The usual advice for making a backup of the original BIOS contents before installing coreboot, me_cleaner, etc. is fine, but what if:

• The BIOS SPI flash chips went bad and all you have are blank replacement chips?
• You purchased your X230 already Librebooted, but now you need to flash an EC patch and the seller didn't provide you the original BIOS backup?
• You simply went in head-first and never made a backup before applying coreboot via 1vyrain, or me_cleaner?

If you installed coreboot/Skulls via 1vyrain, see section B. If you modified the bottom chip, see section C. If any of the linked files are missing, please comment or leave me a message!

A. ThinkPad Xx30 BIOS layout

Most Ivy Bridge ThinkPad models, including the X230, have two flash chips for the BIOS firmware: a "bottom" 8MB chip and a "top" 4MB chip. Once booted, the laptop sees these two as a single 12MB device, in which the 8MB chip comes first, followed by the 4MB chip, hence top and bottom.

The contents are cleanly divided across the two chips, with the bottom chip holding

• IFD (Intel Flash Descriptor): A table of contents for the chips
• GbE Region: Firmware for the Ethernet port and its built-in MAC address
• ME Region: The infamous Intel Management Engine

And the top chip containing

• BIOS Region: The part of the BIOS that you see, know, and love

The top chip can be updated independently of the bottom chip and without a hardware SPI flash programmer. As far as I'm aware, this is the only part that Lenovo BIOS updates and 1vyrain will touch.

B. The top chip

1vyrain only ever writes to the top chip, whose contents can be swapped between boards without issue.

B-I. Coreboot/Skulls via 1vyrain

1. At the GRUB menu, press e on your Linux boot option. At the end of the line starting with linux, add the kernel parameter iomem=relaxed. The end of that line might look something like quiet splash iomem=relaxed
2. Install flashrom
3. Download the stock contents of the top chip: https://github.com/xy-tech/x330-bios/tree/main/stock/original . v2.60.bin keeps the loopholes for 1vyrain and EC patching open.
4. Flash the image: sudo flashrom -p internal -i bios --ifd -w v2.60.bin --noverify-all
5. Once finished, reboot. With any luck, the stock BIOS should show up without issue.

B-II. Recovering from bad coreboot GRUB configuration

1. At the GRUB shell, run set prefix=(memdisk)/boot/grub then ls
2. List contents of partitions, i.e. ls (ahci2,gpt1)/ until you find the boot partition
3. Navigate through the boot partition until you find grub.cfg
4. Load the config file to bring up your usual GRUB menu, i.e. configfile (ahci2,gpt1)/grub/grub.cfg
5. If desired, flash a new coreboot image without having to use 1vyrain again. Boot with the iomem=relaxed kernel parameter and run sudo flashrom -p internal -i bios --ifd -w coreboot.rom --noverify-all

B-III. Undo 1vyrain or downgrade BIOS without Windows

• See https://github.com/gch1p/thinkpad-bios-software-flashing-guide?tab=readme-ov-file#downgrading-bios

B-IV. coreboot via 1vyrain without networking

1. Build coreboot for a full 12MB image
2. Extract top 4MB of image: dd if=coreboot.rom of=top.rom bs=1M skip=8
3. Copy top.rom to USB drive
4. Boot into 1vyrain Live USB and drop to shell (menu option or Ctrl+C)
5. Mount USB, i.e. mount /dev/sdb1 /mnt
6. Overwrite /root/bios/X230.rom with top.rom, i.e. cp /mnt/top.rom /root/bios/X230.rom
7. Exit shell (Ctrl+D) and proceed as if applying normal 1vyrain

C. The bottom chip

Only after flashing both chips for Libreboot did I realize I forgot to both make a backup and patch the EC for the classic keyboard. Flashing the backup of the stock BIOS from another board didn't work and now without a way to flash the EC, I thought the board was now a lost cause.

But thanks to a video from the Greatest Dell Technician That's Ever Lived, I learned that manufacturers will flash a generic BIOS image, but upon first boot, the Intel ME firmware will make a handshake with the chipset and write configurations to the ME Region that ties the contents of the bottom chip to the specific board it was on. If transplanted, the ME firmware will see the mismatched configuration and fail to initialize. The stock firmware, expecting a fully functional ME, then hangs.

Not all is lost. We just need to replace the ME Region of an existing BIOS dump with a fresh ME Region. Until someone writes an alternative to Intel FIT, this will involve Wine or Windows.

1. Download bottom_stock.bin and v2.60.bin from https://github.com/xy-tech/x330-bios/tree/main/stock/original
2. Combine the two files into a complete BIOS image: cat bottom_stock.bin v2.60.bin > full260.bin
3. Download the Intel ME System Tools v8 from https://github.com/CE1CECL/IntelCSTools
4. Download the ME 8 Repository r20.rar from https://mega.nz/folder/PJFXnCDK#lWSX5W0ODubZ2pf3gu3unw (link copied from documentation at https://winraid.level1techs.com/t/intel-cs-me-cs-txe-cs-sps-gsc-pmc-pchc-phy-orom-firmware-repositories/30869)
5. bottom_stock.bin contains ME firmware 8.1.40.1416, so extract the corresponding clean firmware 8.1.40.1416_5MB_PRD_RGN.bin from the ME 8 Repository. ThinkPad is a business laptop using the 5MB corporate edition of Intel ME, not the 1.5MB consumer edition.
6. Extract the folder Intel ME System Tools v8 r3/Flash Image Tool/v8.1.40.1456 and run fitc.exe, preferably from wine explorer so it doesn't spew its working files all over your home direcory.
7. Drag full260.bin into the Intel FIT window. A subfolder full260 should show up. Under Decomp, replace ME Region.bin with 8.1.40.1416_5MB_PRD_RGN.bin and rename it back to ME Region.bin
8. Return to Intel FIT and build the image. In the new subfolder Build, the resulting clean image will have been neatly divided up for you, with outimage(1).bin ready to flash to the bottom chip and outimage(2).bin ready for the top chip.
9. Disconnect all power from the board being serviced and flash the images as usual
10. If all goes well, it boots into the stock ThinkPad BIOS without issue

Caveats:

• Since the GbE Region is in the bottom chip, your Ethernet MAC address will be the one from bottom_stock.bin. This shouldn't be an issue unless you recover multiple boards with this method and hook them up via Ethernet to the same network at the same time.
• While it is not likely someone would compromise such niche programs, we are downloading several binary blobs of unknown provenance in this procedure.

If you want to use your own backup of the bottom chip for any reason, you should determine the exact version of the Intel ME on it and patch with the corresponding clean image. Get a copy of MEAnalyzer from https://github.com/platomav/MEAnalyzer

Some python dependencies of MEAnalyzer were not available in the Debian repos, so I used a virtual environment

# In the MEAnalyzer folder

mkdir .venv
python3 -m venv .venv
source .venv/bin/activate
pip install colorama crccheck pltable
python3 MEA.py bottom_stock.bin

Continue with the Flash Image Tool as before, but pay special attention to Intel ME System Tools v8 r3/Flash Image Tool/WARNING.pdf