Damn, so in practice what sort of exploits could these older hardware withotu the microcode updates be exposed to?
I thought that newer hardware introduced more problems than it solves.
In your opinion what is the best ready to buy laptop that is as cheap as possible? (like I say I only need to edit text files, accounting, spreadsheets, documents and so on) so these fancy 1500$+ are so overkill but if I buy some used thinkpad now im risking that too so im not sure.
Yeah, did you see this bit here that said:
Do not buy CH341A!
NOR flashes on libreboot systems run on 3.3V DC or 1.8V DC, and this includes data lines. CH341A can have 5V logic levels on data lines, which can damage your SPI flash and also the southbridge that it’s connected to, plus anything else that it’s connected to.
These ch341a programmers are unfortunately very popular. DO NOT use it unless you have fixed the issue. You CAN fix it so that the data lines are 3.3v, if you follow the notes here:
CH341A Serial Memory Programmer Power Supply Fix - Page 1
In practice, most people will not fix their ch341a and instead just risk it, so no documentation will be provided for ch341a on this website. It is best to discourage use of that device.
Not covered on that eevblog page: the WP/HOLD pins (pins 3 and 7) must be held high via pull-up resistors, but on CH341A dongles, they are directly connected to 3.3V DC (continuity with pin 8). It is advisable to cut these two connections, to the WP and HOLD pins, and jump the cuts using pull-up resistors instead. A value between 1k to 10k (ohms) should be fine.
In the event of a surge, like for example you connect the clip wrongly and cause a short circuit between two pins, lack of pull-up resistors on WP/HOLD could cause a direct short between VCC/ground, which would cause a lot of heat build up and possibly fire (and definitely damaged circuitry). On SOIC8, pin 3 is WP and 4 is GND, so a direct 3.3v connection there is quite hazardous for that reason; all the more reason to use a pull-up resistor.
The motherboard that you want to flash (if using e.g. pomona clip) will probably have pull-up resistors on it already for WP/HOLD, so simply cutting WP/HOLD on the CH341A would also be acceptable. The pull-up resistors that you place (in such a mod) on the CH341A are only useful if you also want to flash chips in the ZIF socket. If pull-up resistors exist both on e.g. the laptop motherboard and on the CH341A, it just means the equivalent series resistance will be of the two resistors (on each line) in parallel. If we assume that a laptop is likely to have a resistor size of ~3.3k for pull-ups, then a value of ~5.6k ohms on the CH341A side seems reasonable.
Alternatively, you might work around the voltage issue by using an adapter with logic-level converter, making sure to have matching vcc going into the flash. Use of a logic level converter would be quite flexible, in this scenario, and you could use it to set many voltages such as 1.8v or 3.3v.
In case it’s not clear:
Please do not buy the ch341a! It is incorrectly engineered for the purpose of ROM flashing on systems with 3.3v SPI (which is most coreboot systems). DO NOT USE IT! This issue still isn’t fixed by the manufacturer, and it doesn’t look like they will ever fix it.
If you see someone talking about CH341A, please direct them to this page and tell them why the CH341A is bad.
Libreboot – Read/write 25XX NOR flash via SPI protocol
Maybe with raspberry pi it would have worked. You will try again?
About ivy1 method, then this method does not require hardware modification and is just running some commands?
What is the difference between this and the more complex method that involves flashing the SPIs??
I read a lot about the whole CH341A scare but didn’t really care. Some people say it’s dangerous, some say it doesn’t really even matter.
After I bricked my X230, I got lucky & bought a maxed out Nitropad X230 for $200 w/ HEADS, so I have no reason to try flashing anything again.
In terms of the differences between 1vyrain & flashing the SPI chips:
Wow how did you find it for such good price also how do you verify everything is legit? I still dont get the difference between Coreboot Heads, Coreboot Skulls… etc etc in a way that is easy to understand.
You can always get lucky if you spend some time just checking marketplaces everyday. I also managed to buy a brand new System76 Darter Pro 8 for 400$ cause I was always on the lookout for System76 laptops.
For everything that was said against ChatGPT in this thread, it should at least be able to give you a better understanding on the differences between heads vs. skulls etc in simpler terms.