Please explain difference on x200, x220, x230

6 respostas [Última entrada]
riveri
Desconectado
Joined: 07/27/2021

I have found a x220 in good standings. i5-2520M, 8GB ram. Could I install 16GB max in this one with Coreboot? I've read it depends on firmware, it may or not read the max 16GB ram.

I would like to know the difference between x200, x220, x230, when it comes to privacy.

I think I know that x200 has Libreboot available, and requires hardware modification. It also allows Coreboot, not sure if also requires hardware modification.

x220, and x230, do not have Libreboot, but it has Coreboot, which I think, should be good enough, as it disables the Intel spyware. I think this can be done with software scripts, or you need to also do it with hardware modifications?

So I have all this information, but I cannot decide what is best. I basically want a laptop for work, that will not leak my information with dodgy ME and so on. So Coreboot im assuming is good enough, even tho it leaves some blobs, but im assuming this is not the end of the world, and Coreboot should be a great update vs normal laptop which is what I use now for work and I want to get this feel that my business data is being stored, monitored, or something like that. Even if it may not be true, I just want this done for peace of mind. Please let me know what is the bes route.

Avron

I am a translator!

Desconectado
Joined: 08/18/2020

For x200, x220 and x230 with stock BIOS, you need to use an external flasher in order to replace the stock BIOS. Because I see that some people provide x230 with 16 GB, I guess the same may work on x220 but I don't know for sure.

Note that the project that now calls itself libreboot includes non-free microcode for the x200 and includes support for x220/x230 but with some non-free software. If you want something with 100% free software, you should choose gnuboot or canoeboot (I recommend gnuboot if it supports your device, otherwise canoeboot), that are supported by x200 but not x220 or x230.

On your considerations on privacy, I don't know. Coreboot and libreboot claim that the intel ME is entirely disabled on x220 or x230, but I don't think anyone can really be sure about this, and there could be other issues. That said, if you are now using a computer with proprietary BIOS, using an x220 with "libreboot" is somehow an improvement.

libreleah
Desconectado
Joined: 04/03/2017

X230/X230 are both fine machines. They use the Intel ME, but you can disable ME after early machine initialisation, by using me_cleaner. If you use Libreboot on those machines, the ME is automatically disabled at boot time in this way (me_cleaner is used by default).

X200 also has ME, but the firmware is fully removed from flash, putting the ME coprocessor into a permanent reset loop. On X220/X230 the ME's BUP firmware is still there (essentially the ME's own init firmware, analogous to coreboot).

All of the machines otherwise have fully free initialisation. I also generally recommend microcode updates, which come preinstalled by Libreboot, but you can use Canoeboot if you wish, which excludes them.

Canoeboot only supports the X200, from the list you provide. Libreboot supports all of them.

https://libreboot.org/

https://canoeboot.org/

Also: Libreboot and Canoeboot both recently had releases, adding U-Boot as a payload option on x86, and it can do UEFI (U-Boot has its own UEFI implementation). See: Libreboot 20241206 and Canoeboot 20241207 releases.

libreleah
Desconectado
Joined: 04/03/2017

By the way, if you want as few blobs as possible, and don't mind the me_cleaner'd ME image (BUP-only at bootup) as described above, a Haswell machine might suit you better. The ThinkPad T440p/W541 or Dell Optiplex 9020 MT/SFF with Libreboot are much more powerful than the X220/X230 machines.

Haswell has free raminit, just like X220/X230 (ivybridge). The only blob needed is the ME (me_cleaner can be used), and CPU microcode. For all intents and purposes, libre, by my definition, though the FSF is a bit more dogmatic than I am.

Note that upstream coreboot uses a *blob* for raminit on Haswell, called Intel MRC, but there are patches for coreboot that handle the RAM natively, with full source code, written by Angel Pons; Libreboot includes uses this code instead, avoiding the Intel MRC entirely.

I am the founder and lead developer of both Canoeboot and Libreboot. Feel free to ask me anything you want.

Regarding UEFI, see:

https://canoeboot.org/docs/uboot/uboot-x86.html

and the same page exists for Libreboot: https://libreboot.org/docs/uboot/uboot-x86.html

U-Boot is still experimental on most hardware, but if you did want to go for the X200 with U-Boot, please note that I've tested U-Boot on an X200 and it works *flawlessly* there. I was able to install and boot various distros and BSDs with it, entirely in UEFI mode.

Lenovo's X200 BIOS didn't support UEFI. Libreboot and Canoeboot add it! I also made several extensive modifications to the boot menu in U-Boot, to make it much easier to use. E.g. auto-countdown to boot your installed system, useful for a headless or unattended reboot.

The UEFI feature in U-Boot makes distros *much* easier to handle than on GRUB or SeaBIOS payloads. That said, I still use GRUB payload myself.

Canoeboot/Libreboot are both years ahead of GNU Boot on a technical level. For example they don't have U-Boot at all, on any hardware.

riveri
Desconectado
Joined: 07/27/2021

Hi, I work in finance, I am not familiar with Linux beyond basics from using Ubuntu. I don't understand some terms used here, like BUP-only. I know GRUB is the prompt thing at the beginning of Linux that shows the different partitions I think. UEFI is the fancier looking modern BIOS basically. U-boot from what im reading is an alternative to GRUB. Just trying to keep up with all of this.

I searched some other terms like raminit, and it showed something about a computer worm, but it's called ramnit, I realized it was looking for this other term because raminit barely had any entries beyond the Coreboot website.

As far as x200, im not able to find one in good condition, right now they all seem too old, but I found a nice x220, so I think im going to go with that. The other alternatives, looks like this Dell is a desktop and I need a laptop, the t440p is too big.

In terms of privacy, the x220 offers no advantage to the x230? I like the older Thinkpad keyboards. I know it could be modded, but the x220 hardware wise, if I could install 16GB of ram, should be enough for this.

So then Canoeboot is discarded and I have to choose between Libreboot and Coreboot. Im not sure about this in terms of differences. From what I've read, a lot of people seem to use Coreboot so im assuming it's reasonably safe. If people running BTC nodes and making transactions seem to be using Coreboot, then im assuming these blobs leftovers aren't a reasonable vector attack? Like in practice, what could go wrong because of these blobs? Would someone be able to steal your financial data by developing an attack that exploits these blobs? or there is a triple letter agency that could in theory spoof your data through them?

I've seen laptops like System76 or Purism being used, they come with pre-installed Coreboot. Others like their flashed Thinkpad. Im assuming it's the same software wise, but I just think Thinkpads are cooler and way cheaper, and hardware wise powerful enough. Another alternative would be the AMD G-series, but they are harder to find. And I guess you could always find a pre-2005 laptop, but that is probably too slow to use nowadays

And as far as flashing internal or external, it seems like it's better to do it external, but I have no idea what im doing so im going to really need to find tutorials and start from scratch.

Avron

I am a translator!

Desconectado
Joined: 08/18/2020

Coreboot is only a part of the BIOS replacement. On x200, it is possible to boot only with coreboot and some data, on x220/x230, it is necessary to add the non-free Intel ME but some people found out that on these machines, the ME in stock BIOS is made of several components and it is possible to boot with the ME stripped down to only one of these components, called BUP. Libreboot is just a coreboot distribution, which provides scripts to add this stripped ME (BUP only) to coreboot, so that these machines can boot. As I understand it, libreboot is a specific coreboot configuration with a number of patches (for improvements, but as any improvement, it may also bring bugs).

Newer machines that work with coreboot typically need more components of the ME to boot, most of them actually need the whole ME but set a flag that is supposed to disable remote monitoring via the ME. Between x220/x230 and what Purism/System76 sell, the blob needed for x220/x230 is much smaller, so it may be less risky.

About flashing: on x220/x230, it must be external, no choice. I have never tried external flashing, I personally would try find someone to do it for me. You could look around where you live, sometimes people offer this kind of service. Note that https://shop.vikings.net sells x230 flashed with coreboot and stripped ME and in good condition.

Zoma
Desconectado
Joined: 11/05/2024

X200 is the best FSF friendly one. X230 has the best battery life but it requires some blobs that are annoying in the libreboot bios or coreboot bios.

X thinkpads are cool. I use them quite often. I still currently use a thinkpad x230 I got online once.