I have the opportunity to buy a second hand lenovo w540 with the following specs :
I think it is a 2013 model.
I already test it with Qubes without any problem.
Do you think 540 EUR (654 USD) is reasonnable price ?
Do you really need a laptop? You must be one of those vaccinated road warriors… A desktop that you can have easy access and cheap parts would be a better decision. So Mr. Bond 007 you have a license to buy! The price is not to bad if the battery is in good condition.
Yes Dr. No I use my laptop at home and at work. I’m considering a desktop for later. Anyway thanks for your opinion.
Hi @spergynerd. Curious to know if you did get the W540. I have a similar spec as you listed, and I have enjoyed Qubes on this machine. Just wanted to see if there are more W540 users out there.
Hi @sinartus,
Yes i bought it and i changed the SSD and increased the RAM.
I have never had any problem under qubes os.
I am now considering using it as an air gap.
Otherwise, I got some very cheap x230s and I’m going to use them to do some tests with coreboot, heads, skull…
Excellent! It’s good to know there is another W540 user here. Since you are discussing coreboot, do you know whether the W540 has Intel Boot Guard? It would be fantastic if the W540 could be running Qubes + Coreboot.
I read that some people said they installed a coreboot image for a w541 and it seemed to work on the w540, but for now I prefer to practice on x230s.
Some links:
https://www.reddit.com/r/coreboot/comments/10qdpa1/lenovo_thinkpad_w540w541_getting_the_nvidia/
https://www.reddit.com/r/coreboot/comments/ir6d3x/coreboot_booting_on_the_w541/
https://github.com/Amersel/coreboot/tree/lenovo_w541-4.12
@Insurgo any pointers for more info on the w540?
With you my friend.
Intriguing on many levels. Were the 540 EUR (654 USD) not a barrier I would have grabbed it without hesitation.
If/when you have the time please tell us more about your qubes experience(s). I see w530 in Heads heads/boards at master · linuxboot/heads · GitHub but really wonder about those w540. Any info anyone would be willing to share (good/bad/indifferent) would be welcome.
@sinartus do you have any experience the w540 and coreboot? Success/fail are of equal value in my opinion. Really curious is all. What have you tried? Sorry if this seems intrusive. It was not meant to be.
Hi, @MoreConfused. Your question is not intrusive at all. We are all here learning from each other.
No, I haven’t tried flashing coreboot on the W540 yet. I am still reading the links that @spergynerd posted to my question. I have in the past flashed coreboot on both X230 and T430; however, those were using the Skulls package prepared by Martin Kepplinger, a lifeline for newbies like me.
When I have the time and courage, I will try to compile the coreboot images and try it on the W540. Just a note, though, when I reached out to Martin asking whether he would include W540 on the Skulls package, he answered that it might not be possible. Maybe someone with far more experience than me, such as @Insurgo, could chime in on this possibility.
Hey there!
I personally didn’t test 1vyrain myself even yet, while understanding its internal functionality and advantages. Unfortunately, 1vyrain path to Heads is not recommended but for Heads legacy supported platforms. The idea of 1vyrain is to chainload exploits (vulns) permitting to bypass security measures in place to flash a 4mb firmware inside of SPI flash memory. This is a workable solution to flash skulls, fitting that requirement, or the x230-flash/t430-flash (to be renamed legacy boards soon) since only those firmware images are meant to be self-sufficient (boot) into an internal flashing environment. t430-flash/x230-flash roms then permit to flash internally x230/t430 or x230-hotp-verification/t430-hotp-verification roms, which won’t touch neither the Intel Firmware Descriptor (IFD) which is still locked (cannot be written to internally) nor Intel ME region. As a consequence, those “legacy” boards are considered “doomed” in the long term, since 8mb of BIOS region, as defined under the IFD is pretty limited for Heads. This is why Heads pushes users to go a bit adventurous and externally flash platforms once with maximized ROM images, splitted into 4mb(top) and 8mb(bottom) from a completely valid 12mb image (xx30 platforms) to take advantage of neutered ME space and then upgrade internally.
In a nutshell: 1vyrain doesn’t unlock the IFD (it can’t) nor it neuters ME (it can’t. 1vyrain can disable it, but that won’t survive flashing something else), since it can only flash 4mb firmware images, where x230-flash/t430-flash images can then call flashrom --ifd -i bios, flashing only the BIOS region of the firmware(8mb) that is flashable without externally flashing the platform once. Maximized boards, being flashed externally once, contains a modified and unlocked IFD and a neutered unlocked ME region; instead of having only 8mb of BIOS region in IFD, it is extended to nearly the total size of the combined SPI space available (~12mb). Once running a maximized build, once can then upgrade internally through downloaded/compiled rom images
If the W540 is supported by coreboot (I missed that), then it should be documented under Platform blobs, collaborators/maintainers/testers for faster problems resolution · Issue #692 · linuxboot/heads · GitHub to be comparable to other boards, have a dedicated tester willing to externally flash (I do not own the platform).
Otherwise, i’m sorry about the confusion. I won’t port w540 to 1vyrain (not my project) while I can mentor porting under Heads in collaboration with a board owner that is willing to test things until the board is supported. One board inclusion ongoing for Heads is for the t440p, which is a really verbal port with a lot of technical details having been shared by the collaborator and what is desired to result into a successful inclusion and maintainership/testing under Heads.
A sad counterpart story for Heads is the t520 board. As one can see under collaboration/testing link: nobody has claimed recent ownership of such board and willing to test pull request (coreboot version change/kernel change that might impact booting of the platform with test images.
So questions:
If you are such willing contributor, you can open an issue under Heads!
Otherwise, I would suggest also creating an issue under skulls/libreboot for that platform (those projects are aimed at packing coreboot+seabios, resulting in small coreboot images).
If 4mb coreboot images are created by those projects, then you would be able to use 1vyrain (once supported) to use 1vyrain directly (with ME disabled) or use 1vyrain to test coreboot+seabios as an alternative to proprietary hardware through skulls/libreboot.
Fact checks:
Consequently, the first step would be seeing where that w540/w541 being supported by coreboot statement comes from 
and how much people are interested into w541 (maybe @spergynerd you might consider renaming this to w541?)
Anyway!
Yes, it seems w541 works well with coreboot as that thread points out. If I’m not mistaken, that might be the best thinkpad right now that boots with coreboot.
(There is Libreboot as well, but first that project should not use this name while using binary blobs and second there were reports with issues on w541).