Unofficial (Simplified) Libreboot Documentation
  • Home
  • Building from source/
  • External SPI flashing/
  • Freedom in Libreboot/
  • Maintainance manual/
  • Operating systems/
  • Payloads/
  • Releases/
  • Targets/
    • ARM Chromebooks/
    • Emulation/
    • Other/
    • X86/
      • AMD pitfalls
      • Boards/
        • Acer G43T-AM3
        • ASUS KCMA-D8 Desktop/Workstation
        • ASUS KFSN4-DRE Server/Workstation
        • ASUS KGPE-D16 Server/Workstation
        • Dell Latitude flashing
        • Dell Latitude thermal throttling
        • Dell OptiPlex 3050 Micro
        • Dell OptiPlex 7010/9010 MT
        • Dell OptiPlex 7010/9010 SFF
        • Dell OptiPlex 7020/9020 SFF/MT, and XE2 MT/SFF
        • Dell OptiPlex 780 MT/USFF
        • Dell Precision T1650
        • Gigabyte GA-G41M-ES2L Desktop
        • HP Compaq Elite 8300 USDT
        • HP Elite 8200 SFF/MT and 6200 Pro Business
        • HP EliteBook 2170p
        • HP EliteBook 2560p
        • HP EliteBook 2570p
        • HP EliteBook 820 G2
        • HP EliteBook 8460p
        • HP EliteBook 8470p
        • HP EliteBook 8560w
        • HP EliteBook Folio 9470m
        • Intel D510MO/D410PT
        • Intel D945GCLF Desktop
        • MacBook 1,1 and 2,1
        • ThinkPad R400
        • ThinkPad T400 external flashing
        • ThinkPad T420 external flashing
        • ThinkPad T440p external flashing
        • ThinkPad T480/T480s
        • ThinkPad T500 external flashing
        • ThinkPad T60 recovery guide
        • ThinkPad W541/W540 external flashing
        • ThinkPad X200 first-time flashing
        • ThinkPad X220/X220T
        • ThinkPad X230/X230T external flashing
        • ThinkPad X60 recovery
        • ThinkPad X60 Tablet recovery
        • ThinkPad X60/X60T/T60 internal flashing
      • Changing the MAC address
      • Disabling /dev/mem protections
      • Disabling Intel Boot Guard on MEv11
      • EC firmware updates
      • Generic internal flashing
      • Insert vendor files
      • Intel pitfalls
      • Ivybridge internal flashing
      • Microcode
      • nvmutil import
      • nvmutil manual
  • UNCATEGORIZED/
Site license: GFDL v1.3 with disclaimer

HP EliteBook 820 G2

HP EliteBook 820 G2 HP EliteBook 820 G2
HP EliteBook 820 G2 HP EliteBook 820 G2
Specifications
Manufacturer HP
Name EliteBook 820 G2
Variants EliteBook 820 G2
Released 2014
Chipset 5th gen (Broadwell, SoC)
CPU Intel i5-5200U, i5-5300U, i7-5500U, i7-5600U
Graphics Intel HD 5500 graphics (libre initialisation)
Display 14" 1366x768 or 1920x1080 TFT
Memory Two slots, max 16GB/slot (32GB), DDR3/SODIMM
Architecture x86_64
EC SMSC MEC1324 in main boot flash
Original boot firmware HP UEFI firmware
Intel ME/AMD PSP Present. Can be disabled with me_cleaner.
Flash chip SOIC-8 16MiB 128Mbit, 12MiB usable by coreboot 
W+: Works without vendor firmware;
N: Doesn't work;
W*: Works with vendor firmware;
U: Untested;
P+: Partially works;
P*: Partially works with vendor firmware
Features
Internal flashing with original boot firmware N
Display (if Intel GPU) W+
Audio W+
RAM Init W+
External output W+
Display brightness W+
Payloads supported
GRUB Works
SeaBIOS Works
SeaBIOS with GRUB Works

Brief board info:

Full hardware specifications

Introduction

Please build this from source with lbmk:

./mk -b coreboot hp820g2_12mb

More information is available in the build guide, including how to install build dependencies.

Pre-compiled images now possible!

From Libreboot 20241206 revision 8 onwards, pre-compiled ROM images are now available. Previous releases excluded images for this board, because vendor file insertion was not reproducible, so you would get checksum errors.

The refcode is inserted uncompressed, whereas upstream uses LZMA compression. We can’t predict how the implementation will change in the future, and any behavioural changes would probably affect the checksum on insertion. Older releases also didn’t handle rmodtool on refcode insertion, which is used to make the file relocatable in CBFS. See coreboot rmodules documentation.

As of Libreboot 20241206 rev8, you can now use pre-compiled release images and insert vendor files.

The lack of refcode compression costs about 110KB, because the refcode file is about 180KB uncompressed, but would be about 70KB compressed in flash. We insert it uncompressed, so it’s 180KB in flash. This is a small sacrifice, considering that you still have about 10MB of unused flash space left, at least as of the 20241206 rev8 release.

HP Sure Start

Corresponding coreboot docs

There is a 16MB flash and a 2MB flash.

The page makes it seem more complicated than necessary, from a user’s point of view. What you really need to do is just erase the 2MB flash IC, and flash only the first 12MB of the 16MB flash IC. A photo is shown below. Consult the SPI flashing guide and act as if you were flashing, but leave out -w libreboot.rom (don’t write an image), and instead use the --erase option, with your clip connected to the private flash (2MB flash IC).

You might want to dump the private flash first, just in case (use -r priv.rom or whatever filename you want to dump to, and take two dumps, ensuring that the hashes match); one dump for the first erase, and another for the next erase. If they match, then the erase was likely a success. The private (2MB) flash is inaccessible from your OS. The system stores hashes of the IFD, GbE and a copy of IFD/GbE in private flash, restoring them if they were modified, but erasing the private flash disables this security mechanism.

Coreboot has its own page about this machine:

https://doc.coreboot.org/motherboard/hp/elitebook_820_g2.html

Make sure to read and understand all of this first, before attempting the Libreboot installation, because it’s also important when updating Libreboot later on.

Installation of Libreboot

Make sure to set the MAC address in the flash: Modify MAC addresses with nvmutil.

Refer to the Libreboot flashing guides

Here are the flash ICs:

When you flash the 12MB image, please do the following with it:

dd if=/dev/zero of=4mb.bin bs=4M count=1
cat libreboot.rom 4mb.bin > libreboot16.rom

Be careful: do not fully flash libreboot16.rom

Flash it like this, instead:

flashprog -p PROGRAMMER --ifd -i gbe -w libreboot16.rom --noverify-all
flashprog -p PROGRAMMER --ifd -i bios -w libreboot16.rom --noverify-all
flashprog -p PROGRAMMER --ifd -i me -w libreboot16.rom --noverify-all
flashprog -p PROGRAMMER --ifd -i fd -w libreboot16.rom --noverify-all

Replace PROGRAMMER according to whichever flasher you’re using. You could also replace it with internal, if later flashing internally to update an existing Libreboot installation.

If you’re flashing internally, add --noverify-all to the flashprog command.

To erase the 2MB flash, do this:

flashprog -p PROGRAMMER --erase

Refer generally to the main flashing guide and to the external flashing guide so that you can learn how to actually flash it.

TPM 2.0 supported

The below must not be done with the vendor boot firmware; doing so would cause the board to be unbootable. See this upstream issue.

The onboard TPM is an SLB 9660, which supports TPM 1.2 but it is known to be compatible with TPM 2.0 via firmware upgrade, but incompatible with stock rom.

Only by externally backing up the stock flash and private flash, flashing libreboot, booting to OS, downgrading it, then reflashing stock firmware from backup, would make it work again. Untested, may work with HP TPM Configuration Utility on Windows.

One way to do it is using iavael’s TPMFactoryUpd or crass’s SLB 966x firmware.

To use TMPFactoryUpd, make it, and check the machine’s tpm version with TPMFactoryUpd -info. Before upgrading, make sure the ownership is unclaimed and tpm enabled. to update, you should use config file in the firmware folder inside the downloaded and extracted 9665FW update package_1.5.zip, then start the upgrade process with TPMFactoryUpd -update config-file -config TPM12_latest.cfg.

Not yet used meaningfully by Libreboot itself, but the TPM can be used to implement things like measured boot.

References

See the coreboot page on broadwell blobs.

Libreboot’s build system automatically pulls down the MRC/refcode files, and modifies the refcode to enable the onboard Intel Gigabit Ethernet (GbE). You don’t need to mess with this at all, when you build Libreboot yourself.

Yay. If you see this boot screen, you should be proud. This is a really hard machine to flash.