Purism Librem Mini¶
This page describes how to run coreboot on the Purism Librem Mini.
|CPU||Intel Core i7-8565U|
|PCH||Whiskey Lake / Cannon Point LP|
|Super I/O, EC||ITE IT8528E|
|Coprocessor||Intel Management Engine (CSME 12.x)|
Required proprietary blobs¶
To build a minimal working coreboot image some blobs are required (assuming only the BIOS region is being modified).
|Binary file||Apply||Required / Optional|
|FSP-M, FSP-S||Intel Firmware Support Package||Required|
|vgabios||VGA Option ROM||Optional|
FSP-M and FSP-S are obtained after splitting the Coffee Lake FSP binary (done
automatically by the coreboot build system and included into the image) from
Microcode updates are automatically included into the coreboot image by the build
system from the
3rdparty/intel-microcode submodule. Official Purism release
images may include newer microcode, which is instead pulled from Purism’s
VGA Option ROM is not required to boot, but if one needs graphics in pre-OS stage, it should be included (if not using FSP/GOP display init). It can be extracted via cbfstool from the existing board firmware or pulled from the purism-blobs repository.
Intel Management Engine¶
The Librem Mini uses version 12.x of the Intel Management Engine (ME) /
Converged Security Engine (CSE). The ME/CSE is disabled using the High
Assurance Platform (HAP) bit, which puts the ME into a disabled state
after platform bring-up (BUP) and disables all PCI/HECI interfaces.
This can be verified via the coreboot cbmem utility:
sudo ./cbmem -1 | grep 'ME:'
provided coreboot has been modified to output the ME status even when
the PCI device is not visible/active (as it is in Purism’s release builds).
The main SPI flash can be accessed using flashrom. The first version supporting the chipset is flashrom v1.2. Firmware an be easily flashed with internal programmer (either BIOS region or full image).
The system has an internal flash chip which is a 8 MiB soldered SOIC-8 chip, and has a diode attached to the VCC line for in-system programming. This chip is located on the bottom side of the board under the CPU heatsink, in line with the front USB 2.0 ports.
One has to remove all screws (in order):
- 2 top cover screws
- 4 screws securing the mainboard to the chassis
- 4 screws securing the heatsink/fan assembly to the mainboard (under the SODIMMs)
The m.2 SSD will need to be removed if the Wi-Fi antenna are connected to an internal Wi-Fi/BT module. Use a SOIC-8 chip clip to program the chip. Specifically, it’s a Winbond W25Q128JV (3.3V) - datasheet.
The EC firmware is stored on a separate SOIC-8 chip (a Winbond W25Q80DV), but is not protected by a diode and therefore cannot be read/written to without desoldering it from the mainboard.
- SeaBIOS can be finicky with detecting USB devices
- Booting can sometimes hang when a bootsplash image is used with SeaBIOS and VGA option ROM display init, related to display mode changing
- Issues with some SATA devices have been mitigated by limiting the SATA speed to 3Gbps until the correct HSIO PHY settings can be determined.
- External displays via HDMI/DislpayPort with VGA option ROM or FSP/GOP init (no libgfxinit support yet)
- SeaBIOS (1.13.x), Tianocore (CorebootPayloadpkg), Heads (Purism downstream) payloads
- Ethernet, m.2 2230 Wi-Fi
- System firmware updates via flashrom
- PCIe NVMe
- m.2 and SATA III
- Audio via front 3.5mm jack, HDMI, and DisplayPort
- SMBus (reading SPD from DIMMs)
- Initialization with CFL FSP 2.0
- S3 Suspend/Resume
- Booting PureOS 9.x, Debian 10.x, Qubes 4.0.3, Linux Mint 19.3, Windows 10 2004
Not working / untested¶
- ITE IT8528E Super IO functions