Flash ROMs with a Raspberry Pi

Monday, 06 March 2017 - 10:18 AM - (Hardware)

Flash ROMs with a Raspberry Pi

Kyle Rankin Mon, 03/06/2017 - 04:18

I previously wrote a series of articles about my experience flashing a ThinkPad X60 laptop with Libreboot. After that, the Libreboot project expanded its hardware support to include the ThinkPad X200 series, so I decided to upgrade. The main challenge with switching over to the X200 was that unlike the X60, you can't perform the initial Libreboot flash with software. Instead, you actually need to disassemble the laptop to expose the BIOS chip, clip a special clip called a Pomona clip to it that's wired to some device that can flash chips, cross your fingers and flash.

I'm not generally a hardware hacker, so I didn't have any of the special-purpose hardware-flashing tools that you typically would use to do this right. I did, however, have a Raspberry Pi (well, many Raspberry Pis if I'm being honest), and it turns out that both it and the Beaglebone Black are platforms that have been used with flashrom successfully. So in this article, I describe the steps I performed to turn a regular Raspberry Pi running Raspbian into a BIOS-flashing machine.

The Hardware

To hardware-flash a BIOS chip, you need two main pieces of hardware: a Raspberry Pi and the appropriate Pomona clip for your chip. The Pomona clip actually clips over the top of your chip and has little teeth that make connections with each of the chip's pins. You then can wire up the other end of the clip to your hardware-flashing device, and it allows you to reprogram the chip without having to remove it. In my case, my BIOS chip had 16 pins (although some X200s use 8-pin BIOS chips), so I ordered a 16-pin Pomona clip on-line at almost the same price as a Raspberry Pi!

There is actually a really good guide on-line for flashing a number of different ThinkPads using a Raspberry Pi and the NOOBS distribution; see Resources if you want more details. Unfortunately, that guide didn't exist when I first wanted to do this, so instead I had to piece together what to do (specifically which GPIO pins to connect to which pins on the clip) by combining a general-purpose article on using flashrom on a Raspberry Pi with an article on flashing an X200 with a Beaglebone Black. So although the guide I link to at the end of this article goes into more depth and looks correct, I can't directly vouch for it since I haven't followed its steps. The steps I list here are what worked for me.

Pomona Clip Pinouts

The guide I link to in the Resources section has a great graphic that goes into detail about the various pinouts you may need to use for various chips. Not all pins on the clip actually need to be connected for the X200. In my case, the simplified form is shown in Table 1 for my 16-pin Pomona clip.

Table 1. Pomona Clip Pinouts

SPI Pin Name 3.3V CS# S0/SIO1 GND S1/SIO0 SCLK
Pomona Clip Pin # 2 7 8 10 15 16
Raspberry Pi GPIO Pin # 1 (17*) 24 21 25 19 23

So when I wired things up, I connected pin 2 of the Pomona clip to GPIO pin 17, but in other guides, they use GPIO pin 1 for 3.3V. I list both because pin 17 worked for me (and I imagine any 3.3V power source might work), but in case you want an alternative pin, there it is.

Build Flashrom

There are two main ways to build flashrom. If you intend to build and flash a Libreboot image from source, you can use the version of flashrom that comes with the Libreboot source. You also can just build flashrom directly from its git repository. Either way, you first will need to pull down all the build dependencies:

$ sudo apt-get install build-essential pciutils
 ↪usbutils libpci-dev libusb-dev libftdi1
 ↪libftdi-dev zlib1g-dev subversion

If you want to build flashrom directly from its source, do this:

$ svn co svn://flashrom.org/flashrom/trunk flashrom
$ cd flashrom
$ make

Otherwise, if you want to build from the flashrom source included with Libreboot, do this:

$ git clone http://libreboot.org/libreboot.git
$ cd libreboot
$ ./download flashrom
$ ./build module flashrom

In either circumstance, at the end of the process, you should have a flashrom binary compiled for the Raspberry Pi ready to use.

Enable SPI

The next step is to load two SPI modules so you can use the GPIO pins to flash. In my case, the Raspbian image I used did not default to enabling that device at boot, so I had to edit /boot/config.txt as root and make sure that the file contained dtparam=spi=on and then reboot.

Once I rebooted, I then could load the two spi modules:

$ sudo modprobe spi_bcm2708
$ sudo modprobe spidev

Now that the modules loaded successfully, I was ready to power down the Raspberry Pi and wire everything up.

Wire Everything Up

To wire everything up, I opened up my X200 (unplugged and with the battery removed, of course), found the BIOS chip (it is right under the front wrist rest) and attached the clip. If you attach the clip while the Raspberry Pi is still on, note that it will reboot. It's better to make all of the connections while everything is turned off. Once I was done, it looked like what you see in Figure 1.

Figure 1. Laptop Surgery

Then I booted the Raspberry Pi, loaded the two SPI modules and was able to use flashrom to read off a copy of my existing BIOS:

sudo ./flashrom -p linux_spi:dev=/dev/spidev0.0
 ↪-r factory1.rom

Now, the thing about using these clips to flash hardware is that sometimes the connections aren't perfect, and I've found that in some instances, I had to perform a flash many times before it succeeded. In the above case, I'd recommend that once it succeeds, you perform it a few more times and save a couple different copies of your existing BIOS (at least three), and then use a tool like sha256sum to compare them all. You may find that one or more of your copies don't match the rest. Once you get a few consistent copies that agree, you can be assured that you got a good copy.

After you have a good backup copy of your existing BIOS, you can attempt a flash. It turns out that quite a bit has changed with the Libreboot-flashing process since the last time I wrote about it, so in a future column, I will revisit the topic with the more up-to-date method to flash Libreboot.


Hardware Flashing with Raspberry Pi: https://github.com/bibanon/Coreboot-ThinkPads/wiki/Hardware-Flashing-with-Raspberry-Pi


Minifree Ltd.'s GNU+Linux Computers

Monday, 13 March 2017 - 12:19 PM - (Hardware)

Minifree Ltd.'s GNU+Linux Computers

James Gray Mon, 03/13/2017 - 07:19

Minifree Ltd.—doing business as "Ministry of Freedom"—exists mainly for reasons Linuxers will like: to make it easier for people to get computers that respect their freedom and privacy, and to provide funding for a meaningful project, called Libreboot.

Minifree describes Libreboot as a free (libre) and open-source BIOS/UEFI replacement that offers faster boot speeds, better security and many advanced features compared to most proprietary boot firmware.

Minifree recently announced availability of three computers: the Libreboot C201 laptop, the Libreboot D16 Desktop and Libreboot D16 Server. All come with the Libreboot firmware and Debian GNU+Linux operating system preinstalled and are free of unwanted bloatware, DRM, spyware or restrictions on computer usage rights. The Libreboot C201 laptop is a configurable, lightweight and portable laptop ideal for anyone needing a small, lightweight computer for travel, work or general entertainment purposes. The Libreboot D16 Desktop is a configurable, high-end, business-grade, secure owner-controlled workstation free of backdoors implanted by the NSA and other agencies. Finally, the Libreboot D16 Server is a configurable, high-end, business-grade, secure owner-controlled server, also free of the aforementioned backdoors.

Minifree ships its machines worldwide from the United Kingdom.


My Love Affair with Synology

Thursday, 22 June 2017 - 13:23 PM - (Hardware)

My Love Affair with Synology

Shawn Powers Thu, 06/22/2017 - 08:23

In my "Hodge Podge" article in the October 2016 issue, I mentioned how much I love the Synology NAS I have in my server closet (Figure 1). I got quite a few email messages from people—some wanting more information, some scolding me for not rolling my own NAS, and some asking me what on earth I need with that much storage. Oddly, the Linux-running Synology NAS has become one of my main server machines, and it does far more than just store data. Because so many people wanted more information, I figured I'd share some of the cool things I do with my Synology.

Figure 1. The Synology DS1815+ is what I use, but the entire line of Synology NAS devices shares a common interface.

Why So Much Storage?!

I guess I should address the reason I have 48TB (36 usable) of storage (Figure 2). I store a lot of data (har har har). Seriously though, I have a local copy of close to 100,000 photos, 1000s of hours of home videos and several complete Linux distribution repositories. That takes a lot of storage! The bulk of my needs, however, comes from entertainment media. Ever since my kids first used DVDs to skate across the kitchen floor, I've been backing up my movies digitally to my server. Through the years, that has migrated from DVD ripping to Blu-ray ripping, but years of movies really add up. Even those aren't the bulk of my data, however.

Figure 2. The dashboard shows you information on your NAS at a glance. I'm slowly building my collection after the horrible data loss I suffered a few years ago.

I collect television series. Sometimes those collections are ripped from my TiVo, manually edited and converted to MKV. If I'm being honest, however, most of my television shows are just downloaded from torrent sites. Yes, I know it's not kosher to download torrents of television shows. But I also know that I pay more than $200/month to the cable company for every channel available, and if I wanted to take the time, I could do the TiVo rip/edit/convert dance. I just don't have the time. Because I pay for cable access, it doesn't bother me to download television shows. (We actually do buy all our Blu-ray movies though. I'm not a proponent of pirating things you don't have rights to.) It's okay if you disagree with my choice to download television shows via torrents, I get it. Really, I do. Just ignore those parts of this article!

What Kind of Drives?

Don't skimp on hard drives. That's generally good advice regardless of the situation, but with NAS devices, please spend the extra money to get drives rated for NAS. I have eight 6TB Western Digital Red NAS drives. When I bought them, the WD Red Pro drives weren't available. Still, the standard Red drives are rated for up to eight drive bays, so I'm still within spec.

I haven't always been so picky about drives. In fact, I just used to get the biggest, cheapest drives I could. Since I use RAID6, a drive or two failing isn't a big deal—except that I actually had three drives fail at exactly the same time, and I lost all my data, including family home movies that I didn't have backed up anywhere. It still hurts. So really, don't skimp on drives, it's just not worth it. (Also remember to back up, even large files. RAID isn't a backup, trust me.)

Why Synology?

I've had Drobos, QNAPs and multiple Netgear devices. They all sucked. No, really. The performance on every single device I've had in the past has been horrible (even with good drives), and I've never been able to determine exactly why. Once more than one simultaneous read happens over the network, they all just crap out. With the Synology, I can have four 1080p video streams going at once without any slowdown at all.

The other thing I like about the Synology is its software. Most other NAS devices have apps that you can install on the Linux system, but the Synology apps seem to be more elegant and work reliably (Figure 3). In fact, there are some incredible things I do with the NAS device that I'm sure weren't exactly what it was designed to do (more about that in a bit).

Figure 3. The apps are plentiful, and there are community-supported unofficial apps as well.

Ultimately, the biggest draw for me is how well Synology keeps itself updated and maintains its drives. It automatically does scans and integrity checks, plus it does system updates without disrupting the servers I have connected to it via NFS. Every other NAS I've used stays at whatever software version it comes with, because upgrading the firmware almost always means drive failures and server lockups. I'm sure there are procedures for QNAP and such that make upgrading possible, but the Synology does it automatically—and I like that a lot.

TV and Torrents

I like the SickRage program not only because it automatically searches and downloads new episodes of my television shows, but also because it organizes my existing collection. I have every episode of Star Trek that ever has been produced (including the animated series from the 1970s), and SickRage does an incredible job of naming and organizing those files. As long as I spent ripping the Star Trek the Next Generation DVDs, I don't ever want to have to figure out which episode is which again!

In order to install SickRage, you actually need to install "Sick Beard Custom" and then paste in the SickRage Git URL. The short version of the story is that Sick Beard was the original program, but the developer stopped developing it, so folks forked it, and SickRage is the best fork out there, by far. Even if you're not using Synology, you should be running SickRage. Head here for the repo or here for the home page.

SickRage supports lots of torrent clients, and it supports NZB too. I've found NZB to be less reliable than it used to be, so I've moved back to 100% torrents. I like the Transmission web interface, so that's what I use on Synology. It's another maintained app, so just search for "transmission" in the package installer application. Integrating Transmission and SickRage is beyond the scope of this article, but rest assured, it's not difficult. SickRage is designed to work with Transmission, so setting it up is easy. Warning: if you use SickRage and Transmission to download television shows, you will get DMCA take-down notices from your ISP. Apparently the production companies disagree with my rationale for downloading TV episodes. Thankfully, I have a solution for that.

Networking and Traffic Routing

My Synology device has four Gigabit Ethernet ports. I think that's overkill, but since the software allows me to bond the four ports together (even with a switch that doesn't support 802.3ad), I'm happy to have more bandwidth than I need. I never have an issue with throughput, even when streaming those multiple video files mentioned above.

Since Synology supports VPN connections, the first thing I did was set up my privateinternetaccess.com account so my torrents would be directed through the VPN. I haven't gotten port forwarding to work through the VPN, but even without a redirected port, my torrents download fine. The problem is my VPN connection occasionally goes down. When it does, the torrents go through my gateway, and even when the VPN comes back up, the tracker connects me via the non-VPN connection. And, I get DMCA notices. This is very frustrating. So I decided to remove the gateway device from the Synology altogether! Bear with me.

I have a network address assigned on my local network so LAN computers can connect. That works fine. Without a gateway specified, however, the NAS can't connect to the internet for torrents, SickRage or even system updates. But when the VPN is connected, it sets the gateway address automatically to an address on the other side of the VPN (Figure 4). As long as my VPN is connected, the system has a gateway assigned, and it can access everything through the VPN. If the VPN goes down briefly, rather than defaulting to the local network gateway, it just can't connect to the internet. Once the VPN is re-established, it reassigns a VPN gateway, and boom, the NAS is back online! The only problem is how can I connect to the VPN if I can't get on the internet? The answer: static routes.

Figure 4. Notice the gateway is in the 10.x.x.x range, which is not what I use on my local network. That is assigned by the VPN.

If you look at Figure 5, you'll see that I have a static route set up so that traffic going to the IP address of my VPN goes through my LAN's gateway. Since it's only a static route for that network, the rest of the internet is still inaccessible. I also could do fancy firewall work and allow the NAS to access only the VPN and drop all other packets, but I like the solution to be self-contained. That way, if I change routers or router configs, I don't have to worry about getting DMCA notices.

Figure 5. This is the sneaky static route so I can connect to my VPN, but nothing else.

The Synology also will act as a router, forwarding traffic. That means I can point my Roku to the Synology as its gateway device, and I'm able to watch local blackout games on the MLB.tv app, because all the traffic goes through the VPN. The only change I have to make is on my DHCP server, which gives the Synology's IP address as the Roku's gateway address. It works perfectly and saves me setting up another VPN to get around MLB's regional restrictions. (Honestly, I usually watch baseball games on TiVo, but occasionally the game is on only via streaming, and I like having that option.)


Remember when I said RAID wasn't a backup? Yeah, I meant that. I've lost too much valuable data through the years to depend on RAID to protect my files—even when the drives and NAS device seem to be more solid than any I've had in the past. Thankfully, Synology has a few different backup options (Figure 6). The most practical one for large amounts of data is the Hyper Backup app. It has the ability to copy your entire NAS to a variety of destinations. Whether you choose to buy another Synology NAS and store it in your shed or back up your data to Amazon Glacier, the same Hyper Backup program can handle the regular updates.

Figure 6. Backup solutions are in great supply.

I don't want to pay for Amazon Storage, even though the Amazon Drive Unlimited is decently priced at $60/year. I worry that my 30TB would cause Amazon to invent a reason to suspend my account. Plus, it would take so long to back up my entire data store to the cloud, that it literally might never get done. Right now, I just back up my irreplaceable files (home movies, photos and so on). Someday I hope to get a second Synology NAS and set up that "mirror in the shed". Still, Synology has so many backup options, it's hard to find a reason to delay setting up a backup solution!

Things I Don't Do

The Synology had a decent processor, and the RAM is even upgradeable. Still, it's not a beefy server when it comes to resource-hungry applications. For example, even though the Plex Media Server is available in the package management system, I'd never install it. Plex uses way too much CPU to transcode video streams. I'm thankful the Synology is powerful enough to stream the actual video files over fileshares, but the thought of transcoding 1080p MKV streams in real time? It's a bad idea. I have a standalone server I use for Plex Media Server, and while it can transcode at least four full resolution video streams, it's also a huge i7 CPU with a boatload of RAM. Unless you're doing minimal streaming with low-resolution video, I encourage you to avoid Plex Media Server on any NAS device.

I also can't run the really amazing reverse proxy server on Synology. The setup is easy, and the configuration is very intuitive, but my VPN/no-gateway setup means that the reverse proxy doesn't work outside my network. Even if I forward a port to the NAS from my router, it tries to send responses out the VPN connection and fails. Reverse proxies are easy enough to configure on any other machine in my network, so it's not a huge loss, but it's worth noting that it's something my crazy VPN system breaks.

Not the Only Option

Before you think I was paid by the folks at Synology to brag about their product, I will freely admit that a big tower server with a bunch of hard drives and software RAID makes for an incredible NAS. It means you can beef up the hardware too and do things like run Plex Media Server. I simply like the efficiency of the Synology devices. They're fast, cool running and just sip electricity. I'm sure there are other brands of NASes that do a decent job too, and Synology isn't perfect. In all honesty, however, it's the best product I've been able to find, and I have literal piles of junk NAS devices that just couldn't do the job. If you're looking for a NAS device, in my opinion, you can't go wrong with Synology.


PSSC Labs' Eco Blade 1U

Monday, 31 July 2017 - 13:26 PM - (Hardware)

PSSC Labs' Eco Blade 1U

James Gray Mon, 07/31/2017 - 08:26

Arguably "the greenest blade server on the market", PSSC Labs' new Eco Blade 1U rack server offers power and performance with energy savings of up to 46% over competing servers, says the company. Engineered specifically for high-performance, high-density computing environments, the Eco Blade is a unique server platform that simultaneously increases compute density while decreasing power use.

The solution offers two complete and independent servers contained in 1U of rack space. Each independent server supports up to 64 Intel Xeon processor cores and 1.0TB of enterprise memory for a total of up to 128 Cores and 2TB of memory per 1U. A unique design feature—the lack of a shared power supply or backplane—provides for the bulk of Eco Blade's power savings and thus lower long-term TCO.

PSSC Labs calls on the IT industry to contribute its share to reducing its environmental footprint. The Eco Blade enables organizations to obtain the performance needed to fuel cutting-edge research and groundbreaking enterprises while significantly reducing the power used and, thanks to the 55% recyclable material content, waste generated via the data center.

The Eco Blade 1U server is certified compatible with Red Hat CentOS, Ubuntu and Microsoft operating systems.


iStorage diskAshur Storage Drives

Friday, 06 October 2017 - 16:50 PM - (Hardware)

iStorage diskAshur Storage Drives

James Gray Fri, 10/06/2017 - 11:50

With software-free setup and operation, the new iStorage diskAshur group of ultra-secure storage drives works across all operating systems, including Linux, macOS, Android, Chrome, thin and zero clients, MS Windows and embedded systems.

Available in HDD and SDD versions, these high-speed USB 3.1, PIN-authenticated, hardware-encrypted portable data storage drives feature iStorage's unique EDGE technology. iStorage calls the EDGE technology—short for Enhanced Dual Generating Encryption—super-spy-like, due to the advanced security features that make diskAshur the "most secure data storage drives available on the market". For one thing, without the PIN, there's no way in!

diskAshur's dedicated, hardware-based secure microprocessor (Common Criteria EAL4+-ready) employs built-in physical protection mechanisms designed to defend against external tamper, bypass laser attacks and fault injections. The drives feature technology that encrypts both the data and the encryption key, ensuring that private information is secure and protected. Other security features include a brute-force hack defense mechanism, self-destruct feature, unattended auto-lock and a wear-resistant epoxy-coated keypad.

The diskAshur drives are elegantly designed and available in four striking colors and in capacity options from 128GB to 5TB.


Banana Backups

Tuesday, 21 November 2017 - 15:58 PM - (Hardware)

In the September 2016 issue, I wrote an article called "Papa's Got a Brand New NAS" where I described how I replaced my rackmounted gear with a small, low-powered ARM device—the Odroid XU4. more>>


Raspberry Pi Alternatives

Monday, 22 January 2018 - 13:14 PM - (Hardware)

A look at some of the many interesting Raspberry Pi competitors. more>>


FOSS Project Spotlight: LinuxBoot

Thursday, 15 February 2018 - 15:12 PM - (Hardware)

Linux as firmware. more>>


Best Laptop

Monday, 12 March 2018 - 15:02 PM - (Hardware)

What's the favorite LJ reader laptop?

The top three winners are: more>>


Linux Mint Announces New MintBox Mini 2, Mozilla Plans to Add Ad Blocking to Firefox, Slax New Version and More

Monday, 26 March 2018 - 12:17 PM - (Hardware)

News briefs for March 26, 2018. more>>


Product Review: GitStorage

Wednesday, 28 March 2018 - 14:46 PM - (Hardware)

Petros reviews the GitStorage server appliance, which emphasizes data privacy and security.

By profession, I'm a software developer. Aside from a preferred editor, what matters most to a developer is the use of a Source Code Manager (SCM). So, when a new product comes along featuring my favorite SCM, Git, I had no choice but to spend some time using it. more>>


Subutai Blockchain Router v2.0, NixOS New Release, Slimbook Curve and More

Thursday, 05 April 2018 - 13:59 PM - (Hardware)

News briefs for April 5, 2018. more>>