How can I update Skulls from Qubes?

I want to ask Qubes and Skulls users. How do you update Skulls from Qubes?

How can I boot Linux with the iomem=relaxed boot parameter?
I really don’t understand what “iomem=relaxed` boot parameter” is.

Fundamentally, is it ok to update Skulls from Qubes? Should I update from linux live USB?

I want to ask Qubes and Skulls users. How do you update Skulls from Qubes?

Install flashrom and use it in dom0.

How can I boot Linux with the iomem=relaxed boot parameter?
I really don’t understand what “iomem=relaxed` boot parameter” is.

It means that the dom0 kernel allows updating your BIOS regions.

Fundamentally, is it ok to update Skulls from Qubes? Should I update from linux live USB?

No difference between those two imho. You need to trust flashrom and your BIOS image in both cases.

スクリーンショット_2024-03-30_14-17-27825×683 70.6 KB

スクリーンショット_2024-03-30_14-18-37825×635 62.7 KB

I failed. Do you think I made mistake?

@kzlz I cant see those images.
Please read the guidelines on using images in the forum, and post a summary.

Dont edit your post - email users dont see those edits.

[root@dom0 skulls-1.1.0]# ./skulls.sh -b x230

1. ./x230_coreboot_seabios_04d6eb1eae_top.rom
2. ./x230_coreboot_seabios_free_04d6eb1eae_top.rom
3. Quit
   file not specified. Please select a file to flash. Please read the README for details about the differences: 2
   x230_coreboot_seabios_free_04d6eb1eae_top.rom: 完了
   input: x230_coreboot_seabios_free_04d6eb1eae_top.rom
   output: output/x230_coreboot_seabios_free_04d6eb1eae_top_prepared_12mb.rom
   Warning: Make sure not to power off your computer or interrupt this process in any way!
   Interrupting this process may result in irreparable damage to your computer!
   Flash the BIOS now? y/N: y
   flashrom v1.3.0 on Linux 6.1.75-1.qubes.fc37.x86_64 (x86_64)
   flashrom is free software, get the source code at https://flashrom.org

Using clock_gettime for delay loops (clk_id: 1, resolution: 1ns).
Using region: “bios”.
Found chipset “Intel QM77”.
Enabling flash write… Error accessing ICH RCRB, 0x4000 bytes at 0x00000000fed1c000
/dev/mem mmap failed: Operation not permitted
FAILED!
FATAL ERROR!
Error: Programmer initialization failed.
[root@dom0 skulls-1.1.0]#

GNU nano 6.4 /etc/default/grub
GRUB_TIMEOUT=5
GRUB_DISTRIBUTOR=“$(sed ‘s, release .*$,g’ /etc/system-release)”
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=false
GRUB_TERMINAL_OUTPUT=“console”
GRUB_CMDLINE_LINUX=“rd.luks.uuid=luks-ab45b849-dbb5-4390-94e7-6cdb203650fa rd.l>
GRUB_DISABLE_RECOVERY=“true”
GRUB_THEME=”/boot/grub2/themes/qubes/theme.txt"
GRUB_CMDLINE_XEN_DEFAULT=“console=none dom0_mem=min:1024M dom0_mem=max:4096M uc>
GRUB_DISABLE_OS_PROBER=“true”
GRUB_CMDLINE_LINUX=”$GRUB_CMDLINE_LINUX rd.qubes.hide_all_usb"
GRUB_CMDLINE_LINUX_DEFAULT=“iomem=relaxed”
#GRUB_GFXMODE=1366x768x32

Did i make mistake?

Check /proc/cmdline to see if iomem=relaxed was really applied during boot. If it’s missing in there, you probably forgot to regenerate grub.cfg after editing /etc/default/grub - which can be done (assuming R4.2+) using:

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

Thank you. i successed by spell you tought.

sudo grub2-mkconfig -o /boot/grub2/grub.cfg
What was this command to do?

Also, is it better to restore the settings that have been changed to update?

It applied the settings in /etc/default/grub to the file that’s actually used by the bootloader. If you look inside of the generated /boot/grub2/grub.cfg, you can see how parameters like iomem=relaxed became part of it.

Yeah it’s probably safest to remove that setting (or comment out the line by prefixing it with a # sign) in /etc/default/grub when you’re done updating Skulls, and then regenerate grub.cfg again.

BTW when you’re in the GRUB bootloader menu, you can also press e and type in the kernel parameter directly (in the module2 /vmlinuz... line) to boot with it just once.