealand | Wellington | fablabwgtn@massey.ac.nz,+64 4-8015799 ext.63478 | Massey University Wellington Campus,Building D Block One Entrance C,Buckle Street Wellington NZ-6011 New Zealand | [Fab Lab Wgtn] |
| Fab Lab Adelaide (FabLab Adelaide) | Australia | Adelaide | info@fablabadelaide.org.au,+61-8-8207-7200 | The Science Exchange Building,Little Gilbert Street Adelaide SA-5000 Australia | [Fab Lab Adelaide] |
| Fab Lab Dhahran (FabLab Dhahran) | Saudi Arabia | Dhahran | info@fablabdhahran.org,+966-13-8600-0000 | King Fahd University of Petroleum and Minerals,Dhahran SA-31261 Saudi Arabia | [Fab Lab Dhahran] |
| Fab Lab Egypt (FabLab Egypt) | Egypt | Cairo | info@fablabegypt.com,+20-2-3336-3310 | 15 Ahmed Kamel Street,New Maadi Cairo EG-11435 Egypt | [Fab Lab Egypt] |
| Fab Lab Cape Town (FabLab Cape Town) | South Africa | Cape Town | info@fablab.co.za,+27-21-4620-000 | 75 Harrington Street,Cape Town ZA-8001 South Africa | [Fab Lab Cape Town] |
| Fab Lab Lima (FabLab Lima) | Peru | Lima | info@fablablima.com,+51-1-4466-7000 | Av. Paseo de la República 5895,Miraflores Lima PE-15074 Peru | [Fab Lab Lima] |
| Fab Lab San Diego at MakerPlace San Diego LLC. (MakerPlace) (FabLabSD) (FabLab San Diego) | USA | San Diego, California | info@fablabsd.org, +1 619-225-7288 | 1022 W Morena Blvd Suite H San Diego CA 92110 | [Fab Lab San Diego] |
| Fab Lab Baltimore at CCBC (FabLab Baltimore) (CCBC Fab Lab) | USA | Baltimore, Maryland | fablabbaltimore@gmail.com, +1 443-840-4465 | 800 South Rolling Road Catonsville MD 21228 | [Fab Lab Baltimore] |
| Fab Lab Houston | USA | Houston, Texas | brichardson@bakerripley.org, +1 346-570-4446 | 3000 Aldine Mail Route Road, Building B, Houston, Texas, 77039, United States of America | [Fab Lab Houston] |
| Fab Lab at WorkChops (WorkChops Fab Lab) (FabLab WorkChops) | USA | Media, Pennsylvania | info@workchops.org, +1 610-565-3677 | 9 State Rd Media PA 19063 | [Fab Lab at WorkChops] |
| Incite Focus (Incite Focus Fab Lab) (FabLab Incite Focus) | USA | Detroit, Michigan | info@incite-focus.org, +1 313-444-4836 | 5555 Conner St Detroit MI 48213 | [Incite Focus] |
| The Gregory School Fab Lab (Gregory School Fab Lab) (FabLab Gregory School) | USA | Tucson, Arizona | fablab@gregoryschool.org, +1 520-327-6395 | 3231 N Craycroft Rd Tucson AZ 85712 | [The Gregory School Fab Lab] |
Source: Conversation with Bing, 8/16/2023
(1) undefined. Fab Lab Berlin | Berlin.
(2) undefined. https://twitter.com/FabLabBLN/.
(3) Fab Lab Berlin | FabLabs. Fab Lab Berlin | FabLabs.
(4) undefined. Protolabs Network | On-demand manufacturing for custom parts.
(5) undefined. Login to Meetup | Meetup.
(6) undefined. http://www.fablab.berlin.
(7) How MIT’s fab labs scaled around the world. How MIT’s fab labs scaled around the world | MIT News | Massachusetts Institute of Technology.
(8) Home | Fab Lab Website. https://www.fab-labs.ca/.
(9) Fab Lab Network. Fab Lab Network.
I will not maintain those lists! Just showing that they are accessible and fablabs/makerspace should be visited more often. If unaware of coreboot (possible but improbable) they should be trained once to it and then knowledge will trickle down and propagate as it should.
I have to say that i’m in love with Bing (web search) on top of GPT4 in creative mode. There is no reason to not have a qube connected to a vpn (bing doesn’t love tor without bridge relay, otherwise connectivity issues/captcha) and use this service as long as it is detached from your own real identity and would not go back without that kind of a co-pilot on my work/coding related tasks for research. This post is not about bing. So please do not continue in that direction here. But that service is unbelievably useful to get around problems without known solutions and use creative ways to solve them.
Anyone can report local coreboot flashing services they encountered in their searches?