The VP2410 is the first model of the new Protectli Vault Pro (VP) series. The Vault Pro series is characterized by implementation of newer technologies such as an Intel Quad Core J4125 CPU, DDR4 memory in a 4 port model, Intel I210/211 Ethernet NICs, M.2 SATA Storage, Display Port, USB C with Display Port, Micro USB console port, and support for M.2 PCIe WiFI modules. coreboot for the VP2410 has been implemented via UEFI rather than legacy BIOS method. The original coreboot menu only allowed selecting the Boot Device/Method or, in some cases, running a MemTest. The coreboot UEFI BIOS menu is more extensive and has different behavior than coreboot on other Protectli Vaults. The purpose of this article is to document the coreboot UEFI menu and describe the expected behavior.
Boot Order and Options
- The current implementation of coreboot UEFI for the VP2410 behaves differently than previous Vaults.
- A predefined boot order of possible devices is not supported in this version of coreboot.
- coreboot will only list the bootable devices found at boot.
- A bootable drive, such as a new M.2 SATA, is not listed in the boot list until there is a bootable partition on the drive.
- There is an eMMC on the VP2410, but unless there is a bootable partition, it will not be displayed on the list.
- When an Operating System is installed with an EFI drive, the BIOS creates a “label” to point to the boot file system. It boots from “filename.efi” where “filename” is typically “shim” or “grub”.
- If an Operating System pre-installed with an EFI drive, but a label has not been created, one must boot from the drive, then the BIOS creates a “label” to point to the boot file system.
- If there is a bootable USB drive inserted at the time of boot, it would also be displayed in the boot list.
- If a USB is removed it will be removed from the list.
- If the USB is reinserted on a subsequent boot, it will be added to the end of the list.
- The boot order of the discovered bootable devices can be manually set by the user. It will not change unless the bootable devices change.
- Other options are iPXE Network Boot and UEFI Shell. These are options built into the coreboot BIOS and not dependent on a physical storage device.
coreboot BIOS Menu
In order to “get into” the BIOS, boot the system
- When the splash screen is displayed, press the DEL key
- Verify the Main Menu is displayed
- Select “One Time Boot”
- Verify the “One Time Boot” menu is displayed
In this example, there are several boot options. The options that are displayed demonstrate how the BIOS handles different boot options.
The “CentOS Linux” and “ubuntu” options are shown because previously, CentOS Linux was installed on the internal M.2 SATA drive and Ubuntu was installed on a 2.5” SATA drive that was connected to the internal connectors. These are the labels mentioned above that were automatically created during installation. The 2.5” SATA drive has been removed before booting so, the “ubuntu” label remains, but there is no entry for the physical drive. The “Protectli 480GB M.2” entry is for the physical drive that has CentOS Linux installed on it. Similarly, the USB drive that was used to install Ubuntu and CentOS Linux was removed, so it is not displayed in the list. There is eMMC on the unit, but since there is no OS installed with a bootable partition, it is not displayed in the list.
In order to boot from this menu, just select the desired option and hit ENTER.
Boot Maintenance Manager
Another option to select from the Main Menu is the “Boot Maintenance Manager”.
- Select “Boot Maintenance Manager”
- Verify the “Boot Maintenance Manager” menu is displayed
Note that the “Boot Maintenance Manager” and all the subsequent pages have keystroke instructions at the bottom of the page. Follow the on screen instructions to select the desired configuration.
- The “Driver and Console Options” are typically not used.
- The “Auto Boot Timeout” sets the amount of time that the splash screen is displayed during the boot process.
- The “Boot From File” option allows booting directly from a file, which are the source files for the labels mentioned above.
- Select the “Boot From File” option
- Verify the “Boot From File” menu is displayed
This allows one to select a file and then navigate through the filesystem to find the bootable file. This typically requires knowledge of the OS filesystem to identify the correct file.
The “Boot Next Value” sets the boot source for the next time the system boots, one time only, and overrides the default setting.
- Select “Boot Next Value”
- Verify the “Boot Next Value” menu is displayed
- Set “Boot Next Value” as desired
The ”Boot Options” menu allows the user to Add, Delete, and Change Boot Options
- Select “Boot Options”
- Verify the “Boot Options” menu is displayed
The “Add Boot Option” can add a boot option to the list.
The “Delete Boot Option” allows the user to manually remove boot options from the list.
- Select “Delete Boot Option”
- Verify the “Delete Boot Option” menu is displayed
Follow the on screen instructions to Delete a Boot Option
The “Change Boot Order” page allows the user to edit the boot order.
- Select “Change Boot Option”
- Verify the “Change Boot Option” menu is displayed
- Verify the sub menu is displayed and one of the options is highlighted
- Follow the on screen instructions to Change the Boot Order
- Verify different options can be moved up and down the list with the “+” and “-” keys
Flashing coreboot on the VP2410
Note: coreboot can be flashed on to the VP2410 at the time of order, or it can be flashed in the field. Flashing new firmware onto any hardware is potentially dangerous in that if the procedure is interrupted or otherwise not able to complete, your hardware may be rendered useless. Protectli strongly recommends selecting coreboot at the time of order. However, if coreboot is flashed in the field, proceed with caution only after fully understanding each step of the following instructions. If there are any questions, please contact Protectli support BEFORE proceeding.
Protectli can not be held responsible for devices that are rendered unusable as a result of flashing the BIOS. If your devices becomes unusable as a result of a BIOS flashing operation, we will help recover the device, but the customer will be responsible for all shipping costs.
Flashing coreboot with “Flashli”
The recommended procedure to flash coreboot to the VP2410, or any of the Vaults is to use the “Flashli” tool from Protectli found at:
Follow the instructions in the Knowledge Base article above to flash coreboot on the VP2410. Flashli can also be used to flash VP2410 back to AMI BIOS as well.
Manually flash coreboot on the VP2410
In addition to the Flashli tool, for those who prefer a more hands on approach, coreboot can be manually flashed on the VP2410.
There is a minor hardware change to the power circuitry of the VP2410 from the original lot such that it requires a new version of coreboot and flashing the new version to the original lot “bricks” the unit. The original lot can be identified by a S/N or MAC address of the first Ethernet port with the last 4 digits 0400 or less. Therefore we have not posted the newer version of coreboot for manual flashing due to this issue. However, you can use the “Flashli” tool as noted in the article above to flash coreboot to the VP2410. The Flashli tool will correctly identify the version of hardware and flash the correct version of coreboot. We have kept the instructions below for manual flashing. If you insist on manually flashing coreboot, please contact firstname.lastname@example.org for the correct coreboot file.
coreboot is flashed using a program called ‘flashrom’ which is available for many linux distributions. Protectli has validated flashrom on Ubuntu 20.04. See this link for guidance on installing Ubuntu on the Vault. For the VP2410, be sure to select “UEFI” if prompted during the install. Also note that the default drive is likely to be “mmcblk” which is the onboard eMMC storage. Be sure to select a different drive such as the M.2 SATA if desired. The version of flashrom in Ubuntu 20.04 is not recent enough to support the VP2410. Therefore, flashrom source code must be pulled from GitHub and compiled on the VP2410. See the instructions below.
- Verify an Ethernet connection on the WAN port
- Install Ubuntu desktop version 20.04 or newer on the Vault to the desired drive per the link above
- A new install of Ubuntu 20.04 or newer is recommended for a clean, controlled environment to ensure a successful BIOS flash
- Protectli recommends the “Minimal” installation
- When installing Ubuntu, select the desired drive, M.2 SATA is typically “sda0”
- Installing Ubuntu on the drive will overwrite anything currently installed.
- Follow the on screen installation instructions
- Verify that Ubuntu desktop version is installed and reboot the system
- Verify that Ubuntu boots up to the desktop version
Install flashrom from GitHub
As noted above, the version of flashrom to support the VP2410 is not currently part of Ubuntu 20.04 distribution so it must be downloaded from GitHub and built.
In the instructions below, “#” indicates a command line instruction in an Ubuntu Terminal window. “filename” refers to the actual name of the file.
- Verify that Ubuntu boots up to the desktop version and the Firefox browser is installed, or install the browser of your choice
- Browse to https://github.com/flashrom/flashrom/commit/fbc38c71589910876466fd385a1f64f1c0c40eb7
- Select “Browse Files” button
- Select “Code” Button
- Verify dropdown menu
- Select “Download Zip” file
- From the Ubuntu desktop, launch a terminal window by selecting Applications in the lower left corner of the screen and select “Terminal”, or type “terminal” or Select “CTRL-ALT-T”
- Verify zip file downloaded to unit
- Move zip file to desired directory
- Unzip the file
- Verify the “flashrom-xxxxxxxxxx” directory is created
- Rename the “flashrom-xxxxxxxxxx” directory if desired
- Run the following commands in the terminal window:
#sudo apt update
#sudo apt install build-essential
#sudo apt install libpci-dev
#sudo make clean
#sudo make CONFIG_NOTHING=yes CONFIG_DUMMY=yes CONFIG_INTERNAL=yes
- Verify the flashrom executable is built
#ls -l flash*
Flash coreboot on the VP2410
- Browse to the appropriate coreboot “filename.rom” file and download it to the Ubuntu system. See the table below for links to the coreboot .rom files.
- In the Ubuntu terminal, verify the “filename.rom” file has been downloaded to the “Downloads” directory using the following com
#ls -l Downloads
- Download the appropriate SHA256 checksum file per the table below
- Verify the “filename.rom.sha” file has been downloaded to the “Downloads” directory using the following command:
#ls -l Downloads
- If the files are compressed, with a suffix of “.zip”, uncompress them with the following commands:
#unzip filename.rom.zip #unzip filename.rom.sha256.zip
- Run the SHA256 program on the filename.rom file using the following command:
- Verify the SHA256 output is the same as the contents of the filename.rom.sha file using the following command:
Flash the coreboot image to the system.
#sudo ./flashrom -p internal -w filename.rom
- After the flash is complete the terminal should output a “VERIFIED” message
- If a “VERIFIED” message does not appear, do NOT power off the device. Verify the flashrom command is correct and re-run the flashrom command again
- Reboot the system
- Verify the system boots and displays the coreboot splash screen
- Verify the system boots up to Ubuntu desktop
- If not using Ubuntu as the OS, power off the system and install the desired OS over the Ubuntu installation or replace the Ubuntu drive with a drive for the desired OS.
- Reboot the system and verify that it boots to the desired OS
VP2410 coreboot Files
|Vault||coreboot .rom file||SHA256 file||Notes||Release Date|
|VP2410||vp2410_v1.0.10.rom||vp2410_v1.0.10.rom.sha256||Initial Release, Revised HW Version, Serial #'s 64-62-66-21-03-15 and above||10/15/2021|
|VP2410||vp2410_v1.0.9.rom||vp2410_v1.0.9.rom.sha256||Initial Release, Initial HW Revision, Serial #'s 64-62-66-21-03-14 and below||8/17/2021|
In this Knowledge Base article, we have given an introduction to the coreboot UEFI BIOS menu and showed how to flash coreboot on the VP2410.
As always, if you experience any issues, feel free to contact Protectli support at: email@example.com