Same story here… from the countless hours I’ve spent reading and looking… it’s indeed either something missing from the video, something missing from the tutorial, etc etc. And I too wonder how those people figure it out. 
But probably like @Zrubi said it’s because they buy a dirt cheap machine, break it and then learn how to fix it. Maybe that’s the only way?
1 Like
Yeah when I was looking for instance to dissasemble my laptop to clean and change thermal paste I needed like 5 different videos until I found one where the dude actually recorded how to remove a cable because the pins are tiny and you don’t see what’s going on.
2 Likes
Ha ha … I’ve read this one too… and I’m like ohhh where are the pictures??? Then a next guide with pictures … where are the commands??? Probably if you study them all you’ll be able to compile a full guide off all the info combined.
1 Like
Well, then… there’s your solution in an imperfect world 
Together with mixing and matching these guides you’ll probably get there.
1 Like
Yeah but im not sure if that applies in both x230 and x220. If it is possible to unbrick them in case it happens, then I may give it a go, but I would need to confirm that these guided are still relevant, cause some are very old.
1 Like
Something about this. I just saw this comment:
Yes, command would be:
flashrom -p linux_spi:dev=/dev/spidev0.0,spispeed=512 -r imagename0
-r is read, -w is write. IIRC you also need to enable the spi protocol in the rpi’s menu.
Read it three times (doing imagename0, imagename1, etc), then run
sha256sum imagename*
And it’ll generate hashes of the three images. If these are identical, you have a suitable connection and your image is good. If not, delete them, reattatch your SPI flasher and try again.
Back the good images up wherever you think it is fitting and it won’t get lost. I have a library of all of the BIOSs I have overwritten backed up to multiple locations. You will also need the stock bios to rip bits out for coreboot to build with.
Oh yeah, and you can power the EEPROM from your programmer’s power, or from the mainboard’s power supply, but not both.
https://www.reddit.com/r/thinkpad/comments/s80wso/comment/htdgtol/
Isn’t this what im talking about? You are getting the image, then you get the sha256 checksum and google it, if it shows up in trusted sources as an actual coreboot release, then that should be it? And you are saving all the extra time and risks involving the actual flashing, since you are just reading there.
1 Like
Ivyrain can not be upgraded to use Heads.
If one does the hardware flash, take the computer apart, put the clip on the chips. Then one can by keyboard upgrade to Heads.
Heads is the part where you would use a Librem Key , or a Nitro Key and verify some of the parts of whether the computer has been tampered with.
One might wander through salvation army stores, good will stores, and find an X-230, which might be damaged. and a useless battery.
While no one else has mentioned this. Might be a good idea not to attempt to hardware flash with fluorescent lights around, they throw electromagnetics
Be nice if someone can talk about how long it takes for the parts of the hardware flash coreboot to run.
Realize all this advice comes from an individual who bricked an X-230. I have a second X-230, which I did not tamper with doing anything. and it died, I think of being overheated. I was not tempted to again put 1vyrain on it, because that might be part of the process of bricking the first one.
If someone in the US did Coreboots for a price, I might be encouraged to somehow get a laptop to send them for, what, $125.00 or so. .
Shipping to and from Europe, with the current Tariff issues.
If I had the money I might buy from Nitro Key.
then again, I really want more RAM than the 16 GB of an X-230.
BTW: No one has mentioned that Intel no longer provides microcode security updates for X-230. and other computers. The same with my T-480 (Intel 8th generation processor) no longer gets Intel Microcode Security Updates.
Edit: If you missed it. What 1vyain allows you to do.
The X-230 has a “white list” – Hardware items that must be present, or the Lenovo X-230 will not boot up. Things like must have a Lenovo Battery. The correct WiFi Chip. The correct IBM keyboard. There are better versions of these items.
1vyrain allows one to use substitute parts. Although someone who has experience says the actual Lenovo batteries are better. There is a faster WiFi chip. A better keyboard.
1vyrain also makes it so the Intel Management Engine does not run.
Downside: I have been told that, even though I replaced the BIOS firmware with original. That I should not have attempted doing the hardware Flash. There are several different BIOS chips which might be inside the X-230. I could not read the number on top of the Chip, and my attempt to restore BIOS after bricking, was not successful.
I see some posts who offer some advice. One fellow says there is one particular BIOS which can be installed on any Lenovo X-230, and it would work. (Back to hardware Flash of Core Boot.) Another said that one of the things which can happen, is that there is a resistor, which can get destroyed -accidentally- putting the clip onto the Chips. One of them that is. There are two to do hardware Flash on.
Thought I would save you some research time.
2 Likes
CBMEM is a requirement for Coreboot initialization:
At the very least, it determines whether Coreboot is functional or not. To verify if your Coreboot installation is legitimate, you can compare it against a cryptographic value, usually specific to each motherboard and vendor.
1 Like
Yes, but you still need the EPROM reader/writer device, and you still need to connect it to the chip itself… which is risky enough. Especially if you do it for the first time.
So I’m not sure what time you saved, and the risk part is also questionable to me… As if you have the proper equipment, and able to do the reading properly, you are only 1 small step away from the writing 
1 Like
I have tried twice to flash coreboot with the hardware method and failed both times. Once with the CH type programmer, they are really cheap POS and very hard to get a good connection and over time the plastic shaves off and gets to the point that a connection is impossible. I’ve also tried the wson probe method but couldn’t get a reliable connection. Both times I was able to pull info off the chip but it never matched on subsequent attempts (indicative of a poor connection)
If I had a local place that offered the service I’d probably do that.
My next laptop will probably be a novacustom with coreboot even though I dislike buying expensive brand new laptops.
1 Like
Just a quick sidenote for anyone that wants to disable Intel ME with 1vyrain: it’ll only work through the advanced BIOS options. If you try to flash anything else (e.g skulls), Intel ME will stay enabled.
1 Like
I managed to flash a T440p successfully with a CH type programmer. My next 2 attempts on other thinkpads ended with bricked motherboards. IMO always safer to buy an entirely new set each time you wanna flash
1 Like
Yeah I think this is above my paygrade and I don’t want to risk bricking a nice Thinkpad. I think I may contact a service. Does anyone know trusted fellas within europe that will install coreboot on these machines? I may have to go this route. Like I said, it is too complex, there’s too many guides, some may contain outdated or wrong information. You do one thing wrong and you are cooked. I think I may just hire a professional. Someone with a established reputation I doubt they are going around installing dodgy crap because someone smart would find it, report it and ruin them forever, so I think it’s reasonable to hire someone to get this done, so if someone knows please let me know.
There’s also the option of buying one of these very expensive laptops but it’s overkill since I don’t need that much power. I don’t get why these brands don’t build some sturdy laptop with an older CPU and a competitive price for people that do not need a ton of horsepower. I just want to do business and have my passwords and documentation protected from some spyware-chip on the CPU, is it too much to ask?
1 Like
It depends on your threat model.
Which thinkpads did you use? also what guide did you find?
I forgot to add this tutorial which is one of the most recents i could find
1 Like
The problem is that I cannot necessarily recommend anyone else to install Coreboot for you, since they are always in a position to install far more, which means you are always taking a risk. If you are fine accepting risks, including the possibility of total compromise, then I can provide suggestions despite it.
I would do it myself if I knew how to. So I either learn how to do it, stay with a BIOS that has ME, or hire someone trusted to do it, and then try to verify everything is ok, which should be easier than doing it all myself from scratch. What other options are there?
1 Like
This is interesting. So what happens if you are not running microcode updates?
This code is closed source? In which case what’s the point? we don’t know if they are updating a bug or adding additional spyware features, so you might as well deal with it and stick with Coreboot which at least you can know what’s going on.
1 Like
That sums it up.
Intel 7th generation and below are vulnerable to QSB-107, with a few exceptions for Intel 8th generation listed in the GitHub pull request. Depending on your threat model, you may need to decide whether it is acceptable to be vulnerable to QSB-107 or not against your adversaries.
3 Likes
The first thinkpad I corebooted (skulls) was a Thinkpad T440p. I just read a lot about it on forums & watched tons of tutorials. You’ll start to understand that it really isn’t anything that difficult & it’s mostly the same process between most thinkpads.
The other thinkpad I bricked was an X230 but I’m 99% sure my CH341a was to blame(especially after using it with my T440p).
All in all, the hardest part with flashing my T440p was just the disassembly. With an X230, you can easily access the chips instead of having to completely remove the motherboard.
If the only thing you want is really to disable Intel ME, then you should use 1vyrain to get the advanced BIOS which then allows you to disable it. Best tutorial I found is this one: How to use IVPREP and 1VYRAIN and Disable Intel ME on a Lenovo x230
2 Likes