monovergent

Building Coreboot

• Significantly easier and lower risk than I expected. A lot is already taken care of once the mainboard is selected. There are many safety and sanity checks in the build process.
• Make sure to select "General Setup">"Option backend to use">"Use CMOS for configuration values" so that nvramcui and nvramtool works.
• Even if flashing only the top chip, build for the entire 12 MB ROM. Otherwise, the machine won't have the correct offset for the MRC cache and will cold boot when it should be resuming from suspend.

Installing Coreboot

• I am not yet confident enough to use an external programmer with my 3612QE board, so I opted for the 1vyrain route.
• Extracted the top 4MB of coreboot.rom using dd and once booted in the 1vyrain installer, overwrote /root/bios/X230.rom (double-check this for yourself, just going off my memory here) and let it flash the chip. This workaround to avoid having to upload my bios somewhere and connect 1vyrain to the internet.
• After that, the bios region of the chip is unlocked. To update the bios with a new build, run sudo flashrom -p internal -i bios --ifd -w build/coreboot.rom --noverify-all
• In the event of GRUB misconfiguration, run set prefix=(memdisk)/boot/grub, ls your way to your grub.cfg (the one in the boot partition, not the one in EFI) and get back into Linux with configfile (disk,part)/path/to/your/grub.cfg

Observations

• Boot times are fast, only 2.5 seconds to the LUKS password prompt
• All components are recognized and seem to work as usual.
• Battery life is good. About 1 W increase in idle power consumption over the regular BIOS.
• The wifi card changed from wlp3s0 to wlp2s0
• The 3612QE CPU, QM77 chipset, and Coreboot all have documented ECC support. Regardless, the machine still does not boot if ECC RAM is installed. Bear in mind that I only had one such stick of RAM (SK Hynix EP3L-12800S 8GB) to test.
• The 3612QE board now charges with a stock 65W charger.
• I am using the ME Disable option in nvramtool for now. Eventual goal is to use me_cleaner.

Quirks

• The power button LED occasionally does not light when booted. No obvious cause yet and no adverse effects associated with it.
• Rarely and without obvious cause, the reported battery percentage suddenly drops to 0. Immediately upon plugging in the charger, the correct percentage comes back.
• This may or may not have to do with the installed 9-cell Kingsener battery. My other corebooted X230 with an i5-3320M and DTK 6-cell has been used equally as much without ever encountering this issue.
• EDIT: the issue is indeed related to the Kingsener battery. The battery also jumps back to a normal percentage within a few seconds even if I don't plug in a charger. No work lost due to the issue yet.

My laptop has a display resolution of 1366x768. Every now and then, I'll encounter a window whose default height is over 768 and thus won't fit entirely within my screen. The GTK file picker comes to mind, though it is resizable without much fuss. But then there are those that cannot be resized and being unable to move the titlebar further up, I am forced to use Alt+F7 to see what's at the bottom.

I suspect that many programs today are designed to work comfortably on higher resolution displays, but not really tested on smaller ones. Understandably, developers only have so much time and 1366x768 is getting long in the tooth. Just wanted to put this out there since nobody seems to be talking about it.

Decided to uninstall my display manager and use startx instead. But now when I resume from suspend, the brightness keys cease to work until I log out and back in. Backlight does still respond when echoing into /sys/class/backlight/intel_backlight/brightness. But what kind of magic does a display manager do to keep brightness controls working after suspend and resume?

Using xfce on tty1 on an X230 if it matters.

UPDATE: After flashing coreboot with the option to "Enable ECC if supported", ECC RAM still does not work. The screen and lights come on and the speakers emit a continuous high tone. The memory tested was an 8GB stick of 2Rx8 EP3L-12800E from SK Hynix. It is unbuffered ECC to the best of my knowledge. I'll write up my thoughts on corebooting this particular board when I have used it for some more time.

After learning that the 3612QE itself supports ECC RAM in contrast to the stock CPU options and that the QM77 chipset also does, I purchased a DDR3 SODIMM with unbuffered ECC. I have not been aware of any other attempts to test this combination.

The machine did not POST and did not produce any beep codes. Absolutely no response to any input aside from shutting down when briefly holding the power button. Everything returned to normal upon putting the original RAM back.

I suspect the BIOS lacks support, but whether this changes with coreboot remains unknown to me, at least until I learn how to prepare and flash coreboot.

This is purely an exercise in curiosity.

In an effort to keep my X230 snappy for a few more years until I find/make a newer laptop to my liking, I finally caved in and bought an i7-3612QE board. Posting some observations and thoughts based on the questions I had prior to buying. Previous CPU was the i5-3320M.

Setup

• Debian 12
• XFCE
• 16GB DDR3L
• Two SSDs
• Hyper-threading disabled
• 1vyrain BIOS with classic keyboard EC patch

Performance

• Not literally twice as fast, but the improvement is quite noticeable
• CPU no longer seems to struggle while loading Javascript-laden websites
• Rarely hits 100% CPU usage, even on Youtube (sadly bloated enough to be a sort of benchmark)
• Single-core tasks are only slightly better than before

Thermals

• High 40s at idle to mid 60s when busy
• Feels cooler compared to previous CPU, which I assume is due to the CPU usage being lower across all tasks.
• Did not upgrade to the AVC cooler. Toshiba cooler works well and is quiet as ever.

Battery

• About 4.5 hours of office tasks and light browsing from full to empty with an aftermarket 55 Wh 6-cell at 98% health
• Wattage in the mid 9's at idle with brightness at a comfortable level for a well-lit room. Increase from low 8's with the i5-3320M.
• When doing actual work, wattage hovers from 11 to 15 watts
• 16 to 18 watts watching Youtube videos
• SLT1 IPS display does consume ~1 W more than TN. I installed tlp but left it on default settings.
• 65W Lenovo charger only works when in sleep mode or shut down. In normal use, however, it will not draw the full 65 W. A 90 W charger or a 65 W GaN charger that the X230 believes is 90 W will both work (my 65 W GaN charger worked well and did not overheat, YMMV)

Other

• Make sure to enlarge the cutout on the black sticker on the underside of the cooler since the 3612QE die is larger
• EC flashing will require a 90 W charger or a 65 W GaN that the X230 believes is 90 W.
• Factory CPUs have BGA package underfill. I have not checked for myself, but it is likely that the upgraded CPU does not have underfill. This should not affect day-to-day use, but the lack of underfill will make the BGA solder joints more susceptible to fall and vibrational damage. Liquid may get trapped underneath in the event of a spill.

Value

• With shipping and taxes, the upgrade costs about 200 USD and takes 2 hours. The total cost-to-date on my X230 built from parts is around 500 USD.
• Do not think of this upgrade in terms of how much performance you get for the price. Think of it like upgrading and daily-driving a classic car. If it brings you joy to daily drive an X230 as it does for me, then it may be worth it.

I like my Linux installs heavily customized and security hardened, to the extent that copying over /home won't cut it, but not so much that it breaks when updating Debian. Whenever someone mentions reinstalling Linux, I am instinctively nervous thinking about the work it would take for me to get from a vanilla install to my current configuration.

It started a couple of years ago, when dreading the work of configuring Debian to my taste on a new laptop, I decided to instead just shrink my existing install to match the new laptop's drive and dd it over. I later made a VM from my install, stripped out personal files and obvious junk, and condensed it to a 30 GB raw disk image, which I then deployed on the rest of my machines.

That was still a bit too janky, so once my configuration and installed packages stabilized, I bit the bullet, spun up a new VM, and painstakingly replicated my configuration from a fresh copy of Debian. I finished with a 24 GB raw disk image, which I can now deploy as a "fresh" yet pre-configured install, whether to prepare new machines, make new VMs, fix broken installs, or just because I want to.

All that needs to be done after dd'ing the image to a new disk is:

• Some machines: boot grubx64.efi/shimx64.efi from Ventoy and "bless" the new install with grub-install and update-grub
• Reencrypt LUKS root partition with new password
• Configure user and GRUB passwords
• Set hostname
• Install updates and drivers as needed
• Configure for high DPI if needed

I'm interested to hear if any of you have a similar workflow or any feedback on mine.

Anyone here use an X230 with the quad-core mod? I'm looking into it and was wondering about the reliability and battery life compared to the stock i5-3320M.

Been using searx.be for a bit now and they had many results in Dutch and German, which can be expected for a site based in Belgium. But does anyone notice an influx of results in Russian? Did they change the server location or are users in Russia catching on to it? Yandex isn't toggled on in the settings either.

Not trying to judge security by language. I just kinda liked having results in a mix of languages I could read.

Banking apps seem to be a motif among things that don't play well with privacy ROMs. My bank's website does everything I could want out of it. I think I might be ignorant to something.

• What about banking apps is especially compelling?
• How often do banks put must-have features behind an app?
• And should I be concerned that banks might move away from offering services through browsers?

I'm about to degoogle my stock Android phone. For the past few years, I've used it to handle the non-open source apps that I don't want running on my main phone. As I've finally weaned off GApps, I realize that I might as well go degoogle the rom as well.

edit: to be clear, I'll be using sandboxed Play services on GOS

But since that phone is my compatibility guinea pig, is it likely I'll still run into an app that demands unmodded Android with no alternatives? In your experience, has any bank or other service required the app on regular Android, with no alternative for the desktop, browser, etc?

As I understand it, X11 has many inherent security concerns, including programs being able to read the contents of other windows and intercept keystrokes. Wayland addresses these concerns but at the moment breaks certain functions like screen readers, cursor warping, and the ability of a program to resize its own window.

I am curious as to how the display protocols of MacOS and Windows handle these situations differently. How does a program in those operating systems gain permission to read the contents of other windows, if at all? What is to be done in Wayland for these functions to be more seamless or are there inherent obstacles?

Bought a Pixel 4a second hand since it's the last Pixel with a headphone jack that isn't too big for me, and I'm hoping to keep it as long as I can.

Unfortunately, it's about time for me to replace the battery. I tend not to treat my battery too well (can't be bothered to keep it between 20% and 80%, but it's supposed to be consumable, right?) and I'm not sure if replacement batteries will hold up as well over the years. So I'm wondering if it's fine to just replace the battery and pop the whole thing back into my case without gluing the screen, so future repairs are a bit easier and won't involve the risk of breaking the screen while prying it off.

For reference, I'm using one of those cases with an interlocking front and back, so it ought to hold itself together and not fly apart if I drop it. (edit) I guess what I'm looking for is experience as to whether the newly introduced slack between the glass and body tends to make make the screen more fragile or put undue strain on flex cables.