catastrophe averted

I managed to use 1vyrain on an x230 to install coreboot. Plot twist: I installed the SeaBIOS version becaues it was all i could find in a prebuilt form, but hours before that I had installed my OS in UEFI mode with full disk encryption.

a side adventure

It was actually two lengthy adventures. Geting 1vyrain to run required downgrading the BIOS. For that I had to find an old version on the Lenovo site. I think it was 2.56. Then I screwed up the process as I forget to put it explicitly into BIOS mode before trying to run the dos based flasher. This caused a series of headaches where it looked like nothing was working because it had a UEFI stub on the disk that would run and refuse to flash the older BIOS when it clearly already had a newer (non-vulnerable to 1vyrain) BIOS. Once I eventually did get the BIOS to downgrade, I didn’t downgrade it far enough, so my first boot of 1vyrain said the system was vulnerable but was unsupported. I had gone back to 1.60 because that’s the version the T430 needed and I mixed them up. So, once the BIOS was flashed, I switched back to UEFI-only mode to boot 1vyrain.

the trouble begins

When it exploited the system and presented a menu, I picked to fetch an image from another host where I had fetched a tails image. I didn’t want to screw up a coreboot image by building it myself and add yet another variable to the puzzle. Once that flashed and I rebooted, I could no longer boot the installed OS because the bootloader was EFI.

So I grabbed a Guix live disk and booted it up. From there I could cryptsetup luksOpen the partition, then mount it to /mnt and then mount the other partition (/dev/sda1) as the boot partition.

Next I edited the config.scm file so that it was using grub-bootloader instead of grub-efi-bootloader. I also changed the /boot/efi mount point to just /boot. Oh, I also could’nt remember the name of the encrypted volume, so i had to change the name of that to use what i used when ran the luksOpen command.

I’m not sure if it was necessary, but I started the cow-store (on the mounted root volume, /mnt.) And then called the guix system install on the mount point.

the relieving conclusion

It all worked. No data lost, all my stuff is still, full disk encryption included.

This has been pretty serendipitous. Now i know how to do all these things. But also, because I went with SeaBIOS, i’ll be able to flash one that uses more free components instead of binary blobs. If i had paid closer attention when i fetched the tails stuff, i would have flashed the more open one during the 1vyrain step. I’m hoping the firmware will still be writable when the system finally boots up so I can just upgrade it in place and reboot. I’m going to experiment on the t430 first, as I’m hoping the x230 will become my main development systems and i’d rather prove the concept elsewhere first.

Tags: index, guix

Tags

#index

#guix

index

tags

prev ⏰

created: 2026-05-19

(re)generated: 2026-05-22

page source

Proxied content from gemini://thatit.be/2026-05-19-21-58-13.gmi (external content)

Gemini request details:

Original URL
gemini://thatit.be/2026-05-19-21-58-13.gmi
Status code
Success
Meta
text/gemini
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.