7.2 KiB
Please use at least Libreboot 20241206 revision 3 or higher. This is because older revisions contained a bug, where the NVMe SSD would be replugged under Linux, randomly, leading to data loss.
This is fixed in 20241206 rev3 or higher, by disabling PCI-E hotplug on the NVMe SSD slot.
See: Libreboot 20241206 release
Build ROM image from source
The build target, when building from source, is thus:
./mk -b coreboot dell3050micro_fsp_16mb
Mate Kukri's deguard utility disables the Intel Boot Guard on this
machine. Libreboot uses this by default, along with me_cleaner to provide
a neutered ME setup; unlike on other platforms, arbitrary code execution is also
possible inside the ME on this mainboard, giving it much higher potential for
software freedom in the future.
Issues
This machine basically works flawlessly, as of the Libreboot 20241206 release. All the initial bugs were fixed, e.g. PWM fan control works now. A very nice machine, and inexpensive, plus very easy to set up for the average user. The ideal Libreboot desktop.
Note that HDMI audio does work, but you have to select it in your audio
server e.g. pipewire. The pavucontrol utility in Linux (with pipewire) lets
you have a lot of control over audio I/O. Libreboot patches the board to add
a verb, so headphones should work.
Selection of audio devices and outputs is a bit idiosyncratic on this board. Just play with pavucontrol for your setup and it should work fine.
Installation
Insert binary files
If you're using a release ROM, please ensure that you've inserted extra firmware required refer to the guide for that. (failure to adhere to this advice will result in a bricked machine)
Libreboot's build system automatically downloads and processes these files if you build Libreboot from source, but the same logic that it uses must be re-run if you're using a release image.
Of particular interest, this board uses the deguard software, to disable Intel Boot Guard. This means also that the ME firmware no longer has functional cryptographic signature checking for most of it; you can theoretically run whatever you want on the ME coprocessor.
Libre ME doesn't exist yet, but it's now possible. Example use-case for a libre ME could include, for example, running an out-of-bound packet filter on a secure network (with flash write protection, making it invincible to any OS-based software attacks).
MAC address
This has a realtek NIC inside, instead of Intel, so the MAC address will not change. This means: there is no GbE region in the flash.
You can still use something like GNU MAC Changer to change your MAC address from Linux if you want to.
This is great, because that's one less complexity to deal with during installation.
Flash a ROM image (software)
If you're already running Libreboot, and you don't have flash protection turned on, internal flashing is possible.
If you have factory firmware (Dell), you can short the service jumper. It's
near the RAM, under where the HDD goes (click the photos shown above).
Just put a short on it when booting,
and all flash protection is disabled; the factory firmware write might EFI
variables to flash during shutdown sequence, so you should pull the plug to
shut it down (remove the power by pulling the plug) after flashprog
says VERIFIED.
Flash a ROM image (hardware)
For general information, please refer to 25xx NOR flash instructions - that page refers to use of socketed flash.
The side cover comes off easily, and you can find the flash ICs next to the RAM. Simply remove the screw at the back. The top panel then slides forward, and you can remove the SSD caddy; from then on, the flash is accossible.
Observe the following photo of the flash (SOIC-8):
You can otherwise flash internally, including from factory firmware(if the service jumper is set).